Sign in to follow this  
jeepbug

fake spyware warning

Recommended Posts

[quote name='CeciliaB' post='125442' date='Mar 9 2011, 01:53 PM']What type of stuff does Ad-Aware find?
You can post an Ad-Aware log if you want.[/quote]


these are the items,
Logfile created: 3/9/2011 14:06:59
Ad-Aware version: 9.0.2
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Admin

*********************** Definitions database information ***********************
Lavasoft definition file: 150.314
Genotype definition file version: 2011/03/07 08:12:44
Extended engine definition file: 8637.0

******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 8624
Objects detected: 5


Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 5
Browser hijacks.: 0
MRU objects.....: 0



Removed items:
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408826 Family ID: 0
Description: *ads.pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408927 Family ID: 0
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0

Scan and cleaning complete: Finished correctly after 66 seconds

*********************************** Settings ***********************************

Scan profile:
ID: smart, enabled:1, value: Smart Scan
ID: folderstoscan, enabled:1, value:
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: strict, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
ID: back, enabled:1, value: back
ID: time, enabled:1, value: Tue Jan 11 13:50:01 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value: smart
ID: auto_deal_with_infections, enabled:1, value: true

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Mon May 10 09:17:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Mon May 10 15:17:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Mon May 10 21:17:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Mon May 10 03:17:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Mon May 10 09:17:00 2010
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: true
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: display, domain: display,dontnotify,onlyimportant
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true


****************************** System information ******************************
Computer name: PC2BACK
Processor name: Intel® Pentium® Dual CPU E2220 @ 2.40GHz
Processor identifier: x86 Family 6 Model 15 Stepping 13
Processor speed: ~2393MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3853, number of processors 2, processor features: [MMX,SSE,SSE2]
Physical memory available: 2306064384 bytes
Physical memory total: 3184435200 bytes
Virtual memory available: 1817571328 bytes
Virtual memory total: 2147352576 bytes
Memory load: 27%
Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 676 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 740 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 764 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 808 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 820 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1000 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1068 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1164 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1212 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1296 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1440 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1560 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1732 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1976 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1912 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 264 name: C:\WINDOWS\RTHDCPL.EXE owner: Admin domain: PC2BACK
PID: 1808 name: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe owner: Admin domain: PC2BACK
PID: 332 name: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe owner: Admin domain: PC2BACK
PID: 328 name: C:\Program Files\EzDental\SystemTray.exe owner: Admin domain: PC2BACK
PID: 940 name: C:\Program Files\EzDental\eSyncReminder.exe owner: Admin domain: PC2BACK
PID: 552 name: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe owner: Admin domain: PC2BACK
PID: 628 name: C:\Program Files\EzDental\WebSyncReminder.exe owner: Admin domain: PC2BACK
PID: 3296 name: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe owner: Admin domain: PC2BACK
PID: 3700 name: C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe owner: Admin domain: PC2BACK
PID: 2728 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2292 name: C:\WINDOWS\explorer.exe owner: Admin domain: PC2BACK
PID: 3004 name: C:\Program Files\Internet Explorer\iexplore.exe owner: Admin domain: PC2BACK
PID: 3220 name: C:\WINDOWS\system32\ctfmon.exe owner: Admin domain: PC2BACK
PID: 3240 name: C:\Program Files\Internet Explorer\iexplore.exe owner: Admin domain: PC2BACK
PID: 3536 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3876 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3612 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3760 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Admin domain: PC2BACK
PID: 4052 name: C:\WINDOWS\system32\wscntfy.exe owner: Admin domain: PC2BACK
PID: 3684 name: C:\Program Files\Internet Explorer\iexplore.exe owner: Admin domain: PC2BACK
PID: 968 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Admin domain: PC2BACK

Startup items:
Name: RunNarrator
imagepath: Narrator.exe
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: RTHDCPL
imagepath: RTHDCPL.EXE
Name: Adobe Reader Speed Launcher
imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Name: Adobe ARM
imagepath: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Name: HP Software Update
imagepath: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Name:
imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eSync Reminder.lnk
imagepath: C:\Program Files\EzDental\eSyncReminder.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
imagepath: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WebSync Reminder.lnk
imagepath: C:\Program Files\EzDental\WebSyncReminder.exe
Name:
imagepath: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: Alerter
displayname: Alerter
Name: ALG
displayname: Application Layer Gateway Service
Name: AudioSrv
displayname: Windows Audio
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Browser
displayname: Computer Browser
Name: CryptSvc
displayname: CryptSvc
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: dmserver
displayname: Logical Disk Manager
Name: Dnscache
displayname: DNS Client
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FastUserSwitchingCompatibility
displayname: Fast User Switching Compatibility
Name: helpsvc
displayname: Help and Support
Name: HTTPFilter
displayname: HTTP SSL
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: LanmanServer
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RemoteRegistry
displayname: Remote Registry
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatic Updates
Name: WZCSVC
displayname: Wireless Zero Configuration

Share this post


Link to post
Share on other sites
Cookies are small text files and they are never dangerous for the computer. When you visit web sites, they often store a cookie in the computer to be able to recognize you when you return the next time. Advertisement companies are interested in keeping track of what ads you have seen and clicked on and doing so by storing a cookie in the computer. Ad-Aware and some other security programs remove the tracking cookies since they consider that behaviour to be spying.

In short, cookies are stored in the computer by most web sites. They are not dangerous but it is good to remove them now and then to protect your privacy.

To improve Ad-Aware I want to send the files that ComboFix removed to Lavasoft.
Do you know how to zip (pack) a folder or do you need a description?
I want you to zip the C:\Qoobox folder and send it to me, for example by uploading the zip file to [url="http://sprend.com/?r=0kAe0"]http://sprend.com/?r=0kAe0[/url] and send the link to the uploaded file in a PM to me.

Share this post


Link to post
Share on other sites
[quote name='CeciliaB' post='125449' date='Mar 9 2011, 04:28 PM']Cookies are small text files and they are never dangerous for the computer. When you visit web sites, they often store a cookie in the computer to be able to recognize you when you return the next time. Advertisement companies are interested in keeping track of what ads you have seen and clicked on and doing so by storing a cookie in the computer. Ad-Aware and some other security programs remove the tracking cookies since they consider that behaviour to be spying.

In short, cookies are stored in the computer by most web sites. They are not dangerous but it is good to remove them now and then to protect your privacy.

To improve Ad-Aware I want to send the files that ComboFix removed to Lavasoft.
Do you know how to zip (pack) a folder or do you need a description?
I want you to zip the C:\Qoobox folder and send it to me, for example by uploading the zip file to [url="http://sprend.com/?r=0kAe0"]http://sprend.com/?r=0kAe0[/url] and send the link to the uploaded file in a PM to me.[/quote]

not sure if this is the correct file that you needed, please let us know. thanks

Share this post


Link to post
Share on other sites
I will give you a more detailed description.

Please, install 7-zip. [url="http://www.7-zip.org/"]http://www.7-zip.org/[/url]
Select to download ".exe 32-bit x86"

After the installation find the folder C:\Qoobox with Windows Explorer or My Computer. Right-click the Qoobox folder and select:
7-zip -> Add to "Qoobox.zip"

A Qoobox.zip file is created in C:\.

I am interested in the Qoobox.zip file. The file might be too big to upload here in the forum but you can try. If you get an error I will explain where you can upload it instead.

Share this post


Link to post
Share on other sites
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this