Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 2.2.2025 / 07:35
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > what has spyware doctor done to my computer??
Show topics
 
Forums
Forums
WHAT HAS SPYWARE DOCTOR DONE TO MY COMPUTER??
  Jump to:
 
Posted Message
dougal79
Member
_ 		1. October 2006 @ 16:09 _ Link to this message    Send private message to this user   
i recently ran spyware doctor & search & destroy to check for spyware etc. Spybot found some tracking cookies & a something called tango dialer. spyware doctor found 101 problems, mostly tracking cookies, BHO's, etc. i deleted them all & was prompted to reboot my pc & when i signed back in, in the start menu i had 5 control panels, 3 internet explorers & a couple of my documents pinned to the start menu.. after i removed 1 control panel, everything went back to normal. but the real problem is, when i go to start> run & type in cmd, then type in ipconfig/all or ping www.google.com, it says they are not recognized as internal or external commands, operable programs or as batch files.. does anyone know whats went wrong with my pc? my internet seems to be fine, but i cant use the cmd command.. i would be greatful of any help.. thanks P.S I have included the log from spyware doctor: Casino HKCU\Software\Grand Virtual Low
Casino HKCU\Software\Grand Virtual## Low
Known Bad Sites C:\Documents and Settings\Neil Dougal\Local Settings\Temporary Internet Files\Content.IE5\9FHUMSC3\88x31_1[1].gif High
Known Bad Sites C:\Documents and Settings\Neil Dougal\Local Settings\Temporary Internet Files\Content.IE5\2HATGZKX\show[1].gif High
2nd-thought.com C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@as-eu.falkag[2].txt Medium
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@adopt.hbmediapro[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@27427[1].txt Medium
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@adriver[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@27426[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@122.2o7[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@adrevolver[5].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@adrevolver[6].txt Medium
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@adrevenue[1].txt Low
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@adtech[2].txt Low
Known Bad Sites C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@all[1].txt High
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@32242511[1].txt Low
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@ads.pointroll[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@serving-sys[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@questionmarket[2].txt Medium
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@ad.zanox[2].txt Low
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@statcounter[2].txt Low
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@adlegend[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@apmebf[2].txt Medium
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@72438301[1].txt Low
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@adrevolver[3].txt Low
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@ads.guru3d[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@123count[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@2o7[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@adrevolver[2].txt Medium
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@burstnet[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@bs.serving-sys[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@ad.yieldmanager[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@c5.zedo[1].txt (Remnant) Medium
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@casalemedia[1].txt (Remnant) Low
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@catalog.zango[2].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@ccbill[1].txt (Remnant) Medium
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@cgi-bin[1].txt (Remnant) Low
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@cgi-bin[2].txt (Remnant) Medium
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@com[2].txt (Remnant) Low
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@cs.sexcounter[2].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@cz7.clickzs[2].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@dcstest.wtlive[2].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@dealtime[1].txt (Remnant) Medium
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@doubleclick[1].txt (Remnant) Low
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@ehg-gamespot.hitbox[2].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@ehg-mastercard.hitbox[2].txt (Remnant) Medium
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@fastclick[2].txt (Remnant) Low
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@gamespy[1].txt (Remnant) Medium
Starware C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@h.starware[1].txt (Remnant) Low
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@hit.gemius[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@hitbox[1].txt (Remnant) Medium
Starware C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@horoscopes[1].txt (Remnant) Low
HotBar C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@hotbar[2].txt (Remnant) Low
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@hotlog[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@ilead.itrack[2].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@linksynergy[2].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@m.webtrends[2].txt (Remnant) Medium
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@mediaplex[1].txt (Remnant) Low
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@msnaccountservices.112.2o7[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@partygaming.122.2o7[1].txt (Remnant) Medium
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@perf.overture[1].txt (Remnant) Low
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@pricegrabber[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@qksrv[2].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@qwerks[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@realmedia[2].txt (Remnant) Medium
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@revenue[1].txt (Remnant) Low
Rogue Anti-Spyware Products C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@scanner[1].txt (Remnant) High
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@server.iad.liveperson[1].txt (Remnant) Low
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@serving-sys[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@sonymediasoftware.122.2o7[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@spylog[2].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@stat.dealtime[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@stat.onestat[2].txt (Remnant) Medium
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@statcounter[1].txt (Remnant) Low
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@stats1.reliablestats[2].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@statse.webtrendslive[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@tradedoubler[2].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@trafic[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@tribalfusion[2].txt (Remnant) Medium
WhenU.Search C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@web.whenu[1].txt (Remnant) Info & PUAs
DealBar C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@www.activeshopper[2].txt (Remnant) Elevated
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@www.burstbeacon[1].txt (Remnant) Medium
Advertising C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@www.burstnet[2].txt (Remnant) Low
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@www.crackz[1].txt (Remnant) Medium
Known Bad Sites C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@www.serials[1].txt (Remnant) High
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@www.trygames[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@www.zango[2].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@xiti[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@xmatch[2].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@yadro[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@zango[2].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Neil Dougal\Cookies\neil dougal@zedo[1].txt (Remnant) Medium
Zango Search Assistant C:\Program Files\Zango Programs Elevated
Zango Search Assistant C:\Program Files\Zango Programs\Common Elevated
Zango Search Assistant C:\Program Files\Zango Programs\Common\Zango.ico Elevated
Casino C:\WINDOWS\gvcasinos.ini Low
P.P.S even though im signed out of msn, i keep seeing this at the bottom of my desktop: Auto POP3 Connecting To - 161-147-158-212 dudejovice.angel.static.bluetone.cz just in case its important. thanks for any help i may recieve ;-(
[ + quote]
Advertisement
_ 		__
Niobis
Senior Member
_ 		1. October 2006 @ 16:19 _ Link to this message    Send private message to this user   
Hey dougal79, your problem is odd. Sounds like there is more infection than just a dialer.

Post a HijackThis log and I'll look over it for you.

Quote:
i keep seeing this at the bottom of my desktop: Auto POP3 Connecting To...
That's AVG's email scanner scanning your incoming emails. Nothing to worry about there.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
dougal79
Member
_ 		2. October 2006 @ 07:52 _ Link to this message    Send private message to this user   
ok thanks niobis. this is my HijackThis log: Logfile of HijackThis v1.99.1
Scan saved at 16:49:04, on 02/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Neil Dougal\Desktop\Installers\SECURITY PROGRAMS\Hi-Jack This\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Workflow] E:\Workflow.exe
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [E-mail Talker] "C:\Program Files\Scorpio Software\E-mail Talker\et.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared...,26/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

cheers
[ + quote]
Niobis
Senior Member
_ 		2. October 2006 @ 11:48 _ Link to this message    Send private message to this user   
Everything looks ok, but may not be showing.

Go here to download the trial version of Ewido Anti-spyware.

Install and update.
Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).
Open Ewdio and click "Scanner".
Click "Complete System Scan".
When it finishes scanning, set all items to "Quarantine".
Click "Apply All Actions".
Click "Save Report".
Click "Save report as" and save it to the desktop.
Restart in normal mode and post the log.

[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
dougal79
Member
_ 		2. October 2006 @ 17:09 _ Link to this message    Send private message to this user   
ok thanks.. i went to the ewido website & before i downloaded it, it said ewido is now known as AVG anti spyware 7.5. is this right? just verifying im downloading the right thing.. ive installed the program, but havent run it yet.. i was also told to download hook analyzer, a squared free, a squared anti-dialer, a squared hijack free, & sdfix, along with cacheman xp, diskeeper pro 10, spyware terminator, mcafee stinger 2.6 & 3.0, microsoft windows defender, malicious software removal tool, & super anti-spyware.. i was also told to run an online scan with panda online virus scanner, but am worried about this as ive hear that online virus scans could be dodgy.. any help is appreciated. thanks for the help so far niobis
[ + quote]
Niobis
Senior Member
_ 		2. October 2006 @ 17:22 _ Link to this message    Send private message to this user   
I heard that early today, but on site is still showing Ewdio.
http://free.grisoft.com/doc/5390/lng/us/tpl/v5#ewido-free

There's no need for all those programs. That's kind of overkill.

Online scanners are great. Top 3 I prefer:
Kaspersky-
http://www.kaspersky.com/virusscanner

Panda's ActiveScan-
http://www.pandasoftware.com/products/activescan.htm

BitDefender-
http://www.bitdefender.com/scan8/ie.html
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
dougal79
Member
_ 		2. October 2006 @ 19:16 _ Link to this message    Send private message to this user   
ok heres the report from ewido or AVG anti-spyware 7.5 :-)---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 04:00:53 03/10/2006

+ Scan result:



C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP107\A0086043.exe -> Adware.180Solutions : Ignored.
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP111\A0089758.old -> Adware.Casino : Ignored.
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP124\A0096756.exe -> Adware.Casino : Ignored.
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP101\A0079520.exe -> Adware.SaveNow : Ignored.
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP101\A0083461.exe -> Adware.SaveNow : Ignored.
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP101\A0079131.exe -> Adware.WinAD : Ignored.
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP101\A0071811.exe/SERVER~1.EXE -> Backdoor.Ciadoor.13 : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP101\A0071853.exe/SERVER~1.EXE -> Backdoor.Ciadoor.13 : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP107\A0086072.exe/SERVER~1.EXE -> Backdoor.Ciadoor.13 : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP107\A0086070.exe -> Dialer.InstantAccess.aa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP126\A0097076.exe -> Dialer.InstantAccess.aa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP126\A0097079.exe -> Dialer.InstantAccess.aa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP101\A0071811.exe/STEAMA~1.EXE -> Dropper.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP101\A0071853.exe/STEAMA~1.EXE -> Dropper.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP107\A0086072.exe/STEAMA~1.EXE -> Dropper.Small : Cleaned with backup (quarantined).
C:\Program Files\MagicISO\magiciso.maker.5.3-patch.exe -> Trojan.Agent.iu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP101\A0074752.exe -> Trojan.Agent.iu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP101\A0074756.exe -> Trojan.Agent.iu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP101\A0077570.exe -> Trojan.Agent.iu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP101\A0077572.exe -> Trojan.Agent.iu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP111\A0089626.exe -> Trojan.Agent.iu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP101\A0080712.exe/Slysoft.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP148\A0101539.exe -> Worm.Drefir.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{783B7723-54A9-4BD5-9958-5FC760DC4E54}\RP148\A0101540.exe -> Worm.Drefir.c : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mswinup.exe -> Worm.Drefir.c : Cleaned with backup (quarantined).


::Report end


[ + quote]
Niobis
Senior Member
_ 		2. October 2006 @ 20:29 _ Link to this message    Send private message to this user   
Go here and download Ad-Aware.

After installing when asked to update leave checked.
Click Scan now.
Check "Preform full system scan".
Click Next.
After scanning select all entries and click Quarantine.
Click "Show logfile" and save it.
Click next and confirm.
Post the log in your next reply.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
dougal79
Member
_ 		2. October 2006 @ 21:30 _ Link to this message    Send private message to this user   
ok, i have Ad-Aware pro. will that do? here's the log for adaware pro:-
Lavasoft Ad-Aware Professional Build 6.181
Logfile created on :03 October 2006 06:19:26
Using reference-file :1R200 12.07.2003
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


03/10/2006 06:19:26 - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 03/10/2006 05:04:37
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 03/10/2006 05:04:44
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 03/10/2006 05:04:45
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 03/10/2006 05:04:46
BasePriority : Normal
FileSize : 105 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 04/08/2004 12:00:00
Last accessed : 03/10/2006 05:04:46
Last modified : 04/08/2004 12:00:00

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 03/10/2006 05:04:46
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 04/08/2004 12:00:00
Last accessed : 03/10/2006 05:04:51
Last modified : 04/08/2004 12:00:00

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 03/10/2006 05:04:46
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 04/08/2004 12:00:00
Last accessed : 03/10/2006 05:04:51
Last modified : 04/08/2004 12:00:00

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 03/10/2006 05:04:46
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 04/08/2004 12:00:00
Last accessed : 03/10/2006 05:04:51
Last modified : 04/08/2004 12:00:00

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 03/10/2006 05:04:47
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 04/08/2004 12:00:00
Last accessed : 03/10/2006 05:04:51
Last modified : 04/08/2004 12:00:00

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 03/10/2006 05:04:47
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 04/08/2004 12:00:00
Last accessed : 03/10/2006 05:04:51
Last modified : 04/08/2004 12:00:00

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 03/10/2006 05:04:47
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 04/08/2004 12:00:00
Last accessed : 03/10/2006 05:04:51
Last modified : 04/08/2004 12:00:00

#:11 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ThreadCreationTime : 03/10/2006 05:04:47
BasePriority : Normal
FileSize : 73 KB
FileVersion : 6.5.737.000
ProductVersion : 6.5.737.000
Copyright : Copyright
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
OriginalFilename : vsmon.exe
ProductName : TrueVector Service
Created on : 02/10/2006 19:00:34
Last accessed : 03/10/2006 05:04:47
Last modified : 23/08/2006 22:38:26

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 03/10/2006 05:04:51
BasePriority : Normal
FileSize : 56 KB
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 04/08/2004 12:00:00
Last accessed : 03/10/2006 05:04:51
Last modified : 10/06/2005 23:53:32

#:13 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ThreadCreationTime : 03/10/2006 05:04:58
BasePriority : Normal
FileSize : 200 KB
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
Copyright : Copyright
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
OriginalFilename : guard.exe
ProductName : AVG Anti-Spyware
Created on : 28/09/2006 14:13:20
Last accessed : 03/10/2006 05:04:58
Last modified : 28/09/2006 14:13:20

#:14 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ThreadCreationTime : 03/10/2006 05:04:58
BasePriority : Normal
FileSize : 322 KB
FileVersion : 7,1,0,364
ProductVersion : 7.1.0.364
Copyright : Copyright
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
OriginalFilename : avgamsvr.EXE
ProductName : AVG Anti-Virus System
Created on : 02/10/2006 00:27:57
Last accessed : 03/10/2006 05:04:58
Last modified : 02/10/2006 00:27:57

#:15 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ThreadCreationTime : 03/10/2006 05:04:58
BasePriority : Normal
FileSize : 39 KB
FileVersion : 7,0,0,346
ProductVersion : 7.0.0.346
Copyright : Copyright
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
OriginalFilename : avgupdsvc.EXE
ProductName : AVG 7.0 Anti-Virus System
Created on : 02/10/2006 00:28:00
Last accessed : 03/10/2006 05:04:58
Last modified : 02/10/2006 00:28:00

#:16 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 03/10/2006 05:04:58
BasePriority : Normal
FileSize : 152 KB
FileVersion : 6.14.10.9131
ProductVersion : 6.14.10.9131
Copyright : (C) NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 91.31
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 91.31
Created on : 01/06/2006 16:22:00
Last accessed : 03/10/2006 05:04:58
Last modified : 01/06/2006 16:22:00

#:17 [sdhelp.exe]
FilePath : C:\Program Files\Spyware Doctor\
ThreadCreationTime : 03/10/2006 05:04:58
BasePriority : Normal
FileSize : 850 KB
FileVersion : 3.5.0.18
ProductVersion : 3.5
CompanyName : PC Tools Research Pty Ltd
ProductName : Spyware Doctor
Created on : 01/10/2006 20:54:03
Last accessed : 03/10/2006 05:04:58
Last modified : 20/12/2005 07:44:24

#:18 [starwindservice.exe]
FilePath : C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\
ThreadCreationTime : 03/10/2006 05:04:59
BasePriority : Normal
FileSize : 212 KB
FileVersion : 2.6.1 Build 0x20050401
ProductVersion : 2.6.1 Build 0x20050401
Copyright : Copyright (c) Rocket Division Software 2003-2005. All rights reserved.
CompanyName : Rocket Division Software
FileDescription : StarWind iSCSI Target (Alcohol Edition)
InternalName : StarWind
OriginalFilename : StarWind
ProductName : StarWind
Created on : 02/04/2005 00:51:48
Last accessed : 03/10/2006 05:04:59
Last modified : 02/04/2005 00:51:48

#:19 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 03/10/2006 05:04:59
BasePriority : Normal
FileSize : 38 KB
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
OriginalFilename : WdfMgr.exe
ProductName : Microsoft
Created on : 28/01/2005 12:44:28
Last accessed : 03/10/2006 05:04:59
Last modified : 28/01/2005 12:44:28

#:20 [alg.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 03/10/2006 05:05:09
BasePriority : Normal
FileSize : 43 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
OriginalFilename : ALG.exe
ProductName : Microsoft
Created on : 04/08/2004 12:00:00
Last accessed : 03/10/2006 05:05:08
Last modified : 04/08/2004 12:00:00

#:21 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 03/10/2006 05:05:09
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
OriginalFilename : wscntfy.exe
ProductName : Microsoft
Created on : 04/08/2004 12:00:00
Last accessed : 03/10/2006 05:05:09
Last modified : 04/08/2004 12:00:00

#:22 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 03/10/2006 05:05:42
BasePriority : Normal
FileSize : 32 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft
Created on : 04/08/2004 12:00:00
Last accessed : 03/10/2006 05:05:44
Last modified : 04/08/2004 12:00:00

#:23 [pcguardadvisor.exe]
FilePath : C:\Program Files\blueyonder\PCguard advisor\
ThreadCreationTime : 03/10/2006 05:05:44
BasePriority : Normal
FileSize : 1844 KB
FileVersion : 1.3.22.4490
ProductVersion : 1.3.22.4490
Copyright : Copyright (C) 2005
CompanyName : blueyonder
FileDescription : blueyonder PCguard advisor
InternalName : Client Gateway
ProductName : PCguard advisor
Created on : 06/09/2006 21:51:34
Last accessed : 03/10/2006 05:05:46
Last modified : 28/04/2006 14:27:28

#:24 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ThreadCreationTime : 03/10/2006 05:05:46
BasePriority : Normal
FileSize : 36 KB
FileVersion : 5.0.60.5
ProductVersion : 5.0.60.5
Copyright : Copyright
CompanyName : Sun Microsystems, Inc.
FileDescription : Java(TM) 2 Platform Standard Edition binary
InternalName : Java(TM) Update Scheduler
OriginalFilename : jusched.exe
ProductName : Java(TM) 2 Platform Standard Edition 5.0 Update 6
Created on : 25/09/2006 18:56:33
Last accessed : 03/10/2006 05:05:46
Last modified : 10/11/2005 12:03:52

#:25 [scdemuapp.exe]
FilePath : C:\Program Files\PowerISO\
ThreadCreationTime : 03/10/2006 05:05:46
BasePriority : Normal
FileSize : 164 KB
FileVersion : 2, 6, 1, 1
ProductVersion : 2, 6, 1, 1
Copyright : Copyright (C) 2004-2005
CompanyName : PowerISO Computing, Inc.
FileDescription : PowerISO Virtual Drive Manager
InternalName : PowerISO Virtual Drive Manager
OriginalFilename : SCDEmuAPP.EXE
ProductName : PowerISO Virtual Drive Manager
Created on : 16/10/2005 01:15:54
Last accessed : 03/10/2006 05:05:48
Last modified : 16/10/2005 01:15:54

#:26 [clonecdtray.exe]
FilePath : C:\Program Files\SlySoft\CloneCD\
ThreadCreationTime : 03/10/2006 05:05:48
BasePriority : Normal
FileSize : 56 KB
FileVersion : 5, 2, 3, 1
ProductVersion : 5, 2, 3, 1
Copyright : Copyright
CompanyName : SlySoft, Inc.
FileDescription : CloneCD Tray
InternalName : CloneCDTray
OriginalFilename : CloneCDTray.exe
ProductName : CloneCD
Created on : 19/05/2005 13:47:36
Last accessed : 03/10/2006 05:05:49
Last modified : 19/05/2005 13:47:36

#:27 [rmctrl.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 03/10/2006 05:05:49
BasePriority : Normal
FileSize : 32 KB
Created on : 01/10/2006 20:31:38
Last accessed : 03/10/2006 05:05:49
Last modified : 16/10/2000 08:37:36

#:28 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ThreadCreationTime : 03/10/2006 05:05:49
BasePriority : Normal
FileSize : 350 KB
FileVersion : 7,1,0,404
ProductVersion : 7.1.0.404
Copyright : Copyright
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
OriginalFilename : AvgCC.EXE
ProductName : AVG Anti-Virus System
Created on : 02/10/2006 00:27:57
Last accessed : 03/10/2006 05:05:57
Last modified : 02/10/2006 00:27:57

#:29 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ThreadCreationTime : 03/10/2006 05:05:52
BasePriority : Normal
FileSize : 945 KB
FileVersion : 6.5.737.000
ProductVersion : 6.5.737.000
Copyright : Copyright
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
OriginalFilename : zlclient.exe
ProductName : Zone Labs Client
Created on : 02/10/2006 19:00:43
Last accessed : 03/10/2006 05:05:53
Last modified : 23/08/2006 22:38:28

#:30 [a2adguard.exe]
FilePath : C:\Program Files\a-squared Anti-Dialer\
ThreadCreationTime : 03/10/2006 05:05:55
BasePriority : Normal
FileSize : 1133 KB
FileVersion : 2.0.0.92
ProductVersion : 2.0
Copyright : Emsi Software GmbH
CompanyName : a-squared
FileDescription : a-squared Anti-Dialer Guard
InternalName : a2adguard
OriginalFilename : a2adguard.exe
ProductName : a-squared Anti-Dialer
Created on : 02/10/2006 20:25:26
Last accessed : 03/10/2006 05:05:55
Last modified : 28/09/2006 19:20:36

#:31 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ThreadCreationTime : 03/10/2006 05:06:02
BasePriority : Normal
FileSize : 6120 KB
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
Copyright : Copyright
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
OriginalFilename : avgas.exe
ProductName : AVG Anti-Spyware
Created on : 28/09/2006 14:13:50
Last accessed : 03/10/2006 05:06:18
Last modified : 28/09/2006 14:13:50

#:32 [bittorrent.exe]
FilePath : C:\Program Files\BitTorrent\
ThreadCreationTime : 03/10/2006 05:06:04
BasePriority : Normal
FileSize : 42 KB
Created on : 30/09/2006 02:00:14
Last accessed : 03/10/2006 05:06:04
Last modified : 30/09/2006 02:00:14

#:33 [nmbgmonitor.exe]
FilePath : C:\Program Files\Common Files\Ahead\lib\
ThreadCreationTime : 03/10/2006 05:06:06
BasePriority : Normal
FileSize : 92 KB
FileVersion : 1, 0, 1, 5
ProductVersion : 1, 0, 1, 5
Copyright : Copyright (c) 1995-2005 Nero AG and its licensors
CompanyName : Nero AG
FileDescription : Nero Home
InternalName : NMBgMonitor
OriginalFilename : NMBgMonitor.exe
ProductName : Nero Home
Created on : 28/10/2005 15:25:44
Last accessed : 03/10/2006 05:06:07
Last modified : 28/10/2005 15:25:44

#:34 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 03/10/2006 05:06:29
BasePriority : Normal
FileSize : 6928 KB
FileVersion : 7.5.0324
ProductVersion : 7.5.0324
Copyright : Copyright (c) Microsoft Corporation 1997-2004
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : MSN Messenger
Created on : 24/01/2006 10:37:02
Last accessed : 03/10/2006 05:06:17
Last modified : 24/01/2006 10:37:02

#:35 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 03/10/2006 05:06:32
BasePriority : Normal
FileSize : 1654 KB
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
Copyright : Copyright (c) Microsoft Corporation 2004
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 06/09/2006 21:12:49
Last accessed : 03/10/2006 05:06:32
Last modified : 13/10/2004 16:24:37

#:36 [pg2.exe]
FilePath : C:\Program Files\PeerGuardian2\
ThreadCreationTime : 03/10/2006 05:06:37
BasePriority : Normal
FileSize : 1388 KB
FileVersion : 1, 0, 6, 4
ProductVersion : 2, 0, 6, 4
Copyright : Copyright (C) 2004-2005 Cory Nelson
CompanyName : Methlabs
FileDescription : PeerGuardian 2
InternalName : PG2
OriginalFilename : pg2.exe
ProductName : PeerGuardian 2
Created on : 30/09/2006 17:07:30
Last accessed : 03/10/2006 05:06:58
Last modified : 18/09/2005 17:40:42

#:37 [et.exe]
FilePath : C:\Program Files\Scorpio Software\E-mail Talker\
ThreadCreationTime : 03/10/2006 05:07:00
BasePriority : Normal
FileSize : 692 KB
FileVersion : 4.00.0017
ProductVersion : 4.00.0017
Copyright : Copyright (C) 2002-2003 Scorpio Software
CompanyName : Scorpio Software
FileDescription : E-mail Talker
InternalName : ET
OriginalFilename : ET.exe
ProductName : E-mail Talker
Created on : 10/11/2004 11:03:01
Last accessed : 03/10/2006 05:07:54
Last modified : 01/10/2006 17:53:15

#:38 [swdoctor.exe]
FilePath : C:\Program Files\Spyware Doctor\
ThreadCreationTime : 03/10/2006 05:07:01
BasePriority : Normal
FileSize : 937 KB
FileVersion : 3.5.0.478
ProductVersion : 3.5.0
Copyright : Copyright (c) 2005. Distributed by PC Tools Research Pty Ltd
CompanyName : PC Tools Research Pty Ltd
FileDescription : Spyware Doctor
InternalName : Spyware Doctor
OriginalFilename : swdoctor.exe
ProductName : Spyware Doctor
Created on : 01/10/2006 20:54:04
Last accessed : 03/10/2006 05:07:02
Last modified : 11/01/2006 01:56:35

#:39 [wpabaln.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 03/10/2006 05:07:29
BasePriority : Normal
FileSize : 31 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Windows WPA Balloon Reminder
InternalName : WPABALN.EXE
OriginalFilename : WPABALN.EXE
ProductName : Microsoft
Created on : 04/08/2004 12:00:00
Last accessed : 03/10/2006 05:07:05
Last modified : 04/08/2004 12:00:00

#:40 [utorrent.exe]
FilePath : C:\Program Files\uTorrent\
ThreadCreationTime : 03/10/2006 05:07:46
BasePriority : Normal
FileSize : 170 KB
Created on : 02/07/2006 16:29:46
Last accessed : 03/10/2006 05:07:47
Last modified : 02/07/2006 16:29:46

#:41 [agentsvr.exe]
FilePath : C:\WINDOWS\msagent\
ThreadCreationTime : 03/10/2006 05:07:52
BasePriority : Normal
FileSize : 250 KB
FileVersion : 2.00.0.3422
ProductVersion : 2.00.0.3422
Copyright : Copyright (C) Microsoft Corp. 1997-98
CompanyName : Microsoft Corporation
FileDescription : Microsoft Agent Server
InternalName : AgentServer
OriginalFilename : AgentSvr.exe
ProductName : Microsoft Agent Server
Created on : 04/08/2004 12:00:00
Last accessed : 03/10/2006 05:07:49
Last modified : 04/08/2004 12:00:00

#:42 [raid_tool.exe]
FilePath : C:\Program Files\VIA\RAID\
ThreadCreationTime : 03/10/2006 05:07:57
BasePriority : Normal
FileSize : 552 KB
FileVersion : 2, 4, 0, 0
ProductVersion : 2, 4, 0, 0
Copyright : Copyright (C) 2003
CompanyName : VIA Technologies
FileDescription : VIA RAID Tool
InternalName : raid_tool
OriginalFilename : raid_tool.exe
ProductName : VIA RAID Tool
Created on : 06/09/2006 21:36:27
Last accessed : 03/10/2006 05:08:10
Last modified : 04/05/2004 02:17:28

#:43 [limewire.exe]
FilePath : C:\Program Files\LimeWire\
ThreadCreationTime : 03/10/2006 05:08:09
BasePriority : Normal
FileSize : 156 KB
Created on : 21/06/2006 14:58:33
Last accessed : 03/10/2006 05:08:09
Last modified : 21/06/2006 14:58:33

#:44 [mt.exe]
FilePath : C:\Program Files\Common Files\scosoft.com\
ThreadCreationTime : 03/10/2006 05:08:25
BasePriority : Normal
FileSize : 24 KB
FileVersion : 1.00.0038
ProductVersion : 1.00.0038
Copyright : Copyright (C) 2002-2004 Scorpio Software
CompanyName : Scorpio Software
FileDescription : ActiveX EXE Components
InternalName : Mt
OriginalFilename : Mt.exe
ProductName : Mt
Created on : 04/08/2004 11:06:07
Last accessed : 03/10/2006 05:08:21
Last modified : 04/08/2004 11:06:07

#:45 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 03/10/2006 05:08:43
BasePriority : Normal
FileSize : 1008 KB
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 04/08/2004 12:00:00
Last accessed : 03/10/2006 05:08:43
Last modified : 04/08/2004 12:00:00

#:46 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 03/10/2006 05:09:46
BasePriority : Normal
FileSize : 91 KB
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 06/09/2006 21:13:55
Last accessed : 03/10/2006 05:09:48
Last modified : 04/08/2004 12:00:00

#:47 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 03/10/2006 05:19:02
BasePriority : Normal
FileSize : 724 KB
FileVersion : 6.0.1.183
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware 6 core application
InternalName : Ad-Aware.exe
OriginalFilename : Ad-Aware.exe
ProductName : Lavasoft Ad-Aware Plus
Created on : 03/10/2006 05:18:41
Last accessed : 03/10/2006 05:19:02
Last modified : 12/07/2003 21:01:58

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Windows Object recognized!
Type : RegData
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\MediaPlayer\Player\Settings
Value : Client ID
Data :


Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 1


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 1


06:20:22 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:00:56:110
Objects scanned :37169
Objects identified :1
Objects ignored :0
New objects :1
THANKS AGAIN NIOBIS :-)
[ + quote]
Niobis
Senior Member
_ 		2. October 2006 @ 23:11 _ Link to this message    Send private message to this user   
Seen this and didn't give attention to "Ignored".

Adware.180Solutions : Ignored.
Adware.Casino : Ignored.
Adware.SaveNow : Ignored.
Adware.WinAD : Ignored.

Scan again in safe mode. Check all and click "Apply All Actions". Save the report and post it.

Then, I think this "mt.exe" is a backdoor.

Go to Jotti's malware scan.
Copy/Paste this file into "File to upload and scan".
C:\Program Files\Common Files\scosoft.com\mt.exe
Click Submit.
Post the resutls in your next reply.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

This message has been edited since posting. Last time this message was edited on 2. October 2006 @ 23:12
dougal79
Member
_ 		3. October 2006 @ 07:41 _ Link to this message    Send private message to this user   
ok ill do that now.. when i tried to boot into safe mode by pressinf f8, when you told me to scan with ewido, it just booted up normally... i only got it by pressing all the f buttons simultaneously... any ideas?
[ + quote]
Advertisement
_ 		__
 
_
Niobis
Senior Member
_ 		3. October 2006 @ 09:08 _ Link to this message    Send private message to this user   
You probably didn't press it in time. Can press F8 or F5 to bing up the advance booting options. Gotta be quick. :)
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > what has spyware doctor done to my computer??
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork