Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AD AWARE log needs analysis

Started by oski , May 02 2005 09:07 PM

  • This topic is locked This topic is locked

#1
oski
Posted 02 May 2005 - 09:07 PM

oski

    Member

  • Member
  • PipPip
  • 19 posts
Hi,
Something has taken control of my desktop. The image shows a blue screen and the following text:
Security warning
A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01) + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c

I found a website that perfectly described it, but no fix:
http://www.sophos.co...ojfakealea.html

I also have millions of pop-ups. Could these 2 be related as they started around the same time. Have run AD-Aware, Microsoft Anti-Spyware but to no avail.
Any help really appreciated.

Oski

Here's my AD AWARE Log:

Ad-Aware SE Build 1.05
Logfile Created on:Monday, May 02, 2005 8:00:16 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SearchMaid(TAC index:7):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R39 15.04.2005
Internal build : 46
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 459480 Bytes
Total size : 1389159 Bytes
Signature data size : 1358772 Bytes
Reference data size : 29875 Bytes
Signatures total : 38701
Fingerprints total : 794
Fingerprints size : 29979 Bytes
Target categories : 15
Target families : 649

5-2-2005 7:32:09 PM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


5-2-2005 7:32:22 PM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:38 %
Total physical memory:392740 kb
Available physical memory:148612 kb
Total page file size:944560 kb
Available on page file:746324 kb
Total virtual memory:2097024 kb
Available virtual memory:2023040 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5/2/2005 8:00:16 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 152
ThreadCreationTime : 5/3/2005 2:09:41 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThre
ProcessID : 176
ThreadCreationTime : 5/3/2005 2:09:52 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 172
ThreadCreationTime : 5/3/2005 2:09:53 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 224
ThreadCreationTime : 5/3/2005 2:09:54 AM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 236
ThreadCreationTime : 5/3/2005 2:09:54 AM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 416
ThreadCreationTime : 5/3/2005 2:09:57 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 440
ThreadCreationTime : 5/3/2005 2:09:57 AM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 500
ThreadCreationTime : 5/3/2005 2:09:57 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:9 [pcctlcom.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
ProcessID : 528
ThreadCreationTime : 5/3/2005 2:09:58 AM
BasePriority : Normal
FileVersion : 12.00.0.1244
ProductVersion : 12.00.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : PcCtlCom Module
InternalName : PcCtlCom
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PcCtlCom.EXE

#:10 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 572
ThreadCreationTime : 5/3/2005 2:09:58 AM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:11 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 576
ThreadCreationTime : 5/3/2005 2:09:59 AM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:12 [tmntsrv.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
ProcessID : 620
ThreadCreationTime : 5/3/2005 2:09:59 AM
BasePriority : Normal
FileVersion : 12.00.0.1244
ProductVersion : 12.00.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : Tmntsrv
InternalName : Tmntsrv
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : Tmntsrv.exe

#:13 [tmproxy.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
ProcessID : 676
ThreadCreationTime : 5/3/2005 2:09:59 AM
BasePriority : Normal
FileVersion : 1.0.0.1116
ProductVersion : 1.0.0
ProductName : Trend Micro Network Security Components 1.0
CompanyName : Trend Micro Inc.
FileDescription : TmProxy.exe
InternalName : TmProxy.exe
LegalCopyright : Copyright © 2001-2004 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : TmProxy.exe

#:14 [vsmon.exe]
ModuleName : C:\WINNT\system32\ZoneLabs\vsmon.exe
Command Line : n/a
ProcessID : 844
ThreadCreationTime : 5/3/2005 2:10:03 AM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : TrueVector Service
CompanyName : Zone Labs LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : vsmon.exe

#:15 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 868
ThreadCreationTime : 5/3/2005 2:10:06 AM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:16 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 888
ThreadCreationTime : 5/3/2005 2:10:06 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:17 [tmpfw.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
ProcessID : 1076
ThreadCreationTime : 5/3/2005 2:10:12 AM
BasePriority : Normal
FileVersion : 2.0.0.1116
ProductVersion : 1.0.0
ProductName : Trend Network Security Component 1.0
CompanyName : Trend Micro Inc.
FileDescription : TmPfw
InternalName : TmPfw
LegalCopyright : Copyright © 2001-2004 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : TmPfw.exe

#:18 [explorer.exe]
ModuleName : C:\WINNT\Explorer.EXE
Command Line : C:\WINNT\Explorer.EXE
ProcessID : 1348
ThreadCreationTime : 5/3/2005 2:10:22 AM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:19 [msole32.exe]
ModuleName : C:\WINNT\system32\msole32.exe
Command Line : "C:\WINNT\system32\msole32.exe"
ProcessID : 1464
ThreadCreationTime : 5/3/2005 2:10:30 AM
BasePriority : Normal


#:20 [popuper.exe]
ModuleName : C:\WINNT\popuper.exe
Command Line : "C:\WINNT\popuper.exe"
ProcessID : 1472
ThreadCreationTime : 5/3/2005 2:10:30 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 217
ProductVersion : 1, 0, 0, 217
ProductName : Popuper Application
FileDescription : Popuper Application
InternalName : Popuper
LegalCopyright : Copyright © 2005
OriginalFilename : Popuper.exe

#:21 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 1488
ThreadCreationTime : 5/3/2005 2:10:30 AM
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:22 [intmonp.exe]
ModuleName : C:\WINNT\system32\intmonp.exe
Command Line : intmonp.exe
ProcessID : 1564
ThreadCreationTime : 5/3/2005 2:10:35 AM
BasePriority : Normal


#:23 [zlclient.exe]
ModuleName : C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Command Line : n/a
ProcessID : 1544
ThreadCreationTime : 5/3/2005 2:10:36 AM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : Zone Labs Client
CompanyName : Zone Labs LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : zlclient.exe

#:24 [pccguide.exe]
ModuleName : C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
Command Line : "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
ProcessID : 1572
ThreadCreationTime : 5/3/2005 2:10:37 AM
BasePriority : Normal
FileVersion : 12.00.0.1244
ProductVersion : 12.00.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : PCCGuide
InternalName : PCCGuide
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PCCGuide

#:25 [e_s0bic1.exe]
ModuleName : C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
Command Line : "C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE" /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
ProcessID : 1580
ThreadCreationTime : 5/3/2005 2:10:37 AM
BasePriority : Normal
FileVersion : 3.00
ProductVersion : 3.00
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S0BIC1
LegalCopyright : Copyright © SEIKO EPSON CORP. 2002
OriginalFilename : E_S0BIC1.EXE

#:26 [e_s0bic1.exe]
ModuleName : C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
Command Line : "C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE" /P32 "EPSON Stylus C62 Series (Copy 2)" /O6 "USB001" /M "Stylus C62"
ProcessID : 1588
ThreadCreationTime : 5/3/2005 2:10:37 AM
BasePriority : Normal
FileVersion : 3.00
ProductVersion : 3.00
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S0BIC1
LegalCopyright : Copyright © SEIKO EPSON CORP. 2002
OriginalFilename : E_S0BIC1.EXE

#:27 [psfree.exe]
ModuleName : C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
Command Line : "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
ProcessID : 1604
ThreadCreationTime : 5/3/2005 2:10:38 AM
BasePriority : Normal
FileVersion : 3, 1, 0, 1010
ProductVersion : 1, 0, 0, 1
ProductName : Pop-Up Stopper Free Edition
CompanyName : Panicware, Inc.
FileDescription : Pop-Up Stopper Free Edition
InternalName : Pop-Up Stopper Free Edition
LegalCopyright : Copyright © 2002-2003
OriginalFilename : PSFree.exe

#:28 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 1652
ThreadCreationTime : 5/3/2005 2:10:42 AM
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:29 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k BITSgroup
ProcessID : 1860
ThreadCreationTime : 5/3/2005 2:11:01 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:30 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 1692
ThreadCreationTime : 5/3/2005 2:12:31 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:31 [winword.exe]
ModuleName : C:\Program Files\Microsoft Office\Office\WINWORD.EXE
Command Line : "C:\Program Files\Microsoft Office\Office\WINWORD.EXE"
ProcessID : 1920
ThreadCreationTime : 5/3/2005 2:15:51 AM
BasePriority : Normal


#:32 [wuauclt.exe]
ModuleName : C:\WINNT\system32\wuauclt.exe
Command Line : "C:\WINNT\system32\wuauclt.exe"
ProcessID : 1772
ThreadCreationTime : 5/3/2005 2:17:09 AM
BasePriority : Normal
FileVersion : 5.4.3790.20 built by: lab04_n
ProductVersion : 5.4.3790.20
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Update AutoUpdate Client
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:33 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1748
ThreadCreationTime : 5/3/2005 2:31:42 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SearchMaid Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\virtual maidvirtual maid

SearchMaid Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1677128483-854245398-1000\software\virtual maid

SearchMaid Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "{77B2F8DE-CB3F-4B6B-839B-807DD1ADBA1C}"
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1677128483-854245398-1000\software\microsoft\internet explorer\toolbar\webbrowser
Value : {77B2F8DE-CB3F-4B6B-839B-807DD1ADBA1C}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 3


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
42 entries scanned.
New critical objects:0
Objects found so far: 3




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SearchMaid Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\policies\explorer\run
Value : notepad2.exe

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 4

8:03:04 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:48.542
Objects scanned:47613
Objects identified:4
Objects ignored:0
New critical objects:4
  • 0

Advertisements

#2
Rawe
Posted 02 May 2005 - 10:07 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Welcome!

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R42 28.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to help in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to any objects you wish to remove. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP