Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]ad-aware log (please help me)


  • Please log in to reply

#1
virus kill

virus kill

    New Member

  • Member
  • Pip
  • 7 posts
Hello! I am new to this forum and desperately need help. I am no computer expert, but I will try to explain my problem to you. Everytime I surf the net (for example on Google), I cannot make more than a few clicks before a window appears, saying:

"iexplore.exe has found an error and needs to be shut down". The buttons "Debug", "send damage report" and "send no damage report" are useless, as it will shut down anyway. Everytime.

This is the problem signature:
AppName: iexplore.exe AppVer: 6.0.2900.2180 ModName: kernel32.dll
ModVer: 5.1.2600.2180 Offset: 0001eb33

I would be very pleased if you could help me, and if this Ad-aware SE log proved useful fou you to do this.


AD-AWARE SE log:


Ad-Aware SE Build 1.05
Logfile Created on:Montag, 9. Mai 2005 20:19:02
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 51
File location : C:\Programme\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:37 %
Total physical memory:514124 kb
Available physical memory:186808 kb
Total page file size:1258336 kb
Available on page file:1002120 kb
Total virtual memory:2097024 kb
Available virtual memory:2040204 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


09.05.2005 20:19:02 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 676
ThreadCreationTime : 09.05.2005 16:51:51
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 724
ThreadCreationTime : 09.05.2005 16:51:53
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 748
ThreadCreationTime : 09.05.2005 16:51:53
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 792
ThreadCreationTime : 09.05.2005 16:51:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 804
ThreadCreationTime : 09.05.2005 16:51:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 988
ThreadCreationTime : 09.05.2005 16:51:54
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1056
ThreadCreationTime : 09.05.2005 16:51:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1136
ThreadCreationTime : 09.05.2005 16:51:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1256
ThreadCreationTime : 09.05.2005 16:51:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1308
ThreadCreationTime : 09.05.2005 16:51:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1504
ThreadCreationTime : 09.05.2005 16:51:55
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:12 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1532
ThreadCreationTime : 09.05.2005 16:51:55
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:13 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1540
ThreadCreationTime : 09.05.2005 16:51:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [defwatch.exe]
ModuleName : C:\Programme\NavNT\defwatch.exe
Command Line : C:\Programme\NavNT\defwatch.exe
ProcessID : 1736
ThreadCreationTime : 09.05.2005 16:52:02
BasePriority : Normal
FileVersion : 7.60.00.926
ProductVersion : 7.60.00.926
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:15 [pds.exe]
ModuleName : C:\WINDOWS\system32\cba\pds.exe
Command Line : C:\WINDOWS\system32\cba\pds.exe
ProcessID : 1764
ThreadCreationTime : 09.05.2005 16:52:02
BasePriority : Normal
FileVersion : 6.0.201.1010 E
ProductVersion : 6.0
ProductName : Intel Common Base Agent
CompanyName : Intel Corporation
FileDescription : CBA -- Ping Discovery Service
InternalName : PDS
LegalCopyright : Copyright © 1997, 1998
LegalTrademarks : LANDesk ® is a registered trademark of Intel Corporation
OriginalFilename : PDS.EXE

#:16 [rtvscan.exe]
ModuleName : C:\Programme\NavNT\rtvscan.exe
Command Line : C:\Programme\NavNT\rtvscan.exe
ProcessID : 1792
ThreadCreationTime : 09.05.2005 16:52:02
BasePriority : Normal
FileVersion : 7.60.00.926
ProductVersion : 7.60.00.926
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2000

#:17 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1880
ThreadCreationTime : 09.05.2005 16:52:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:18 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 2004
ThreadCreationTime : 09.05.2005 16:52:05
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:19 [xfr.exe]
ModuleName : C:\WINDOWS\system32\cba\xfr.exe
Command Line : C:\WINDOWS\system32\cba\xfr.exe
ProcessID : 172
ThreadCreationTime : 09.05.2005 16:52:05
BasePriority : Normal
FileVersion : 6.0.201.1010 E
ProductVersion : 6.0
ProductName : Intel Common Base Agent
CompanyName : Intel Corporation
FileDescription : CBA - Message Resource
InternalName : xfrrc
LegalCopyright : Copyright © 1997, 1998
LegalTrademarks : LANDesk ® is a registered trademark of Intel Corporation
OriginalFilename : XFR.EXE

#:20 [msgsys.exe]
ModuleName : C:\WINDOWS\system32\MsgSys.EXE
Command Line : MsgSys.EXE
ProcessID : 256
ThreadCreationTime : 09.05.2005 16:52:05
BasePriority : Normal
FileVersion : 6.0.201.1010 E
ProductVersion : 6.0
ProductName : Intel Common Base Agent
CompanyName : Intel Corporation
FileDescription : CBA -- Message System
InternalName : MsgExe
LegalCopyright : Copyright © 1997, 1998
LegalTrademarks : LANDesk ® is a registered trademark of Intel Corporation
OriginalFilename : MsgSys.EXE

#:21 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1216
ThreadCreationTime : 09.05.2005 16:52:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:22 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1684
ThreadCreationTime : 09.05.2005 16:57:12
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:23 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 588
ThreadCreationTime : 09.05.2005 16:57:14
BasePriority : Normal
FileVersion : 3.0.0.3829
ProductVersion : 7.0.0.3829
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE

#:24 [jusched.exe]
ModuleName : C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
Command Line : "C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe"
ProcessID : 2124
ThreadCreationTime : 09.05.2005 16:57:14
BasePriority : Normal


#:25 [dvdlauncher.exe]
ModuleName : C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe
Command Line : "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe"
ProcessID : 2132
ThreadCreationTime : 09.05.2005 16:57:14
BasePriority : Normal
FileVersion : 3.00.0000
ProductVersion : 3.00.0000
ProductName : Cyberlink PowerCinema 3.0
CompanyName : CyberLink Corp.
FileDescription : CyberLink PowerCinema Resident Program
InternalName : CyberLink PowerCinema Resident Program
LegalCopyright : Copyright © 2003 CyberLink Corp.
OriginalFilename : DVDLauncher.EXE

#:26 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 2140
ThreadCreationTime : 09.05.2005 16:57:15
BasePriority : Normal
FileVersion : 1.04.07b
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions

#:27 [awatch.exe]
ModuleName : C:\Programme\FRITZ!DSL\Awatch.exe
Command Line : "C:\Programme\FRITZ!DSL\Awatch.exe"
ProcessID : 2156
ThreadCreationTime : 09.05.2005 16:57:15
BasePriority : Normal
FileVersion : 3.04.04
ProductVersion : 3.04.04
ProductName : ADSLWatch
CompanyName : AVM Berlin
FileDescription : ADSLWatch
InternalName : ADSLWatch
LegalCopyright : Copyright © AVM Berlin 2000-2003
OriginalFilename : AWatch.EXE

#:28 [dlbkbmgr.exe]
ModuleName : C:\Programme\Dell AIO Printer A920\dlbkbmgr.exe
Command Line : "C:\Programme\Dell AIO Printer A920\dlbkbmgr.exe"
ProcessID : 2164
ThreadCreationTime : 09.05.2005 16:57:15
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Dell Computer Corporation
FileDescription : Dell AIO Printer A920Button Manager
InternalName : dlbkbmgr.exe
OriginalFilename : dlbkbmgr.exe

#:29 [vptray.exe]
ModuleName : C:\Programme\NavNT\vptray.exe
Command Line : "C:\Programme\NavNT\vptray.exe"
ProcessID : 2172
ThreadCreationTime : 09.05.2005 16:57:15
BasePriority : Normal
FileVersion : 7.60.00.926
ProductVersion : 7.60.00.926
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2000

#:30 [camtray.exe]
ModuleName : C:\Programme\Creative\Shared Files\CAMTRAY.EXE
Command Line : "C:\Programme\Creative\Shared Files\CAMTRAY.EXE"
ProcessID : 2180
ThreadCreationTime : 09.05.2005 16:57:15
BasePriority : Normal
FileVersion : 3.4.1.0
ProductVersion : 2.00
ProductName : PC-CAM Center
CompanyName : Creative Technology Ltd
FileDescription : PC-CAM Center Launcher Application
InternalName : PC-CAM Center Launcher Application
LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.
OriginalFilename : CamTray.EXE

#:31 [gcasserv.exe]
ModuleName : C:\Programme\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 2188
ThreadCreationTime : 09.05.2005 16:57:15
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:32 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 2196
ThreadCreationTime : 09.05.2005 16:57:15
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:33 [dad8.exe]
ModuleName : C:\Corel\Suite8\Programs\DAD8.EXE
Command Line : "C:\Corel\Suite8\Programs\DAD8.EXE"
ProcessID : 2224
ThreadCreationTime : 09.05.2005 16:57:16
BasePriority : Normal
FileVersion : 8.0.0.227
ProductVersion : 8.0.0.227
ProductName : Desktop Application Director 8
CompanyName : Corel Corporation Limited
FileDescription : Desktop Application Director 8
InternalName : Dad8
LegalCopyright : Copyright © 1997 Corel Corporation Limited. Alle Rechte vorbehalten.
OriginalFilename : Dad8.exe

#:34 [dlbkbmon.exe]
ModuleName : C:\Programme\Dell AIO Printer A920\dlbkbmon.exe
Command Line : "C:\Programme\Dell AIO Printer A920\dlbkbmon.exe"
ProcessID : 2232
ThreadCreationTime : 09.05.2005 16:57:17
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Dell Computer Corporation
FileDescription : Dell AIO Printer A920Button Monitor
InternalName : dlbkbmon.exe
OriginalFilename : dlbkbmon.exe

#:35 [wzqkpick.exe]
ModuleName : C:\Programme\WinZip\WZQKPICK.EXE
Command Line : "C:\Programme\WinZip\WZQKPICK.EXE"
ProcessID : 2248
ThreadCreationTime : 09.05.2005 16:57:17
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6224)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:36 [gcasdtserv.exe]
ModuleName : C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 2348
ThreadCreationTime : 09.05.2005 16:57:19
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:37 [fritzdsl.exe]
ModuleName : C:\Programme\FRITZ!DSL\FritzDSL.exe
Command Line : "C:\Programme\FRITZ!DSL\FritzDSL.exe"
ProcessID : 1444
ThreadCreationTime : 09.05.2005 18:08:13
BasePriority : Normal
FileVersion : 3.03 / 1.06
ProductVersion : 3.03 / 1.06
ProductName : FRITZ!
CompanyName : AVM Berlin GmbH
FileDescription : FRITZ!web DSL
InternalName : FRITZ!web DSL
LegalCopyright : Copyright © AVM Berlin GmbH
OriginalFilename : FritzDsl.exe
Comments : Starter

#:38 [notepad.exe]
ModuleName : C:\WINDOWS\SYSTEM32\notepad.exe
Command Line : "C:\WINDOWS\SYSTEM32\notepad.exe"
ProcessID : 2012
ThreadCreationTime : 09.05.2005 18:10:40
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Editor
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : NOTEPAD.EXE

#:39 [iexplore.exe]
ModuleName : C:\Programme\Internet Explorer\iexplore.exe
Command Line : "C:\Programme\Internet Explorer\iexplore.exe"
ProcessID : 2928
ThreadCreationTime : 09.05.2005 18:13:20
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : IEXPLORE.EXE

#:40 [ad-aware.exe]
ModuleName : C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3164
ThreadCreationTime : 09.05.2005 18:15:11
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Trusted zone presumably compromised : searchmeup.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchmeup.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmeup.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchmeup.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmeup.com
Value : *
Trusted zone presumably compromised : searchmeup.com

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 2




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

20:32:47 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:45.235
Objects scanned:140975
Objects identified:2
Objects ignored:0
New critical objects:2
  • 0

Advertisements


#2
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest

#:37 [fritzdsl.exe]
ModuleName : C:\Programme\FRITZ!DSL\FritzDSL.exe
Command Line : "C:\Programme\FRITZ!DSL\FritzDSL.exe"
ProcessID : 1444
ThreadCreationTime : 09.05.2005 18:08:13
BasePriority : Normal
FileVersion : 3.03 / 1.06
ProductVersion : 3.03 / 1.06
ProductName : FRITZ!
CompanyName : AVM Berlin GmbH
FileDescription : FRITZ!web DSL
InternalName : FRITZ!web DSL
LegalCopyright : Copyright © AVM Berlin GmbH
OriginalFilename : FritzDsl.exe
Comments : Starter


I am guessing this process is your ADSL (Internet)?
  • 0

#3
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R43 06.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#4
virus kill

virus kill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello!

Yes, you are right, Fritz DSL is my internet connection.

I will do as you said, and then tell you what happened (and if it worked).

Thank you in advance!
  • 0

#5
virus kill

virus kill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello!

I tried as best as I could to do as you told me, but was unable to execute the following lines:

---------------------------------------------------------------------------------------------
Please run Ad-Aware SE from the command lines in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below.

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
---------------------------------------------------------------------------------------------

I opened the Ad-Aware SE program on safety mode, after I had run CCleaner, and clicked "Start", but I was unable to select "Run" and enter the text.

Where do I do that?

Kind regards,
Nick
  • 0

#6
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Do your properties allow you to show run?

Try right clicking on the start menu to get the properties....

Another option is to try short key:

Windows Key + R


Keep us updated
  • 0

#7
virus kill

virus kill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello!

I just wanted to check that it is alright, when only the old versions of CCleaner and Ad-Aware SE are available on safety mode. Install Wizard always re-installs them, so that SE1R43 06.05.2005 version is not available, as I am then not connected to the Internet.

Is this as it is supposed to be? The rest is working fine.... "Run" is also working, thanks to you.


Another thing:
The error report "iexplore.exe has found an error and needs to be shut down" occurs more frequently now, almost every minute. Since everything is lost then, I always need to try again and again.

I can barely manage to reach this site to post my questions, but I will do my best as to keep you informed.

Thank you,
Nick
  • 0

#8
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP