Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Newlookgen infection

Started by Sunshineman , May 03 2005 09:06 AM

  • Please log in to reply

#1
Sunshineman
Posted 03 May 2005 - 09:06 AM

Sunshineman

    New Member

  • Member
  • Pip
  • 1 posts
Another victim of newgenlook I think.

I have run ad aware and placed the log below. I have also installed hijack this but have not attached the log yet. I am running Windows 98 and have the white cross in the red circle. I get the usual pop ups that are being described in other posts.

I think I picked it up out of a file downloaded from Kazaa. Any help will be much appreciated. thankyou




Ad-Aware SE Build 1.05
Logfile Created on:den 3 maj 2005 16:39:25
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):23 total references
Tracking Cookie(TAC index:3):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


2005-05-03 16:39:25 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\WINDOWS\Profiles\Karin\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : Karin\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
Description : list of recently used files in microsoft frontpage


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
Description : list of recently used webs in microsoft frontpage


MRU List Object Recognized!
Location: : Karin\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : Karin\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : Karin\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\outlook express\recent stationery list
Description : list of recently used stationery in microsoft outlook express


MRU List Object Recognized!
Location: : Karin\software\microsoft\outlook express\recent stationery list
Description : list of recently used stationery in microsoft outlook express


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\doc find spec mru
Description : list of recently used search terms for locating files using the microsoft windows operating system


MRU List Object Recognized!
Location: : Karin\software\microsoft\windows\currentversion\explorer\doc find spec mru
Description : list of recently used search terms for locating files using the microsoft windows operating system


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\findcomputermru
Description : list of recently used search terms for locating computers using the microsoft windows operating system


MRU List Object Recognized!
Location: : Karin\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : Karin\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : Karin\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : Karin\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : Karin\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : .DEFAULT\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


MRU List Object Recognized!
Location: : Karin\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291762887
Threads : 4
Priority : High
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® operativsystem
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294921591
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® operativsystem
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bitars VxD-meddelandeserver
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294925287
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294947759
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:5 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294934819
Threads : 5
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® operativsystem
CompanyName : Microsoft Corporation
FileDescription : Utforskaren
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:6 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4290812795
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:7 [IRMON.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4290811115
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft Infrared Support
CompanyName : Microsoft Corporation
FileDescription : IR-kommunikation-kontrollpanel
InternalName : IR-kommunikation
LegalCopyright : © 1998 Microsoft. Portions © Hewlett-Packard
OriginalFilename : irmon.exe

#:8 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4290837699
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows™ operativsystem
CompanyName : Microsoft Corporation
FileDescription : Aktivitetsfältstillbehör
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:9 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4290851307
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows™ operativsystem
CompanyName : Microsoft Corporation
FileDescription : Aktivitetsfältstillbehör
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:10 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4290842419
Threads : 4
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® operativsystem
CompanyName : Microsoft Corporation
FileDescription : Kör en DLL-fil som ett program
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:11 [LOADQM.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4290844311
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE

#:12 [EE.EXE]
FilePath : C:\PROGRAM\EVIDENCE ELIMINATOR\
ProcessID : 4290857363
Threads : 2
Priority : Normal
FileVersion : 5.00.0054
ProductVersion : 5.00.0054
ProductName : Evidence Eliminator
CompanyName : www.evidence-eliminator.com
FileDescription : Evidence Eliminator
InternalName : Ee
LegalCopyright : © 1999 - 2001 www.evidence-eliminator.com
LegalTrademarks : Evidence Eliminator ™
OriginalFilename : Ee.exe
Comments : Evidence Eliminator

#:13 [IEXPLORE.EXE]
FilePath : C:\PROGRAM\INTERNET EXPLORER\
ProcessID : 4290929719
Threads : 9
Priority : Normal
FileVersion : 5.50.4134.600
ProductVersion : 5.50.4134.600
ProductName : Microsoft® Windows ® 2000 operativsystem
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : IEXPLORE.EXE

#:14 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291004783
Threads : 6
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe

#:15 [IEXPLORE.EXE]
FilePath : C:\PROGRAM\INTERNET EXPLORER\
ProcessID : 4291021547
Threads : 7
Priority : Normal
FileVersion : 5.50.4134.600
ProductVersion : 5.50.4134.600
ProductName : Microsoft® Windows ® 2000 operativsystem
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : IEXPLORE.EXE

#:16 [PSTORES.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291055263
Threads : 3
Priority : Normal
FileVersion : 5.00.1877.3
ProductVersion : 5.00.1877.3
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : Protected storage server

#:17 [AD-AWARE.EXE]
FilePath : C:\PROGRAM\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4291057059
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:191
Value : Cookie:[email protected]/
Expires : 2006-05-03 16:18:22
LastSync : Hits:191
UseCount : 0
Hits : 191

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : karin@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 2038-01-01 02:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 25



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : karin@tribalfusion[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Profiles\Karin\Cookies\karin@tribalfusion[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Profiles\Karin\Cookies\[email protected][1].txt

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27

16:50:29 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:03.670
Objects scanned:60191
Objects identified:4
Objects ignored:0
New critical objects:4
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP