Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

popuper.exe, msole32.exe etc

Started by raemacleman , Apr 24 2005 11:19 PM

  • This topic is locked This topic is locked

#1
raemacleman
Posted 24 April 2005 - 11:19 PM

raemacleman

    New Member

  • Member
  • Pip
  • 5 posts
Help! Please! I've tried lots of things MS AntiSpyware, S&D, AntiVir etc. Only the Kaspersky Suite identified it but offered only to remove the msole.exe file.

TIA
Rae MacLeman


Ad-Aware SE Build 1.05
Logfile Created on:25 April 2005 04:47:59
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):9 total references
MRU List(TAC index:0):36 total references
Tracking Cookie(TAC index:3):32 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:66 %
Total physical memory:523808 kb
Available physical memory:341568 kb
Total page file size:1278144 kb
Available on page file:1089460 kb
Total virtual memory:2097024 kb
Available virtual memory:2046264 kb
OS:Microsoft Windows 2000 Professional Service Pack 2 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


25-04-2005 04:47:59 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 164
ThreadCreationTime : 25-04-2005 03:03:44
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 188
ThreadCreationTime : 25-04-2005 03:03:47
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 184
ThreadCreationTime : 25-04-2005 03:03:53
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 236
ThreadCreationTime : 25-04-2005 03:03:54
BasePriority : Normal
FileVersion : 5.00.2195.2780
ProductVersion : 5.00.2195.2780
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 248
ThreadCreationTime : 25-04-2005 03:03:54
BasePriority : Normal
FileVersion : 5.00.2195.2964
ProductVersion : 5.00.2195.2964
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 416
ThreadCreationTime : 25-04-2005 03:03:57
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 444
ThreadCreationTime : 25-04-2005 03:03:57
BasePriority : Normal
FileVersion : 5.00.2161.1
ProductVersion : 5.00.2161.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [avguard.exe]
ModuleName : C:\Program Files\AVPersonal\AVGUARD.EXE
Command Line : "C:\Program Files\AVPersonal\AVGUARD.EXE"
ProcessID : 472
ThreadCreationTime : 25-04-2005 03:03:57
BasePriority : Normal


#:9 [avwupsrv.exe]
ModuleName : C:\Program Files\AVPersonal\AVWUPSRV.EXE
Command Line : "C:\Program Files\AVPersonal\AVWUPSRV.EXE"
ProcessID : 484
ThreadCreationTime : 25-04-2005 03:03:57
BasePriority : Normal


#:10 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 504
ThreadCreationTime : 25-04-2005 03:03:57
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:11 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 536
ThreadCreationTime : 25-04-2005 03:03:58
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:12 [nvsvc32.exe]
ModuleName : C:\WINNT\System32\nvsvc32.exe
Command Line : C:\WINNT\System32\nvsvc32.exe
ProcessID : 572
ThreadCreationTime : 25-04-2005 03:03:58
BasePriority : Normal
FileVersion : 6.13.10.4109
ProductVersion : 6.13.10.4109
ProductName : NVIDIA Driver Helper Service, Version 41.09
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 41.09
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:13 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 604
ThreadCreationTime : 25-04-2005 03:03:58
BasePriority : Normal
FileVersion : 5.00.2195.2104
ProductVersion : 5.00.2195.2104
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:14 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 620
ThreadCreationTime : 25-04-2005 03:03:59
BasePriority : Normal
FileVersion : 4.71.2195.1
ProductVersion : 4.71.2195.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:15 [stisvc.exe]
ModuleName : C:\WINNT\system32\stisvc.exe
Command Line : C:\WINNT\system32\stisvc.exe
ProcessID : 656
ThreadCreationTime : 25-04-2005 03:04:00
BasePriority : Normal
FileVersion : 5.00.2195.2104
ProductVersion : 5.00.2195.2104
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:16 [tablet.exe]
ModuleName : C:\WINNT\System32\Tablet.exe
Command Line : C:\WINNT\System32\Tablet.exe
ProcessID : 720
ThreadCreationTime : 25-04-2005 03:04:00
BasePriority : High


#:17 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 748
ThreadCreationTime : 25-04-2005 03:04:01
BasePriority : Normal
FileVersion : 1.50.1085.0029
ProductVersion : 1.50.1085.0029
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:18 [inetinfo.exe]
ModuleName : C:\WINNT\System32\inetsrv\inetinfo.exe
Command Line : C:\WINNT\System32\inetsrv\inetinfo.exe
ProcessID : 792
ThreadCreationTime : 25-04-2005 03:04:02
BasePriority : Normal
FileVersion : 5.00.0984
ProductVersion : 5.00.0984
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : INETINFO.EXE

#:19 [explorer.exe]
ModuleName : C:\WINNT\Explorer.EXE
Command Line : C:\WINNT\Explorer.EXE
ProcessID : 1220
ThreadCreationTime : 25-04-2005 03:04:21
BasePriority : Normal
FileVersion : 5.00.3315.2846
ProductVersion : 5.00.3315.2846
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:20 [msole32.exe]
ModuleName : C:\WINNT\System32\msole32.exe
Command Line : "C:\WINNT\System32\msole32.exe"
ProcessID : 1252
ThreadCreationTime : 25-04-2005 03:04:29
BasePriority : Normal


#:21 [popuper.exe]
ModuleName : C:\WINNT\popuper.exe
Command Line : "C:\WINNT\popuper.exe"
ProcessID : 1264
ThreadCreationTime : 25-04-2005 03:04:30
BasePriority : Normal
FileVersion : 1, 0, 0, 217
ProductVersion : 1, 0, 0, 217
ProductName : Popuper Application
FileDescription : Popuper Application
InternalName : Popuper
LegalCopyright : Copyright © 2005
OriginalFilename : Popuper.exe

#:22 [intmonp.exe]
ModuleName : C:\WINNT\System32\intmonp.exe
Command Line : intmonp.exe
ProcessID : 1304
ThreadCreationTime : 25-04-2005 03:04:30
BasePriority : Normal


#:23 [mixer.exe]
ModuleName : C:\WINNT\Mixer.exe
Command Line : "C:\WINNT\Mixer.exe" /startup
ProcessID : 1296
ThreadCreationTime : 25-04-2005 03:04:35
BasePriority : Normal
FileVersion : 1.45
ProductVersion : 1.45
ProductName : Mixer
CompanyName : C-Media Electronic Inc. (www.cmedia.com.tw)
FileDescription : Mixer
InternalName : Mixer
LegalCopyright : Copyright © 1997-2001
LegalTrademarks : NONE
OriginalFilename : Mixer.EXE
Comments : Feng Min-Chih ([email protected])

#:24 [avsched32.exe]
ModuleName : C:\Program Files\AVPersonal\AVSched32.EXE
Command Line : "C:\Program Files\AVPersonal\AVSched32.EXE" /min
ProcessID : 1320
ThreadCreationTime : 25-04-2005 03:04:36
BasePriority : Normal
FileVersion : 6.30.00.00
ProductVersion : 6.30.00.00
ProductName : AVSched32
CompanyName : H+BEDV Datentechnik GmbH
FileDescription : AVSched32
InternalName : AVSched32
LegalCopyright : Copyright © 1998-2005 H+BEDV Datentechnik GmbH. All rights reserved.
LegalTrademarks : AntiVir® is a registered trademark of H+BEDV Datentechnik GmbH, Germany
OriginalFilename : AVSched32.exe

#:25 [avgnt.exe]
ModuleName : C:\Program Files\AVPersonal\AVGNT.EXE
Command Line : "C:\Program Files\AVPersonal\AVGNT.EXE" /min
ProcessID : 1344
ThreadCreationTime : 25-04-2005 03:04:37
BasePriority : Normal


#:26 [internat.exe]
ModuleName : C:\WINNT\System32\internat.exe
Command Line : "C:\WINNT\System32\internat.exe"
ProcessID : 1360
ThreadCreationTime : 25-04-2005 03:04:39
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Keyboard Language Indicator Applet
InternalName : INTERNAT
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : INTERNAT.EXE

#:27 [tabuserw.exe]
ModuleName : C:\WINNT\system32\WTablet\TabUserW.exe
Command Line : "C:\WINNT\system32\WTablet\TabUserW.exe"
ProcessID : 1408
ThreadCreationTime : 25-04-2005 03:04:41
BasePriority : Normal
FileVersion : 4.84-6
ProductVersion : 4.84-6
ProductName : Wacom Technology, Corp. TABUSERW
CompanyName : Wacom Technology, Corp.
FileDescription : TABUSERW
InternalName : TABUSERW
LegalCopyright : Copyright © 1997,1998,1999,2000,2001,2002,2003,2004,2005 Wacom Technology, Corp.
OriginalFilename : TABUSERW.EXE

#:28 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 1424
ThreadCreationTime : 25-04-2005 03:04:46
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:29 [homesite5.exe]
ModuleName : C:\Program Files\Macromedia\HomeSite 5\HomeSite5.Exe
Command Line : "C:\Program Files\Macromedia\HomeSite 5\HomeSite5.Exe"
ProcessID : 1380
ThreadCreationTime : 25-04-2005 03:12:13
BasePriority : Normal
FileVersion : 6,0,0,7658Y
ProductVersion : 6.0.0.0
ProductName : HomeSite6
CompanyName : Macromedia, Inc.
FileDescription : HomeSite
InternalName : HomeSite
LegalCopyright : © 2003 Macromedia, Inc.
OriginalFilename : HomeSite6.exe
Comments : Mr Build Time Stamp: 8/25/03 6:24:11 PM

#:30 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1232
ThreadCreationTime : 25-04-2005 03:47:50
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 36


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-448539723-842925246-839522115-1000\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Windows Object Recognized!
Type : RegData
Data : explorer.exe, msmsgs.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, msmsgs.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 10
Objects found so far: 46


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 46


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@bluestreak[3].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:mr [email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@tribalfusion[3].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:mr [email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@atdmt[3].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:mr [email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@revenue[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@revenue[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@domainsponsor[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@domainsponsor[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@apmebf[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@apmebf[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@bfast[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@bfast[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@adtech[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@adtech[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@247realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@247realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr [email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@tradedoubler[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@tradedoubler[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@statcounter[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@statcounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@tribalfusion[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@tribalfusion[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@mediaplex[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@mediaplex[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@fastclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr [email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@2o7[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr [email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@serving-sys[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@serving-sys[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr [email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@overture[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@overture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr [email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@~~local~~[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@~~local~~[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@bluestreak[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr [email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr [email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mr macleman@adviva[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mr Macleman\Cookies\mr macleman@adviva[2].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 32
Objects found so far: 78



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 78


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 78


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
43 entries scanned.
New critical objects:0
Objects found so far: 78




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 78

05:16:19 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:28:20.546
Objects scanned:546965
Objects identified:42
Objects ignored:0
New critical objects:42
  • 0

Advertisements

#2
Rawe
Posted 25 April 2005 - 04:27 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi.
Download/install this tool;
http://www.ccleaner.com/

After installed, open it up and bush the button "Run cleaner".
After you have done that, run a new full system scan and post a new log..
Expert's will take it from there.

- Rawe :tazz:
  • 0

#3
raemacleman
Posted 25 April 2005 - 06:45 AM

raemacleman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OK, thanks for that - crap now cleared... here is my new full system scan logfile...

Many thanks
Rae MacLeman


Ad-Aware SE Build 1.05
Logfile Created on:25 April 2005 12:40:47
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):9 total references
MRU List(TAC index:0):15 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:64 %
Total physical memory:523808 kb
Available physical memory:334832 kb
Total page file size:1278144 kb
Available on page file:1111936 kb
Total virtual memory:2097024 kb
Available virtual memory:2046252 kb
OS:Microsoft Windows 2000 Professional Service Pack 2 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


25-04-2005 12:40:47 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 164
ThreadCreationTime : 25-04-2005 03:03:44
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 188
ThreadCreationTime : 25-04-2005 03:03:47
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 184
ThreadCreationTime : 25-04-2005 03:03:53
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 236
ThreadCreationTime : 25-04-2005 03:03:54
BasePriority : Normal
FileVersion : 5.00.2195.2780
ProductVersion : 5.00.2195.2780
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 248
ThreadCreationTime : 25-04-2005 03:03:54
BasePriority : Normal
FileVersion : 5.00.2195.2964
ProductVersion : 5.00.2195.2964
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 416
ThreadCreationTime : 25-04-2005 03:03:57
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 444
ThreadCreationTime : 25-04-2005 03:03:57
BasePriority : Normal
FileVersion : 5.00.2161.1
ProductVersion : 5.00.2161.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [avguard.exe]
ModuleName : C:\Program Files\AVPersonal\AVGUARD.EXE
Command Line : "C:\Program Files\AVPersonal\AVGUARD.EXE"
ProcessID : 472
ThreadCreationTime : 25-04-2005 03:03:57
BasePriority : Normal


#:9 [avwupsrv.exe]
ModuleName : C:\Program Files\AVPersonal\AVWUPSRV.EXE
Command Line : "C:\Program Files\AVPersonal\AVWUPSRV.EXE"
ProcessID : 484
ThreadCreationTime : 25-04-2005 03:03:57
BasePriority : Normal


#:10 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 504
ThreadCreationTime : 25-04-2005 03:03:57
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:11 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 536
ThreadCreationTime : 25-04-2005 03:03:58
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:12 [nvsvc32.exe]
ModuleName : C:\WINNT\System32\nvsvc32.exe
Command Line : C:\WINNT\System32\nvsvc32.exe
ProcessID : 572
ThreadCreationTime : 25-04-2005 03:03:58
BasePriority : Normal
FileVersion : 6.13.10.4109
ProductVersion : 6.13.10.4109
ProductName : NVIDIA Driver Helper Service, Version 41.09
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 41.09
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:13 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 604
ThreadCreationTime : 25-04-2005 03:03:58
BasePriority : Normal
FileVersion : 5.00.2195.2104
ProductVersion : 5.00.2195.2104
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:14 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 620
ThreadCreationTime : 25-04-2005 03:03:59
BasePriority : Normal
FileVersion : 4.71.2195.1
ProductVersion : 4.71.2195.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:15 [stisvc.exe]
ModuleName : C:\WINNT\system32\stisvc.exe
Command Line : C:\WINNT\system32\stisvc.exe
ProcessID : 656
ThreadCreationTime : 25-04-2005 03:04:00
BasePriority : Normal
FileVersion : 5.00.2195.2104
ProductVersion : 5.00.2195.2104
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:16 [tablet.exe]
ModuleName : C:\WINNT\System32\Tablet.exe
Command Line : C:\WINNT\System32\Tablet.exe
ProcessID : 720
ThreadCreationTime : 25-04-2005 03:04:00
BasePriority : High


#:17 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 748
ThreadCreationTime : 25-04-2005 03:04:01
BasePriority : Normal
FileVersion : 1.50.1085.0029
ProductVersion : 1.50.1085.0029
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:18 [inetinfo.exe]
ModuleName : C:\WINNT\System32\inetsrv\inetinfo.exe
Command Line : C:\WINNT\System32\inetsrv\inetinfo.exe
ProcessID : 792
ThreadCreationTime : 25-04-2005 03:04:02
BasePriority : Normal
FileVersion : 5.00.0984
ProductVersion : 5.00.0984
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : INETINFO.EXE

#:19 [explorer.exe]
ModuleName : C:\WINNT\Explorer.EXE
Command Line : C:\WINNT\Explorer.EXE
ProcessID : 1220
ThreadCreationTime : 25-04-2005 03:04:21
BasePriority : Normal
FileVersion : 5.00.3315.2846
ProductVersion : 5.00.3315.2846
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:20 [msole32.exe]
ModuleName : C:\WINNT\System32\msole32.exe
Command Line : "C:\WINNT\System32\msole32.exe"
ProcessID : 1252
ThreadCreationTime : 25-04-2005 03:04:29
BasePriority : Normal


#:21 [popuper.exe]
ModuleName : C:\WINNT\popuper.exe
Command Line : "C:\WINNT\popuper.exe"
ProcessID : 1264
ThreadCreationTime : 25-04-2005 03:04:30
BasePriority : Normal
FileVersion : 1, 0, 0, 217
ProductVersion : 1, 0, 0, 217
ProductName : Popuper Application
FileDescription : Popuper Application
InternalName : Popuper
LegalCopyright : Copyright © 2005
OriginalFilename : Popuper.exe

#:22 [intmonp.exe]
ModuleName : C:\WINNT\System32\intmonp.exe
Command Line : intmonp.exe
ProcessID : 1304
ThreadCreationTime : 25-04-2005 03:04:30
BasePriority : Normal


#:23 [mixer.exe]
ModuleName : C:\WINNT\Mixer.exe
Command Line : "C:\WINNT\Mixer.exe" /startup
ProcessID : 1296
ThreadCreationTime : 25-04-2005 03:04:35
BasePriority : Normal
FileVersion : 1.45
ProductVersion : 1.45
ProductName : Mixer
CompanyName : C-Media Electronic Inc. (www.cmedia.com.tw)
FileDescription : Mixer
InternalName : Mixer
LegalCopyright : Copyright © 1997-2001
LegalTrademarks : NONE
OriginalFilename : Mixer.EXE
Comments : Feng Min-Chih ([email protected])

#:24 [internat.exe]
ModuleName : C:\WINNT\System32\internat.exe
Command Line : "C:\WINNT\System32\internat.exe"
ProcessID : 1360
ThreadCreationTime : 25-04-2005 03:04:39
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Keyboard Language Indicator Applet
InternalName : INTERNAT
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : INTERNAT.EXE

#:25 [tabuserw.exe]
ModuleName : C:\WINNT\system32\WTablet\TabUserW.exe
Command Line : "C:\WINNT\system32\WTablet\TabUserW.exe"
ProcessID : 1408
ThreadCreationTime : 25-04-2005 03:04:41
BasePriority : Normal
FileVersion : 4.84-6
ProductVersion : 4.84-6
ProductName : Wacom Technology, Corp. TABUSERW
CompanyName : Wacom Technology, Corp.
FileDescription : TABUSERW
InternalName : TABUSERW
LegalCopyright : Copyright © 1997,1998,1999,2000,2001,2002,2003,2004,2005 Wacom Technology, Corp.
OriginalFilename : TABUSERW.EXE

#:26 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 780
ThreadCreationTime : 25-04-2005 11:40:16
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-448539723-842925246-839522115-1000\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Windows Object Recognized!
Type : RegData
Data : explorer.exe, msmsgs.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, msmsgs.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 10
Objects found so far: 25


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 25


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 25



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 25


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 25


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
43 entries scanned.
New critical objects:0
Objects found so far: 25




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 25

13:08:19 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:27:31.328
Objects scanned:543920
Objects identified:10
Objects ignored:0
New critical objects:10
  • 0

#4
Rawe
Posted 25 April 2005 - 06:57 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Alexa and mru list's are safe to remove, just go to "Scan summary" - tab and remove them from there.
Then run a new scan. (you don't need to post a new log again, just tell that does it show only "windows" item in the log?)
Expert's will take it from there when they have time.

- Rawe :tazz:
  • 0

#5
Guest_Andy_veal_*
Posted 25 April 2005 - 12:15 PM

Guest_Andy_veal_*
  • Guest
Alexa is your choice to remove

It is the "Whats related" bar in your internet Browser.

Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
43 entries scanned.
New critical objects:0
Objects found so far: 25


If your system is running a program which changes the hosts file or you have added listings to the hosts file then there is no need to check further. Otherwise, please download the "Host File Viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your HOST file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip

Keep us updated

Thanks
  • 0

#6
Guest_Andy_veal_*
Posted 25 April 2005 - 12:22 PM

Guest_Andy_veal_*
  • Guest

#:20 [msole32.exe]
ModuleName : C:\WINNT\System32\msole32.exe
Command Line : "C:\WINNT\System32\msole32.exe"
ProcessID : 1252
ThreadCreationTime : 25-04-2005 03:04:29
BasePriority : Normal

#:21 [popuper.exe]
ModuleName : C:\WINNT\popuper.exe
Command Line : "C:\WINNT\popuper.exe"
ProcessID : 1264
ThreadCreationTime : 25-04-2005 03:04:30
BasePriority : Normal
FileVersion : 1, 0, 0, 217
ProductVersion : 1, 0, 0, 217
ProductName : Popuper Application
FileDescription : Popuper Application
InternalName : Popuper
LegalCopyright : Copyright © 2005
OriginalFilename : Popuper.exe

#:22 [intmonp.exe]
ModuleName : C:\WINNT\System32\intmonp.exe
Command Line : intmonp.exe
ProcessID : 1304
ThreadCreationTime : 25-04-2005 03:04:30
BasePriority : Normal


Do you know what these processes are?

If not please download this program: url=http://www.downloads.subratam.org/KillBox.zip]KillBox[/url]

For then end the following proceses in Task Manager
(To open Task Manager, Ctrl Alt Del and click on the Processes tab)

msole32.exe
popuper.exe
intmonp.exe

In Killbox, please delete these files:
C:\WINNT\System32\intmonp.exe
C:\WINNT\popuper.exe
C:\WINNT\System32\msole32.exe

Keep us updated

Andy
  • 0

#7
raemacleman
Posted 25 April 2005 - 11:35 PM

raemacleman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Andy,

Thank you for your help. I have removed the rogue entries from my hosts file, and used Killbox to delete on reboot, popuper.exe, intmonp.exe and msole32.exe and my system is now 'working as advertised'.

Thank you
Rae MacLeman
  • 0

#8
Guest_Andy_veal_*
Posted 26 April 2005 - 10:47 AM

Guest_Andy_veal_*
  • Guest
Hello there.

I just want to make sure your computer is clean, and no objects have been left behind.

Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid

Exit Add/Remove Programs.

*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES

Press CTRL ALT DELETE to open Windows Task Manger. Click on the Processes tab and end the following processes:

List any files going to be deleted that are running

Exit Task Manager.

*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*In the field labeled Full Path of File to Delete enter the file paths listed below ONE AT A TIME (EXACTLY as it appears, please double check to make sure! I would just copy each file path and paste it in the field) MAKE SURE TO ENTER ALL FILE PATHS!:

C:\wp.exe
C:\wp.bmp
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe

Press the button that looks like a red circle with a white X in it after each one. When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the NO button. Do this after each one until you have entered the LAST file path I have listed above. After that LAST file path has been entered press the YES button at both prompts so that your computer restarts. If you recieve an error message "PendingRenameOperation...." and your computer doesn't restart, please restart it manually.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Make sure you can view hidden files.

Using Windows Explorer, delete the following (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard

Reboot into normal mode.

*Download and install Registrar Lite version 2.00
*Double click the purple Registrar Lite icon on your desktop.
*Copy the line below and paste it into the "Address" field (located at the top) of the program:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

*Click the "Go" button.
*It will take you into the "Policies" folder.
*Locate the "System" folder (in the right panel)
*If found, right-click on the System folder and go to Delete
*Be very careful that you only delete the System folder that is inside the Policies folder.

Reboot your computer again.

1.) Download the Hoster from HERE Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Download: http://www.mvps.org/winhelp2002/DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

Keep us updated
  • 0

#9
raemacleman
Posted 26 April 2005 - 12:47 PM

raemacleman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Andy,

The only folder i could find was ...

C:\Windows\System32\Log Files

which was deleted in safe mode. All other files were missing.

When I ran Panda ActiveScan, as the ActiveX control was downloading AntiVir popped up (although I'd closed the control program) with the message ..

C:\WINNT\SYSTEM32\ACTIVESCAN\SET11.TMP

Contains code of the Windows virus W95/Bumble

I denied access, tried again and the control installed. On running the scan, it took about 500 milliseconds to complete, and I could see no way of saving the results. Decided to give up on ActiveScan...

Many thanks for your continued and knowledgeable support - I will make a donation.

Thank you again
Rae MacLeman
  • 0

#10
raemacleman
Posted 26 April 2005 - 12:51 PM

raemacleman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
How DO I make a donation? This appears on the home page ...

Member Supported Site
Have you found this site helpful? Please consider a donation to help pay expenses.

... but no link to PayPal!!!

Where, please?

Rae MacLeman
  • 0

#11
Guest_Andy_veal_*
Posted 27 April 2005 - 05:03 PM

Guest_Andy_veal_*
  • Guest

How DO I make a donation? This appears on the home page ...

Member Supported Site
Have you found this site helpful? Please consider a donation to help pay expenses.

... but no link to PayPal!!!

Where, please?

Rae MacLeman


Hello.

Do you want to make a donation to the site or to a helper? :tazz:
  • 0

#12
Guest_Andy_veal_*
Posted 27 April 2005 - 05:05 PM

Guest_Andy_veal_*
  • Guest
Please also scan your computer with one of the following, free online AV scanners and deleting what is found.


Panda

Symantec

McAfee

TrendMicro Recommended

F-secure


Thanks

I hope this helps.

Keep us updated


Andy
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP