hi andy
hope you had a good day
thanks for the new advice, i have entered each file in killbox and rebooted but have no windows explorer for the next step.
here is a new scan
not finding bad registrykeys so must have done something right!
sitting here with a very large glass of wine and a big bar of chocolate before i hang myself or this wretched computer lol
Ad-Aware SE Build 1.05
Logfile Created on:12 May 2005 23:26:14
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium II
Memory available:0 %
Total physical memory:114176 kb
Available physical memory:2776 kb
Total page file size:1982972 kb
Available on page file:1858028 kb
Total virtual memory:2093056 kb
Available virtual memory:2042880 kb
OS:Microsoft Windows Millennium Edition
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Run scan as background process (Low CPU usage)
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
12-05-2005 23:26:14 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4293875119
Threads : 4
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294939471
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294849167
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk
#:4 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294850763
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE
#:5 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294838395
Threads : 2
Priority : Normal
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe
#:6 [STIMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\STIMON.EXE
Command Line : C:\WINDOWS\SYSTEM\STIMON.EXE
ProcessID : 4294861015
Threads : 5
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : STIMON.EXE
#:7 [AVSYNMGR.EXE]
ModuleName : C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
Command Line : "C:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE"
ProcessID : 4294837543
Threads : 4
Priority : Normal
#:8 [AOLACSD.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
Command Line : "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
ProcessID : 4294879983
Threads : 21
Priority : Normal
#:9 [SPOOLSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
Command Line : C:\WINDOWS\System\spoolsrv32.exe
ProcessID : 4294899107
Threads : 3
Priority : Normal
#:10 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294897647
Threads : 19
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE
#:11 [STMGR.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
Command Line : C:\WINDOWS\System\Restore\StMgr.exe
ProcessID : 4294730539
Threads : 4
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft ® PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft ® PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe
#:12 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\WINDOWS\taskmon.exe"
ProcessID : 4294769611
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE
#:13 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4294762407
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE
#:14 [PCTVOICE.EXE]
ModuleName : C:\WINDOWS\PCTVOICE.EXE
Command Line : "C:\WINDOWS\pctvoice.exe"
ProcessID : 4293092611
Threads : 3
Priority : Normal
FileVersion : 0.0
ProductVersion : 1.0
ProductName : PCTVOICE
CompanyName : PCtel, Inc.
FileDescription : PCTVOICE
InternalName : PCTVOICE
LegalCopyright : Copyright © PCtel,Inc. 2000 - 2001
Comments : Written by: Cathy Luo
#:15 [E_S10IC2.EXE]
ModuleName : C:\WINDOWS\SYSTEM\E_S10IC2.EXE
Command Line : "C:\WINDOWS\SYSTEM\E_S10IC2.EXE" /P19 "EPSON Stylus CX3200" /O7 "EPUSB1:" /M "Stylus CX3200"
ProcessID : 4293089327
Threads : 1
Priority : Normal
FileVersion : 3.05
ProductVersion : 3.05
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S10IC2
LegalCopyright : Copyright © SEIKO EPSON CORP. 2002
OriginalFilename : E_S10IC2.EXE
#:16 [TAPISRV.EXE]
ModuleName : C:\WINDOWS\SYSTEM\TAPISRV.EXE
Command Line : tapisrv.exe
ProcessID : 4293085599
Threads : 7
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows Telephony Server
InternalName : Telephony Service
LegalCopyright : Copyright © Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.EXE
#:17 [SPOOL32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE
Command Line : C:\WINDOWS\SYSTEM\spool32.exe
ProcessID : 4293076323
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe
#:18 [AOLDIAL.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
ProcessID : 4294759475
Threads : 13
Priority : Normal
FileVersion : 2.6.6.3.UK.53
ProductVersion : 2.6.6.3.UK.53
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe
#:19 [VSSTAT.EXE]
ModuleName : C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
Command Line : "C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VsStat.exe"
ProcessID : 4294821515
Threads : 2
Priority : Normal
#:20 [REALPLAY.EXE]
ModuleName : C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
ProcessID : 4293097915
Threads : 6
Priority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE
#:21 [LOADQM.EXE]
ModuleName : C:\WINDOWS\LOADQM.EXE
Command Line : "C:\WINDOWS\loadqm.exe"
ProcessID : 4293070299
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE
#:22 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe WMI_fffcd993
ProcessID : 4293099967
Threads : 3
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe
#:23 [AVCONSOL.EXE]
ModuleName : C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
Command Line : "C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\Avconsol.exe"
ProcessID : 4293116559
Threads : 2
Priority : Normal
#:24 [AOLTRAY.EXE]
ModuleName : C:\PROGRAM FILES\AOL 9.0\AOLTRAY.EXE
Command Line : "C:\Program Files\AOL 9.0\aoltray.exe" -check
ProcessID : 4293046927
Threads : 1
Priority : Normal
FileVersion : 9.00.001
ProductVersion : 9.00.001
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : AOL Tray Icon
InternalName : AolTray
LegalCopyright : Copyright © America Online, Inc. 1999 - 2004
#:25 [QUICKDCF.EXE]
ModuleName : C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
Command Line : "C:\Program Files\FinePixViewer\QuickDCF.exe"
ProcessID : 4293046871
Threads : 1
Priority : Normal
FileVersion : 3, 0, 0, 0
ProductVersion : 3, 0, 0, 0
ProductName : FinePixViewer
CompanyName : FUJI PHOTO FILM CO., LTD.
FileDescription : Exif Launcher
InternalName : QuickDCF
LegalCopyright : Copyright 2000-2002 FUJI PHOTO FILM CO.,LTD.
OriginalFilename : QuickDCF.exe
#:26 [WKCALREM.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe"
ProcessID : 4293013643
Threads : 2
Priority : Normal
FileVersion : 5.00.1928.1
ProductVersion : 5.00.1928.1
ProductName : Microsoft® Works 2000
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : © 1999 Microsoft Corp. All rights reserved.
OriginalFilename : WKCALREM.EXE
#:27 [VSHWIN32.EXE]
ModuleName : C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
Command Line : "C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\Vshwin32.exe"
ProcessID : 4292871943
Threads : 6
Priority : Normal
#:28 [RNAAPP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RNAAPP.EXE
Command Line : rnaapp.exe -l
ProcessID : 4292995023
Threads : 3
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
LegalCopyright : Copyright © Microsoft Corp. 1992-1996
OriginalFilename : RNAAPP.EXE
#:29 [WAOL.EXE]
ModuleName : C:\PROGRAM FILES\AOL 9.0\WAOL.EXE
Command Line : "C:\PROGRAM FILES\AOL 9.0\waol.exe"
ProcessID : 4292990739
Threads : 18
Priority : Normal
#:30 [SHELLMON.EXE]
ModuleName : C:\PROGRAM FILES\AOL 9.0\SHELLMON.EXE
Command Line : "C:\PROGRAM FILES\AOL 9.0\shellmon.exe"
ProcessID : 4293263455
Threads : 1
Priority : Normal
#:31 [AOLTPSPD.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\AOL\AOLTPSPD.EXE
Command Line : -p11523 -S256 -s443 -l443 -G"C:\WINDOWS\All Users\Application Data\AOL\C_AOL 9.0\vph.ph" -c1 -Z -H4292990739
ProcessID : 4293276327
Threads : 3
Priority : Normal
FileVersion : 1, 1, 0, 0
ProductVersion : [v1.1-4] On Tue 03/16/2004 21:24:09.18
ProductName : AOL TopSpeed
CompanyName : America Online Inc
FileDescription : AOL TopSpeed
InternalName : AOL TopSpeed
LegalCopyright : Copyright © America Online 2003
LegalTrademarks : AOL TopSpeed
OriginalFilename : aoltpspd.exe
#:32 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4293209879
Threads : 5
Priority : Realtime
FileVersion : 4.08.00.0400
ProductVersion : 4.08.00.0400
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2000
OriginalFilename : DDHelp.exe
#:33 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4293171635
Threads : 2
Priority : Idle
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bill gates@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:bill
[email protected]/
Expires : 11-05-2010 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bill gates@doubleclick[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:bill
[email protected]/
Expires : 11-05-2008 17:27:36
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bill gates@2o7[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:bill
[email protected]/
Expires : 11-05-2010 22:07:20
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bill gates@advertising[1].txt
Category : Data Miner
Comment : Hits:13
Value : Cookie:bill
[email protected]/
Expires : 11-05-2010 23:11:16
LastSync : Hits:13
UseCount : 0
Hits : 13
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bill
[email protected][2].txt
Category : Data Miner
Comment : Hits:12
Value : Cookie:bill
[email protected]/
Expires : 11-06-2005 23:11:16
LastSync : Hits:12
UseCount : 0
Hits : 12
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 5
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Disk Scan Result for C:\WINDOWS\SYSTEM
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Disk Scan Result for C:\WINDOWS\TEMP\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
23:28:50 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:35.600
Objects scanned:35821
Objects identified:5
Objects ignored:0
New critical objects:5