Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Referred]Trojan-spy.HTML.Smitfraud.c - blue screen

Started by mariebp78 , May 11 2005 10:03 AM

Please log in to reply

#1
mariebp78

Posted 11 May 2005 - 10:03 AM

New Member

Member
3 posts

Hi, I belive my computer is infected with this trojan. I'm stuck with a blue screen at my desktop, and only two tabs in the desktop properties windows. I've been reading what other users were instructed to do, and I found my computer was quite infected. I cleaned a lil bit, but I still have the blue screen and the two tabs, so I wonder if there is anything in particular that I may need to do. I read that the first thing to do is to post my log file from Ad-Aware, so here I go. Thanks for you help!

Ad-Aware SE Build 1.05
Logfile Created on:11 mai, 2005 11:31:34
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):53 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:55 %
Total physical memory:523808 kb
Available physical memory:286744 kb
Total page file size:1280992 kb
Available on page file:1069440 kb
Total virtual memory:2097024 kb
Available virtual memory:2047472 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects

2005-05-11 11:31:34 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 536
ThreadCreationTime : 2005-05-11 00:03:17
BasePriority : Normal

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 608
ThreadCreationTime : 2005-05-11 00:03:32
BasePriority : Normal

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 644
ThreadCreationTime : 2005-05-11 00:03:45
BasePriority : High

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 688
ThreadCreationTime : 2005-05-11 00:03:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 700
ThreadCreationTime : 2005-05-11 00:03:45
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : C:\WINDOWS\System32\Ati2evxx.exe
ProcessID : 852
ThreadCreationTime : 2005-05-11 00:03:46
BasePriority : Normal

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 880
ThreadCreationTime : 2005-05-11 00:03:46
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 988
ThreadCreationTime : 2005-05-11 00:03:46
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1124
ThreadCreationTime : 2005-05-11 00:03:46
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1212
ThreadCreationTime : 2005-05-11 00:03:46
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 1452
ThreadCreationTime : 2005-05-11 00:03:47
BasePriority : Normal

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1524
ThreadCreationTime : 2005-05-11 00:03:47
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1548
ThreadCreationTime : 2005-05-11 00:03:47
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE

#:14 [atiptaxx.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ProcessID : 160
ThreadCreationTime : 2005-05-11 00:03:49
BasePriority : Normal
FileVersion : 6.14.10.5113
ProductVersion : 6.14.10.5113
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:15 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 280
ThreadCreationTime : 2005-05-11 00:03:49
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:16 [smagent.exe]
ModuleName : C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Command Line : "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe"
ProcessID : 1080
ThreadCreationTime : 2005-05-11 00:03:55
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:17 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1116
ThreadCreationTime : 2005-05-11 00:03:55
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:18 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1404
ThreadCreationTime : 2005-05-11 00:03:58
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:19 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 752
ThreadCreationTime : 2005-05-11 00:20:27
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:20 [msimn.exe]
ModuleName : C:\Program Files\Outlook Express\msimn.exe
Command Line : "C:\Program Files\Outlook Express\msimn.exe"
ProcessID : 2728
ThreadCreationTime : 2005-05-11 02:03:00
BasePriority : Normal
FileVersion : 6.00.2800.1123
ProductVersion : 6.00.2800.1123
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Outlook Express
InternalName : MSIMN
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : MSIMN.EXE

#:21 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 2692
ThreadCreationTime : 2005-05-11 15:19:20
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : IEXPLORE.EXE

#:22 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3884
ThreadCreationTime : 2005-05-11 15:28:18
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yannick@atdmt[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 2010-05-09 20:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yannick@doubleclick[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 2008-05-09 22:02:26
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yannick@2o7[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 2010-05-10 10:46:42
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 3

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3

Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3

Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@advertising[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@doubleclick[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@fastclick[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@maxserving[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@maxserving[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@mediaplex[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@mediaplex[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@questionmarket[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@questionmarket[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@seeq[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@seeq[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@2o7[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@advertising[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@atdmt[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@bluestreak[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@clickagents[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@clickagents[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@doubleclick[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@fastclick[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@linksynergy[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@linksynergy[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@mediaplex[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@paycounter[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@paycounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@qksrv[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@qksrv[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@questionmarket[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@questionmarket[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@sextracker[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@sextracker[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@tripod[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@tripod[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@zedo[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@zedo[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@247realmedia[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@247realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@276[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@276[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@adrevolver[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@adrevolver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@adrevolver[3].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@adrevolver[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@cgi-bin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@cgi-bin[3].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@cgi-bin[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@doubleclick[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@hypercount[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@hypercount[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@mediaplex[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@overture[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@please[4].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@please[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@please[5].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@please[5].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@tickle[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@tickle[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@trafic[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@trafic[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\[email protected][1].txt

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 53

Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 53

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 53

11:46:05 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:31.721
Objects scanned:209663
Objects identified:53
Objects ignored:0
New critical objects:53

#2
Guest_Andy_veal_*

Posted 11 May 2005 - 04:35 PM

Guest

Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid

Exit Add/Remove Programs.

*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES

Press CTRL ALT DELETE to open Windows Task Manger. Click on the Processes tab and end the following processes:

List any files going to be deleted that are running

Exit Task Manager.

I need you to copy all of the Killbox instructions below and paste them into Notepad and save it for use while in Safe Mode.

* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.
Unzip it to the desktop but do NOT run it yet.

* Please reboot into Safe Mode by restarting your computer and tapping F8 continuously as your computer is booting up until a menu appears. use your up arrow key to highlight "Safe Mode", then hit enter

* Once in Safe Mode, please run Killbox.

* Select "Delete on Reboot".

* Open the Notepad file where you saved these instructions earlier, and copy the file names below to the clipboard by highlighting them and pressing CTRL + C:

C:\wp.exe
C:\wp.bmp
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually. While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Yes, we need you to go back into Safe Mode!

Make sure you can view hidden files.

Using Windows Explorer, delete the following (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard

Reboot into normal mode.

*Download and install Registrar Lite version 2.00
*Double click the purple Registrar Lite icon on your desktop.
*Copy the line below and paste it into the "Address" field (located at the top) of the program:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

*Click the "Go" button.
*It will take you into the "Policies" folder.
*Locate the "System" folder (in the right panel)
*If found, right-click on the System folder and go to Delete
*Be very careful that you only delete the System folder that is inside the Policies folder.

Reboot your computer again.

1.) Download the Hoster from HERE Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Download: http://www.mvps.org/winhelp2002/DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

Post a new Ad-aware SE Logfile.

#3
mariebp78

Posted 11 May 2005 - 09:41 PM

New Member

Topic Starter
Member
3 posts

Hi! I followed your instructions, thanks for your help! My desktop seems to be back to normal. This is my new Logfile:

Ad-Aware SE Build 1.05
Logfile Created on:11 mai, 2005 23:07:37
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):52 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:44 %
Total physical memory:523808 kb
Available physical memory:230252 kb
Total page file size:1280992 kb
Available on page file:1039564 kb
Total virtual memory:2097024 kb
Available virtual memory:2045260 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects

2005-05-11 23:07:37 - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 536
ThreadCreationTime : 2005-05-12 01:30:39
BasePriority : Normal

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 608
ThreadCreationTime : 2005-05-12 01:30:53
BasePriority : Normal

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 640
ThreadCreationTime : 2005-05-12 01:30:56
BasePriority : High

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 684
ThreadCreationTime : 2005-05-12 01:30:57
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 696
ThreadCreationTime : 2005-05-12 01:30:57
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : C:\WINDOWS\System32\Ati2evxx.exe
ProcessID : 848
ThreadCreationTime : 2005-05-12 01:30:57
BasePriority : Normal

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 872
ThreadCreationTime : 2005-05-12 01:30:57
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 984
ThreadCreationTime : 2005-05-12 01:30:57
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1160
ThreadCreationTime : 2005-05-12 01:30:58
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1232
ThreadCreationTime : 2005-05-12 01:30:58
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 1452
ThreadCreationTime : 2005-05-12 01:30:59
BasePriority : Normal

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1524
ThreadCreationTime : 2005-05-12 01:30:59
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1572
ThreadCreationTime : 2005-05-12 01:30:59
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE

#:14 [atiptaxx.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ProcessID : 224
ThreadCreationTime : 2005-05-12 01:31:00
BasePriority : Normal
FileVersion : 6.14.10.5113
ProductVersion : 6.14.10.5113
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:15 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 280
ThreadCreationTime : 2005-05-12 01:31:01
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:16 [spysub.exe]
ModuleName : C:\Program Files\interMute\SpySubtract\SpySub.exe
Command Line : "C:\Program Files\interMute\SpySubtract\SpySub.exe" -autostart
ProcessID : 396
ThreadCreationTime : 2005-05-12 01:31:01
BasePriority : Normal
FileVersion : 1, 0, 1, 49
ProductVersion : 2.60
ProductName : SpySubtract
CompanyName : InterMute, Inc.
FileDescription : SpySubtract Program EXE
InternalName : SpySub.exe
LegalCopyright : Copyright © 2004 InterMute, Inc. All rights reserved.
OriginalFilename : SpySub.exe

#:17 [smagent.exe]
ModuleName : C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Command Line : "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe"
ProcessID : 1080
ThreadCreationTime : 2005-05-12 01:31:07
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:18 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1124
ThreadCreationTime : 2005-05-12 01:31:07
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:19 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1252
ThreadCreationTime : 2005-05-12 01:31:11
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:20 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 1016
ThreadCreationTime : 2005-05-12 01:45:34
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:21 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 412
ThreadCreationTime : 2005-05-12 02:57:18
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yannick@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 2010-05-10 20:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yannick@doubleclick[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 2008-05-10 21:46:28
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@advertising[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@doubleclick[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@fastclick[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@maxserving[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@maxserving[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@mediaplex[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@mediaplex[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@questionmarket[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@questionmarket[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@seeq[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@seeq[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@2o7[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@advertising[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@atdmt[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@bluestreak[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@clickagents[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@clickagents[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@doubleclick[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@fastclick[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@linksynergy[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@linksynergy[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@mediaplex[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@paycounter[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@paycounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@qksrv[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@qksrv[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@questionmarket[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@questionmarket[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@sextracker[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@sextracker[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@tripod[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@tripod[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@zedo[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@zedo[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@247realmedia[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@247realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@276[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@276[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@adrevolver[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@adrevolver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@adrevolver[3].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@adrevolver[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@cgi-bin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@cgi-bin[3].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@cgi-bin[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@doubleclick[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@hypercount[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@hypercount[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@mediaplex[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@overture[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@please[4].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@please[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@please[5].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@please[5].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@tickle[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@tickle[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@trafic[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@trafic[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\[email protected][1].txt

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 52

Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 52

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 52

23:22:05 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:27.329
Objects scanned:207634
Objects identified:52
Objects ignored:0
New critical objects:52

#4
Guest_Andy_veal_*

Posted 12 May 2005 - 10:39 AM

Guest

#5
mariebp78

Posted 13 May 2005 - 12:31 PM

New Member

Topic Starter
Member
3 posts

Hi, thanks again for your help. Security IGuard, Virtual Maid and Search Maid were not found. I didn't understand which processes on the Task Manager I had to end, so I couldn't do that part. I was able to do the rest though. Here is my new Ad-aware SE Logfile:

Ad-Aware SE Build 1.05
Logfile Created on:13 mai, 2005 13:34:05
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):51 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:40 %
Total physical memory:523808 kb
Available physical memory:208668 kb
Total page file size:1280992 kb
Available on page file:1018208 kb
Total virtual memory:2097024 kb
Available virtual memory:2047940 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects

2005-05-13 13:34:05 - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 536
ThreadCreationTime : 2005-05-13 16:32:03
BasePriority : Normal

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 608
ThreadCreationTime : 2005-05-13 16:32:17
BasePriority : Normal

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 640
ThreadCreationTime : 2005-05-13 16:32:20
BasePriority : High

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 684
ThreadCreationTime : 2005-05-13 16:32:21
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 696
ThreadCreationTime : 2005-05-13 16:32:21
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : C:\WINDOWS\System32\Ati2evxx.exe
ProcessID : 848
ThreadCreationTime : 2005-05-13 16:32:21
BasePriority : Normal

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 876
ThreadCreationTime : 2005-05-13 16:32:21
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 984
ThreadCreationTime : 2005-05-13 16:32:21
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1216
ThreadCreationTime : 2005-05-13 16:32:22
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1284
ThreadCreationTime : 2005-05-13 16:32:22
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1528
ThreadCreationTime : 2005-05-13 16:32:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [smagent.exe]
ModuleName : C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Command Line : "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe"
ProcessID : 1040
ThreadCreationTime : 2005-05-13 16:32:31
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:13 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1096
ThreadCreationTime : 2005-05-13 16:32:31
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:14 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1152
ThreadCreationTime : 2005-05-13 16:32:32
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:15 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 2752
ThreadCreationTime : 2005-05-13 16:38:07
BasePriority : Normal

#:16 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 2796
ThreadCreationTime : 2005-05-13 16:38:07
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE

#:17 [atiptaxx.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ProcessID : 2876
ThreadCreationTime : 2005-05-13 16:38:09
BasePriority : Normal
FileVersion : 6.14.10.5113
ProductVersion : 6.14.10.5113
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:18 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 2908
ThreadCreationTime : 2005-05-13 16:38:09
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:19 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 2916
ThreadCreationTime : 2005-05-13 16:38:09
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:20 [spysub.exe]
ModuleName : C:\Program Files\interMute\SpySubtract\SpySub.exe
Command Line : "C:\Program Files\interMute\SpySubtract\SpySub.exe" -autostart
ProcessID : 2952
ThreadCreationTime : 2005-05-13 16:38:09
BasePriority : Normal
FileVersion : 1, 0, 1, 49
ProductVersion : 2.60
ProductName : SpySubtract
CompanyName : InterMute, Inc.
FileDescription : SpySubtract Program EXE
InternalName : SpySub.exe
LegalCopyright : Copyright © 2004 InterMute, Inc. All rights reserved.
OriginalFilename : SpySub.exe

#:21 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 3396
ThreadCreationTime : 2005-05-13 16:38:38
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : IEXPLORE.EXE

#:22 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2296
ThreadCreationTime : 2005-05-13 17:33:25
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yannick@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 2010-05-11 20:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@advertising[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@doubleclick[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@fastclick[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@maxserving[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@maxserving[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@mediaplex[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@mediaplex[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@questionmarket[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@questionmarket[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@seeq[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\system@seeq[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\Default User\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@2o7[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@advertising[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@atdmt[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@bluestreak[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@clickagents[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@clickagents[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@doubleclick[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@fastclick[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@linksynergy[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@linksynergy[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@mediaplex[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@paycounter[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@paycounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@qksrv[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@qksrv[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@questionmarket[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@questionmarket[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@sextracker[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@sextracker[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@tripod[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@tripod[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@zedo[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Local Settings\Temp\Cookies\yann@zedo[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@247realmedia[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@247realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@276[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@276[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@adrevolver[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@adrevolver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@adrevolver[3].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@adrevolver[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@cgi-bin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@cgi-bin[3].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@cgi-bin[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@doubleclick[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@hypercount[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@hypercount[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@mediaplex[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@overture[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@please[4].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@please[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@please[5].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@please[5].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@tickle[2].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@tickle[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : yann@trafic[1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\yann@trafic[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : E:\Documents and Settings\yann\Cookies\[email protected][1].txt

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 51

Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 51

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 51

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 51

13:48:41 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:36.797
Objects scanned:208168
Objects identified:51
Objects ignored:0
New critical objects:51

#6
Guest_Andy_veal_*

Posted 13 May 2005 - 06:44 PM

Guest

Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.