Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ad Aware log

Started by nrthn , Apr 29 2005 06:37 AM

  • This topic is locked This topic is locked

#1
nrthn
Posted 29 April 2005 - 06:37 AM

nrthn

    New Member

  • Member
  • Pip
  • 1 posts
issue is blue screen with fatal err warning trojan horse smit fraud. Starting here per instructions. thankyou for your help

Ad-Aware SE Build 1.05
Logfile Created on:Friday, April 29, 2005 7:10:49 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ClickSpring(TAC index:6):2 total references
EzuLa(TAC index:6):1 total references
MemoryWatcher(TAC index:4):2 total references
Tracking Cookie(TAC index:3):39 total references
TurboDownload(TAC index:8):1 total references
WindUpdates(TAC index:8):15 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650

4-29-2005 7:07:11 AM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


4-29-2005 7:07:31 AM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:13 %
Total physical memory:129328 kb
Available physical memory:15948 kb
Total page file size:307516 kb
Available on page file:84720 kb
Total virtual memory:2097024 kb
Available virtual memory:2042212 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4-29-2005 7:10:49 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 168
ThreadCreationTime : 4-28-2005 5:58:08 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 196
ThreadCreationTime : 4-28-2005 5:58:14 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 192
ThreadCreationTime : 4-28-2005 5:58:15 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 244
ThreadCreationTime : 4-28-2005 5:58:17 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 256
ThreadCreationTime : 4-28-2005 5:58:17 PM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 440
ThreadCreationTime : 4-28-2005 5:58:24 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 452
ThreadCreationTime : 4-28-2005 5:58:26 PM
BasePriority : Normal
FileVersion : 5.4.4.17
ProductVersion : 5.4
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:8 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 484
ThreadCreationTime : 4-28-2005 5:58:27 PM
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:9 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 552
ThreadCreationTime : 4-28-2005 5:58:28 PM
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:10 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 684
ThreadCreationTime : 4-28-2005 5:58:30 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:11 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 712
ThreadCreationTime : 4-28-2005 5:58:31 PM
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:12 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 744
ThreadCreationTime : 4-28-2005 5:58:31 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:13 [navapsvc.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ProcessID : 792
ThreadCreationTime : 4-28-2005 5:58:32 PM
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:14 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 848
ThreadCreationTime : 4-28-2005 5:58:33 PM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:15 [launcher.exe]
FilePath : C:\Program Files\Dantz\Retrospect\
ProcessID : 920
ThreadCreationTime : 4-28-2005 5:58:39 PM
BasePriority : Normal
FileVersion : 5.15
ProductVersion : 5.15
ProductName : Retrospect
CompanyName : Dantz Development Corporation
FileDescription : Retrospect Launcher
InternalName :
LegalCopyright : Copyright Dantz 1996-2000
LegalTrademarks : Dantz® Retrospect®
OriginalFilename : Launcher.exe

#:16 [savscan.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ProcessID : 976
ThreadCreationTime : 4-28-2005 5:58:43 PM
BasePriority : Normal

ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright © 2004 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:17 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1004
ThreadCreationTime : 4-28-2005 5:58:46 PM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:18 [stisvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1028
ThreadCreationTime : 4-28-2005 5:58:49 PM
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:19 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1144
ThreadCreationTime : 4-28-2005 5:58:53 PM
BasePriority : Normal
FileVersion : 1, 8, 48, 77
ProductVersion : 1, 8, 48, 77
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:20 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1124
ThreadCreationTime : 4-28-2005 5:58:59 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:21 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1216
ThreadCreationTime : 4-28-2005 6:15:38 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:22 [em_exec.exe]
FilePath : C:\PROGRA~1\MOUSEW~1\SYSTEM\
ProcessID : 984
ThreadCreationTime : 4-28-2005 6:15:40 PM
BasePriority : Normal
FileVersion : 9.01.78
ProductVersion : 9.01
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2000.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team

#:23 [directcd.exe]
FilePath : C:\PROGRA~1\Adaptec\DirectCD\
ProcessID : 1628
ThreadCreationTime : 4-28-2005 6:15:40 PM
BasePriority : Normal
FileVersion : 3.01d (177)
ProductVersion : 3.01d (177)
ProductName : DirectCD
CompanyName : Adaptec
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 1996-2000 Adaptec, Inc.
OriginalFilename : DirectCD.EXE

#:24 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1032
ThreadCreationTime : 4-28-2005 6:15:40 PM
BasePriority : Normal
FileVersion : 6.0.2
ProductVersion : QuickTime 6.0.2
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2002
OriginalFilename : QTTask.exe

#:25 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 344
ThreadCreationTime : 4-28-2005 6:15:40 PM
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:26 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1760
ThreadCreationTime : 4-28-2005 6:15:40 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:27 [aim.exe]
FilePath : C:\PROGRA~1\AIM95\
ProcessID : 1416
ThreadCreationTime : 4-28-2005 6:15:43 PM
BasePriority : Normal
FileVersion : 4.3.2229
ProductVersion : 4.3.2229
ProductName : AOL Instant Messenger (SM)
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger (SM)
InternalName : AIM
LegalCopyright : Copyright © 1996-2000 America Online, Inc.
OriginalFilename : AIM.EXE

#:28 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ProcessID : 1356
ThreadCreationTime : 4-28-2005 6:16:24 PM
BasePriority : Normal
FileVersion : 6.00.1828.1
ProductVersion : 6.00.1828.1
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WKCALREM.EXE

#:29 [qbupdate.exe]
FilePath : C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\
ProcessID : 540
ThreadCreationTime : 4-28-2005 6:16:24 PM
BasePriority : Normal
FileVersion : 12.0 R10
ProductVersion : 12.0 R10
ProductName : QuickBooks
CompanyName : Intuit, Inc.
FileDescription : QBUpdate Module
InternalName : QBUpdate
LegalCopyright : Copyright © Intuit, Inc. 1993-2003.
OriginalFilename : QBUpdate.exe

#:30 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1184
ThreadCreationTime : 4-28-2005 10:47:32 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:31 [acrord32.exe]
FilePath : C:\Program Files\Adobe\Acrobat 5.0\Reader\
ProcessID : 1852
ThreadCreationTime : 4-28-2005 11:43:11 PM
BasePriority : Normal
FileVersion : 5.0.5.2001092400
ProductVersion : 5.0.5.0
ProductName : Adobe Acrobat Reader
CompanyName : Adobe Systems Incorporated
FileDescription : Acrobat Reader 5.0
LegalCopyright : Copyright 1984-2001 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroRd32.exe

#:32 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1976
ThreadCreationTime : 4-29-2005 12:06:10 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
Value :

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
Value : AppID

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mediaaccess.installer

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mediaaccess.installer
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 8


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:12
Value : Cookie:[email protected]/
Expires : 4-28-2006 7:10:46 PM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@mediaplex[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 6-21-2009 7:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 12-31-2037 7:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@advertising[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 4-26-2010 6:56:50 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5-27-2005 6:56:50 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@atdmt[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 4-26-2010 7:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:29
Value : Cookie:[email protected]/
Expires : 4-28-2006 5:48:12 PM
LastSync : Hits:29
UseCount : 0
Hits : 29

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 4-25-2020 6:57:42 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@doubleclick[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 4-26-2008 9:44:38 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/cgi-bin
Expires : 4-26-2015 12:36:08 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/cgi-bin
Expires : 2-27-2015 7:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@overture[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 4-26-2015 7:08:30 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@hitbox[2].txt
Category : Data Miner
Comment : Hits:32
Value : Cookie:[email protected]/
Expires : 4-28-2006 5:48:12 PM
LastSync : Hits:32
UseCount : 0
Hits : 32

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 21



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

TurboDownload Object Recognized!
Type : File
Data : setup_td.exe
Category : Data Miner
Comment :
Object : C:\



EzuLa Object Recognized!
Type : File
Data : ezStub.exe
Category : Data Miner
Comment :
Object : C:\
FileVersion : 2, 0, 70, 00
ProductVersion : 1, 0, 0, 1
ProductName : eZstub Module
CompanyName : EARNStatBlaster2
FileDescription : eZstub Module
InternalName : eZstub
LegalCopyright : Copyright 2000
OriginalFilename : eZstub.EXE


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\administrator@hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@qksrv[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\administrator@qksrv[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@tmpad[1].txt
Category : Data Miner
Comment : www.searchtraffic.com
Value : C:\Documents and Settings\Administrator\COOKIES\administrator@tmpad[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@trafficmp[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\administrator@trafficmp[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@hitbox[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\administrator@hitbox[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@bfast[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\administrator@bfast[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\administrator@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ezcybersearch[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\administrator@ezcybersearch[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@fastclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\administrator@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@x10[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\administrator@x10[1].txt

ClickSpring Object Recognized!
Type : File
Data : !update.0000
Category : Malware
Comment :
Object : C:\Documents and Settings\Al\Application Data\rwch\
FileVersion : 1, 0, 0, 1018
ProductVersion : 1.0


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\al@hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\al@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\al@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\al@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@overture[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\al@overture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\al@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\al@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@tribalfusion[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\al@tribalfusion[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\al@cgi-bin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\[email protected][2].txt

MemoryWatcher Object Recognized!
Type : File
Data : MemWatcher2.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Default User\My Documents\Data\Data\



MemoryWatcher Object Recognized!
Type : File
Data : MemWatcher2.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Default User\My Documents\Data\



ClickSpring Object Recognized!
Type : File
Data : !update.exe
Category : Malware
Comment :
Object : C:\Program Files\Media\Media\
FileVersion : 1, 0, 0, 1018
ProductVersion : 1.0


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 53


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 53




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\loaderx.exe

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\loaderx.exe
Value : AppID

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Media Access

WindUpdates Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\Media Access

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 60

7:22:43 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:53.646
Objects scanned:94736
Objects identified:60
Objects ignored:0
New critical objects:60
  • 0

Advertisements

#2
Rawe
Posted 29 April 2005 - 07:39 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi there!

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R42 28.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to each "target family" you wish to remove. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP