Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]Help with Ad-Aware log[RESOLVED]


  • This topic is locked This topic is locked

#1
dosboot

dosboot

    Member

  • Member
  • PipPip
  • 27 posts
I can't seem to get rid of some nasty programs on my computer. They are causing pop ups whenever a new page loads (and who knows what else). Ad-aware found a bunch of stuff so I thought it would fix it but it just seemed to come right back.

Ad-aware log:

Ad-Aware SE Build 1.05
Logfile Created on:Sunday, May 01, 2005 12:56:36 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):2 total references
Rads01.Quadrogram(TAC index:6):1 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:54 %
Total physical memory:523276 kb
Available physical memory:280252 kb
Total page file size:754732 kb
Available on page file:552572 kb
Total virtual memory:2097024 kb
Available virtual memory:2047120 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-1-2005 12:56:36 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 452
ThreadCreationTime : 5-1-2005 5:27:05 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 508
ThreadCreationTime : 5-1-2005 5:27:07 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 532
ThreadCreationTime : 5-1-2005 5:27:08 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 576
ThreadCreationTime : 5-1-2005 5:27:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 588
ThreadCreationTime : 5-1-2005 5:27:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 732
ThreadCreationTime : 5-1-2005 5:27:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 788
ThreadCreationTime : 5-1-2005 5:27:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 828
ThreadCreationTime : 5-1-2005 5:27:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 900
ThreadCreationTime : 5-1-2005 5:27:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 960
ThreadCreationTime : 5-1-2005 5:27:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1052
ThreadCreationTime : 5-1-2005 5:27:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1176
ThreadCreationTime : 5-1-2005 5:27:10 AM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:13 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1200
ThreadCreationTime : 5-1-2005 5:27:10 AM
BasePriority : Normal
FileVersion : 6.13.10.2911
ProductVersion : 6.13.10.2911
ProductName : NVIDIA Driver Helper Service, Version 29.11
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 29.11
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:14 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
ProcessID : 1364
ThreadCreationTime : 5-1-2005 5:27:10 AM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:15 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1532
ThreadCreationTime : 5-1-2005 5:27:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:16 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 376
ThreadCreationTime : 5-1-2005 5:28:27 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:17 [bcmsmmsg.exe]
ModuleName : C:\WINDOWS\BCMSMMSG.exe
Command Line : "C:\WINDOWS\BCMSMMSG.exe"
ProcessID : 484
ThreadCreationTime : 5-1-2005 5:28:29 AM
BasePriority : Normal
FileVersion : 3.5.25 08/27/2003 20:04:35
ProductVersion : 3.5.25 08/27/2003 20:04:35
ProductName : BCM Modem Messaging Applet
CompanyName : Broadcom Corporation
FileDescription : Modem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Broadcom Corporation 1998-2000
OriginalFilename : smdmstat.exe

#:18 [navapw32.exe]
ModuleName : C:\PROGRA~1\NORTON~1\navapw32.exe
Command Line : "C:\PROGRA~1\NORTON~1\navapw32.exe"
ProcessID : 492
ThreadCreationTime : 5-1-2005 5:28:29 AM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE

#:19 [damon.exe]
ModuleName : C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
Command Line : "C:\Program Files\Dell\Support\Alert\bin\DAMon.exe"
ProcessID : 552
ThreadCreationTime : 5-1-2005 5:28:30 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 1
ProductName : MessageApp Application
FileDescription : MessageApp MFC Application
InternalName : MessageApp
LegalCopyright : Copyright © 2001
OriginalFilename : MessageApp.EXE

#:20 [hpztsb10.exe]
ModuleName : C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
Command Line : "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe"
ProcessID : 700
ThreadCreationTime : 5-1-2005 5:28:30 AM
BasePriority : Normal
FileVersion : 2.323.0.0
ProductVersion : 2.323.0.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2004

#:21 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 864
ThreadCreationTime : 5-1-2005 5:28:31 AM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe

#:22 [rvmpnp.exe]
ModuleName : C:\WINDOWS\system32\rvmpnp.exe
Command Line : "C:\WINDOWS\system32\rvmpnp.exe"
ProcessID : 1000
ThreadCreationTime : 5-1-2005 5:28:31 AM
BasePriority : Normal


#:23 [dlg.exe]
ModuleName : C:\Program Files\Digital Line Detect\DLG.exe
Command Line : "C:\Program Files\Digital Line Detect\DLG.exe"
ProcessID : 1516
ThreadCreationTime : 5-1-2005 5:28:32 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2001
OriginalFilename : TestLine.exe

#:24 [msn.exe]
ModuleName : C:\Program Files\MSN\MSNCoreFiles\msn.exe
Command Line : "C:\Program Files\MSN\MSNCoreFiles\msn.exe"
ProcessID : 180
ThreadCreationTime : 5-1-2005 5:41:27 AM
BasePriority : Normal
FileVersion : 9.10.0011.1703
ProductVersion : 9.10.0011.1703
ProductName : Microsoft® MSN ® Communications System
CompanyName : Microsoft Corporation
FileDescription : msn
InternalName : msn
LegalCopyright : Copyright © Microsoft Corp. 1981-2003
OriginalFilename : msn.exe

#:25 [logonmgr.exe]
ModuleName : C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
Command Line : "C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe" -Embedding
ProcessID : 860
ThreadCreationTime : 5-1-2005 5:41:29 AM
BasePriority : Normal
FileVersion : 2.0.0160.0
ProductVersion : 2.0.0160.0
ProductName : MSN® Internet Access
CompanyName : Microsoft Corporation.
FileDescription : MSN® Internet Access
InternalName : logonmgr.dll
LegalCopyright : Copyright © 1995-2004 Microsoft Corporation.
OriginalFilename : logonmgr.dll

#:26 [msncc.exe]
ModuleName : C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
Command Line : "C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe" -Embedding
ProcessID : 920
ThreadCreationTime : 5-1-2005 5:41:29 AM
BasePriority : Normal
FileVersion : 2.0.0160.0
ProductVersion : 2.0.0160.0
ProductName : MSN® Connection Center
CompanyName : Microsoft Corporation
FileDescription : MSN® Connection Center
InternalName : msncc.exe
LegalCopyright : Copyright © 1995-2004 Microsoft Corporation. All rights reserved.
OriginalFilename : msncc.exe

#:27 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe" -Embedding
ProcessID : 2164
ThreadCreationTime : 5-1-2005 5:42:00 AM
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:28 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2836
ThreadCreationTime : 5-1-2005 5:55:51 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : omar abuzzahab@z1.adserver[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:omar abuzzahab@z1.adserver.com/
Expires : 5-1-2006 12:45:02 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : omar abuzzahab@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:omar abuzzahab@atdmt.com/
Expires : 4-29-2010 7:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BargainBuddy Object Recognized!
Type : File
Data : A0074473.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP879\
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0


BargainBuddy Object Recognized!
Type : File
Data : A0074474.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP879\



Rads01.Quadrogram Object Recognized!
Type : File
Data : A0074475.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP879\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 5




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

1:14:05 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:17:28.843
Objects scanned:322094
Objects identified:5
Objects ignored:0
New critical objects:5
  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Welcome! ;)

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R42 28.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to help in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to each "target family" you wish to remove. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0

#3
dosboot

dosboot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
The final scan turned up no objects found, so there is no logfile to report. I haven't got any pop ups when returning to this page. Hopefully it's fixed, but I can't say for sure yet.

There were some files in my temporary internet files folder (and also in the "default users" temporary internet files folder) that weren't deleted by Ccleaner. They were in the subfolder "Content.IE5". One was a ~800k file called index.dat. I didn't delete it because it looked important and when I opened it with notepad I got a warning about editing this file. There were also three folders within the Content.IE5 folder that each contained a single 0k file with the following names: "search[1].", "groups[1].", and "images[1].". Trying to delete these gave me the message "Cannot delete file: cannot read from the source file or disk".

Other than that, everything went ok. Thanks!

edit: fixed typos

edit2:

It looks like the pop ups are still there. When I went to google I got the same type of pop up that I was getting before (something like "tickle, how smart are you"). It seems like they are less frequent than before but nonetheless still present.

Edited by dosboot, 01 May 2005 - 04:13 PM.

  • 0

#4
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Could you please post your latest scanlog ;)
I'll take a look and say if it is clean.
I'm certainly glad if it is.

- Rawe :tazz:
  • 0

#5
dosboot

dosboot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
How does one obtain a scan log for a scan that produces zero critical objects? I recall that the button that usually says 'Next' said 'Finish', so if there was a way to view the log I must have missed it.

I did a full system scan just now and did receive 1 critical object. The scan log is below. Will this scan log be good enough or shall I go through the above steps again and get the log for the 'clean' scan? (and if so, how?)


Ad-Aware SE Build 1.05
Logfile Created on:Monday, May 02, 2005 7:43:54 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:47 %
Total physical memory:523276 kb
Available physical memory:245080 kb
Total page file size:754732 kb
Available on page file:533728 kb
Total virtual memory:2097024 kb
Available virtual memory:2047244 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-2-2005 7:43:54 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 452
ThreadCreationTime : 5-1-2005 9:09:40 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 508
ThreadCreationTime : 5-1-2005 9:09:41 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 532
ThreadCreationTime : 5-1-2005 9:09:42 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 576
ThreadCreationTime : 5-1-2005 9:09:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 588
ThreadCreationTime : 5-1-2005 9:09:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 728
ThreadCreationTime : 5-1-2005 9:09:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 788
ThreadCreationTime : 5-1-2005 9:09:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 828
ThreadCreationTime : 5-1-2005 9:09:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 896
ThreadCreationTime : 5-1-2005 9:09:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 960
ThreadCreationTime : 5-1-2005 9:09:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1052
ThreadCreationTime : 5-1-2005 9:09:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1172
ThreadCreationTime : 5-1-2005 9:09:44 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:13 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1204
ThreadCreationTime : 5-1-2005 9:09:44 PM
BasePriority : Normal
FileVersion : 6.13.10.2911
ProductVersion : 6.13.10.2911
ProductName : NVIDIA Driver Helper Service, Version 29.11
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 29.11
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:14 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
ProcessID : 1356
ThreadCreationTime : 5-1-2005 9:09:44 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:15 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1536
ThreadCreationTime : 5-1-2005 9:09:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:16 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1920
ThreadCreationTime : 5-1-2005 9:09:49 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:17 [bcmsmmsg.exe]
ModuleName : C:\WINDOWS\BCMSMMSG.exe
Command Line : "C:\WINDOWS\BCMSMMSG.exe"
ProcessID : 164
ThreadCreationTime : 5-1-2005 9:09:54 PM
BasePriority : Normal
FileVersion : 3.5.25 08/27/2003 20:04:35
ProductVersion : 3.5.25 08/27/2003 20:04:35
ProductName : BCM Modem Messaging Applet
CompanyName : Broadcom Corporation
FileDescription : Modem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Broadcom Corporation 1998-2000
OriginalFilename : smdmstat.exe

#:18 [navapw32.exe]
ModuleName : C:\PROGRA~1\NORTON~1\navapw32.exe
Command Line : "C:\PROGRA~1\NORTON~1\navapw32.exe"
ProcessID : 188
ThreadCreationTime : 5-1-2005 9:09:54 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE

#:19 [damon.exe]
ModuleName : C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
Command Line : "C:\Program Files\Dell\Support\Alert\bin\DAMon.exe"
ProcessID : 176
ThreadCreationTime : 5-1-2005 9:09:55 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 1
ProductName : MessageApp Application
FileDescription : MessageApp MFC Application
InternalName : MessageApp
LegalCopyright : Copyright © 2001
OriginalFilename : MessageApp.EXE

#:20 [hpztsb10.exe]
ModuleName : C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
Command Line : "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe"
ProcessID : 208
ThreadCreationTime : 5-1-2005 9:09:55 PM
BasePriority : Normal
FileVersion : 2.323.0.0
ProductVersion : 2.323.0.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2004

#:21 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 360
ThreadCreationTime : 5-1-2005 9:09:56 PM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe

#:22 [rvmpnp.exe]
ModuleName : C:\WINDOWS\system32\rvmpnp.exe
Command Line : "C:\WINDOWS\system32\rvmpnp.exe"
ProcessID : 408
ThreadCreationTime : 5-1-2005 9:09:56 PM
BasePriority : Normal


#:23 [dlg.exe]
ModuleName : C:\Program Files\Digital Line Detect\DLG.exe
Command Line : "C:\Program Files\Digital Line Detect\DLG.exe"
ProcessID : 424
ThreadCreationTime : 5-1-2005 9:09:57 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2001
OriginalFilename : TestLine.exe

#:24 [logonmgr.exe]
ModuleName : C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
Command Line : "C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe" -Embedding
ProcessID : 908
ThreadCreationTime : 5-1-2005 9:30:09 PM
BasePriority : Normal
FileVersion : 2.0.0160.0
ProductVersion : 2.0.0160.0
ProductName : MSN® Internet Access
CompanyName : Microsoft Corporation.
FileDescription : MSN® Internet Access
InternalName : logonmgr.dll
LegalCopyright : Copyright © 1995-2004 Microsoft Corporation.
OriginalFilename : logonmgr.dll

#:25 [msncc.exe]
ModuleName : C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
Command Line : "C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe" -Embedding
ProcessID : 2528
ThreadCreationTime : 5-1-2005 9:50:34 PM
BasePriority : Normal
FileVersion : 2.0.0160.0
ProductVersion : 2.0.0160.0
ProductName : MSN® Connection Center
CompanyName : Microsoft Corporation
FileDescription : MSN® Connection Center
InternalName : msncc.exe
LegalCopyright : Copyright © 1995-2004 Microsoft Corporation. All rights reserved.
OriginalFilename : msncc.exe

#:26 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe" -Embedding
ProcessID : 2892
ThreadCreationTime : 5-1-2005 9:51:02 PM
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:27 [msn.exe]
ModuleName : C:\Program Files\MSN\MSNCoreFiles\msn.exe
Command Line : "C:\Program Files\MSN\MSNCoreFiles\msn.exe"
ProcessID : 1336
ThreadCreationTime : 5-3-2005 12:39:41 AM
BasePriority : Normal
FileVersion : 9.10.0011.1703
ProductVersion : 9.10.0011.1703
ProductName : Microsoft® MSN ® Communications System
CompanyName : Microsoft Corporation
FileDescription : msn
InternalName : msn
LegalCopyright : Copyright © Microsoft Corp. 1981-2003
OriginalFilename : msn.exe

#:28 [msnaccel.exe]
ModuleName : C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exe
Command Line : "C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exe"
ProcessID : 1436
ThreadCreationTime : 5-3-2005 12:40:28 AM
BasePriority : Normal
FileVersion : 2.5.317.2
ProductVersion : 2.5.0.0
ProductName : AcceleNet
CompanyName : Intelligent Compression Technologies (ICT)
FileDescription : ClientSideProxy.exe
LegalCopyright : Copyright © 2001-2002
OriginalFilename : ClientSideProxy.exe

#:29 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[33c]SUSDSa29edd82f8ab484dbd07f6feec3d8b65
ProcessID : 2428
ThreadCreationTime : 5-3-2005 12:40:54 AM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:30 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2860
ThreadCreationTime : 5-3-2005 12:43:33 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : omar abuzzahab@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:omar abuzzahab@atdmt.com/
Expires : 5-1-2010 7:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 1




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

8:01:09 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:17:15.94
Objects scanned:322003
Objects identified:1
Objects ignored:0
New critical objects:1
  • 0

#6
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Actually, your logfile is clean.
Tracking cookies aren't a threat, and always safe to remove.
If you wish to do so, just go to "Scan summary" - tab, and select any objects for removal. Click next, click ok.
Do you have problems still?

- Rawe :tazz:
  • 0

#7
dosboot

dosboot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Yes, I'm still experiencing these pop ups when webpages load. What should I do?
  • 0

#8
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello again..
Sorry for the late answer, I'm kinda busy. ;)
Try these online virus scans here;
- Panda Activescan
- Trend Micro

Post the results here.

- Rawe :tazz:
  • 0

#9
dosboot

dosboot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is the panda one. Looks like it found infections. Strange since my norton anti-virus gave me an okay scan recently. Also strange is while the panda scan was running, my norton alerted to me to some trojan. Not sure why it would just notice it then. Should I run the other scan too?


Incident Status Location

Adware:Adware/QoolShown No disinfected C:\WINDOWS\system32\pthigis.dll
Virus:Trj/Clicker.CY Disinfected Operating system
Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\system32\cd_clint.dll
Adware:Adware/SaveNow No disinfected C:\WINDOWS\Downloaded Program Files\WUInst.inf
Spyware:Spyware/BargainBuddy No disinfected Windows Registry
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\HDPlugin10??.dll
Adware:Adware/MyWay No disinfected Windows Registry
Adware:Adware/ClkOptimizer No disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dnpk.exe
Adware:Adware/BrilliantDigitalNo disinfected C:\Documents and Settings\Omar Abuzzahab\My Documents\Winzip\kazaausz\bdcore.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\HDPlugin1015.dll
Adware:Adware/SaveNow No disinfected C:\WINDOWS\Downloaded Program Files\WUInst.inf
Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\pss\dnpk.exeCommon Startup
Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\SYSTEM32\cd_clint.dll
Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\SYSTEM32\napka.dll
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking v123.cpl
Adware:Adware/QoolShown No disinfected C:\WINDOWS\SYSTEM32\pthigis.dll
Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\SYSTEM32\qpbav.dat
Virus:W32/Spybot.QV.worm Disinfected C:\WINDOWS\SYSTEM32\rvmpnp.exe
Virus:Trj/Clicker.CY Disinfected C:\WINDOWS\SYSTEM32\winup2date.dll
Adware:Adware/PortalScan No disinfected C:\WINDOWS\SYSTEM32\winupdt.008
Adware:Adware/PortalScan No disinfected C:\WINDOWS\SYSTEM32\winupdt.bin
  • 0

#10
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Yes, try Trend Micro too..
Post the results here..

- Rawe :tazz:
  • 0

Advertisements


#11
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please could you post your latest full system logfile

Thanks
  • 0

#12
dosboot

dosboot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I couldn't find a "save log life" option with the trend micro scan, so here is a typed copy of the Trend micro scan results:


(Virus....Filename)

TROJ_AGENT.RV (1) C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP868\A0064167.exe

TSPY_DLOADER.DH (1) C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP868\A0064171.exe

TROJ_CLICKER.AD (1) C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP868\A0064190.dll

TROJ_QLOGIC.A (1) C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP868\A0076019.exe

I'm presuming it is okay to have it "clean and rescan"?
  • 0

#13
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Thanks for that information,

There is a method of cleaning your viruses out,

Though first, i would like to see your latest Ad-aware logfile,

Thanks :tazz:
  • 0

#14
dosboot

dosboot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is my current ad-aware log. As you requested I didn't have trend micro do a "clean and rescan" but I kept the applet window open if you want me to do it now.

Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 05, 2005 6:46:30 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:20 %
Total physical memory:523276 kb
Available physical memory:103000 kb
Total page file size:754732 kb
Available on page file:292240 kb
Total virtual memory:2097024 kb
Available virtual memory:2047256 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-5-2005 6:46:30 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 452
ThreadCreationTime : 5-5-2005 1:35:43 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 512
ThreadCreationTime : 5-5-2005 1:35:45 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 536
ThreadCreationTime : 5-5-2005 1:35:46 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 580
ThreadCreationTime : 5-5-2005 1:35:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 592
ThreadCreationTime : 5-5-2005 1:35:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 732
ThreadCreationTime : 5-5-2005 1:35:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 792
ThreadCreationTime : 5-5-2005 1:35:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 832
ThreadCreationTime : 5-5-2005 1:35:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 900
ThreadCreationTime : 5-5-2005 1:35:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 960
ThreadCreationTime : 5-5-2005 1:35:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1056
ThreadCreationTime : 5-5-2005 1:35:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1184
ThreadCreationTime : 5-5-2005 1:35:48 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:13 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1208
ThreadCreationTime : 5-5-2005 1:35:48 PM
BasePriority : Normal
FileVersion : 6.13.10.2911
ProductVersion : 6.13.10.2911
ProductName : NVIDIA Driver Helper Service, Version 29.11
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 29.11
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:14 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
ProcessID : 1352
ThreadCreationTime : 5-5-2005 1:35:48 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:15 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1544
ThreadCreationTime : 5-5-2005 1:35:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:16 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1892
ThreadCreationTime : 5-5-2005 1:35:52 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:17 [bcmsmmsg.exe]
ModuleName : C:\WINDOWS\BCMSMMSG.exe
Command Line : "C:\WINDOWS\BCMSMMSG.exe"
ProcessID : 172
ThreadCreationTime : 5-5-2005 1:35:56 PM
BasePriority : Normal
FileVersion : 3.5.25 08/27/2003 20:04:35
ProductVersion : 3.5.25 08/27/2003 20:04:35
ProductName : BCM Modem Messaging Applet
CompanyName : Broadcom Corporation
FileDescription : Modem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Broadcom Corporation 1998-2000
OriginalFilename : smdmstat.exe

#:18 [navapw32.exe]
ModuleName : C:\PROGRA~1\NORTON~1\navapw32.exe
Command Line : "C:\PROGRA~1\NORTON~1\navapw32.exe"
ProcessID : 176
ThreadCreationTime : 5-5-2005 1:35:57 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE

#:19 [damon.exe]
ModuleName : C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
Command Line : "C:\Program Files\Dell\Support\Alert\bin\DAMon.exe"
ProcessID : 208
ThreadCreationTime : 5-5-2005 1:35:57 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 1
ProductName : MessageApp Application
FileDescription : MessageApp MFC Application
InternalName : MessageApp
LegalCopyright : Copyright © 2001
OriginalFilename : MessageApp.EXE

#:20 [hpztsb10.exe]
ModuleName : C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
Command Line : "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe"
ProcessID : 232
ThreadCreationTime : 5-5-2005 1:35:57 PM
BasePriority : Normal
FileVersion : 2.323.0.0
ProductVersion : 2.323.0.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2004

#:21 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 260
ThreadCreationTime : 5-5-2005 1:35:58 PM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe

#:22 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 400
ThreadCreationTime : 5-5-2005 1:35:59 PM
BasePriority : Normal


#:23 [dlg.exe]
ModuleName : C:\Program Files\Digital Line Detect\DLG.exe
Command Line : "C:\Program Files\Digital Line Detect\DLG.exe"
ProcessID : 480
ThreadCreationTime : 5-5-2005 1:36:00 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2001
OriginalFilename : TestLine.exe

#:24 [dnpk.exe]
ModuleName : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dnpk.exe
Command Line : "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dnpk.exe"
ProcessID : 496
ThreadCreationTime : 5-5-2005 1:36:00 PM
BasePriority : Normal


#:25 [msn.exe]
ModuleName : C:\Program Files\MSN\MSNCoreFiles\msn.exe
Command Line : "C:\Program Files\MSN\MSNCoreFiles\msn.exe"
ProcessID : 1740
ThreadCreationTime : 5-5-2005 1:36:11 PM
BasePriority : Normal
FileVersion : 9.10.0011.1703
ProductVersion : 9.10.0011.1703
ProductName : Microsoft® MSN ® Communications System
CompanyName : Microsoft Corporation
FileDescription : msn
InternalName : msn
LegalCopyright : Copyright © Microsoft Corp. 1981-2003
OriginalFilename : msn.exe

#:26 [logonmgr.exe]
ModuleName : C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
Command Line : "C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe" -Embedding
ProcessID : 1780
ThreadCreationTime : 5-5-2005 1:36:13 PM
BasePriority : Normal
FileVersion : 2.0.0160.0
ProductVersion : 2.0.0160.0
ProductName : MSN® Internet Access
CompanyName : Microsoft Corporation.
FileDescription : MSN® Internet Access
InternalName : logonmgr.dll
LegalCopyright : Copyright © 1995-2004 Microsoft Corporation.
OriginalFilename : logonmgr.dll

#:27 [msncc.exe]
ModuleName : C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
Command Line : "C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe" -Embedding
ProcessID : 680
ThreadCreationTime : 5-5-2005 1:36:13 PM
BasePriority : Normal
FileVersion : 2.0.0160.0
ProductVersion : 2.0.0160.0
ProductName : MSN® Connection Center
CompanyName : Microsoft Corporation
FileDescription : MSN® Connection Center
InternalName : msncc.exe
LegalCopyright : Copyright © 1995-2004 Microsoft Corporation. All rights reserved.
OriginalFilename : msncc.exe

#:28 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe" -Embedding
ProcessID : 2408
ThreadCreationTime : 5-5-2005 1:36:46 PM
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:29 [firefox.exe]
ModuleName : C:\Program Files\Firefox\firefox.exe
Command Line : "C:\Program Files\Firefox\firefox.exe"
ProcessID : 2492
ThreadCreationTime : 5-5-2005 1:36:55 PM
BasePriority : Normal


#:30 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 3084
ThreadCreationTime : 5-5-2005 1:40:25 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:31 [msnaccel.exe]
ModuleName : C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exe
Command Line : "C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exe"
ProcessID : 3388
ThreadCreationTime : 5-5-2005 7:45:12 PM
BasePriority : Normal
FileVersion : 2.5.317.2
ProductVersion : 2.5.0.0
ProductName : AcceleNet
CompanyName : Intelligent Compression Technologies (ICT)
FileDescription : ClientSideProxy.exe
LegalCopyright : Copyright © 2001-2002
OriginalFilename : ClientSideProxy.exe

#:32 [java.exe]
ModuleName : C:\PROGRA~1\Java\JRE15~1.0_0\bin\java.exe
Command Line : "C:\PROGRA~1\Java\JRE15~1.0_0\bin\java.exe" -jar "C:\Documents and Settings\Omar Abuzzahab\.housecall/housecall-client.jar"
ProcessID : 3656
ThreadCreationTime : 5-5-2005 7:49:01 PM
BasePriority : Normal


#:33 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3888
ThreadCreationTime : 5-5-2005 11:46:20 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : omar abuzzahab@zedo[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:omar abuzzahab@zedo.com/
Expires : 5-3-2015 9:31:06 AM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : omar abuzzahab@atdmt[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:omar abuzzahab@atdmt.com/
Expires : 5-3-2010 7:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : omar abuzzahab@servedby.advertising[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:omar abuzzahab@servedby.advertising.com/
Expires : 6-3-2005 7:35:36 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : omar abuzzahab@tickle[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:omar abuzzahab@tickle.com/
Expires : 5-5-2007 8:45:12 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : omar abuzzahab@advertising[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:omar abuzzahab@advertising.com/
Expires : 5-3-2010 7:35:36 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 5



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 5




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

7:06:13 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:19:43.453
Objects scanned:317406
Objects identified:5
Objects ignored:0
New critical objects:5
  • 0

#15
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest

#:24 [dnpk.exe]
ModuleName : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dnpk.exe
Command Line : "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dnpk.exe"
ProcessID : 496
ThreadCreationTime : 5-5-2005 1:36:00 PM
BasePriority : Normal


Do you know what this process is?

Please update your definition file, there has been a release today :tazz:

Thanks
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP