Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred] Ad-Aware log file for review, please

Started by melcheck , Apr 22 2005 11:55 AM

  • This topic is locked This topic is locked

#1
melcheck
Posted 22 April 2005 - 11:55 AM

melcheck

    Member

  • Member
  • PipPip
  • 18 posts
Ad-Aware SE Build 1.05
Logfile Created on:Friday, April 22, 2005 12:19:08 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):4 total references
Ebates MoneyMaker(TAC index:4):7 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:24 %
Total physical memory:122352 kb
Available physical memory:29000 kb
Total page file size:295592 kb
Available on page file:63508 kb
Total virtual memory:2097024 kb
Available virtual memory:2046324 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4-22-2005 12:19:08 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 360
ThreadCreationTime : 4-22-2005 5:12:49 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 416
ThreadCreationTime : 4-22-2005 5:12:51 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 444
ThreadCreationTime : 4-22-2005 5:12:58 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 488
ThreadCreationTime : 4-22-2005 5:12:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 500
ThreadCreationTime : 4-22-2005 5:12:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 644
ThreadCreationTime : 4-22-2005 5:12:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 692
ThreadCreationTime : 4-22-2005 5:13:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 728
ThreadCreationTime : 4-22-2005 5:13:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 780
ThreadCreationTime : 4-22-2005 5:13:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 864
ThreadCreationTime : 4-22-2005 5:13:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1132
ThreadCreationTime : 4-22-2005 5:13:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [explorer.exe]
ModuleName : C:\WINDOWS\explorer.exe
Command Line : "C:\WINDOWS\explorer.exe"
ProcessID : 1244
ThreadCreationTime : 4-22-2005 5:13:04 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [taskmgru.exe]
ModuleName : C:\WINDOWS\system32\TASKMGRU.EXE
Command Line : "C:\WINDOWS\system32\TASKMGRU.EXE" open
ProcessID : 1344
ThreadCreationTime : 4-22-2005 5:13:05 PM
BasePriority : Normal


#:14 [msimn32.exe]
ModuleName : C:\WINDOWS\system32\MSIMN32.EXE
Command Line : "C:\WINDOWS\system32\MSIMN32.EXE" open
ProcessID : 1352
ThreadCreationTime : 4-22-2005 5:13:05 PM
BasePriority : Normal


#:15 [00thotkey.exe]
ModuleName : C:\WINDOWS\System32\00THotkey.exe
Command Line : "C:\WINDOWS\System32\00THotkey.exe"
ProcessID : 1400
ThreadCreationTime : 4-22-2005 5:13:06 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : TOSHIBA THotkey
CompanyName : TOSHIBA Corp.
FileDescription : THotkey
InternalName : THotkey
LegalCopyright : Copyright © 1999
OriginalFilename : THotkey.exe

#:16 [tfncky.exe]
ModuleName : C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
Command Line : "C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe" /Type 10
ProcessID : 1408
ThreadCreationTime : 4-22-2005 5:13:06 PM
BasePriority : Normal
FileVersion : 2.15
ProductVersion : 2.15
ProductName : TFncKy
CompanyName : Toshiba Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright 1997-2000 Toshiba Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE

#:17 [tpwrtray.exe]
ModuleName : C:\WINDOWS\system32\TPWRTRAY.EXE
Command Line : "C:\WINDOWS\system32\TPWRTRAY.EXE"
ProcessID : 1432
ThreadCreationTime : 4-22-2005 5:13:06 PM
BasePriority : Normal
FileVersion : 4. 0. 0. 0
ProductVersion : 4. 0. 0. 0
ProductName : TOSHIBA Power Saver
CompanyName : TOSHIBA Corporation
FileDescription : TOSHIBA Power Saver
InternalName : Tpwrtray
LegalCopyright : Copyright 1999-2001 TOSHIBA Corporation.
OriginalFilename : Tpwrtray.exe
Comments : TOSHIBA Power Saver

#:18 [em_exec.exe]
ModuleName : C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
Command Line : "C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE"
ProcessID : 1440
ThreadCreationTime : 4-22-2005 5:13:06 PM
BasePriority : Normal
FileVersion : 9.40.139
ProductVersion : 9.40
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2001.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team

#:19 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 1464
ThreadCreationTime : 4-22-2005 5:13:07 PM
BasePriority : Normal
FileVersion : 4.7.3000
ProductVersion : Version 4.7.3000
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:20 [taskmgru.exe]
ModuleName : C:\WINDOWS\system32\TASKMGRU.EXE
Command Line : "C:\WINDOWS\system32\TASKMGRU.EXE"
ProcessID : 1472
ThreadCreationTime : 4-22-2005 5:13:07 PM
BasePriority : Normal


#:21 [msimn32.exe]
ModuleName : C:\WINDOWS\system32\MSIMN32.EXE
Command Line : "C:\WINDOWS\system32\MSIMN32.EXE"
ProcessID : 1480
ThreadCreationTime : 4-22-2005 5:13:07 PM
BasePriority : Normal


#:22 [swdoctor.exe]
ModuleName : C:\Program Files\Spyware Doctor\swdoctor.exe
Command Line : "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
ProcessID : 1520
ThreadCreationTime : 4-22-2005 5:13:09 PM
BasePriority : Normal
FileVersion : 3.2.0.3421
ProductVersion : 3.1
ProductName : Spyware Doctor
CompanyName : PCTools
FileDescription : Spyware Doctor
InternalName : Spyware Doctor
LegalCopyright : Copyright © 2004. Distributed by PC Tools Pty Ltd
OriginalFilename : swdr.exe

#:23 [hotsync.exe]
ModuleName : C:\Palm\HOTSYNC.EXE
Command Line : "C:\Palm\HOTSYNC.EXE"
ProcessID : 1700
ThreadCreationTime : 4-22-2005 5:13:15 PM
BasePriority : Normal
FileVersion : 4.0
ProductVersion : 4.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:24 [config.exe]
ModuleName : C:\Program Files\Linksys\Configuration Utility\Config.exe
Command Line : "C:\Program Files\Linksys\Configuration Utility\Config.exe"
ProcessID : 1716
ThreadCreationTime : 4-22-2005 5:13:15 PM
BasePriority : Normal
FileVersion : 1.07.29
ProductVersion : 1.07.29.1032
ProductName : PRISM Wireless LAN
CompanyName : LINKSYS Corporation
FileDescription : PRISM Status Tray Applet
InternalName : [email protected]
LegalCopyright : Copyright © 2001, LINKSYS Corporation
OriginalFilename : PRISMSTA.exe
Comments : Developed by TriplePoint, Inc. <www.TriplePoint.com>

#:25 [alarmapp.exe]
ModuleName : C:\Palm\AlarmApp.exe
Command Line : "C:\Palm\AlarmApp.exe"
ProcessID : 1724
ThreadCreationTime : 4-22-2005 5:13:16 PM
BasePriority : Normal
FileVersion : 4.0.1
ProductVersion : 4.0.1
ProductName : Palm Desktop
CompanyName : Palm, Inc.
FileDescription : Alarm Application
LegalCopyright : © 2000-2001 Palm, Inc.

#:26 [netdevsw.exe]
ModuleName : C:\Program Files\TOSHIBA\NetDevSW\NetDevSW.exe
Command Line : "C:\Program Files\TOSHIBA\NetDevSW\NetDevSW.exe"
ProcessID : 1732
ThreadCreationTime : 4-22-2005 5:13:17 PM
BasePriority : Normal


#:27 [spysub.exe]
ModuleName : C:\Program Files\InterMute\SpySubtract\SpySub.exe
Command Line : "C:\Program Files\InterMute\SpySubtract\SpySub.exe" -autostart
ProcessID : 1740
ThreadCreationTime : 4-22-2005 5:13:17 PM
BasePriority : Normal
FileVersion : 1, 0, 1, 49
ProductVersion : 2.60
ProductName : SpySubtract
CompanyName : InterMute, Inc.
FileDescription : SpySubtract Program EXE
InternalName : SpySub.exe
LegalCopyright : Copyright © 2004 InterMute, Inc. All rights reserved.
OriginalFilename : SpySub.exe

#:28 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1096
ThreadCreationTime : 4-22-2005 5:14:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:29 [wscntfy.exe]
ModuleName : C:\WINDOWS\system32\wscntfy.exe
Command Line : C:\WINDOWS\system32\wscntfy.exe
ProcessID : 1208
ThreadCreationTime : 4-22-2005 5:14:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:30 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe"
ProcessID : 144
ThreadCreationTime : 4-22-2005 5:15:17 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:31 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
ProcessID : 852
ThreadCreationTime : 4-22-2005 5:15:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:32 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2128
ThreadCreationTime : 4-22-2005 5:17:00 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae}
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}
Value :

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_USERS
Object : S-1-5-21-1801674531-854245398-1708537768-1004\software\lq
Value : AC

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 5


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 5




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ebates MoneyMaker Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TM

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : U

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AD

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AC

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : I

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 11

12:33:49 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:41.488
Objects scanned:114193
Objects identified:11
Objects ignored:0
New critical objects:11
  • 0

Advertisements

#2
Guest_numbnuts_*
Posted 22 April 2005 - 01:17 PM

Guest_numbnuts_*
  • Guest
Hello, melcheck Welcome to the forum try this please!!!

If you would like to clean your machine, please launch Ad-Aware SE and check for any Definition File updates.

Click on the gear to access the Configuration Menu. Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Then, please follow the steps listed below.

A. It is suggested that you clean the following directory contents (but not the directory folder ).

Please disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers.

1. C:\Windows\Temp\
2. C:\Documents and Settings\<Your Profile>\Local Settings\ Temporary Internet Files \ <=this will delete all your cached internet content including cookies.

3. C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
4. C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
5. C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
6. Empty your " Recycle Bin ".

Please run Ad-Aware SE just a bit differently, using the command line below that corresponds to your version of Ad-Aware SE:
Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke

Click OK.
Note: The path above (between the quotes) is the default location of Ad-Aware SE, if this has been changed,
Please adjust it to the location that you have installed it to.

1. When the scan has completed, select Next.
2. In the Scanning Results window, select the "Scan Summary" tab.
3. Check the box next to each "target family" you wish to remove.
4. Click next, Click OK.

Please shutdown/restart and post a new full system logfile as a reply.


Regards...

numbnuts.. :tazz:
  • 0

#3
melcheck
Posted 22 April 2005 - 02:38 PM

melcheck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I was unable to empty my user temp folder. One sub-folder was "not empty" and several files were in use.

Unless I screwed something up, this didn't seem to clean up anything.


Ad-Aware SE Build 1.05
Logfile Created on:Friday, April 22, 2005 3:18:31 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):4 total references
Ebates MoneyMaker(TAC index:4):7 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:25 %
Total physical memory:122352 kb
Available physical memory:30320 kb
Total page file size:295592 kb
Available on page file:78784 kb
Total virtual memory:2097024 kb
Available virtual memory:2046440 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4-22-2005 3:18:31 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 356
ThreadCreationTime : 4-22-2005 8:12:05 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 412
ThreadCreationTime : 4-22-2005 8:12:07 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 440
ThreadCreationTime : 4-22-2005 8:12:11 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 484
ThreadCreationTime : 4-22-2005 8:12:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 496
ThreadCreationTime : 4-22-2005 8:12:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 636
ThreadCreationTime : 4-22-2005 8:12:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 688
ThreadCreationTime : 4-22-2005 8:12:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 724
ThreadCreationTime : 4-22-2005 8:12:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 776
ThreadCreationTime : 4-22-2005 8:12:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 856
ThreadCreationTime : 4-22-2005 8:12:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1132
ThreadCreationTime : 4-22-2005 8:12:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [explorer.exe]
ModuleName : C:\WINDOWS\explorer.exe
Command Line : "C:\WINDOWS\explorer.exe"
ProcessID : 1384
ThreadCreationTime : 4-22-2005 8:12:17 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [taskmgru.exe]
ModuleName : C:\WINDOWS\system32\TASKMGRU.EXE
Command Line : "C:\WINDOWS\system32\TASKMGRU.EXE" open
ProcessID : 1528
ThreadCreationTime : 4-22-2005 8:12:19 PM
BasePriority : Normal


#:14 [msimn32.exe]
ModuleName : C:\WINDOWS\system32\MSIMN32.EXE
Command Line : "C:\WINDOWS\system32\MSIMN32.EXE" open
ProcessID : 1536
ThreadCreationTime : 4-22-2005 8:12:19 PM
BasePriority : Normal


#:15 [00thotkey.exe]
ModuleName : C:\WINDOWS\System32\00THotkey.exe
Command Line : "C:\WINDOWS\System32\00THotkey.exe"
ProcessID : 1784
ThreadCreationTime : 4-22-2005 8:12:26 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : TOSHIBA THotkey
CompanyName : TOSHIBA Corp.
FileDescription : THotkey
InternalName : THotkey
LegalCopyright : Copyright © 1999
OriginalFilename : THotkey.exe

#:16 [tfncky.exe]
ModuleName : C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
Command Line : "C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe" /Type 10
ProcessID : 1800
ThreadCreationTime : 4-22-2005 8:12:27 PM
BasePriority : Normal
FileVersion : 2.15
ProductVersion : 2.15
ProductName : TFncKy
CompanyName : Toshiba Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright 1997-2000 Toshiba Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE

#:17 [tpwrtray.exe]
ModuleName : C:\WINDOWS\system32\TPWRTRAY.EXE
Command Line : "C:\WINDOWS\system32\TPWRTRAY.EXE"
ProcessID : 1808
ThreadCreationTime : 4-22-2005 8:12:27 PM
BasePriority : Normal
FileVersion : 4. 0. 0. 0
ProductVersion : 4. 0. 0. 0
ProductName : TOSHIBA Power Saver
CompanyName : TOSHIBA Corporation
FileDescription : TOSHIBA Power Saver
InternalName : Tpwrtray
LegalCopyright : Copyright 1999-2001 TOSHIBA Corporation.
OriginalFilename : Tpwrtray.exe
Comments : TOSHIBA Power Saver

#:18 [em_exec.exe]
ModuleName : C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
Command Line : "C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE"
ProcessID : 1824
ThreadCreationTime : 4-22-2005 8:12:27 PM
BasePriority : Normal
FileVersion : 9.40.139
ProductVersion : 9.40
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2001.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team

#:19 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 1840
ThreadCreationTime : 4-22-2005 8:12:27 PM
BasePriority : Normal
FileVersion : 4.7.3000
ProductVersion : Version 4.7.3000
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:20 [taskmgru.exe]
ModuleName : C:\WINDOWS\system32\TASKMGRU.EXE
Command Line : "C:\WINDOWS\system32\TASKMGRU.EXE"
ProcessID : 1848
ThreadCreationTime : 4-22-2005 8:12:28 PM
BasePriority : Normal


#:21 [msimn32.exe]
ModuleName : C:\WINDOWS\system32\MSIMN32.EXE
Command Line : "C:\WINDOWS\system32\MSIMN32.EXE"
ProcessID : 1856
ThreadCreationTime : 4-22-2005 8:12:28 PM
BasePriority : Normal


#:22 [swdoctor.exe]
ModuleName : C:\Program Files\Spyware Doctor\swdoctor.exe
Command Line : "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
ProcessID : 1864
ThreadCreationTime : 4-22-2005 8:12:28 PM
BasePriority : Normal
FileVersion : 3.2.0.3421
ProductVersion : 3.1
ProductName : Spyware Doctor
CompanyName : PCTools
FileDescription : Spyware Doctor
InternalName : Spyware Doctor
LegalCopyright : Copyright © 2004. Distributed by PC Tools Pty Ltd
OriginalFilename : swdr.exe

#:23 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1952
ThreadCreationTime : 4-22-2005 8:12:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:24 [hotsync.exe]
ModuleName : C:\Palm\HOTSYNC.EXE
Command Line : "C:\Palm\HOTSYNC.EXE"
ProcessID : 2008
ThreadCreationTime : 4-22-2005 8:12:37 PM
BasePriority : Normal
FileVersion : 4.0
ProductVersion : 4.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:25 [config.exe]
ModuleName : C:\Program Files\Linksys\Configuration Utility\Config.exe
Command Line : "C:\Program Files\Linksys\Configuration Utility\Config.exe"
ProcessID : 2016
ThreadCreationTime : 4-22-2005 8:12:38 PM
BasePriority : Normal
FileVersion : 1.07.29
ProductVersion : 1.07.29.1032
ProductName : PRISM Wireless LAN
CompanyName : LINKSYS Corporation
FileDescription : PRISM Status Tray Applet
InternalName : [email protected]
LegalCopyright : Copyright © 2001, LINKSYS Corporation
OriginalFilename : PRISMSTA.exe
Comments : Developed by TriplePoint, Inc. <www.TriplePoint.com>

#:26 [alarmapp.exe]
ModuleName : C:\Palm\AlarmApp.exe
Command Line : "C:\Palm\AlarmApp.exe"
ProcessID : 120
ThreadCreationTime : 4-22-2005 8:12:39 PM
BasePriority : Normal
FileVersion : 4.0.1
ProductVersion : 4.0.1
ProductName : Palm Desktop
CompanyName : Palm, Inc.
FileDescription : Alarm Application
LegalCopyright : © 2000-2001 Palm, Inc.

#:27 [netdevsw.exe]
ModuleName : C:\Program Files\TOSHIBA\NetDevSW\NetDevSW.exe
Command Line : "C:\Program Files\TOSHIBA\NetDevSW\NetDevSW.exe"
ProcessID : 128
ThreadCreationTime : 4-22-2005 8:12:39 PM
BasePriority : Normal


#:28 [spysub.exe]
ModuleName : C:\Program Files\InterMute\SpySubtract\SpySub.exe
Command Line : "C:\Program Files\InterMute\SpySubtract\SpySub.exe" -autostart
ProcessID : 160
ThreadCreationTime : 4-22-2005 8:12:40 PM
BasePriority : Normal
FileVersion : 1, 0, 1, 49
ProductVersion : 2.60
ProductName : SpySubtract
CompanyName : InterMute, Inc.
FileDescription : SpySubtract Program EXE
InternalName : SpySub.exe
LegalCopyright : Copyright © 2004 InterMute, Inc. All rights reserved.
OriginalFilename : SpySub.exe

#:29 [wscntfy.exe]
ModuleName : C:\WINDOWS\system32\wscntfy.exe
Command Line : C:\WINDOWS\system32\wscntfy.exe
ProcessID : 296
ThreadCreationTime : 4-22-2005 8:12:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:30 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 588
ThreadCreationTime : 4-22-2005 8:17:38 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae}
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}
Value :

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_USERS
Object : S-1-5-21-1801674531-854245398-1708537768-1004\software\lq
Value : AC

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 5


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 5




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ebates MoneyMaker Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TM

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : U

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AD

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AC

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : I

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 11

3:32:03 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:32.147
Objects scanned:113671
Objects identified:11
Objects ignored:0
New critical objects:11
  • 0

#4
GR@PH;<'S
Posted 22 April 2005 - 02:48 PM

GR@PH;<'S

    Member

  • Member
  • PipPipPip
  • 135 posts
melcheck,
Can you please download
HijackThis
After you have downloaded it and Unzipped it, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and then can you please post you Logfile in the
HijackThis Forum
Call it some ting like "my HijachThis log" in the Topic Title
and then put "referred by GR@PH;<'S" as the Topic Description
Also Please can you include a link to this post for reference

GR@PH;<'S :tazz:

Edited by GR@PH;<'S, 22 April 2005 - 02:52 PM.

  • 0

#5
GR@PH;<'S
Posted 22 April 2005 - 02:56 PM

GR@PH;<'S

    Member

  • Member
  • PipPipPip
  • 135 posts
[Referred]
This topic has been referred to the HijackThis Logs Forum
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP