Jump to content

gyan19

Members
  • Content Count

    3
  • Joined

  • Last visited

About gyan19

  • Rank
    Newbie
  1. How can i delete the HKEY thing? sorry im not that techy... and if ever how to adjust permission? thanks... you're a big help. im now considering buying the full verdion of SAS!!! =)
  2. Quick scan just minutes ago SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 07/17/2009 at 05:04 PM Application Version : 4.26.1006 Core Rules Database Version : 4002 Trace Rules Database Version: 1942 Scan type : Quick Scan Total Scan Time : 00:30:57 Memory items scanned : 871 Memory threats detected : 0 Registry items scanned : 504 Registry threats detected : 5 File items scanned : 30331 File threats detected : 0 Rootkit.Agent/Gen-ESQUL HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS#start HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS#type HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS#imagepath HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS#group FULL SCAN TODAY Generated 07/17/2009 at 04:12 PM Application Version : 4.26.1006 Core Rules Database Version : 4002 Trace Rules Database Version: 1942 Scan type : Complete Scan Total Scan Time : 00:48:06 Memory items scanned : 891 Memory threats detected : 0 Registry items scanned : 6822 Registry threats detected : 8 File items scanned : 36719 File threats detected : 3 Adware.Tracking Cookie C:\Users\giancarlo\AppData\Roaming\Microsoft\Windows\Cookies\giancarlo@doubleclick[1].txt C:\Users\giancarlo\AppData\Roaming\Microsoft\Windows\Cookies\giancarlo@ad.yieldmanager[2].txt C:\Users\giancarlo\AppData\Roaming\Microsoft\Windows\Cookies\giancarlo@atdmt[1].txt Rootkit.Agent/Gen-ESQUL HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS#start HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS#type HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS#imagepath HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS#group HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS\modules HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS\modules#ESQULserv HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS\modules#ESQULl YESTERDAY Generated 07/16/2009 at 01:33 AM Application Version : 4.26.1006 Core Rules Database Version : 3998 Trace Rules Database Version: 1938 Scan type : Quick Scan Total Scan Time : 00:56:02 Memory items scanned : 930 Memory threats detected : 0 Registry items scanned : 518 Registry threats detected : 17 File items scanned : 30390 File threats detected : 1 Rootkit.Agent/Gen-ESQUL HKLM\system\controlset001\services\ESQULserv.sys C:\WINDOWS\SYSTEM32\DRIVERS\ESQULCHSATUYPLYVTSQFUJXUMMTRENBSOOSUI.SYS HKLM\system\controlset002\services\ESQULserv.sys HKLM\system\controlset003\services\ESQULserv.sys HKLM\system\controlset004\services\ESQULserv.sys HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS#start HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS#type HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS#imagepath HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS#group HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS\modules HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS\modules#ESQULserv HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS\modules#ESQULl HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS\modules#ESQULclk HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS\Enum HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\ESQULSERV.SYS\Enum#NextInstance THE FIRSTDAY SCAN Generated 07/15/2009 at 08:25 PM Application Version : 4.26.1006 Core Rules Database Version : 3998 Trace Rules Database Version: 1938 Scan type : Complete Scan Total Scan Time : 01:06:11 Memory items scanned : 944 Memory threats detected : 0 Registry items scanned : 6849 Registry threats detected : 88 File items scanned : 36859 File threats detected : 6 Adware.MyWebSearch HKU\S-1-5-21-2049136128-3216804590-1937335049-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} HKU\S-1-5-21-2049136128-3216804590-1937335049-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKU\S-1-5-21-2049136128-3216804590-1937335049-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Rootkit.Agent/Gen-ESQUL HKLM\system\controlset001\services\ESQULserv.sys C:\WINDOWS\SYSTEM32\DRIVERS\ESQULCHSATUYPLYVTSQFUJXUMMTRENBSOOSUI.SYS HKLM\system\controlset002\services\ESQULserv.sys HKLM\system\controlset003\services\ESQULserv.sys HKLM\system\controlset004\services\ESQULserv.sys Trojan.Unknown Origin HKU\S-1-5-21-2049136128-3216804590-1937335049-1000\Software\ColdWare Adware.MyWebSearch/FunWebProducts HKLM\SOFTWARE\Fun Web Products HKLM\SOFTWARE\Fun Web Products\MSNMessenger HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLFile HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLDir HKLM\SOFTWARE\Fun Web Products\ScreenSaver HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir HKLM\SOFTWARE\Fun Web Products\Settings HKLM\SOFTWARE\Fun Web Products\Settings\Promos HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8 HKU\S-1-5-21-2049136128-3216804590-1937335049-1000\SOFTWARE\MyWebSearch HKLM\SOFTWARE\MyWebSearch HKLM\SOFTWARE\MyWebSearch\bar HKLM\SOFTWARE\MyWebSearch\bar#pid HKLM\SOFTWARE\MyWebSearch\bar#fwp HKLM\SOFTWARE\MyWebSearch\bar#tiec HKLM\SOFTWARE\MyWebSearch\bar#Dir HKLM\SOFTWARE\MyWebSearch\bar#Id HKLM\SOFTWARE\MyWebSearch\bar#CurInstall HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir HKLM\SOFTWARE\MyWebSearch\bar#sr HKLM\SOFTWARE\MyWebSearch\bar#pl HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir HKLM\SOFTWARE\MyWebSearch\SearchAssistant HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Dir HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Id HKLM\SOFTWARE\MyWebSearch\SearchAssistant#CurInstall HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sr HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pl HKLM\SOFTWARE\MyWebSearch\SkinTools HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version HKLM\Software\FocusInteractive HKLM\Software\FocusInteractive\bar HKLM\Software\FocusInteractive\bar\Switches HKLM\Software\FocusInteractive\bar\Switches#incmail.exe HKLM\Software\FocusInteractive\bar\Switches#msimn.exe HKLM\Software\FocusInteractive\bar\Switches#msn.exe HKLM\Software\FocusInteractive\bar\Switches#outlook.exe HKLM\Software\FocusInteractive\bar\Switches#waol.exe HKLM\Software\FocusInteractive\bar\Switches#aim.exe HKLM\Software\FocusInteractive\bar\Switches#icq.exe HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe HKLM\Software\FocusInteractive\bar\Switches#ypager.exe HKLM\Software\FocusInteractive\bar\Switches#au HKLM\Software\FocusInteractive\bar\Switches#mwsSrcAs.dll HKLM\Software\FocusInteractive\bar\Switches#ps HKLM\Software\FocusInteractive\bar\Switches#ok HKLM\Software\FocusInteractive\bar\Switches#od HKLM\Software\FocusInteractive\bar\Switches#nk HKLM\Software\FocusInteractive\bar\Switches#nd HKLM\Software\FocusInteractive\Email-IM HKLM\Software\FocusInteractive\Email-IM\0 HKLM\Software\FocusInteractive\Email-IM\0#Toolbar HKLM\Software\FocusInteractive\Email-IM\0#AppName HKLM\Software\FocusInteractive\Outlook C:\Program Files\MyWebSearch\bar\History C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\Program Files\MyWebSearch\bar\Settings C:\Program Files\MyWebSearch\bar C:\Program Files\MyWebSearch THANKS FOR THE quick reply...
  3. I tried SAS because it is highly recommended by my friends and i found it very helpful. one thing that bothers me is that everytime i scan i get this Rootkit.Agent/Gen-ESQUL thing always sometimes 3 sometimes 5... i got this free spyware 2 days ago and everyday i try scanning my full system in those 2 days. the first day i got trojans, cookies and a bunch of rootkits... the second day i only got adwares cookies and rootkits... today i scanned i got cookies and this rootkit and after rebooting i scanned again and i still get 5 SAME ROOTKITS... what are these? it seems that they multiply fast or is just that SAS cant detect them all at once... please help because im very much bothered by these rootkits. and by the way i am very much thankful for SAS because 2 days ago this computer is not very functional but after scanning and detecting some spyware my computer is much better now(except with these nasty rootkits). now im so paranoid with these stuff... thanks
×
×
  • Create New...