Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bad Malware, _BAD!_


  • Please log in to reply

#1
damnitbeavis

damnitbeavis

    New Member

  • Member
  • Pip
  • 1 posts
Hello O great gurus of tech,

Last night my system was assaulted by a whole bunch of malware, and I've been working hard to get it cleaned... But I'm not sure I have removed everything. Would you mind taking a look at my adaware logfile? I'd appreciate any help. Prior to starting my cleaning, I was having internet messenger, internet explorer windows pop up without prompting them. I don't even use internet explorer. Thanks in advance!

----snip-----
Ad-Aware SE Build 1.05
Logfile Created on:Monday, May 09, 2005 7:08:27 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CommonName(TAC index:7):3 total references
MRU List(TAC index:0):13 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-9-2005 7:08:27 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Eric Williams.FARTKNOCKER\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1123561945-1580436667-1343024091-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-1123561945-1580436667-1343024091-1003\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-1123561945-1580436667-1343024091-1003\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1123561945-1580436667-1343024091-1003\software\microsoft\office\10.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1123561945-1580436667-1343024091-1003\software\microsoft\office\10.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1123561945-1580436667-1343024091-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1123561945-1580436667-1343024091-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1123561945-1580436667-1343024091-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1123561945-1580436667-1343024091-1003\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : S-1-5-21-1123561945-1580436667-1343024091-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1123561945-1580436667-1343024091-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1123561945-1580436667-1343024091-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 604
ThreadCreationTime : 5-9-2005 11:05:52 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 652
ThreadCreationTime : 5-9-2005 11:05:53 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 676
ThreadCreationTime : 5-9-2005 11:05:54 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 720
ThreadCreationTime : 5-9-2005 11:05:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 5-9-2005 11:05:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 880
ThreadCreationTime : 5-9-2005 11:05:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 940
ThreadCreationTime : 5-9-2005 11:05:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1004
ThreadCreationTime : 5-9-2005 11:05:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1044
ThreadCreationTime : 5-9-2005 11:05:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1080
ThreadCreationTime : 5-9-2005 11:05:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1276
ThreadCreationTime : 5-9-2005 11:05:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1368
ThreadCreationTime : 5-9-2005 11:05:57 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [aswupdsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1472
ThreadCreationTime : 5-9-2005 11:05:57 PM
BasePriority : Normal


#:14 [ashserv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1484
ThreadCreationTime : 5-9-2005 11:05:57 PM
BasePriority : High
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswServ.exe

#:15 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1560
ThreadCreationTime : 5-9-2005 11:05:57 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:16 [msdtc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1604
ThreadCreationTime : 5-9-2005 11:05:57 PM
BasePriority : Normal
FileVersion : 2001.12.4414.258
ProductVersion : 03.01.00.4414
ProductName : Microsoft Distributed Transaction Coordinator
CompanyName : Microsoft Corporation
FileDescription : MS DTC console program
InternalName : MSDTC.EXE
LegalCopyright : Copyright © Microsoft Corp. 1995-1998
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation

#:17 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1644
ThreadCreationTime : 5-9-2005 11:05:58 PM
BasePriority : Normal
FileVersion : 6.14.10.7189
ProductVersion : 6.14.10.7189
ProductName : NVIDIA Driver Helper Service, Version 71.89
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 71.89
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:18 [tcpsvcs.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1724
ThreadCreationTime : 5-9-2005 11:05:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : TCP/IP Services Application
InternalName : TCPSVCS.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : TCPSVCS.EXE

#:19 [snmp.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1768
ThreadCreationTime : 5-9-2005 11:05:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : SNMP Service
InternalName : snmp.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : snmp.exe

#:20 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1832
ThreadCreationTime : 5-9-2005 11:05:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:21 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1968
ThreadCreationTime : 5-9-2005 11:05:59 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:22 [dmadmin.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 236
ThreadCreationTime : 5-9-2005 11:06:00 PM
BasePriority : Normal
FileVersion : 2600.2180.503.0
ProductVersion : 1.0
ProductName : Logical Disk Manager for Windows NT
CompanyName : Microsoft Corp., Veritas Software
FileDescription : Logical Disk Manager service process
InternalName : dmadmin
LegalCopyright : Copyright © 1985-2000 Microsoft Corporation. All rights reserved.
Portions Copyright © 1997-2000 Veritas Software. All rights reserved.
OriginalFilename : dmadmin.exe

#:23 [mqsvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 416
ThreadCreationTime : 5-9-2005 11:06:01 PM
BasePriority : Normal
FileVersion : 5.01.1108
ProductVersion : 5.01.1108
ProductName : Microsoft Message Queue
CompanyName : Microsoft Corporation
FileDescription : Message Queuing Service
LegalCopyright : Copyright © Microsoft Corporation. 1981-2000
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows NT™ is a trademark of Microsoft Corporation
OriginalFilename : MQSVC.EXE

#:24 [shnlog.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1292
ThreadCreationTime : 5-9-2005 11:06:03 PM
BasePriority : Normal

ProductVersion : 1.7

#:25 [mixer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1712
ThreadCreationTime : 5-9-2005 11:06:03 PM
BasePriority : Normal
FileVersion : 1.58
ProductVersion : 1.58
ProductName : Mixer
CompanyName : C-Media Electronic Inc. (www.cmedia.com.tw)
FileDescription : Mixer
InternalName : Mixer
LegalCopyright : Copyright © 1997-2002
LegalTrademarks : NONE
OriginalFilename : Mixer.EXE
Comments : Feng Min-Chih (min_chih@cmedia.com.tw)

#:26 [ashdisp.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1784
ThreadCreationTime : 5-9-2005 11:06:03 PM
BasePriority : Normal
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswDisp.exe

#:27 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1816
ThreadCreationTime : 5-9-2005 11:06:03 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:28 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_02\bin\
ProcessID : 2052
ThreadCreationTime : 5-9-2005 11:06:04 PM
BasePriority : Normal


#:29 [drgtodsc.exe]
FilePath : C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\
ProcessID : 2060
ThreadCreationTime : 5-9-2005 11:06:04 PM
BasePriority : Normal
FileVersion : 7.1.0.95
ProductVersion : 7.1.0.95
ProductName : Drag-to-Disc
CompanyName : Roxio
FileDescription : Drag To Disc Application
InternalName : D2D
LegalCopyright : Copyright © 1994-2004 Roxio, Inc.
LegalTrademarks : Copyright © 1994-2004 Roxio, Inc.
OriginalFilename : BurnCtrl.EXE

#:30 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2076
ThreadCreationTime : 5-9-2005 11:06:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:31 [mqtgsvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2132
ThreadCreationTime : 5-9-2005 11:06:05 PM
BasePriority : Normal
FileVersion : 5.01.1108
ProductVersion : 5.01.1108
ProductName : Microsoft Message Queue
CompanyName : Microsoft Corporation
FileDescription : Windows NT MSMQ Trigger Service
LegalCopyright : Copyright © Microsoft Corporation. 1981-2000
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows NT™ is a trademark of Microsoft Corporation
OriginalFilename : QMTGSVC.EXE

#:32 [teatimer.exe]
FilePath : C:\Program Files\Spybot - Search & Destroy\
ProcessID : 2196
ThreadCreationTime : 5-9-2005 11:06:05 PM
BasePriority : Idle
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
ProductName : Spybot - Search & Destroy
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.

#:33 [dvzmsgr.exe]
FilePath : C:\WINDOWS\DvzCommon\
ProcessID : 2404
ThreadCreationTime : 5-9-2005 11:06:09 PM
BasePriority : Normal


#:34 [intmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2428
ThreadCreationTime : 5-9-2005 11:06:09 PM
BasePriority : Normal


#:35 [plextool.exe]
FilePath : C:\Program Files\Plextor\
ProcessID : 2660
ThreadCreationTime : 5-9-2005 11:06:10 PM
BasePriority : Normal
FileVersion : 2, 21, 0, 0
ProductVersion : 2, 21, 0, 0
ProductName : PlexTools Professional
CompanyName : Plextor SA/NV
FileDescription : PlexTools Professional
InternalName : PlexTools Professional
LegalCopyright : Copyright © 1999-2005
OriginalFilename : PlexTool.EXE

#:36 [ashmaisv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 2708
ThreadCreationTime : 5-9-2005 11:06:12 PM
BasePriority : Normal


#:37 [ashwebsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 2780
ThreadCreationTime : 5-9-2005 11:06:17 PM
BasePriority : Normal


#:38 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2828
ThreadCreationTime : 5-9-2005 11:06:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:39 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3492
ThreadCreationTime : 5-9-2005 11:06:45 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:40 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2024
ThreadCreationTime : 5-9-2005 11:07:59 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CommonName Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1e1b2878-88ff-11d2-8d96-d7acac95951f}

CommonName Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1e1b2878-88ff-11d2-8d96-d7acac95951f}
Value :

CommonName Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{1e1b286c-88ff-11d2-8d96-d7acac95951f}

Windows Object Recognized!
Type : RegData
Data : explorer.exe, msmsgs.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, msmsgs.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 17


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
807 entries scanned.
New critical objects:0
Objects found so far: 17




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17

7:19:31 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:04.565
Objects scanned:126279
Objects identified:4
Objects ignored:0
New critical objects:4
----snip----

What do you think? I got the cc cleaner and killbox after I read another's post...
Thanks!
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

I suggest going here and then read the sticky that says Read here before posting your HijackThis logs. Do the steps outlined there. Then post a HijackThis log in THAT section and NOT here. This should be for Windows-related problems.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP