Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred]Ad-Aware log[RESOLVED]

Started by toniestes , Apr 26 2005 03:55 AM

  • This topic is locked This topic is locked

#1
toniestes
Posted 26 April 2005 - 03:55 AM

toniestes

    New Member

  • Member
  • Pip
  • 6 posts
Hey guys, my deskptop has been hi-jacked, if someone could help me that would be great...please please......... so here's my Ad-Aware log:



26.04.2005 11:38:39 - Scan started. (Custom mode)


Logfile removed: Incorrect logfile type posted

Edited by Andy_veal, 26 April 2005 - 05:47 AM.

  • 0

Advertisements

#2
Rawe
Posted 26 April 2005 - 04:00 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Well, first of all, we need to see scanlog from "Full system scan", not from "custom mode".
Would you do this;
First, download/install this tool here;
http://www.ccleaner.com/
After installed, open it up and bush the button "Run cleaner".
Then, when it has done it's cleaning, please read Logfile Posting Instructions
Follow the guidelines in that topic, and post a new logfile.

- Rawe :tazz:
  • 0

#3
toniestes
Posted 26 April 2005 - 04:19 AM

toniestes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
here's my new log, thanks for helping!! :tazz: ;)


Ad-Aware SE Build 1.05
Logfile Created on:mardi, 26. avril 2005 14:09:59
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Programme\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:21 %
Total physical memory:261600 kb
Available physical memory:52740 kb
Total page file size:632280 kb
Available on page file:429092 kb
Total virtual memory:2097024 kb
Available virtual memory:2046204 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


26.04.2005 14:09:59 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 144
ThreadCreationTime : 26.04.2005 11:26:39
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 168
ThreadCreationTime : 26.04.2005 11:26:52
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 188
ThreadCreationTime : 26.04.2005 11:26:53
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 216
ThreadCreationTime : 26.04.2005 11:26:55
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Betriebssystem Microsoft® Windows ® 2000
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 228
ThreadCreationTime : 26.04.2005 11:26:55
BasePriority : Normal
FileVersion : 5.00.2195.6695
ProductVersion : 5.00.2195.6695
ProductName : Betriebssystem Microsoft® Windows ® 2000
CompanyName : Microsoft Corporation
FileDescription : LSA-Exe und Server-DLL
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 408
ThreadCreationTime : 26.04.2005 11:26:58
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [lexbces.exe]
ModuleName : C:\WINNT\system32\LEXBCES.EXE
Command Line : C:\WINNT\system32\LEXBCES.EXE
ProcessID : 444
ThreadCreationTime : 26.04.2005 11:27:00
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:8 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 472
ThreadCreationTime : 26.04.2005 11:27:00
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:9 [lexpps.exe]
ModuleName : C:\WINNT\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 500
ThreadCreationTime : 26.04.2005 11:27:00
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:10 [avguard.exe]
ModuleName : C:\Programme\AVPersonal\AVGUARD.EXE
Command Line : C:\Programme\AVPersonal\AVGUARD.EXE
ProcessID : 572
ThreadCreationTime : 26.04.2005 11:27:03
BasePriority : Normal


#:11 [avwupsrv.exe]
ModuleName : C:\Programme\AVPersonal\AVWUPSRV.EXE
Command Line : "C:\Programme\AVPersonal\AVWUPSRV.EXE"
ProcessID : 580
ThreadCreationTime : 26.04.2005 11:27:03
BasePriority : Normal


#:12 [ctsvccda.exe]
ModuleName : C:\WINNT\System32\CTSvcCDA.exe
Command Line : C:\WINNT\System32\CTSvcCDA.exe
ProcessID : 596
ThreadCreationTime : 26.04.2005 11:27:03
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:13 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 616
ThreadCreationTime : 26.04.2005 11:27:03
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:14 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 660
ThreadCreationTime : 26.04.2005 11:27:05
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:15 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 672
ThreadCreationTime : 26.04.2005 11:27:06
BasePriority : Normal
FileVersion : 4.71.2195.6704
ProductVersion : 4.71.2195.6704
ProductName : Taskplaner für Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Taskplaner-Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:16 [stisvc.exe]
ModuleName : C:\WINNT\system32\stisvc.exe
Command Line : C:\WINNT\system32\stisvc.exe
ProcessID : 764
ThreadCreationTime : 26.04.2005 11:27:07
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Betriebssystem Microsoft® Windows ® 2000
CompanyName : Microsoft Corporation
FileDescription : Still-Image-Gerätemonitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:17 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 812
ThreadCreationTime : 26.04.2005 11:27:08
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows-Verwaltungsinstrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:18 [mspmspsv.exe]
ModuleName : C:\WINNT\system32\MsPMSPSv.exe
Command Line : C:\WINNT\system32\MsPMSPSv.exe
ProcessID : 824
ThreadCreationTime : 26.04.2005 11:27:08
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:19 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 832
ThreadCreationTime : 26.04.2005 11:27:09
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:20 [explorer.exe]
ModuleName : C:\WINNT\Explorer.EXE
Command Line : C:\WINNT\Explorer.EXE
ProcessID : 960
ThreadCreationTime : 26.04.2005 11:29:44
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Betriebssystem Microsoft® Windows ® 2000
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:21 [hpgs2wnd.exe]
ModuleName : C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
Command Line : "C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
ProcessID : 272
ThreadCreationTime : 26.04.2005 11:29:51
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe

#:22 [winampa.exe]
ModuleName : C:\Programme\Winamp\winampa.exe
Command Line : "C:\Programme\Winamp\winampa.exe"
ProcessID : 1184
ThreadCreationTime : 26.04.2005 11:29:53
BasePriority : Normal


#:23 [hpgs2wnf.exe]
ModuleName : C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
Command Line : C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe -Embedding
ProcessID : 1196
ThreadCreationTime : 26.04.2005 11:29:53
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE

#:24 [realsched.exe]
ModuleName : C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
Command Line : "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1224
ThreadCreationTime : 26.04.2005 11:29:54
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:25 [qttask.exe]
ModuleName : C:\Programme\QuickTime\qttask.exe
Command Line : "C:\Programme\QuickTime\qttask.exe" -atboottime
ProcessID : 1232
ThreadCreationTime : 26.04.2005 11:29:54
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:26 [avgnt.exe]
ModuleName : C:\Programme\AVPersonal\AVGNT.EXE
Command Line : "C:\Programme\AVPersonal\AVGNT.EXE" /min
ProcessID : 1256
ThreadCreationTime : 26.04.2005 11:29:54
BasePriority : Normal


#:27 [sys2544.exe]
ModuleName : C:\WINNT\sys2544.exe
Command Line : "C:\WINNT\sys2544.exe"
ProcessID : 1268
ThreadCreationTime : 26.04.2005 11:29:54
BasePriority : Normal


#:28 [gcasserv.exe]
ModuleName : C:\Programme\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 1296
ThreadCreationTime : 26.04.2005 11:29:56
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:29 [internat.exe]
ModuleName : C:\WINNT\system32\internat.exe
Command Line : "C:\WINNT\system32\internat.exe"
ProcessID : 1304
ThreadCreationTime : 26.04.2005 11:29:56
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Betriebssystem Microsoft® Windows ® 2000
CompanyName : Microsoft Corporation
FileDescription : Sprachanzeigeprogramm
InternalName : INTERNAT
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : INTERNAT.EXE

#:30 [scheduler.exe]
ModuleName : C:\Programme\MRU-Blaster\scheduler.exe
Command Line : "C:\Programme\MRU-Blaster\scheduler.exe"
ProcessID : 1356
ThreadCreationTime : 26.04.2005 11:30:02
BasePriority : Normal
FileVersion : 1.01.0001
ProductVersion : 1.01.0001
ProductName : MRU-Blaster Scheduler
FileDescription : MRU-Blaster Scheduler
InternalName : scheduler
LegalCopyright : Copyright © 2002-2003 Javacool Software LLC. All Rights Reserved.
OriginalFilename : scheduler.exe
Comments : MRU-Blaster Scheduler

#:31 [gcasdtserv.exe]
ModuleName : C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 1404
ThreadCreationTime : 26.04.2005 11:30:03
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:32 [mozilla.exe]
ModuleName : C:\PROGRA~1\Mozilla1.6\Mozilla.exe
Command Line : C:\PROGRA~1\Mozilla1.6\Mozilla.exe -turbo
ProcessID : 1156
ThreadCreationTime : 26.04.2005 11:32:39
BasePriority : Normal


#:33 [msnmsgr.exe]
ModuleName : C:\Programme\MSN Messenger\msnmsgr.exe
Command Line : "C:\Programme\MSN Messenger\msnmsgr.exe"
ProcessID : 520
ThreadCreationTime : 26.04.2005 11:54:52
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:34 [ymsgr_tray.exe]
ModuleName : C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe
Command Line : C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe -ymsgr
ProcessID : 1240
ThreadCreationTime : 26.04.2005 11:56:38
BasePriority : Normal


#:35 [msiexec.exe]
ModuleName : C:\WINNT\System32\MsiExec.exe
Command Line : C:\WINNT\System32\MsiExec.exe /V
ProcessID : 908
ThreadCreationTime : 26.04.2005 12:08:43
BasePriority : Normal


#:36 [ad-aware.exe]
ModuleName : C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1552
ThreadCreationTime : 26.04.2005 12:09:43
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 0


14:16:59 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:59.773
Objects scanned:77941
Objects identified:0
Objects ignored:0
New critical objects:0

Edited by toniestes, 26 April 2005 - 06:25 AM.

  • 0

#4
Rawe
Posted 26 April 2005 - 07:41 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Your ad-aware log seems to be clean.
If you still have problems,
run couple of these online virus scans here..
- Trend Micro (recommended)
- Panda Activescan
- F-secure

Remove/fix any problems they might find, reboot, read Logfile Posting Instructions
and post a new scanlog as a reply.

- Rawe :tazz:
  • 0

#5
Guest_Andy_veal_*
Posted 26 April 2005 - 10:25 AM

Guest_Andy_veal_*
  • Guest

#:27 [sys2544.exe]
ModuleName : C:\WINNT\sys2544.exe
Command Line : "C:\WINNT\sys2544.exe"
ProcessID : 1268
ThreadCreationTime : 26.04.2005 11:29:54
BasePriority : Normal


Do you know what this process is?
  • 0

#6
toniestes
Posted 26 April 2005 - 10:52 AM

toniestes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey, thank you guys for helping me!!
Andy_Veal, the process I didn't know what it was until Trend Micro told me it was a virus along with few other viruses, but it could not remove all of them. So I tried to block it with my firewall, same thing. So I finally tried Dr. Delete, it seems to work the ".exe" is nowhere BUT, my desktop is still hijacked, though the pop-ups stopped (might be linked with the stuff I erased). And there is also something weird I have noticed, in my settings on the safe sites list there are 4 sites I never included, I try to erase them but it won't go away.....

here is the list: http://*.iframeprofit.com
http://*.mycounter.biz
http://*.our-counter.com
http://*[bleep]-search.biz/[bleep]

:tazz:


this is my new scan log with Ad-Aware:


Ad-Aware SE Build 1.05
Logfile Created on:mardi, 26. avril 2005 18:36:59
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Programme\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:37 %
Total physical memory:261600 kb
Available physical memory:94260 kb
Total page file size:632132 kb
Available on page file:467500 kb
Total virtual memory:2097024 kb
Available virtual memory:2045992 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


26.04.2005 18:36:59 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 152
ThreadCreationTime : 26.04.2005 16:33:52
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 176
ThreadCreationTime : 26.04.2005 16:34:05
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 196
ThreadCreationTime : 26.04.2005 16:34:07
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 224
ThreadCreationTime : 26.04.2005 16:34:08
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Betriebssystem Microsoft® Windows ® 2000
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 236
ThreadCreationTime : 26.04.2005 16:34:08
BasePriority : Normal
FileVersion : 5.00.2195.6695
ProductVersion : 5.00.2195.6695
ProductName : Betriebssystem Microsoft® Windows ® 2000
CompanyName : Microsoft Corporation
FileDescription : LSA-Exe und Server-DLL
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [smc.exe]
ModuleName : C:\Programme\Sygate\SPF\smc.exe
Command Line : n/a
ProcessID : 360
ThreadCreationTime : 26.04.2005 16:34:10
BasePriority : Normal
FileVersion : 5.6.00.2808
ProductVersion : 5.6.00.2808
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE

#:7 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 432
ThreadCreationTime : 26.04.2005 16:34:14
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:8 [lexbces.exe]
ModuleName : C:\WINNT\system32\LEXBCES.EXE
Command Line : C:\WINNT\system32\LEXBCES.EXE
ProcessID : 528
ThreadCreationTime : 26.04.2005 16:34:16
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:9 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 568
ThreadCreationTime : 26.04.2005 16:34:17
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:10 [lexpps.exe]
ModuleName : C:\WINNT\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 580
ThreadCreationTime : 26.04.2005 16:34:17
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:11 [avguard.exe]
ModuleName : C:\Programme\AVPersonal\AVGUARD.EXE
Command Line : C:\Programme\AVPersonal\AVGUARD.EXE
ProcessID : 696
ThreadCreationTime : 26.04.2005 16:34:20
BasePriority : Normal


#:12 [avwupsrv.exe]
ModuleName : C:\Programme\AVPersonal\AVWUPSRV.EXE
Command Line : "C:\Programme\AVPersonal\AVWUPSRV.EXE"
ProcessID : 704
ThreadCreationTime : 26.04.2005 16:34:20
BasePriority : Normal


#:13 [ctsvccda.exe]
ModuleName : C:\WINNT\System32\CTSvcCDA.exe
Command Line : C:\WINNT\System32\CTSvcCDA.exe
ProcessID : 720
ThreadCreationTime : 26.04.2005 16:34:20
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:14 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 740
ThreadCreationTime : 26.04.2005 16:34:20
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:15 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 788
ThreadCreationTime : 26.04.2005 16:34:22
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:16 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 860
ThreadCreationTime : 26.04.2005 16:34:22
BasePriority : Normal
FileVersion : 4.71.2195.6704
ProductVersion : 4.71.2195.6704
ProductName : Taskplaner für Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Taskplaner-Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:17 [stisvc.exe]
ModuleName : C:\WINNT\system32\stisvc.exe
Command Line : C:\WINNT\system32\stisvc.exe
ProcessID : 872
ThreadCreationTime : 26.04.2005 16:34:23
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Betriebssystem Microsoft® Windows ® 2000
CompanyName : Microsoft Corporation
FileDescription : Still-Image-Gerätemonitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:18 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 920
ThreadCreationTime : 26.04.2005 16:34:24
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows-Verwaltungsinstrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:19 [mspmspsv.exe]
ModuleName : C:\WINNT\system32\MsPMSPSv.exe
Command Line : C:\WINNT\system32\MsPMSPSv.exe
ProcessID : 932
ThreadCreationTime : 26.04.2005 16:34:24
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:20 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 948
ThreadCreationTime : 26.04.2005 16:34:24
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:21 [explorer.exe]
ModuleName : C:\WINNT\Explorer.EXE
Command Line : C:\WINNT\Explorer.EXE
ProcessID : 1136
ThreadCreationTime : 26.04.2005 16:35:10
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Betriebssystem Microsoft® Windows ® 2000
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:22 [hpgs2wnd.exe]
ModuleName : C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
Command Line : "C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
ProcessID : 1284
ThreadCreationTime : 26.04.2005 16:35:18
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe

#:23 [hpgs2wnf.exe]
ModuleName : C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
Command Line : C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe -Embedding
ProcessID : 1292
ThreadCreationTime : 26.04.2005 16:35:19
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE

#:24 [winampa.exe]
ModuleName : C:\Programme\Winamp\winampa.exe
Command Line : "C:\Programme\Winamp\winampa.exe"
ProcessID : 1324
ThreadCreationTime : 26.04.2005 16:35:20
BasePriority : Normal


#:25 [realsched.exe]
ModuleName : C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
Command Line : "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1336
ThreadCreationTime : 26.04.2005 16:35:21
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:26 [qttask.exe]
ModuleName : C:\Programme\QuickTime\qttask.exe
Command Line : "C:\Programme\QuickTime\qttask.exe" -atboottime
ProcessID : 1344
ThreadCreationTime : 26.04.2005 16:35:21
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:27 [avgnt.exe]
ModuleName : C:\Programme\AVPersonal\AVGNT.EXE
Command Line : "C:\Programme\AVPersonal\AVGNT.EXE" /min
ProcessID : 1368
ThreadCreationTime : 26.04.2005 16:35:21
BasePriority : Normal


#:28 [gcasserv.exe]
ModuleName : C:\Programme\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 1380
ThreadCreationTime : 26.04.2005 16:35:22
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:29 [jusched.exe]
ModuleName : C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Programme\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 1396
ThreadCreationTime : 26.04.2005 16:35:22
BasePriority : Normal


#:30 [internat.exe]
ModuleName : C:\WINNT\system32\internat.exe
Command Line : "C:\WINNT\system32\internat.exe"
ProcessID : 1404
ThreadCreationTime : 26.04.2005 16:35:23
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Betriebssystem Microsoft® Windows ® 2000
CompanyName : Microsoft Corporation
FileDescription : Sprachanzeigeprogramm
InternalName : INTERNAT
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : INTERNAT.EXE

#:31 [mozilla.exe]
ModuleName : C:\Programme\Mozilla1.6\Mozilla.exe
Command Line : "C:\Programme\Mozilla1.6\Mozilla.exe" -turbo
ProcessID : 1412
ThreadCreationTime : 26.04.2005 16:35:23
BasePriority : Normal


#:32 [gcasdtserv.exe]
ModuleName : C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 1464
ThreadCreationTime : 26.04.2005 16:35:27
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:33 [scheduler.exe]
ModuleName : C:\Programme\MRU-Blaster\scheduler.exe
Command Line : "C:\Programme\MRU-Blaster\scheduler.exe"
ProcessID : 1500
ThreadCreationTime : 26.04.2005 16:35:30
BasePriority : Normal
FileVersion : 1.01.0001
ProductVersion : 1.01.0001
ProductName : MRU-Blaster Scheduler
FileDescription : MRU-Blaster Scheduler
InternalName : scheduler
LegalCopyright : Copyright © 2002-2003 Javacool Software LLC. All Rights Reserved.
OriginalFilename : scheduler.exe
Comments : MRU-Blaster Scheduler

#:34 [ymsgr_tray.exe]
ModuleName : C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe
Command Line : C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe -ymsgr
ProcessID : 1592
ThreadCreationTime : 26.04.2005 16:35:50
BasePriority : Normal


#:35 [ad-aware.exe]
ModuleName : C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1436
ThreadCreationTime : 26.04.2005 16:36:11
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 0


18:43:56 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:57.290
Objects scanned:79434
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0

#7
Guest_Andy_veal_*
Posted 26 April 2005 - 11:01 AM

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#8
toniestes
Posted 26 April 2005 - 11:32 AM

toniestes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
okay, so I removed few items but my desktop is still hijacked, the sites diseappered from the safe sites list

thank you for your help :tazz:

here is my HJT log:



Logfile of HijackThis v1.99.1
Scan saved at 19:29:11, on 26.04.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programme\Winamp\winampa.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Programme\Mozilla1.6\Mozilla.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\MRU-Blaster\scheduler.exe
C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = www.google.ch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = www.google.ch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BJCFD] C:\Programme\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programme\Mozilla1.6\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\RunOnce: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Programme\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Programme\MRU-Blaster\mrublaster.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programme\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: ChatSpace JavaLight Client - http://chat.asmarino.../Java/cslt4.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
  • 0

#9
toniestes
Posted 26 April 2005 - 01:14 PM

toniestes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
hey guys!! I have found the solution to remove the blinking desktop...!! from this forum

Forum


Go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security" or similar. Select that entry and click the "Delete" button. Click OK then Apply and OK.



:tazz: ;) ;) :) :)


Thanksssssssssssssssssss
  • 0

#10
Metallica
Posted 03 May 2005 - 01:11 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP