Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adaware logfile

Started by diehlal , Apr 28 2005 08:26 PM

  • This topic is locked This topic is locked

#1
diehlal
Posted 28 April 2005 - 08:26 PM

diehlal

    New Member

  • Member
  • Pip
  • 9 posts
Hi, I posted a HijackThis log earlier today and was directed here. I'm having serious issues with adware and malware. There is currently a giant popup on my desktop warning me about the vil logs kept in my computer that will ruin my future and I'm getting a lot of popups. I have run Spybot and Adaware upwards of 10 times and I have downloaded and used AVG Free. Overall I have cleared away about 1000 infected files as well as 5 viruses and over 20 trojans. However, my computer is clearly still infested. Here is the Adaware log:

Lavasoft Ad-Aware Personal Build 1.03
Logfile created on:Thursday, April 28, 2005 10:12:53 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ClickSpring(TAC index:6):1 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654
(Requires Ad-Aware SE or higher)


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:68 %
Total physical memory:1048048 kb
Available physical memory:706836 kb
Total page file size:1342212 kb
Available on page file:1109316 kb
Total virtual memory:2097024 kb
Available virtual memory:2046112 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


4-28-2005 10:12:53 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 536
ThreadCreationTime : 4-29-2005 1:40:55 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 584
ThreadCreationTime : 4-29-2005 1:40:57 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 608
ThreadCreationTime : 4-29-2005 1:40:57 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 652
ThreadCreationTime : 4-29-2005 1:40:58 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 664
ThreadCreationTime : 4-29-2005 1:40:58 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 860
ThreadCreationTime : 4-29-2005 1:40:59 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 988
ThreadCreationTime : 4-29-2005 1:40:59 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1084
ThreadCreationTime : 4-29-2005 1:41:00 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1116
ThreadCreationTime : 4-29-2005 1:41:00 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1148
ThreadCreationTime : 4-29-2005 1:41:00 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1312
ThreadCreationTime : 4-29-2005 1:41:09 AM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:12 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1340
ThreadCreationTime : 4-29-2005 1:41:10 AM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:13 [mpservic.exe]
FilePath : C:\Program Files\Canon\MultiPASS\
ProcessID : 1376
ThreadCreationTime : 4-29-2005 1:41:10 AM
BasePriority : Normal
FileVersion : 3.20
ProductVersion : 3.20
ProductName : Canon MultiPASS
CompanyName : Canon Information Systems
FileDescription : Implements the NT service that starts the server.
LegalCopyright : Copyright © 2000 Canon Information Systems

#:14 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 1668
ThreadCreationTime : 4-29-2005 1:41:14 AM
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1884
ThreadCreationTime : 4-29-2005 1:41:15 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:16 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1900
ThreadCreationTime : 4-29-2005 1:41:15 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:17 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 380
ThreadCreationTime : 4-29-2005 1:41:33 AM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:18 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_05\bin\
ProcessID : 432
ThreadCreationTime : 4-29-2005 1:41:34 AM
BasePriority : Normal


#:19 [jucheck.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_05\bin\
ProcessID : 480
ThreadCreationTime : 4-29-2005 1:41:35 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : UpdateChecker Module
FileDescription : UpdateChecker Module
InternalName : UpdateChecker
LegalCopyright : Copyright 2002
OriginalFilename : UpdateChecker.EXE

#:20 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 496
ThreadCreationTime : 4-29-2005 1:41:35 AM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:21 [monitr32.exe]
FilePath : C:\Program Files\Canon\MultiPASS\
ProcessID : 572
ThreadCreationTime : 4-29-2005 1:41:35 AM
BasePriority : Normal
FileVersion : 3.20
ProductVersion : 3.20
ProductName : Canon MultiPASS
CompanyName : Canon Information Systems
FileDescription : Status Monitor
LegalCopyright : Copyright © 2000 Canon Information Systems
OriginalFilename : monitr32.exe

#:22 [mptbox.exe]
FilePath : C:\Program Files\Canon\MultiPASS\
ProcessID : 564
ThreadCreationTime : 4-29-2005 1:41:36 AM
BasePriority : Normal
FileVersion : 3.20
ProductVersion : 3.20
ProductName : Canon MultiPASS
CompanyName : Canon Information Systems
FileDescription : MultiPASS Tool Box
LegalCopyright : Copyright © 2000 Canon Information Systems

#:23 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 972
ThreadCreationTime : 4-29-2005 1:41:37 AM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:24 [fxredir.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1052
ThreadCreationTime : 4-29-2005 1:41:39 AM
BasePriority : Normal
FileVersion : 1.0
ProductVersion : 3.20B
ProductName : MultiPASS
CompanyName : Canon Information Ssytems
FileDescription : FxReDir
InternalName : FxReDir
LegalCopyright : Copyright © Canon Information Systems 2000
LegalTrademarks : FxReDir, DTM, MultiPASS
Comments : Fax ReDirector - can supports various Messaging Systems

#:25 [?hkdsk.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1240
ThreadCreationTime : 4-29-2005 1:41:39 AM
BasePriority : Normal


ClickSpring Object Recognized!
Type : Process
Data : ?hkdsk.exe
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


Warning! ClickSpring Object found in memory(C:\WINDOWS\System32\?hkdsk.exe)

"C:\WINDOWS\System32\?hkdsk.exe"Process terminated successfully

#:26 [vtodmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1708
ThreadCreationTime : 4-29-2005 1:41:41 AM
BasePriority : Normal


#:27 [nnor.exe]
FilePath : C:\Documents and Settings\user\Application Data\
ProcessID : 1772
ThreadCreationTime : 4-29-2005 1:41:41 AM
BasePriority : Normal


#:28 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3828
ThreadCreationTime : 4-29-2005 2:07:02 AM
BasePriority : Normal
FileVersion : 6.2.0.162
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@oinadserve[2].txt
Category : Data Miner
Comment : Cookie:[email protected]/
Value : Cookie:[email protected]/

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 2



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

Possible Browser Hijack attempt Object Recognized!
Type : File
Data : FREE Access to 800 Paid sites.url
Category : Misc
Comment : Problematic URL discovered: http://getthis4free.com/
Object : C:\Documents and Settings\user\Favorites\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3

10:19:49 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:55.625
Objects scanned:122862
Objects identified:3
Objects ignored:0
New critical objects:3
  • 0

Advertisements

#2
Rawe
Posted 28 April 2005 - 10:35 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Well, first of all, would you please UNinstall your Ad-aware SE, because you have an old build running.
After you have uninstalled,
download&install here the latest one;
Ad-aware SE Install
After installed, read logfile posting instructions and post a fresh Ad-aware log here.

- Rawe :tazz:
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP