Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I really need help-ADS234


  • This topic is locked This topic is locked

#1
sukrututak

sukrututak

    New Member

  • Member
  • Pip
  • 4 posts
Please help me guys. Here is the log:


Ad-Aware SE Build 1.05
Logfile Created on:Friday, December 24, 2004 3:17:19 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R23 16.12.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):21 total references
CoolWebSearch(TAC index:10):9 total references
midADdle(TAC index:4):10 total references
MRU List(TAC index:0):7 total references
Rads01.Quadrogram(TAC index:6):1 total references
Tracking Cookie(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


12-24-2004 3:17:19 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 144
ThreadCreationTime : 12-24-2004 4:04:50 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 168
ThreadCreationTime : 12-24-2004 4:05:05 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 188
ThreadCreationTime : 12-24-2004 4:05:08 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 216
ThreadCreationTime : 12-24-2004 4:05:09 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 228
ThreadCreationTime : 12-24-2004 4:05:09 PM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [ibmpmsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 340
ThreadCreationTime : 12-24-2004 4:05:14 PM
BasePriority : Normal


#:7 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 396
ThreadCreationTime : 12-24-2004 4:05:14 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 444
ThreadCreationTime : 12-24-2004 4:05:15 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:9 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 496
ThreadCreationTime : 12-24-2004 4:05:15 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:10 [defwatch.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ProcessID : 524
ThreadCreationTime : 12-24-2004 4:05:15 PM
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:11 [mnmsrvc.exe]
FilePath : C:\WINNT\System32\
ProcessID : 416
ThreadCreationTime : 12-24-2004 4:05:19 PM
BasePriority : Normal
FileVersion : 4.4.3385
ProductVersion : 3.01
ProductName : Windows® NetMeeting®
CompanyName : Microsoft Corporation
FileDescription : NetMeeting Remote Desktop Sharing
InternalName : mnmsrvc
LegalCopyright : Copyright © Microsoft Corporation 1996-1999
LegalTrademarks : Microsoft® , Windows® and NetMeeting® are registered trademarks of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : mnmsrvc.dll

#:12 [rtvscan.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ProcessID : 600
ThreadCreationTime : 12-24-2004 4:05:20 PM
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2002

#:13 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 668
ThreadCreationTime : 12-24-2004 4:05:24 PM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:14 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 684
ThreadCreationTime : 12-24-2004 4:05:25 PM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:15 [stisvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 720
ThreadCreationTime : 12-24-2004 4:05:26 PM
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:16 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ProcessID : 772
ThreadCreationTime : 12-24-2004 4:05:27 PM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:17 [mspmspsv.exe]
FilePath : C:\WINNT\System32\
ProcessID : 792
ThreadCreationTime : 12-24-2004 4:05:28 PM
BasePriority : Normal
FileVersion : 7.00.00.1956
ProductVersion : 7.00.00.1956
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:18 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 804
ThreadCreationTime : 12-24-2004 4:05:29 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:19 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1104
ThreadCreationTime : 12-24-2004 4:06:07 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:20 [tp4serv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1236
ThreadCreationTime : 12-24-2004 4:06:15 PM
BasePriority : Normal
FileVersion : 3.03
ProductVersion : 3.03
ProductName : IBM PS/2 TrackPoint Support
CompanyName : IBM Corporation
FileDescription : IBM PS/2 TrackPoint Daemon
InternalName : daemon.exe
LegalCopyright : Copyright © IBM Corporation 1997-2001
OriginalFilename : daemon.exe

#:21 [ltmsg.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1248
ThreadCreationTime : 12-24-2004 4:06:16 PM
BasePriority : Normal
FileVersion : 1, 0, 1, 12
ProductVersion : 1, 0, 1, 12
ProductName : LUCENT TECHNOLOGIES ltmsg
CompanyName : LUCENT TECHNOLOGIES
FileDescription : ltmsg
InternalName : ltmsg
LegalCopyright : Copyright © 1999
OriginalFilename : ltmsg.exe
Comments : Messaging application for Lucent Modem

#:22 [tphkmgr.exe]
FilePath : C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\
ProcessID : 1280
ThreadCreationTime : 12-24-2004 4:06:16 PM
BasePriority : Normal


#:23 [rundll32.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1296
ThreadCreationTime : 12-24-2004 4:06:16 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : RUNDLL.EXE

#:24 [ico.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1304
ThreadCreationTime : 12-24-2004 4:06:17 PM
BasePriority : Normal
FileVersion : 1, 0, 1, 0
ProductVersion : 1.0.0.0
ProductName : MouseSuite 98
CompanyName : Primax Electronics Ltd.
FileDescription : Mouse Suite 98 Daemon
InternalName : pelmiced.exe
LegalCopyright : Copyright © 1997, Primax Electronics Ltd.
LegalTrademarks : Primax Electronics Ltd.

#:25 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 1320
ThreadCreationTime : 12-24-2004 4:06:17 PM
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2002

#:26 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1336
ThreadCreationTime : 12-24-2004 4:06:18 PM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:27 [ebkg1xp.exe]
FilePath : C:\documents and settings\administrator\local settings\temp\
ProcessID : 1376
ThreadCreationTime : 12-24-2004 4:06:19 PM
BasePriority : Normal


midADdle Object Recognized!
Type : Process
Data : eBKg1Xp.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\documents and settings\administrator\local settings\temp\


Warning! midADdle Object found in memory(C:\documents and settings\administrator\local settings\temp\eBKg1Xp.exe)

Warning! "C:\documents and settings\administrator\local settings\temp\eBKg1Xp.exe"Process could not be terminated!
"C:\documents and settings\administrator\local settings\temp\eBKg1Xp.exe"Process terminated successfully

#:28 [monitorbk.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1412
ThreadCreationTime : 12-24-2004 4:06:20 PM
BasePriority : Normal
FileVersion : 3, 1, 4, 23
ProductVersion : 3, 1, 4, 23
ProductName : Wireless LAN Monitor Utility
CompanyName : Belkin Components
FileDescription : Wireless LAN Monitor Utility
InternalName : monitorbk.exe
LegalCopyright : Copyright © 2002 Belkin Components
LegalTrademarks : Belkin Components
OriginalFilename : monitorbk.exe
Comments : Wireless LAN Monitor Utility

#:29 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1444
ThreadCreationTime : 12-24-2004 4:06:27 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:30 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 296
ThreadCreationTime : 12-24-2004 4:51:48 PM
BasePriority : Normal
FileVersion : 6.2.0137
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:31 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 304
ThreadCreationTime : 12-24-2004 8:17:01 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e8eaeb34-f7b5-4c55-87ff-720faf53d841}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e8eaeb34-f7b5-4c55-87ff-720faf53d841}
Value :

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e8eaeb34-f7b5-4c55-87ff-720faf53d841}
Value : AppID

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{e8eaeb34-f7b5-4c55-87ff-720faf53d841}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{e8eaeb34-f7b5-4c55-87ff-720faf53d841}
Value :

midADdle Object Recognized!
Type : Regkey
Data : SearchHelp
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{ecb25a48-e6e0-49af-99af-07c763e31389}

midADdle Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\searchhelp.dll

midADdle Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\searchhelp.dll
Value : AppID

midADdle Object Recognized!
Type : Regkey
Data : SearchHelp
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{ecb25a48-e6e0-49af-99af-07c763e31389}\1.0

midADdle Object Recognized!
Type : RegValue
Data : SearchHelp
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{ecb25a48-e6e0-49af-99af-07c763e31389}\1.0
Value :

midADdle Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e318d698-27b3-44d5-8998-c35eafb9c034}

midADdle Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e318d698-27b3-44d5-8998-c35eafb9c034}
Value :

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "PartnerID"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PartnerID

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "UtilFolder"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UtilFolder

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "PartnerName"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PartnerName

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "FirstHit"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : FirstHit

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "BuildNumber"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : BuildNumber

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "UninstallUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UninstallUrl

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "UniqueKeyUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UniqueKeyUrl

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "FirstHitUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : FirstHitUrl

CoolWebSearch Object Recognized!
Type : RegData
Data : CSearchHelpIEExtension Object
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchhelp
Value :
Data : CSearchHelpIEExtension Object

midADdle Object Recognized!
Type : RegData
Data : SearchHelp
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid
Value :
Data : SearchHelp

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 22
Objects found so far: 23


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23

MRU List Object Recognized!
Location: : S-1-5-21-842364552-819684009-115087773-500\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-842364552-819684009-115087773-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-842364552-819684009-115087773-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-842364552-819684009-115087773-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-842364552-819684009-115087773-500\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\recent
Description : list of recently opened documents



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@bluestreak[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@bluestreak.com/
Expires : 12-21-2014 7:32:24 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@edge.ru4[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@edge.ru4.com/
Expires : 2-22-2005 11:19:40 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@serving-sys[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrator@serving-sys.com/
Expires : 1-1-2038
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 33



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Rads01.Quadrogram Object Recognized!
Type : File
Data : msexreg.exe
Category : Malware
Comment :
Object : C:\WINNT\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34

Disk Scan Result for C:\3Com\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34

Disk Scan Result for C:\biosupdate1.2.1\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34

Disk Scan Result for C:\Documents and Settings\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34

Disk Scan Result for C:\DRIVERS\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34

Disk Scan Result for C:\I386\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34

Disk Scan Result for C:\My Music\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34

Disk Scan Result for C:\Program Files\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34

Disk Scan Result for C:\Recycled\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34

Disk Scan Result for C:\RECYCLER\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34

Disk Scan Result for C:\System Volume Information\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34

Disk Scan Result for C:\WINNT\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34

Disk Scan Result for C:\WUTemp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

midADdle Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Updater

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchhelp

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchhelp
Value :

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PIDNoCB

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PIDNoNLS

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PrevBBBuildNumber

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UniqueKey

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : System

BargainBuddy Object Recognized!
Type : File
Data : exul.exe
Category : Malware
Comment :
Object : C:\WINNT\system32\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : exdl.exe
Category : Malware
Comment :
Object : C:\WINNT\system32\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


BargainBuddy Object Recognized!
Type : File
Data : bbchk.exe
Category : Malware
Comment :
Object : C:\WINNT\system32\
FileVersion : 5.101.1663.1
ProductVersion : 5.101.1663.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : ECM ChkTrust
InternalName : CHKTRUST.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : CHKTRUST.EXE


BargainBuddy Object Recognized!
Type : File
Data : angelex.exe
Category : Malware
Comment :
Object : C:\WINNT\system32\
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0


BargainBuddy Object Recognized!
Type : File
Data : zeta.exe
Category : Malware
Comment :
Object : C:\WINNT\
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0


BargainBuddy Object Recognized!
Type : File
Data : exdl0.exe
Category : Malware
Comment :
Object : C:\WINNT\system32\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


BargainBuddy Object Recognized!
Type : File
Data : autoheal.exe
Category : Malware
Comment :
Object : C:\WINNT\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 17
Objects found so far: 51

3:31:12 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:52.167
Objects scanned:125082
Objects identified:52
Objects ignored:0
New critical objects:52
  • 0

Advertisements


#2
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Continued here:

http://www.geekstogo...wtopic=6419&hl=

Topic Closed:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP