Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred]ad aware log file

Started by RABB , May 12 2005 08:51 AM

  • Please log in to reply

#1
RABB
Posted 12 May 2005 - 08:51 AM

RABB

    New Member

  • Member
  • Pip
  • 3 posts
Here are 3 Ad-Aware log files. 2ndlog ran after re-start. 3rd I ran again just in case.

#1

ArchiveData(auto-quarantine- 2005-05-12 09-59-35.bckp)
Referencefile : SE1R44 10.05.2005
======================================================

MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\Roy\Application Data\microsoft\office\recent\3½ Floppy (A).LNK
obj[1]=MRU FileReference : C:\Documents and Settings\Roy\recent\(1)Queen - Keep Yourself Alive.lnk
obj[2]=MRU FileReference : C:\Documents and Settings\Roy\recent\00-3_door_down-away_from_the_sun-back-rns.lnk
obj[3]=MRU FileReference : C:\Documents and Settings\Roy\recent\00-3_door_down-away_from_the_sun-front-rns.lnk
obj[4]=MRU FileReference : C:\Documents and Settings\Roy\recent\01-Queen - Keep Yourself Alive.lnk
obj[5]=MRU FileReference : C:\Documents and Settings\Roy\recent\01-Queen - We Will Rock You.lnk
obj[6]=MRU FileReference : C:\Documents and Settings\Roy\recent\02-Queen - Killer Queen.lnk
obj[7]=MRU FileReference : C:\Documents and Settings\Roy\recent\02-Queen - Lazing On A Sunday Afternoon.lnk
obj[8]=MRU FileReference : C:\Documents and Settings\Roy\recent\08-Queen - Stone Cold Crazzy.lnk
obj[9]=MRU FileReference : C:\Documents and Settings\Roy\recent\14- Name(Bonus Track).lnk
obj[10]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\microsoft\search assistant\acmru\5603
obj[11]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\microsoft\search assistant\acmru\5604
obj[12]=MRU FileReference : C:\Documents and Settings\Roy\recent\1975 A night at the opera.lnk
obj[13]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\microsoft\windows\currentversion\applets\regedit lastkey
obj[14]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[15]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\microsoft\windows\currentversion\explorer\recentdocs\.bmp
obj[16]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\3dsmax
obj[17]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\cdsmgr
obj[18]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\cmd
obj[19]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\desktopmgr
obj[20]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\devenv
obj[21]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\Dialogs
obj[22]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\dmcpl
obj[23]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\Exceptions
obj[24]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\explorer
obj[25]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\helpctr
obj[26]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\iexplore
obj[27]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\inetd32
obj[28]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\mapisp32
obj[29]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\moviemk
obj[30]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\msdev
obj[31]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\msmsgs
obj[32]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\msn6
obj[33]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\mspaint
obj[34]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\mstask
obj[35]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\nvappbar
obj[36]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\nvdvd
obj[37]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\nwiz
obj[38]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\outlook
obj[39]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\p4win
obj[41]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\pccntmon
obj[42]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\photoshop
obj[43]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\pstrip
obj[44]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\regedit
obj[45]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\robotaskbaricon
obj[46]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\rtvscan
obj[47]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\rundll32
obj[48]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\smartcenter
obj[40]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\pccguide
obj[49]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\spider
obj[50]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\taskmgr
obj[51]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\toolbarxp
obj[52]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\tppaldr
obj[53]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\ultramon taskbar
obj[54]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\wab
obj[55]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\winlogon
obj[56]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\winword
obj[57]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\wmplayer
obj[58]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\wscntfy
obj[59]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\wzqkpick
obj[60]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\nvidia corporation\global\nview\windowmanagement\xwctray
obj[62]=MRU RegReference : .DEFAULT\software\microsoft\windows media\wmsdk\general computername
obj[63]=MRU RegReference : S-1-5-18\software\microsoft\windows media\wmsdk\general computername
obj[64]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\microsoft\windows media\wmsdk\general computername
obj[65]=MRU RegReference : S-1-5-21-1254056498-2805738209-4071888707-1008\software\winrar\dialogedithistory\extrpath

VX2
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[21]=Process : C:\WINDOWS\system32\DrPMon.dll
obj[22]=Regkey : clsid\{302a3240-4805-4a34-97d7-1645a0b08410}
obj[23]=RegValue : clsid\{302a3240-4805-4a34-97d7-1645a0b08410} ""
obj[24]=Regkey : bolgerdll.bolgerdllobj.1
obj[25]=RegValue : bolgerdll.bolgerdllobj.1 ""
obj[26]=Regkey : bolgerdll.bolgerdllobj
obj[27]=RegValue : bolgerdll.bolgerdllobj ""
obj[28]=Regkey : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger
obj[29]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BLI9d1OfSInst"
obj[30]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BLC9n1trMsgSDisp"
obj[31]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BLT9o1pListSPos"
obj[32]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BLs9t1icky1S"
obj[33]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BLs9t1icky2S"
obj[34]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BLs9t1icky3S"
obj[35]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BLs9t1icky4S"
obj[36]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BLC1o9d1eOfSFinalAd"
obj[37]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BLT9i1m4eOfSFinalAd"
obj[38]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BLD9s1tSSEnd"
obj[39]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BL9N1a4tionSCode"
obj[40]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BLP9D1om"
obj[41]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BLT9h1rshSCheckSIn"
obj[42]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BLT9h1rshSMots"
obj[43]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BLM9o1deSSync"
obj[44]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BLI9n1ProgSCab"
obj[45]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BLI9n1ProgSEx"
obj[46]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BLI9n1ProgSLstest"
obj[47]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BLL9a1stMotsSDay"
obj[48]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BLL9a1stSSChckin"
obj[49]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\bolger "BLC9n1tFyl"
obj[50]=Regkey : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora
obj[51]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUI3d5OfSDist"
obj[52]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUC3n5trMsgSDisp"
obj[53]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUs3t5icky1S"
obj[54]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUs3t5icky2S"
obj[55]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUs3t5icky3S"
obj[56]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUs3t5icky4S"
obj[57]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUC1o3d5eOfSFinalAd"
obj[58]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUT3i5m7eOfSFinalAd"
obj[59]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUD3s5tSSEnd"
obj[60]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AU3N5a7tionSCode"
obj[61]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUP3D5om"
obj[62]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUT3h5rshSCheckSIn"
obj[63]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUT3h5rshSMots"
obj[64]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUM3o5deSSync"
obj[65]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUI3n5ProgSCab"
obj[66]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUI3n5ProgSEx"
obj[67]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUI3n5ProgSLstest"
obj[68]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUB3D5om"
obj[69]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUE3v5nt"
obj[70]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUT3h5rshSBath"
obj[71]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUT3h5rshSysSInf"
obj[72]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUL3n5Title"
obj[73]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUC3u5rrentSMode"
obj[74]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUC3n5tFyl"
obj[75]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUI3g5noreS"
obj[76]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUS3t5atusOfSInst"
obj[77]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUL3a5stMotsSDay"
obj[78]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUL3a5stSSChckin"
obj[79]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUI3d5OfSInst"
obj[87]=Regkey : system\controlset001\control\print\monitors\zepmon
obj[88]=RegValue : system\controlset001\control\print\monitors\zepmon "Driver"
obj[89]=Regkey : system\currentcontrolset\control\print\monitors\zepmon
obj[90]=RegValue : system\currentcontrolset\control\print\monitors\zepmon "Driver"
obj[91]=RegValue : system\lastknowngoodrecovery\lastgood "INF/oem4.inf"
obj[92]=RegValue : system\lastknowngoodrecovery\lastgood "INF/oem4.PNF"
obj[93]=File : C:\System Volume Information\_restore{DF52645B-C4D5-486F-A095-CCFB58F5505E}\RP3\A0000134.exe
obj[94]=File : C:\System Volume Information\_restore{DF52645B-C4D5-486F-A095-CCFB58F5505E}\RP3\A0000135.exe
obj[95]=File : C:\System Volume Information\_restore{DF52645B-C4D5-486F-A095-CCFB58F5505E}\RP3\A0000136.exe
obj[96]=File : C:\System Volume Information\_restore{DF52645B-C4D5-486F-A095-CCFB58F5505E}\RP3\A0000159.exe
obj[97]=File : C:\System Volume Information\_restore{DF52645B-C4D5-486F-A095-CCFB58F5505E}\RP4\A0000199.exe
obj[98]=File : C:\System Volume Information\_restore{DF52645B-C4D5-486F-A095-CCFB58F5505E}\RP4\A0000205.exe
obj[99]=File : C:\WINDOWS\Bolger.dll
obj[100]=File : C:\WINDOWS\system32\DrPMon.dll
obj[101]=File : C:\WINDOWS\lastgood\inf\oem4.inf
obj[102]=File : C:\WINDOWS\lastgood\inf\oem4.PNF

WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[80]=RegData : software\microsoft\windows nt\currentversion\winlogon "Shell"

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[81]=IECache Entry : C:\Documents and Settings\Roy\Cookies\roy@doubleclick[1].txt
obj[82]=IECache Entry : C:\Documents and Settings\CICERO\Cookies\cicero@atdmt[2].txt
obj[83]=IECache Entry : C:\Documents and Settings\Miriah\Cookies\miriah@advertising[1].txt
obj[84]=IECache Entry : C:\Documents and Settings\Miriah\Cookies\miriah@realmedia[2].txt
obj[85]=IECache Entry : C:\Documents and Settings\Miriah\Cookies\[email protected][1].txt
obj[86]=IECache Entry : C:\Documents and Settings\Miriah\Cookies\miriah@valueclick[2].txt


#2

ArchiveData(auto-quarantine- 2005-05-12 10-12-09.bckp)
Referencefile : SE1R44 10.05.2005
======================================================

VX2
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora
obj[1]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUI3d5OfSInst"
obj[2]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUC3n5trMsgSDisp"
obj[3]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUs3t5icky1S"
obj[4]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUs3t5icky2S"
obj[5]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUs3t5icky3S"
obj[6]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUs3t5icky4S"
obj[7]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUC1o3d5eOfSFinalAd"
obj[8]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUT3i5m7eOfSFinalAd"
obj[9]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUD3s5tSSEnd"
obj[10]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AU3N5a7tionSCode"
obj[11]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUP3D5om"
obj[12]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUT3h5rshSCheckSIn"
obj[13]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUT3h5rshSMots"
obj[14]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUM3o5deSSync"
obj[15]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUI3n5ProgSCab"
obj[16]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUI3n5ProgSEx"
obj[17]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUI3n5ProgSLstest"
obj[18]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUB3D5om"
obj[19]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUE3v5nt"
obj[20]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUT3h5rshSBath"
obj[21]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUT3h5rshSysSInf"
obj[22]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUL3n5Title"
obj[23]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUC3u5rrentSMode"
obj[24]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUC3n5tFyl"
obj[25]=RegValue : S-1-5-21-1254056498-2805738209-4071888707-1008\software\aurora "AUI3g5noreS"
obj[26]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run "zldfou"
obj[28]=File : c:\windows\system32\kybkqbj.exe
obj[29]=File : C:\Documents and Settings\Roy\Local Settings\Temp\temp.fr0DA6
obj[30]=File : C:\System Volume Information\_restore{DF52645B-C4D5-486F-A095-CCFB58F5505E}\RP6\A0000306.dll
obj[31]=File : C:\System Volume Information\_restore{DF52645B-C4D5-486F-A095-CCFB58F5505E}\RP6\A0000309.exe
obj[32]=File : C:\System Volume Information\_restore{DF52645B-C4D5-486F-A095-CCFB58F5505E}\RP6\A0000311.dll

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[27]=IECache Entry : Cookie:[email protected]/


#3

ArchiveData(auto-quarantine- 2005-05-12 10-19-24.bckp)
Referencefile : SE1R44 10.05.2005
======================================================

VX2
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=File : C:\System Volume Information\_restore{DF52645B-C4D5-486F-A095-CCFB58F5505E}\RP6\A0000318.exe


I didn't know I wasn't supposed to delete anything so I already let Ad-Aware do it's thing with what it found.
What next??
Thanks
Roy
  • 0

Advertisements

#2
Guest_Andy_veal_*
Posted 12 May 2005 - 04:00 PM

Guest_Andy_veal_*
  • Guest
In order to assist you, we need to see the log from an Ad-Aware SE 1.05 full system scan.

Important Note! Before performing a scan, be sure that you have the most recent definitions file by using WebUpdate. (Click on the Globe icon, Click connect, Click OK, Click Finish.) At this current point * SE1R44 10.05.2005 * is the most recent definition file.

Ad-Aware SE comes preconfigured with default options so we need you to make only one change. Please deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Select "Perform Full System Scan" and press "Next". When the scan has completed, click "Show Logfile".

Please copy/paste the complete log file here using the reply button. Don't quarantine or remove anything at this time, just post a complete logfile. This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.

When you have posted your log here, Team Lavasoft can advise on what to do next.

Please post back if you have any questions or other problems.

Good luck

Andy
  • 0

#3
RABB
Posted 23 May 2005 - 08:31 AM

RABB

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Here's the log you asked for:


Ad-Aware SE Build 1.05
Logfile Created on:Monday, May 23, 2005 10:06:19 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R46 17.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):8 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R46 17.05.2005
Internal build : 54
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 474775 Bytes
Total size : 1435210 Bytes
Signature data size : 1404100 Bytes
Reference data size : 30598 Bytes
Signatures total : 40060
Fingerprints total : 883
Fingerprints size : 30250 Bytes
Target categories : 15
Target families : 674


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:55 %
Total physical memory:785904 kb
Available physical memory:424944 kb
Total page file size:1526912 kb
Available on page file:1225664 kb
Total virtual memory:2097024 kb
Available virtual memory:2048064 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-23-2005 10:06:19 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 460
ThreadCreationTime : 5-23-2005 12:57:22 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 516
ThreadCreationTime : 5-23-2005 12:57:23 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 540
ThreadCreationTime : 5-23-2005 12:57:31 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 584
ThreadCreationTime : 5-23-2005 12:57:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 596
ThreadCreationTime : 5-23-2005 12:57:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 740
ThreadCreationTime : 5-23-2005 12:57:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 804
ThreadCreationTime : 5-23-2005 12:57:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 872
ThreadCreationTime : 5-23-2005 12:57:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 940
ThreadCreationTime : 5-23-2005 12:57:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1032
ThreadCreationTime : 5-23-2005 12:57:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1184
ThreadCreationTime : 5-23-2005 12:57:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1500
ThreadCreationTime : 5-23-2005 12:57:45 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:13 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 1512
ThreadCreationTime : 5-23-2005 12:57:45 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:14 [nvsvc32.exe]
ModuleName : C:\WINDOWS\system32\nvsvc32.exe
Command Line : C:\WINDOWS\system32\nvsvc32.exe
ProcessID : 1584
ThreadCreationTime : 5-23-2005 12:57:45 PM
BasePriority : Normal
FileVersion : 6.14.10.6693
ProductVersion : 6.14.10.6693
ProductName : NVIDIA Driver Helper Service, Version 66.93
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 66.93
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:15 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1644
ThreadCreationTime : 5-23-2005 12:57:46 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:16 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 264
ThreadCreationTime : 5-23-2005 12:57:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:17 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1640
ThreadCreationTime : 5-23-2005 1:01:04 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:18 [soundman.exe]
ModuleName : C:\WINDOWS\SOUNDMAN.EXE
Command Line : "C:\WINDOWS\SOUNDMAN.EXE"
ProcessID : 1784
ThreadCreationTime : 5-23-2005 1:01:06 PM
BasePriority : Normal
FileVersion : 5.1.0.24
ProductVersion : 5.1.0.24
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2003 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:19 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 1888
ThreadCreationTime : 5-23-2005 1:01:07 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:20 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
ProcessID : 1964
ThreadCreationTime : 5-23-2005 1:01:07 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:21 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 384
ThreadCreationTime : 5-23-2005 1:01:07 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:22 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 404
ThreadCreationTime : 5-23-2005 1:01:07 PM
BasePriority : Normal
FileVersion : 4.8.0.32
ProductVersion : 4.8.0.32
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:23 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 2024
ThreadCreationTime : 5-23-2005 1:01:07 PM
BasePriority : Normal
FileVersion : 0.1.0.3275
ProductVersion : 0.1.0.3275
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:24 [robotaskbaricon.exe]
ModuleName : C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Command Line : "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
ProcessID : 1932
ThreadCreationTime : 5-23-2005 1:01:07 PM
BasePriority : Normal


#:25 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 2004
ThreadCreationTime : 5-23-2005 1:01:09 PM
BasePriority : Normal
FileVersion : 4.8.0.32
ProductVersion : 4.8.0.32
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:26 [incmail.exe]
ModuleName : C:\PROGRA~1\INCRED~1\bin\IncMail.exe
Command Line : "C:\PROGRA~1\INCRED~1\bin\IncMail.exe"
ProcessID : 1292
ThreadCreationTime : 5-23-2005 1:02:26 PM
BasePriority : Normal
FileVersion : 4, 0, 0, 1874
ProductVersion : 4, 0, 0, 1874
ProductName : IncrediMail
CompanyName : IncrediMail, Ltd.
FileDescription : IncrediMail Application
InternalName : IncrediMail
LegalCopyright : Copyright © 2002 IncrediMail, Ltd.
OriginalFilename : INCMAIL.EXE

#:27 [imapp.exe]
ModuleName : C:\PROGRA~1\INCRED~1\bin\IMApp.exe
Command Line : C:\PROGRA~1\INCRED~1\bin\IMApp.exe -Embedding
ProcessID : 1300
ThreadCreationTime : 5-23-2005 1:02:28 PM
BasePriority : Normal
FileVersion : 4, 0, 0, 1874
ProductVersion : 4, 0, 0, 1874
ProductName : IncrediMail
CompanyName : IncrediMail, Ltd.
FileDescription : IncrediMail Application
InternalName : IncrediApp
LegalCopyright : Copyright © 2002 IncrediMail, Ltd.
OriginalFilename : IMAPP.EXE

#:28 [bitcomet.exe]
ModuleName : C:\Program Files\BitComet\BitComet.exe
Command Line : "C:\Program Files\BitComet\BitComet.exe"
ProcessID : 3188
ThreadCreationTime : 5-23-2005 1:15:01 PM
BasePriority : Normal
FileVersion : 0.58.
ProductVersion : 0.58.
ProductName : BitComet
CompanyName : www.BitComet.com
FileDescription : BitComet - a BitTorrent Client
InternalName : BitComet.exe
LegalCopyright : Copyright © Ningyu Ran, All Rights Reserved.
OriginalFilename : SimpleBT.exe

#:29 [firefox.exe]
ModuleName : C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
Command Line : "C:\PROGRA~1\MOZILL~1\FIREFOX.EXE" -url "http://www.geekstogo...iew=getnewpost"
ProcessID : 2672
ThreadCreationTime : 5-23-2005 2:02:40 PM
BasePriority : Normal


#:30 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2736
ThreadCreationTime : 5-23-2005 2:05:39 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 5-22-2015 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 5-24-2005 9:41:48 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 6-22-2005 9:53:38 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : roy@fastclick[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 5-23-2007 9:41:42 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : roy@maxserving[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 5-21-2015 9:50:34 AM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 5



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cicero@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\CICERO\Cookies\cicero@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cicero@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\CICERO\Cookies\cicero@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cicero@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\CICERO\Cookies\cicero@mediaplex[1].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 8




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8

10:22:21 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:02.524
Objects scanned:143872
Objects identified:8
Objects ignored:0
New critical objects:8

Thanks
Roy
  • 0

#4
Guest_Andy_veal_*
Posted 23 May 2005 - 09:50 AM

Guest_Andy_veal_*
  • Guest

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 8


If your system is running a program which changes the hosts file or you have added listings to the hosts file then there is no need to check further. Otherwise, please download the "Host File Viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your HOST file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip
  • 0

#5
Guest_Andy_veal_*
Posted 23 May 2005 - 09:54 AM

Guest_Andy_veal_*
  • Guest
Are you still having problems?

Your logfile seems clean.

You can always delete tracking cookies safely.

:tazz:
  • 0

#6
RABB
Posted 24 May 2005 - 04:04 PM

RABB

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks Andy
I thought the same when I posted the log. I was having recurring trouble with 'nail' and 'aurora'. I've been running ad aware and spybot and AVG virus as well as online scans with Panda and Trends.
Nothing seemed to help permanently but now it appears everything is clean. Not sure what did the trick. Any Ideas??

Thanks again
Roy
  • 0

#7
Guest_Andy_veal_*
Posted 24 May 2005 - 04:18 PM

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP