Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred]adaware log

Started by kchobart , May 10 2005 08:59 AM

  • Please log in to reply

#1
kchobart
Posted 10 May 2005 - 08:59 AM

kchobart

    New Member

  • Member
  • Pip
  • 5 posts
I've been getting dr watrson postmortem debugger problem errors. I am following the instructions I've found under other topics to have the adaware log checked. Please help me with this. Thanks.

Attached Files


  • 0

Advertisements

#2
Guest_Andy_veal_*
Posted 10 May 2005 - 10:46 AM

Guest_Andy_veal_*
  • Guest
In order to assist you, we need to see the log from an Ad-Aware SE 1.05 full system scan.

Important Note! Before performing a scan, be sure that you have the most recent definitions file by using WebUpdate. (Click on the Globe icon, Click connect, Click OK, Click Finish.) At this current point * SE1R43 06.05.2005 * is the most recent definition file.

Ad-Aware SE comes preconfigured with default options so we need you to make only one change. Please deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Select "Perform Full System Scan" and press "Next". When the scan has completed, click "Show Logfile".

Please copy/paste the complete log file here using the reply button. Don't quarantine or remove anything at this time, just post a complete logfile. This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.

When you have posted your log here, Team Lavasoft can advise on what to do next.

Please post back if you have any questions or other problems.

Good luck

Andy
  • 0

#3
kchobart
Posted 10 May 2005 - 11:23 AM

kchobart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here are the results of the full system scan:

Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 10, 2005 12:55:27 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ClickSpring(TAC index:6):2 total references
SecondThought(TAC index:4):1 total references
Tracking Cookie(TAC index:3):6 total references
VX2(TAC index:10):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 51
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:25 %
Total physical memory:261288 kb
Available physical memory:63888 kb
Total page file size:632032 kb
Available on page file:448916 kb
Total virtual memory:2097024 kb
Available virtual memory:2043468 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-10-2005 12:55:27 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 292
ThreadCreationTime : 5-10-2005 4:14:55 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThre
ProcessID : 348
ThreadCreationTime : 5-10-2005 4:15:03 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 372
ThreadCreationTime : 5-10-2005 4:15:05 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 416
ThreadCreationTime : 5-10-2005 4:15:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 428
ThreadCreationTime : 5-10-2005 4:15:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k DcomLaunch
ProcessID : 580
ThreadCreationTime : 5-10-2005 4:15:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 632
ThreadCreationTime : 5-10-2005 4:15:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k NetworkService
ProcessID : 760
ThreadCreationTime : 5-10-2005 4:15:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k LocalService
ProcessID : 812
ThreadCreationTime : 5-10-2005 4:15:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
ModuleName : C:\WINNT\system32\LEXBCES.EXE
Command Line : C:\WINNT\system32\LEXBCES.EXE
ProcessID : 908
ThreadCreationTime : 5-10-2005 4:15:17 PM
BasePriority : Normal
FileVersion : 5,12,00,00
ProductVersion : 5,12,00,00
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2000 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [lexpps.exe]
ModuleName : C:\WINNT\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 944
ThreadCreationTime : 5-10-2005 4:15:17 PM
BasePriority : Normal
FileVersion : 5,12,00,00
ProductVersion : 5,12,00,00
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2000 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:12 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 948
ThreadCreationTime : 5-10-2005 4:15:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [netblockademonitor.exe]
ModuleName : C:\Program Files\Aladdin Systems\Internet Cleanup\NetBlockadeMonitor.exe
Command Line : "C:\Program Files\Aladdin Systems\Internet Cleanup\NetBlockadeMonitor.exe"
ProcessID : 1324
ThreadCreationTime : 5-10-2005 4:15:31 PM
BasePriority : Normal


#:14 [vptray.exe]
ModuleName : C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
Command Line : "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe"
ProcessID : 1332
ThreadCreationTime : 5-10-2005 4:15:32 PM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:15 [evntsvc.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe" -osboot
ProcessID : 1340
ThreadCreationTime : 5-10-2005 4:15:32 PM
BasePriority : Normal
FileVersion : 0.1.0.880
ProductVersion : 0.1.0.880
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : evntsvc.EXE

#:16 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 1372
ThreadCreationTime : 5-10-2005 4:15:33 PM
BasePriority : Normal


#:17 [rippopups.exe]
ModuleName : C:\Program Files\RIPPopUps\RIPPopUps.exe
Command Line : "C:\Program Files\RIPPopUps\RIPPopUps.exe"
ProcessID : 1412
ThreadCreationTime : 5-10-2005 4:15:33 PM
BasePriority : Normal


#:18 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1420
ThreadCreationTime : 5-10-2005 4:15:34 PM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:19 [pdesk.exe]
ModuleName : C:\WINNT\System32\PDesk.exe
Command Line : "C:\WINNT\System32\PDesk.exe" /Autolaunch
ProcessID : 1580
ThreadCreationTime : 5-10-2005 4:15:36 PM
BasePriority : Normal
FileVersion : 6.03.025
ProductVersion : 6.03.025
ProductName : Matrox PDesk
CompanyName : Matrox Graphics Inc.
FileDescription : PDesk
InternalName : PDesk
LegalCopyright : Copyright © 1998
OriginalFilename : PDesk.exe

#:20 [lxsupmon.exe]
ModuleName : C:\WINNT\System32\LXSUPMON.EXE
Command Line : "C:\WINNT\System32\LXSUPMON.EXE" RUN
ProcessID : 1636
ThreadCreationTime : 5-10-2005 4:15:37 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Lexmark Supplies Monitor
CompanyName : Lexmark
FileDescription : Supplies Monitor
InternalName : LXSUPMON
LegalCopyright : Copyright © 2000
OriginalFilename : LXSUPMON.RC

#:21 [pssvc.exe]
ModuleName : C:\WINNT\System32\PSSVC.EXE
Command Line : C:\WINNT\System32\PSSVC.EXE
ProcessID : 1644
ThreadCreationTime : 5-10-2005 4:15:37 PM
BasePriority : Normal
FileVersion : 2.0
ProductName : Dell AutoShutdown/ThermalShutdown Service
CompanyName : Dell Computer Corporation
FileDescription : AutoShutdown/ThermalShutdown Service for Windows NT and Windows 95/98
InternalName : PSSVC
LegalCopyright : Copyright © 1996, 1999 Dell Computer Corporation
OriginalFilename : PSSVC.EXE

#:22 [logi_mwx.exe]
ModuleName : C:\WINNT\Logi_MwX.Exe
Command Line : "C:\WINNT\Logi_MwX.Exe"
ProcessID : 1652
ThreadCreationTime : 5-10-2005 4:15:37 PM
BasePriority : Normal
FileVersion : 9.79.024
ProductVersion : 9.79.024
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Launcher Application
InternalName : Logi_MWX
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Logi_MWX.exe
Comments : Created by the MouseWare team

#:23 [hpnra.exe]
ModuleName : C:\WINNT\system32\hpnra.exe
Command Line : "C:\WINNT\system32\hpnra.exe"
ProcessID : 1748
ThreadCreationTime : 5-10-2005 4:15:40 PM
BasePriority : Normal
FileVersion : 5.0.41.5
ProductVersion : 5.0.41.5
ProductName : HPNRA
CompanyName : Hewlett-Packard
FileDescription : Hewlett-Packard Network Registry Agent
InternalName : HPNRA
LegalCopyright : Copyright © 1993-2000 Hewlett-Packard Company
LegalTrademarks : All Rights Reserved.
OriginalFilename : HPNRA

#:24 [defwatch.exe]
ModuleName : C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
Command Line : C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
ProcessID : 1768
ThreadCreationTime : 5-10-2005 4:15:41 PM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:25 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
ProcessID : 1816
ThreadCreationTime : 5-10-2005 4:15:42 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:26 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 1820
ThreadCreationTime : 5-10-2005 4:15:43 PM
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:27 [money express.exe]
ModuleName : C:\Program Files\Microsoft Money\System\Money Express.exe
Command Line : "C:\Program Files\Microsoft Money\System\Money Express.exe"
ProcessID : 1868
ThreadCreationTime : 5-10-2005 4:15:45 PM
BasePriority : Normal
FileVersion : 9.00.0715
ProductVersion : 9.00.0715
ProductName : Microsoft Money
CompanyName : Microsoft Corporation
FileDescription : Microsoft Money Express
InternalName : MoneyExpress
LegalCopyright : Copyright © Microsoft Corp. 1990-2000. All rights reserved.
OriginalFilename : MoneyExpress.EXE

#:28 [ewidoguard.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoguard.exe
Command Line : n/a
ProcessID : 1872
ThreadCreationTime : 5-10-2005 4:15:46 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:29 [tsbs.exe]
ModuleName : C:\Documents and Settings\peter.APOSTLES2\Application Data\tsbs.exe
Command Line : "C:\Documents and Settings\peter.APOSTLES2\Application Data\tsbs.exe"
ProcessID : 1892
ThreadCreationTime : 5-10-2005 4:15:46 PM
BasePriority : Normal


#:30 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe"
ProcessID : 2032
ThreadCreationTime : 5-10-2005 4:15:54 PM
BasePriority : Normal
FileVersion : 6.0.0.2003051500
ProductVersion : 6.0.0.0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe

#:31 [mgabg.exe]
ModuleName : C:\WINNT\System32\mgabg.exe
Command Line : C:\WINNT\System32\mgabg.exe
ProcessID : 208
ThreadCreationTime : 5-10-2005 4:15:57 PM
BasePriority : Normal
FileVersion : 1.00.010
ProductVersion : 1.00.010
ProductName : Matrox Graphics Inc. MGABG
CompanyName : Matrox Graphics Inc.
FileDescription : MGABG
InternalName : MGABG
LegalCopyright : Copyright Matrox © 1999
OriginalFilename : MGABG.exe

#:32 [qbdagent.exe]
ModuleName : C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
Command Line : "C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe"
ProcessID : 220
ThreadCreationTime : 5-10-2005 4:15:57 PM
BasePriority : Normal
FileVersion : 8, 1, 0, 0
ProductVersion : 8, 1, 0, 0
ProductName : QuickBooks
FileDescription : QBDAgent Module
InternalName : QBDAgent
LegalCopyright : Copyright © 1999 by Intuit
LegalTrademarks : QuickBooks® and Quicken® are registered trademarks of Intuit Inc.
OriginalFilename : QBDAgent.EXE

#:33 [hotsync.exe]
ModuleName : C:\Palm\HOTSYNC.EXE
Command Line : "C:\Palm\HOTSYNC.EXE"
ProcessID : 264
ThreadCreationTime : 5-10-2005 4:15:59 PM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:34 [rtvscan.exe]
ModuleName : C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
Command Line : C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
ProcessID : 392
ThreadCreationTime : 5-10-2005 4:16:00 PM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:35 [nvsvc32.exe]
ModuleName : C:\WINNT\system32\nvsvc32.exe
Command Line : C:\WINNT\system32\nvsvc32.exe
ProcessID : 1588
ThreadCreationTime : 5-10-2005 4:16:10 PM
BasePriority : Normal
FileVersion : 6.14.10.4523
ProductVersion : 6.14.10.4523
ProductName : NVIDIA Driver Helper Service, Version 45.23
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 45.23
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:36 [mrtmngr.exe]
ModuleName : C:\WINNT\system32\mrtMngr.EXE
Command Line : "C:\WINNT\system32\mrtMngr.EXE"
ProcessID : 1592
ThreadCreationTime : 5-10-2005 4:16:10 PM
BasePriority : Normal
FileVersion : 2.01
ProductVersion : 1.00
ProductName : Rate Sensing Manager
CompanyName : Marimba Inc.
FileDescription : Rate Sensing Manager
InternalName : mrtMngr.exe
LegalCopyright : Copyright © 1999, Marimba, Inc.
OriginalFilename : mrtMngr.exe

#:37 [mspmspsv.exe]
ModuleName : C:\WINNT\system32\mspmspsv.exe
Command Line : C:\WINNT\system32\mspmspsv.exe
ProcessID : 1832
ThreadCreationTime : 5-10-2005 4:16:18 PM
BasePriority : Normal
FileVersion : 7.10.00.3059
ProductVersion : 7.10.00.3059
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:38 [alg.exe]
ModuleName : C:\WINNT\System32\alg.exe
Command Line : C:\WINNT\System32\alg.exe
ProcessID : 3128
ThreadCreationTime : 5-10-2005 4:17:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:39 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 3432
ThreadCreationTime : 5-10-2005 4:19:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:40 [explorer.exe]
ModuleName : C:\WINNT\explorer.exe
Command Line : C:\WINNT\explorer.exe
ProcessID : 3872
ThreadCreationTime : 5-10-2005 4:46:32 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:41 [dwwin.exe]
ModuleName : C:\WINNT\system32\dwwin.exe
Command Line : C:\WINNT\system32\dwwin.exe -x -s 512
ProcessID : 1092
ThreadCreationTime : 5-10-2005 4:47:20 PM
BasePriority : Normal


#:42 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1452
ThreadCreationTime : 5-10-2005 4:54:18 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : peter@bluestreak[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5-7-2015 1:46:56 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : peter@overstock[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\peter.APOSTLES.000\COOKIES\peter@overstock[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\peter.APOSTLES.000\COOKIES\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : peter@smartmoney[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\peter.APOSTLES.000\COOKIES\peter@smartmoney[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\peter.APOSTLES.000\COOKIES\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : peter@~~local~~[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\peter.APOSTLES.000\COOKIES\peter@~~local~~[1].txt

ClickSpring Object Recognized!
Type : File
Data : A0005001.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F4E7EF5B-C9E5-4D03-AF3B-44BD4705A9CC}\RP28\



VX2 Object Recognized!
Type : File
Data : A0005002.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F4E7EF5B-C9E5-4D03-AF3B-44BD4705A9CC}\RP28\
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Install Utility
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2004
OriginalFilename : InstUtil.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.


SecondThought Object Recognized!
Type : File
Data : A0014651.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F4E7EF5B-C9E5-4D03-AF3B-44BD4705A9CC}\RP28\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 9




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

ClickSpring Object Recognized!
Type : File
Data : wcpit.exe
Category : Malware
Comment :
Object : C:\WINNT\system32\



VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions
Value : iexplore.exe

VX2 Object Recognized!
Type : File
Data : farmmext.ini
Category : Malware
Comment :
Object : C:\WINNT\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 13

1:11:51 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:24.515
Objects scanned:120605
Objects identified:13
Objects ignored:0
New critical objects:13
  • 0

#4
Guest_Andy_veal_*
Posted 10 May 2005 - 11:26 AM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R43 06.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#5
kchobart
Posted 10 May 2005 - 01:07 PM

kchobart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here are the latest scan results. I still am receiving the error messages.


Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 10, 2005 2:37:18 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5/10/2005 2:37:18 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 300
ThreadCreationTime : 5/10/2005 6:31:53 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 348
ThreadCreationTime : 5/10/2005 6:31:56 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 372
ThreadCreationTime : 5/10/2005 6:31:56 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 416
ThreadCreationTime : 5/10/2005 6:31:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 428
ThreadCreationTime : 5/10/2005 6:31:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 580
ThreadCreationTime : 5/10/2005 6:31:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 636
ThreadCreationTime : 5/10/2005 6:31:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 732
ThreadCreationTime : 5/10/2005 6:31:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 776
ThreadCreationTime : 5/10/2005 6:31:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
FilePath : C:\WINNT\system32\
ProcessID : 884
ThreadCreationTime : 5/10/2005 6:31:59 PM
BasePriority : Normal
FileVersion : 5,12,00,00
ProductVersion : 5,12,00,00
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2000 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 908
ThreadCreationTime : 5/10/2005 6:31:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [lexpps.exe]
FilePath : C:\WINNT\system32\
ProcessID : 928
ThreadCreationTime : 5/10/2005 6:31:59 PM
BasePriority : Normal
FileVersion : 5,12,00,00
ProductVersion : 5,12,00,00
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2000 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:13 [pssvc.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1088
ThreadCreationTime : 5/10/2005 6:31:59 PM
BasePriority : Normal
FileVersion : 2.0
ProductName : Dell AutoShutdown/ThermalShutdown Service
CompanyName : Dell Computer Corporation
FileDescription : AutoShutdown/ThermalShutdown Service for Windows NT and Windows 95/98
InternalName : PSSVC
LegalCopyright : Copyright © 1996, 1999 Dell Computer Corporation
OriginalFilename : PSSVC.EXE

#:14 [defwatch.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 1108
ThreadCreationTime : 5/10/2005 6:31:59 PM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:15 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 1140
ThreadCreationTime : 5/10/2005 6:31:59 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:16 [ewidoguard.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 1152
ThreadCreationTime : 5/10/2005 6:31:59 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:17 [mgabg.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1196
ThreadCreationTime : 5/10/2005 6:32:00 PM
BasePriority : Normal
FileVersion : 1.00.010
ProductVersion : 1.00.010
ProductName : Matrox Graphics Inc. MGABG
CompanyName : Matrox Graphics Inc.
FileDescription : MGABG
InternalName : MGABG
LegalCopyright : Copyright Matrox © 1999
OriginalFilename : MGABG.exe

#:18 [rtvscan.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 1232
ThreadCreationTime : 5/10/2005 6:32:00 PM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:19 [nvsvc32.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1268
ThreadCreationTime : 5/10/2005 6:32:00 PM
BasePriority : Normal
FileVersion : 6.14.10.4523
ProductVersion : 6.14.10.4523
ProductName : NVIDIA Driver Helper Service, Version 45.23
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 45.23
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:20 [mspmspsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1380
ThreadCreationTime : 5/10/2005 6:32:01 PM
BasePriority : Normal
FileVersion : 7.10.00.3059
ProductVersion : 7.10.00.3059
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:21 [alg.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1904
ThreadCreationTime : 5/10/2005 6:32:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:22 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 180
ThreadCreationTime : 5/10/2005 6:32:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:23 [msiexec.exe]
FilePath : C:\WINNT\system32\
ProcessID : 876
ThreadCreationTime : 5/10/2005 6:33:29 PM
BasePriority : Normal


#:24 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 548
ThreadCreationTime : 5/10/2005 6:34:03 PM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:25 [evntsvc.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 820
ThreadCreationTime : 5/10/2005 6:34:04 PM
BasePriority : Normal
FileVersion : 0.1.0.880
ProductVersion : 0.1.0.880
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : evntsvc.EXE

#:26 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_02\bin\
ProcessID : 2056
ThreadCreationTime : 5/10/2005 6:34:15 PM
BasePriority : Normal


#:27 [taskmgr.exe]
FilePath : C:\WINNT\system32\
ProcessID : 2224
ThreadCreationTime : 5/10/2005 6:34:43 PM
BasePriority : High
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows TaskManager
InternalName : taskmgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : taskmgr.exe

#:28 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2468
ThreadCreationTime : 5/10/2005 6:35:13 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:29 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 2524
ThreadCreationTime : 5/10/2005 6:35:30 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:30 [dwwin.exe]
FilePath : C:\WINNT\system32\
ProcessID : 2624
ThreadCreationTime : 5/10/2005 6:36:06 PM
BasePriority : Normal


Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 0


2:54:50 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:17:32.203
Objects scanned:118189
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0

#6
Guest_Andy_veal_*
Posted 10 May 2005 - 03:46 PM

Guest_Andy_veal_*
  • Guest

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 0



If your system is running a program which changes the hosts file or you have added listings to the hosts file then there is no need to check further. Otherwise, please download the "Host File Viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your HOST file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip
  • 0

#7
Guest_Andy_veal_*
Posted 10 May 2005 - 03:47 PM

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#8
kchobart
Posted 11 May 2005 - 07:04 AM

kchobart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:12:01 PM, on 5/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\savedump.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\PSSVC.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\System32\mgabg.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\dwwin.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\PROGRA~1\ALADDI~1\INTERN~1\PopFiltr.dll
O2 - BHO: SDWin32 Class - {2CC5A22E-614F-415A-8019-16E3BDD00DD5} - C:\WINNT\system32\feour.dll (file missing)
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A758BA11-54D9-2478-8B9B-73A2A9A969C2} - C:\WINNT\system32\updei.dll (file missing)
O2 - BHO: (no name) - {A95FB866-5F88-7674-8E93-73A2ABF56799} - C:\WINNT\system32\kborgt.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B3981F50-A3C0-846F-CE09-DFC86AFB2B99} - C:\WINNT\system32\hfffny.dll (file missing)
O2 - BHO: (no name) - {B5BD54E6-B178-9CFE-2240-CAA93BEC0C9D} - C:\WINNT\system32\cqux.dll (file missing)
O2 - BHO: (no name) - {CB646227-D2EC-F810-E56C-FC7AE5C20E96} - C:\WINNT\system32\gvlemi.dll (file missing)
O2 - BHO: SDWin32 Class - {CD47E7FF-ECAD-4489-997B-0D64BF363C4A} - C:\WINNT\system32\ojlbr.dll (file missing)
O2 - BHO: (no name) - {D1BDC86F-2EDD-0F7C-D93F-0CC53C7F4D9A} - C:\WINNT\system32\gbpd.dll (file missing)
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll
O3 - Toolbar: RIP Pop-Ups - {c1d05a96-fea8-4d7c-927c-1b1dc57b5ab6} - mscoree.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinFSG] "C:\Program Files\Aladdin Systems\Internet Cleanup\MSFG.exe"
O4 - HKLM\..\Run: [NBMonitor] "C:\Program Files\Aladdin Systems\Internet Cleanup\NetBlockadeMonitor.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [RIPPopUps] C:\Program Files\RIPPopUps\RIPPopUps.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KavSvc] C:\WINNT\system32\ilamrm.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINNT\system32\hpnra.exe
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [FoneSyncSystemTray] "C:\Program Files\FoneSync 4.0\FoneSyncSystemTray.Exe"
O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -noauth
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = apostles2.com
O17 - HKLM\Software\..\Telephony: DomainName = apostles2.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = apostles2.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = apostles2.com
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5020} - C:\CSFBdirect\FlowHook.dll
O23 - Service: AutoShutdown - Dell Computer Corporation - C:\WINNT\System32\PSSVC.EXE
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\peter.APOSTLES2\Local Settings\Temporary Internet Files\Content.IE5\D7LQC3QH\CWShredder214[1].exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP