Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred]Ad-aware logfile

Started by Solhan , May 15 2005 09:43 AM

  • Please log in to reply

#1
Solhan
Posted 15 May 2005 - 09:43 AM

Solhan

    New Member

  • Member
  • Pip
  • 3 posts
From a complete scan of my comp, this is the logfile generated. Any help wil be greatly apprecitated. I am using an IBM thinkpad and thus many of the running things are IBM componants (for example a battery indicator) as I'm sure you can see below. I have a strong feeling popuper.exe is what's causing the popups, yet when i end that process tree, it gets recreated in less than 5 seconds and I don't know what is doing it. The popups aren't all that troublesome, approximatly 1 per hour of being connected to the internet, so i can live with but i'ld obviously prefer to live without. Once again, thanks for any help.

Ad-Aware SE Build 1.05
Logfile Created on:Sunday, May 15, 2005 11:30:22 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R45 13.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-15-2005 11:30:22 AM - Scan started. (Smart mode)

Edited by Mannen, please read below

Edited by Mannen, 15 May 2005 - 10:00 AM.

  • 0

Advertisements

#2
Mannen
Posted 15 May 2005 - 10:00 AM

Mannen

    Ad-Aware Expert

  • Member
  • PipPipPip
  • 110 posts
Greetings! :tazz:


5-15-2005 11:30:22 AM - Scan started. (Smart mode)


Please check "Perform full system scan" and post the new log here

Cheers
Mannen
  • 0

#3
Solhan
Posted 15 May 2005 - 07:40 PM

Solhan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Terribly sorry...


Ad-Aware SE Build 1.05
Logfile Created on:Sunday, May 15, 2005 9:14:10 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R45 13.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-15-2005 9:14:10 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 416
ThreadCreationTime : 5-16-2005 1:10:14 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 464
ThreadCreationTime : 5-16-2005 1:10:17 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 488
ThreadCreationTime : 5-16-2005 1:10:18 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 532
ThreadCreationTime : 5-16-2005 1:10:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 544
ThreadCreationTime : 5-16-2005 1:10:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ibmpmsvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 696
ThreadCreationTime : 5-16-2005 1:10:19 AM
BasePriority : Normal


#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 5-16-2005 1:10:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 780
ThreadCreationTime : 5-16-2005 1:10:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 820
ThreadCreationTime : 5-16-2005 1:10:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 864
ThreadCreationTime : 5-16-2005 1:10:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 916
ThreadCreationTime : 5-16-2005 1:10:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1144
ThreadCreationTime : 5-16-2005 1:10:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1240
ThreadCreationTime : 5-16-2005 1:10:22 AM
BasePriority : Normal


#:14 [defwatch.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 1256
ThreadCreationTime : 5-16-2005 1:10:22 AM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:15 [inetinfo.exe]
FilePath : C:\WINDOWS\system32\inetsrv\
ProcessID : 1296
ThreadCreationTime : 5-16-2005 1:10:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : INETINFO.EXE

#:16 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1348
ThreadCreationTime : 5-16-2005 1:10:23 AM
BasePriority : Normal
FileVersion : 7.10.3077
ProductVersion : 7.10.3077
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright© Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:17 [rtvscan.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 1404
ThreadCreationTime : 5-16-2005 1:10:23 AM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:18 [tpkmpsvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1540
ThreadCreationTime : 5-16-2005 1:10:23 AM
BasePriority : Normal


#:19 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1932
ThreadCreationTime : 5-16-2005 1:10:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:20 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 292
ThreadCreationTime : 5-16-2005 1:10:39 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:21 [msole32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 120
ThreadCreationTime : 5-16-2005 1:10:42 AM
BasePriority : Normal


#:22 [popuper.exe]
FilePath : C:\WINDOWS\
ProcessID : 508
ThreadCreationTime : 5-16-2005 1:10:42 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 217
ProductVersion : 1, 0, 0, 217
ProductName : Popuper Application
FileDescription : Popuper Application
InternalName : Popuper
LegalCopyright : Copyright © 2005
OriginalFilename : Popuper.exe

#:23 [tp4serv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 656
ThreadCreationTime : 5-16-2005 1:10:42 AM
BasePriority : Normal
FileVersion : 3.50
ProductVersion : 3.50
ProductName : IBM PS/2 TrackPoint Support
CompanyName : IBM Corporation
FileDescription : IBM PS/2 TrackPoint Daemon
InternalName : daemon.exe
LegalCopyright : Copyright © IBM Corporation 1997-2004
OriginalFilename : daemon.exe

#:24 [atiptaxx.exe]
FilePath : C:\WINDOWS\SYSTEM32\
ProcessID : 952
ThreadCreationTime : 5-16-2005 1:10:42 AM
BasePriority : Normal
FileVersion : 6.13.10.4046
ProductVersion : 6.13.10.4046
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:25 [daemon.exe]
FilePath : C:\Program Files\D-Tools\
ProcessID : 988
ThreadCreationTime : 5-16-2005 1:10:43 AM
BasePriority : Normal


#:26 [intmonp.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 872
ThreadCreationTime : 5-16-2005 1:10:43 AM
BasePriority : Normal


#:27 [tp98tray.exe]
FilePath : C:\PROGRA~1\ThinkPad\UTILIT~1\
ProcessID : 580
ThreadCreationTime : 5-16-2005 1:10:43 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : IBM ThinkPad Tray Utility
CompanyName : IBM Corp.
FileDescription : IBM ThinkPad Tray Utility
InternalName : IBM ThinkPad Tray Utility
LegalCopyright : Copyright © IBM Corp. 1998,2005.
OriginalFilename : Tp98Tray.exe

#:28 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1884
ThreadCreationTime : 5-16-2005 1:10:43 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:29 [tphkmgr.exe]
FilePath : C:\PROGRA~1\ThinkPad\UTILIT~1\
ProcessID : 1888
ThreadCreationTime : 5-16-2005 1:10:44 AM
BasePriority : Normal


#:30 [pdtray.exe]
FilePath : C:\PROGRA~1\ThinkPad\UTILIT~1\
ProcessID : 1292
ThreadCreationTime : 5-16-2005 1:10:44 AM
BasePriority : Normal


#:31 [prpcui.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1172
ThreadCreationTime : 5-16-2005 1:10:44 AM
BasePriority : Normal
FileVersion : 1.1.0.0
ProductVersion : 1.1.0.0
ProductName : Intel® SpeedStep™ technology applet
CompanyName : Intel Corporation
FileDescription : Intel® SpeedStep™ technology User Interface
InternalName : prpcui.exe
LegalCopyright : Copyright© Intel Corporation 1998-2000
LegalTrademarks : Intel® SpeedStep™ technology
OriginalFilename : prpcui.exe
Comments : Version 1.1

#:32 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 1252
ThreadCreationTime : 5-16-2005 1:10:44 AM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:33 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1524
ThreadCreationTime : 5-16-2005 1:10:45 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:34 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2292
ThreadCreationTime : 5-16-2005 1:10:51 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:35 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2576
ThreadCreationTime : 5-16-2005 1:11:09 AM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
42 entries scanned.
New critical objects:0
Objects found so far: 1




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

9:29:30 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:15:20.33
Objects scanned:112015
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0

#4
Mannen
Posted 16 May 2005 - 01:36 AM

Mannen

    Ad-Aware Expert

  • Member
  • PipPipPip
  • 110 posts
Hi!


This log is clean but you have running trojans which Adaware doesn't detect yet so I will transfer you to the Hijackthis forum. Read below how to proceed

Cheers
Mannen
  • 0

#5
Mannen
Posted 16 May 2005 - 01:36 AM

Mannen

    Ad-Aware Expert

  • Member
  • PipPipPip
  • 110 posts
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP