Author Topic: computer cleaning (Read 5062 times)

jeremiah · « **on:** April 09, 2006, 09:18:34 AM »

Hello folks. I had numbnuts in my house the other night and he advised me to come on to this forum and you guys might be able to help me!

GR@PH;<'S · « **Reply #1 on:** April 09, 2006, 01:05:18 PM »

jeremiah,
Glad you managed to find your way here

I here that you have already started to get control of your PC by doing some on-line scans and removing all the things that was found by them.
Even though you may have already have done some scans Please make sure that you have got the latest Ad-aware Definition file IE: SE1R102.03.04.2006 once you have it please can you start your PC in safe mode,

Safe mode is the Windows diagnostics mode. When you start the computer in Safe mode, only the specific components that are needed to run the operating system are loaded. Safe mode does not allow some functions, such as connection to the Internet. It also loads a standard video driver at a low resolution; therefore, your programs and the Windows desktop may look different than usual, In addition, the desktop icons may have moved to different locations on the desktop.
( see How to start the computer in Safe mode)

once in safe mode open Ad-aware SE Build 106
then scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)

Quote

I had numbnuts in my house the other night

Sorry to here that you have no beer left

GR@PH;<'S

jeremiah · « **Reply #2 on:** April 10, 2006, 04:14:40 PM »

Gr@ph:<'s
thanks very much for your reply. i have printed the reply and will attempt to follow the instructions but i have to warn you i am not very computer literate.

Jeremiahjude

jeremiah · « **Reply #3 on:** April 10, 2006, 04:52:24 PM »

Ad-Aware SE Build 1.06r1
Logfile Created on:10 April 2006 17:29:35
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R103 10.04.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.P2PNetworking(TAC index:3):3 total references
MRU List(TAC index:0):19 total references
Tracking Cookie(TAC index:3):19 total references
Win32.Adverts.TrojanDownloader(TAC index:6):2 total references
WinFixer(TAC index:10):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

10-04-2006 17:29:35 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Pc User\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office

MRU List Object Recognized!
Location: : C:\Documents and Settings\Pc User\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library

MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run

MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 152
ThreadCreationTime : 10-04-2006 16:27:47
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 200
ThreadCreationTime : 10-04-2006 16:27:56
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 224
ThreadCreationTime : 10-04-2006 16:27:57
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 268
ThreadCreationTime : 10-04-2006 16:28:01
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 280
ThreadCreationTime : 10-04-2006 16:28:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 432
ThreadCreationTime : 10-04-2006 16:28:05
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 496
ThreadCreationTime : 10-04-2006 16:28:06
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 540
ThreadCreationTime : 10-04-2006 16:28:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 748
ThreadCreationTime : 10-04-2006 16:28:26
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:10 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 872
ThreadCreationTime : 10-04-2006 16:29:00
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Adverts.TrojanDownloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{deceaaa2-370a-49bb-9362-68c3a58ddc62}

Win32.Adverts.TrojanDownloader Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{deceaaa2-370a-49bb-9362-68c3a58ddc62}
Value : AppID

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 21

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:pc user@doubleclick.net/
Expires : 09-04-2009 16:33:40
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:pc user@atdmt.com/
Expires : 09-04-2011 01:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:pc user@questionmarket.com/
Expires : 01-06-2007 00:15:34
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@as-us.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:pc user@as-us.falkag.net/
Expires : 10-05-2006 16:29:14
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@sel.as-us.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:pc user@sel.as-us.falkag.net/
Expires : 10-05-2006 16:29:14
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:pc user@mediaplex.com/
Expires : 22-06-2009 01:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@ads.pointroll[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:pc user@ads.pointroll.com/
Expires : 01-01-2010 01:00:00
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:pc user@serving-sys.com/
Expires : 31-12-2037 23:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@as-eu.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:pc user@as-eu.falkag.net/
Expires : 10-04-2007 16:37:46
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@revenue[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:pc user@revenue.net/
Expires : 10-06-2022 06:05:42
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@bluestreak[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:pc user@bluestreak.com/
Expires : 07-04-2016 12:25:44
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:pc user@tribalfusion.com/
Expires : 01-01-2038 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:pc user@statcounter.com/
Expires : 09-04-2011 00:09:04
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:18
Value : Cookie:pc user@casalemedia.com/
Expires : 31-03-2007 19:10:04
LastSync : Hits:18
UseCount : 0
Hits : 18

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@etype.adbureau[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:pc user@etype.adbureau.net/
Expires : 01-03-2007 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:pc user@fastclick.net/
Expires : 09-04-2008 17:06:30
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@lop[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:pc user@lop.com/
Expires : 09-04-2007 15:41:52
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:pc user@2o7.net/
Expires : 08-04-2011 18:42:30
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:pc user@adtech.de/
Expires : 06-04-2016 23:50:10
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 19
Objects found so far: 40

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WinFixer Object Recognized!
Type : File
Data : WinFixer2006FreeInstall[1].cab
TAC Rating : 10
Category : Misc
Comment :
Object : C:\Documents and Settings\Pc User\Local Settings\Temporary Internet Files\Content.IE5\D3VZ5P0A\

WinFixer Object Recognized!
Type : File
Data : WinFixer2006FreeInstall[1].exe
TAC Rating : 10
Category : Misc
Comment :
Object : C:\Documents and Settings\Pc User\Local Settings\Temporary Internet Files\Content.IE5\GPY78LQ7\

Adware.P2PNetworking Object Recognized!
Type : File
Data : A0037908.DLL
TAC Rating : 3
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{BF5EB97B-14FD-4B1A-8CD5-DB0E8D700354}\RP197\

Adware.P2PNetworking Object Recognized!
Type : File
Data : A0037911.exe
TAC Rating : 3
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{BF5EB97B-14FD-4B1A-8CD5-DB0E8D700354}\RP197\
FileVersion : 1, 26, 0, 10
ProductVersion : 1, 26, 0, 10
ProductName : P2P Networking
CompanyName : Joltid Ltd.
FileDescription : P2P Networking
InternalName : P2P Networking
LegalCopyright : Copyright © 2001 - 2004 Joltid Ltd. All Rights Reserved.
LegalTrademarks : Joltid is a registered trademark of Joltid Ltd.
OriginalFilename : P2P Networking.exe

WinFixer Object Recognized!
Type : File
Data : UWFX6_0001_N69M1503NetInstaller.exe
TAC Rating : 10
Category : Misc
Comment :
Object : C:\WINDOWS\Downloaded Program Files\

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 45

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 45

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WinFixer Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_df_kmd

WinFixer Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\enum\root\legacy_df_kmd

WinFixer Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\winfixer_free

Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\p2p networking

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 49

17:39:17 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:42.125
Objects scanned:112486
Objects identified:30
Objects ignored:0
New critical objects:30

GR@PH;<'S · « **Reply #4 on:** April 10, 2006, 08:21:42 PM »

jeremiah,
please can you clear out your cache folder ie: temporary internet folder There is free program that you can use that will do that for you if needed called
CCleaner
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours"). but see CCleaner Set up
After you have done that can you scan by doing a "Full Scan" then and once the scan has finished
mark and remove the items then Reboot (ie: Re-start your PC)
Then re-scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .

Please NOTE from the AAW SE help file, if you set "Read current settings from system:" under "default settings" in Ad-Aware SE,

Quote

Default IE Pages
Default homepage: Ad-Aware SE uses the defined homepage when recovering from a browser hijack

Default Search Engine: Ad-Aware SE uses the defined search engine when recovering from a browser hijack

Also you may wish to download a Free Cookie manager called CookieWall to take care of all your Cookie’s for you.
(Tracking Cookie’s are always safe to delete)

GR@PH;<'S

jeremiah · « **Reply #5 on:** April 10, 2006, 10:04:11 PM »

Ad-Aware SE Build 1.06r1
Logfile Created on:10 April 2006 22:35:13
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R103 10.04.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.P2PNetworking(TAC index:3):3 total references
MRU List(TAC index:0):20 total references
Tracking Cookie(TAC index:3):22 total references
Win32.Adverts.TrojanDownloader(TAC index:6):2 total references
WinFixer(TAC index:10):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Edited as log incomplte se post below
GR@PH;<'S

GR@PH;<'S · « **Reply #6 on:** April 10, 2006, 10:26:20 PM »

jeremiah,
please can you clear out your cache folder ie: temporary internet folder There is free program that you can use that will do that for you if needed called CCleaner
http://www.ccleaner.com/
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours"). but see http://www.bbusa.net/ghost1/ccleanersetup.html
After you have done that can you scan by doing a "http://www.lavasofthelp.com/howto/scan_se/" then and once the scan has finished
mark and remove the items then Reboot (ie: Re-start your PC)
Then re-scan doing a "http://www.lavasofthelp.com/howto/scan_se/" and then post your logfile here by using the Add-Reply Feature .

Please NOTE from the AAW SE help file, if you set "Read current settings from system:" under "default settings" in Ad-Aware SE,

Quote

Default IE Pages
Default homepage: Ad-Aware SE uses the defined homepage when recovering from a browser hijack

Default Search Engine: Ad-Aware SE uses the defined search engine when recovering from a browser hijack

Also you may wish to download a Free Cookie manager called cookiewall http://www.analogx.com/contents/download/network/cookie.htm to take care of all your Cookie’s for you.
(Tracking Cookie’s are always safe to delete)

GR@PH;<'S

Corrine · « **Reply #7 on:** April 10, 2006, 11:14:57 PM »

Hi, Jeremiah,

One thing I would add to Ghost's tutorial on CCleaner: Before using it the first time, under Options > Advanced > UNcheck "Only delete files in Windows Temp folder older than 48 hours".

I noticed the Winfixer in your logfile. To save you a step or two, after following GR@PH;<'S instructions above, please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.

Please post the contents of C:\vundofix.txt and a new Ad-Aware SE Logfile.

Note: if you don't do this properly, Paddy will be over to straighten you out and confiscate any beer or other alcoholic beverages for shipping to GR@PH;<'S, the keeper of fine beverages. :hysterical:

jeremiah · « **Reply #8 on:** April 10, 2006, 11:47:33 PM »

ANALYSIS COMPLETE - (2.891 secs)
------------------------------------------------------------------------------------------
0.67MB to be removed. (Approximate size)
------------------------------------------------------------------------------------------

Details of files to be deleted (Note: No files have been deleted yet)
------------------------------------------------------------------------------------------
IE Temporary Internet Files (117 files) 0.50MB
C:\Documents and Settings\Pc User\Cookies\pc user@dns-look-up[1].txt 72 bytes
C:\Documents and Settings\Pc User\Cookies\pc user@landzdown[1].txt 224 bytes
C:\Documents and Settings\Pc User\Cookies\pc user@live[1].txt 94 bytes
C:\Documents and Settings\Pc User\Cookies\pc user@msnportal.112.2o7[1].txt 119 bytes
C:\Documents and Settings\Pc User\Cookies\pc user@msn[2].txt 388 bytes
C:\Documents and Settings\Pc User\Cookies\pc user@www.msn[2].txt 377 bytes
C:\Documents and Settings\Pc User\Local Settings\History\History.IE5\desktop.ini 113 bytes
Marked for deletion: C:\Documents and Settings\Pc User\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marked for deletion: C:\Documents and Settings\Pc User\Cookies\index.dat
Marked for deletion: C:\Documents and Settings\Pc User\Local Settings\History\History.IE5\index.dat
C:\DOCUME~1\PCUSER~1\LOCALS~1\Temp\~DF2ACD.tmp 0.16MB
C:\WINDOWS\system32\wbem\Logs\wbemess.log 11.35KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 67 bytes
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\Debug\UserMode\userenv.log 1.91KB
C:\Documents and Settings\Pc User\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 348 bytes
------------------------------------------------------------------------------------------

jeremiah · « **Reply #9 on:** April 10, 2006, 11:52:55 PM »

Hi corrine. Im sorry i already had run the scan then i seen your post. I tried it anyway and there are no infected files.
thanks anyway
jerry

Corrine · « **Reply #10 on:** April 11, 2006, 10:55:10 AM »

That's ok. The only reason for that "tweak' is that the default setting for CCleaner is to not remove temp files from the past 48 hours. More than liikely, the more recent temp files are the files that need to be removed.

Please continue with the rest of the instructions.

jeremiah · « **Reply #11 on:** April 12, 2006, 09:55:46 PM »

Hello folks, still having problems so numbnuts told me post another log.Ad-Aware SE Build 1.06r1
Logfile Created on:12 April 2006 22:50:08
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R103 10.04.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):4 total references
Tracking Cookie(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

12-04-2006 22:50:08 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 500
ThreadCreationTime : 12-04-2006 06:34:38
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 556
ThreadCreationTime : 12-04-2006 06:34:40
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 580
ThreadCreationTime : 12-04-2006 06:34:41
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 624
ThreadCreationTime : 12-04-2006 06:34:41
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 636
ThreadCreationTime : 12-04-2006 06:34:41
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 780
ThreadCreationTime : 12-04-2006 06:34:42
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 840
ThreadCreationTime : 12-04-2006 06:34:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 876
ThreadCreationTime : 12-04-2006 06:34:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 936
ThreadCreationTime : 12-04-2006 06:34:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1064
ThreadCreationTime : 12-04-2006 06:34:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1308
ThreadCreationTime : 12-04-2006 06:34:45
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1376
ThreadCreationTime : 12-04-2006 06:34:46
BasePriority : Normal
FileVersion : 8.14
ProductVersion : 8.14
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:13 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1416
ThreadCreationTime : 12-04-2006 06:34:46
BasePriority : Normal
FileVersion : 8.14
ProductVersion : 8.14
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1412
ThreadCreationTime : 12-04-2006 06:34:46
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1668
ThreadCreationTime : 12-04-2006 06:34:48
BasePriority : Normal
FileVersion : 7,1,0,365
ProductVersion : 7.1.0.365
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:16 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1804
ThreadCreationTime : 12-04-2006 06:34:50
BasePriority : Normal
FileVersion : 7,1,0,349
ProductVersion : 7.1.0.349
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:17 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1840
ThreadCreationTime : 12-04-2006 06:34:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:18 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1872
ThreadCreationTime : 12-04-2006 06:34:51
BasePriority : Normal
FileVersion : 7,1,0,381
ProductVersion : 7.1.0.381
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:19 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1892
ThreadCreationTime : 12-04-2006 06:34:51
BasePriority : Normal
FileVersion : 7,1,0,371
ProductVersion : 7.1.0.371
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:20 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 1896
ThreadCreationTime : 12-04-2006 06:34:51
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:21 [dlbabmgr.exe]
FilePath : C:\Program Files\Dell AIO Printer A940\
ProcessID : 1924
ThreadCreationTime : 12-04-2006 06:34:51
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Dell Computer Corporation
FileDescription : Dell AIO Printer A940 Button Manager
InternalName : dlbabmgr.exe
OriginalFilename : dlbabmgr.exe

#:22 [dlbabmon.exe]
FilePath : C:\Program Files\Dell AIO Printer A940\
ProcessID : 2008
ThreadCreationTime : 12-04-2006 06:34:52
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Dell Computer Corporation
FileDescription : Dell AIO Printer A940 Button Monitor
InternalName : dlbabmon.exe
OriginalFilename : dlbabmon.exe

#:23 [hotkey.exe]
FilePath : C:\Program Files\Hotkey\
ProcessID : 2016
ThreadCreationTime : 12-04-2006 06:34:52
BasePriority : Normal
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : Hotkey ????
FileDescription : Hotkey Microsoft ???????
InternalName : Hotkey
LegalCopyright : ???? (C) 2004
OriginalFilename : Hotkey.exe

#:24 [ewidoguard.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 2024
ThreadCreationTime : 12-04-2006 06:34:52
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:25 [dslstat.exe]
FilePath : C:\Program Files\BT Voyager 105 ADSL Modem\
ProcessID : 2032
ThreadCreationTime : 12-04-2006 06:34:52
BasePriority : Normal
FileVersion : 4.0.7
ProductVersion : 4.0.7
ProductName : DSL Status
CompanyName : GlobespanVirata, Inc.
FileDescription : DSL Status Executable
InternalName : DslStatus
LegalCopyright : Copyright (C) 2002
OriginalFilename : dslstatus.exe

#:26 [dslagent.exe]
FilePath : C:\Program Files\BT Voyager 105 ADSL Modem\
ProcessID : 148
ThreadCreationTime : 12-04-2006 06:34:53
BasePriority : Normal

#:27 [blubster.exe]
FilePath : C:\Program Files\Blubster\
ProcessID : 192
ThreadCreationTime : 12-04-2006 06:34:54
BasePriority : Normal
FileVersion : 2.05
ProductVersion : 2.05
ProductName : MP2P Servent
CompanyName : Piolet Networks
FileDescription : MP2P servent main executable
InternalName : Blubster
LegalCopyright : Copyright 1999 - 2003 Pablo Soto. All rights reserved.
OriginalFilename : Blubster.exe
Comments : Share your Music!

#:28 [lxcgmon.exe]
FilePath : C:\Program Files\Lexmark 2300 Series\
ProcessID : 224
ThreadCreationTime : 12-04-2006 06:34:54
BasePriority : Normal
FileVersion : 2.6.62.20
ProductVersion : 2.6.62.20
ProductName : Lexmark Device Monitor
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark Device Monitor
InternalName : lxcgmon.exe
LegalCopyright : (C) 2002 Lexmark International, Inc.
OriginalFilename : lxcgmon.exe

#:29 [ezprint.exe]
FilePath : C:\Program Files\Lexmark 2300 Series\
ProcessID : 260
ThreadCreationTime : 12-04-2006 06:34:55
BasePriority : Normal
FileVersion : 1.0.12.0
ProductVersion : 1.0.12.0
ProductName : Lexmark Fast Pics Application
CompanyName : Lexmark International Inc.
FileDescription : Lexmark Fast Pics Application
InternalName : Lexmark Fast Pics
LegalCopyright : Copyright (C) 2004
OriginalFilename : ezprint.exe

#:30 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 380
ThreadCreationTime : 12-04-2006 06:34:57
BasePriority : Normal
FileVersion : 6.1.744.001
ProductVersion : 6.1.744.001
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:31 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 536
ThreadCreationTime : 12-04-2006 06:35:00
BasePriority : Normal

#:32 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 964
ThreadCreationTime : 12-04-2006 06:35:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:33 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 12-04-2006 06:35:05
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:34 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1496
ThreadCreationTime : 12-04-2006 06:35:08
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:35 [mpbtn.exe]
FilePath : C:\Program Files\BT Broadband Basic Help\bin\
ProcessID : 2200
ThreadCreationTime : 12-04-2006 06:35:44
BasePriority : Normal

#:36 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 264
ThreadCreationTime : 12-04-2006 06:37:12
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:37 [lxcgcoms.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1348
ThreadCreationTime : 12-04-2006 06:37:19
BasePriority : High
FileVersion : 1.154.19.0
ProductVersion : 1.154.19.0
ProductName : Printer Communication System
FileDescription : Printer Communication System
InternalName : GN__coms.exe
OriginalFilename : GN__coms.exe

#:38 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 2412
ThreadCreationTime : 12-04-2006 07:42:29
BasePriority : Normal
FileVersion : 7.5.0322
ProductVersion : 7.5.0322
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:39 [poker.exe]
FilePath : C:\Program Files\PacificPoker\Utils\
ProcessID : 3976
ThreadCreationTime : 12-04-2006 21:23:42
BasePriority : Normal
FileVersion : 3, 0, 2, 2
ProductVersion : 3, 0, 2, 2
ProductName : poker
CompanyName : Cassava Ent.
FileDescription : poker
InternalName : poker
LegalCopyright : Copyright © 1999
OriginalFilename : poker.exe

#:40 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3808
ThreadCreationTime : 12-04-2006 21:40:53
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:41 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2956
ThreadCreationTime : 12-04-2006 21:49:47
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:pc user@doubleclick.net/
Expires : 12-04-2006 22:38:54
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:pc user@atdmt.com/
Expires : 11-04-2011 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:pc user@fastclick.net/
Expires : 11-04-2008 22:14:30
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 7

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 7

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7

23:01:20 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:11.875
Objects scanned:113182
Objects identified:3
Objects ignored:0
New critical objects:3

its all jargon to me!!!! :help:

GR@PH;<'S · « **Reply #12 on:** April 12, 2006, 10:29:59 PM »

jeremiah,
Did you install CCleaner if so i run it if not please download it then run it,
as it will clear out your ceche folder for you.
now in your log file there are some programs that you may not want or at least may not want running at boot up IE: PC start up
such as #:39 [poker.exe] and #:27 [blubster.exe]
can you let us know what pop ups or other items that you are getting on your pc.

GR@PH;<'S

Corrine · « **Reply #13 on:** April 12, 2006, 11:23:09 PM »

Jerry, Jerry, Jerry. What to do with you?

GR@PH;<'S, Paddy and I have been having a bit of a chat about your PC. Here's what is in store:

1) Stock your refrigerator as you will be having company soon (or is that a knock on the door now?).

2) Be prepared to answer questions regarding the ewido scan -- did it finish? did you remove what was found?

3) See this link about Blubster: http://www.depts.drew.edu/its/docs/procedures/blubster.php

4) Consider a new hobby besides online poker.

5) If you have not run the VundoFix posted above, please do so next and post the log as a reply. If you already ran it, check for C:\vundofix.txt and paste it with the HJThis log in #6 below as a reply.

6) Please download HijackThis© from: http://www.thespykiller.co.uk/files/HJTsetup.exe .

Note: This is a complete installer that installs HijackThis to your computer to at C:\Program Files\HijackThis, making an entry in the start menu and also providing a desktop shortcut.

At the download prompt, choose "Save". After the download is complete, navigate to the C:\Program Files\HijackThis folder and double-click it. When the installation is complete, double-click the HijackThis icon on your desktop. Select "Do a system scan and save logfile". Select a name for this first logfile. and a text file will be produced. Copy the text file and paste it here as a reply.

We'll be watching for those logs.

Corrine · « **Reply #14 on:** April 13, 2006, 01:58:02 AM »

What timely information I have for you Jerry. I understand that PartyPoker is considered a low risk threat: http://research.sunbelt-software.com/threat_display.cfm?name=PartyPoker&threatid=44086&search=partypoker so perhaps you would consider that. There may be a popup or two, but when intentionally installed, it uninstalls cleanly.

LandzDown Forum

News: