|
|
|
Access member area virus
|
|
|
aasimn
Junior Member
|
2. April 2006 @ 21:38 |
Link to this message
|
i got 3.2.159
this the lastest spyware doctor result
Scan Results:
scan start: 3/31/2006 8:00:00 PM
scan stop: 3/31/2006 8:49:48 PM
scanned items: 76744
found items: 14
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner
Infection Name Location Risk
Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\joke_fart_728x90[1].swf Elevated
Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\pixy[1].gif Elevated
Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\PSS_04july[1].jpg Elevated
Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\300x250_rhyme_smileycentral[1].swf Elevated
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\media96505[1].gif High
Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\index[1].htm Elevated
Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\728x90_Coupon_xBox[1].swf Elevated
Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\UHLE36H4\index[1].htm Elevated
Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\casaleFlash[1].js Elevated
Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\728x90_rhyme_smileycentral[1].swf Elevated
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@marksandspencer.122.2o7[1].txt Medium
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@media.fastclick[1].txt Low
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@casalemedia[2].txt Low
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@fastclick[2].txt Low
Scan Results:
scan start: 4/1/2006 7:00:07 PM
scan stop: 4/1/2006 7:09:19 PM
scanned items: 59600
found items: 31
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner
Infection Name Location Risk
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie## High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache## High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache##0 High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache##1 High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\ringtonesUK_120x600[1].swf High
Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\300x250_soccer[1].swf Elevated
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\300x250_just-cursors_en[1].swf High
Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\casaleFlash[1].js Elevated
Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\s[1].3621 Elevated
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\v4flash[1].js High
Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\spideripod120x600w[1].swf Elevated
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\flash_728x90[1].swf High
Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\P04N55SX\s[1].999846 Elevated
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\300x250_days_cursormania[1].swf High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4TU705U3\120x600_cursor3_aug8[1].swf High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\UHLE36H4\smiley_ad_120x600[1].swf High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\728X90_sc-cont_march02[1].swf High
Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4TU705U3\s[1].330701 Elevated
Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\s[1].284405 Elevated
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\BMSZ3D8H\Ringtone_UK_300x250[1].swf High
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@tribalfusion[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@atdmt[2].txt Medium
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@media.fastclick[1].txt Low
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@mediaplex[1].txt Low
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@doubleclick[1].txt Low
eXact Advertising C:\Documents and Settings\Aasim\Cookies\aasim@trafficmp[1].txt Elevated
eXact Advertising C:\Documents and Settings\Aasim\Cookies\aasim@tmpad[1].txt Elevated
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@casalemedia[1].txt Low
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@fastclick[2].txt Low
Scan Results:
scan start: 4/2/2006 7:00:07 PM
scan stop: 4/2/2006 7:07:59 PM
scanned items: 64223
found items: 12
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner
Infection Name Location Risk
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie## High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache## High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache##0 High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache##1 High
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@as1.falkag[2].txt Medium
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@media.fastclick[1].txt Low
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@doubleclick[1].txt Low
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@casalemedia[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@questionmarket[1].txt Medium
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@fastclick[2].txt Low
Scan Results:
scan start: 4/3/2006 6:18:49 AM
scan stop: 4/3/2006 6:30:40 AM
scanned items: 87614
found items: 15
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner
Infection Name Location Risk
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie## High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache## High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache##0 High
Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache##1 High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\media96969[1].gif High
Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\UHLE36H4\PSS_04july[1].jpg Elevated
Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4TU705U3\index[1].htm Elevated
Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\pixy[1].gif Elevated
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@media.fastclick[1].txt Low
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@doubleclick[1].txt Low
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@casalemedia[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@questionmarket[1].txt Medium
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@fastclick[2].txt Low
n hijack thos log
Logfile of HijackThis v1.99.1
Scan saved at 6:37:27 AM, on 4/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwic.ac.uk/uwicnet/student
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Cheers!
Shud i dliad the lastest one?
|
|
Advertisement
|
|
|
|
Senior Member
|
3. April 2006 @ 03:23 |
Link to this message
|
Yes you should install the latest version because that is propably a false/positive. You can download the latest version from here -> http://www.majorgeeks.com/download4241.html
When you have installed that latest version and updated the signatures, scan again. If it still finds that "trojan", post the log to here.
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
|
|
aasimn
Junior Member
|
3. April 2006 @ 10:28 |
Link to this message
|
seems i got a new virus !
spyware doctor log
Scan Results:
scan start: 4/3/2006 5:49:01 PM
scan stop: 4/3/2006 6:39:24 PM
scanned items: 84140
found items: 38
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner
Infection Name Location Risk
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR## High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Data High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##LSTV High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Brnd High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##BSTV High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##MSLIST High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SSTV High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SCLIST High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SSLIST High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##PID High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Rid High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##LID High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##PSTV High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\ibar[1].js High
CWS C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4TU705U3\iframe[1].htm High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\ibar[1].css High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarhide[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\ibarbgon[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarshow[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\drsmartload_js[1].htm High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\P04N55SX\ibarbg[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\ibarhideon[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarinstall[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\ibarie[1].css High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\smart[1].swf High
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@tribalfusion[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@www.myaffiliateprogram[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@atdmt[2].txt Medium
Deskwizz C:\DR140306.exe Elevated
Adservice Scanner C:\WINDOWS\system32\AdService.bat High
SurfSideKick C:\WINDOWS\system32\bk.exe High
VCClient C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013671.exe High
I-Search Desktop Search Toolbar C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013951.vbs Elevated
PurityScan C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013953.exe High
Dollarrevenue C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013976.exe High
Yazzle Sudoku C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013981.exe High
PurityScan C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP179\A0014117.exe High
Other Sections:
HIJACKTHIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 7:25:51 PM, on 4/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Program Files\ewido anti-malware\securitysuite.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwic.ac.uk/uwicnet/student
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Ewido LOG
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 7:24:50 PM, 4/3/2006
+ Report-Checksum: 46AF1088
+ Scan result:
C:\Documents and Settings\Aasim\Cookies\aasim@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Aasim\Cookies\aasim@spylog[2].txt -> TrackingCookie.Spylog : Cleaned with backup
C:\Documents and Settings\Aasim\Cookies\aasim@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Aasim\Cookies\aasim@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup
::Report End
|
|
aasimn
Junior Member
|
3. April 2006 @ 21:43 |
Link to this message
|
|
MORE VIRUSES =(
can u give me a serial for spyware doctor 3.8 ?
Scan Results:
scan start: 4/3/2006 5:49:01 PM
scan stop: 4/3/2006 6:39:24 PM
scanned items: 84140
found items: 38
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner
Infection Name Location Risk
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR## High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Data High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##LSTV High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Brnd High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##BSTV High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##MSLIST High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SSTV High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SCLIST High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SSLIST High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##PID High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Rid High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##LID High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##PSTV High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\ibar[1].js High
CWS C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4TU705U3\iframe[1].htm High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\ibar[1].css High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarhide[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\ibarbgon[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarshow[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\drsmartload_js[1].htm High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\P04N55SX\ibarbg[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\ibarhideon[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarinstall[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\ibarie[1].css High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\smart[1].swf High
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@tribalfusion[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@www.myaffiliateprogram[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@atdmt[2].txt Medium
Deskwizz C:\DR140306.exe Elevated
Adservice Scanner C:\WINDOWS\system32\AdService.bat High
SurfSideKick C:\WINDOWS\system32\bk.exe High
VCClient C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013671.exe High
I-Search Desktop Search Toolbar C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013951.vbs Elevated
PurityScan C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013953.exe High
Dollarrevenue C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013976.exe High
Yazzle Sudoku C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013981.exe High
PurityScan C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP179\A0014117.exe High
Scan Results:
scan start: 4/3/2006 7:00:55 PM
scan stop: 4/3/2006 7:13:47 PM
scanned items: 60833
found items: 24
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner
Infection Name Location Risk
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR## High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Data High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##LSTV High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Brnd High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##BSTV High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##MSLIST High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SSTV High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SCLIST High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SSLIST High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##PID High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Rid High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##LID High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##PSTV High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\ibar[1].js High
Coulomb Dialer C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\243461[1].exe Elevated
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\smart[1].swf High
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@tribalfusion[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@www.myaffiliateprogram[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@atdmt[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@spylog[2].txt Medium
Deskwizz C:\DR140306.exe Elevated
Adservice Scanner C:\WINDOWS\system32\AdService.bat High
SurfSideKick C:\WINDOWS\system32\bk.exe High
Scan Results:
scan start: 4/3/2006 9:54:22 PM
scan stop: 4/3/2006 10:08:09 PM
scanned items: 89121
found items: 66
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner
Infection Name Location Risk
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR## High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Data High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##LSTV High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Brnd High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##BSTV High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##MSLIST High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SSTV High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SCLIST High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SSLIST High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##PID High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Rid High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##LID High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##PSTV High
CrackSpider C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\searchbg1[1].gif Medium
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\P04N55SX\left_h[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\ibar[1].js High
CWS C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\UHLE36H4\iframe[1].htm High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\ibar[1].css High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarhide[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\drsmartload_js[1].htm High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\ibarbgon[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarshow[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\drsmartload_js[1].htm High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\P04N55SX\ibarbg[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\drsmartload_js[1].htm High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\ibarhideon[1].gif High
Coulomb Dialer C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\243461[1].exe Elevated
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\BMSZ3D8H\phazeddl[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\strbtm[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarinstall[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4TU705U3\footer[1].gif High
CrackSpider C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\pixel[1].gif Medium
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\ibarie[1].css High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\text_bg[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4TU705U3\header[1].gif High
CrackSpider C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\search[1].gif Medium
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\navbar_news[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\text_bg_bott[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\smart[1].swf High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\left06[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\88x31_2[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\net002-1[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\UHLE36H4\120x160_1[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\468x60[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\P04N55SX\freepda[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\pixel[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\right_h[1].gif High
CrackSpider C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\BMSZ3D8H\submit[1].gif Medium
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@hotlog[2].txt Medium
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@media.fastclick[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@ehg-salesforce.hitbox[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@salesforce.122.2o7[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@hitbox[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@spylog[2].txt Medium
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@casalemedia[1].txt Low
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@fastclick[2].txt Low
Deskwizz C:\DR140306.exe Elevated
Adservice Scanner C:\WINDOWS\system32\AdService.bat High
SurfSideKick C:\WINDOWS\system32\bk.exe High
VCClient C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013671.exe High
I-Search Desktop Search Toolbar C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013951.vbs Elevated
PurityScan C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013953.exe High
Dollarrevenue C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013976.exe High
Yazzle Sudoku C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013981.exe High
PurityScan C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP179\A0014117.exe High
Scan Results:
scan start: 4/3/2006 10:09:22 PM
scan stop: 4/3/2006 10:12:10 PM
scanned items: 36107
found items: 60
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner
Infection Name Location Risk
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR## High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Data High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##LSTV High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Brnd High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##BSTV High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##MSLIST High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SSTV High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SCLIST High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SSLIST High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##PID High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Rid High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##LID High
Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##PSTV High
CrackSpider C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\searchbg1[1].gif Medium
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\P04N55SX\left_h[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\ibar[1].js High
CWS C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\UHLE36H4\iframe[1].htm High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\ibar[1].css High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarhide[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\drsmartload_js[1].htm High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\ibarbgon[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarshow[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\drsmartload_js[1].htm High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\P04N55SX\ibarbg[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\drsmartload_js[1].htm High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\ibarhideon[1].gif High
Coulomb Dialer C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\243461[1].exe Elevated
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\BMSZ3D8H\phazeddl[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\strbtm[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarinstall[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4TU705U3\footer[1].gif High
CrackSpider C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\pixel[1].gif Medium
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\ibarie[1].css High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\text_bg[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4TU705U3\header[1].gif High
CrackSpider C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\search[1].gif Medium
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\navbar_news[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\text_bg_bott[1].gif High
Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\smart[1].swf High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\left06[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\88x31_2[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\net002-1[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\UHLE36H4\120x160_1[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\468x60[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\P04N55SX\freepda[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\pixel[1].gif High
Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\right_h[1].gif High
CrackSpider C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\BMSZ3D8H\submit[1].gif Medium
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@hotlog[2].txt Medium
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@media.fastclick[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@ehg-salesforce.hitbox[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@salesforce.122.2o7[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@hitbox[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@spylog[2].txt Medium
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@casalemedia[1].txt Low
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@fastclick[2].txt Low
Deskwizz C:\DR140306.exe Elevated
Adservice Scanner C:\WINDOWS\system32\AdService.bat High
SurfSideKick C:\WINDOWS\system32\bk.exe High
Cheers !
|
Senior Member
|
3. April 2006 @ 23:41 |
Link to this message
|
Ok, lets clean the findings.
At first, update Ewido.
Cleaning instructions
1.Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
Do NOT run yet.
2.Disable your system restore:
-> Click Start > My Computer.
-> Click Properties.
-> On the System Restore tab, check Turn off System Restore.
-> Click Apply > click OK.
3. Restart your computer to the safe mode (Press F8 button when computer is starting and choose safe mode)
4.Make your hidden files visible:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Show hidden files and folders.
5. Delete these files
C:\-->DR140306.exe
C:\WINDOWS\system32\-->AdService.bat
C:\WINDOWS\system32\-->bk.exe
6. Run ATF Cleaner -> Check select all -> Press Empty selected
7.
Press Start
-> Run
-> Write this to the field: regedit
At first, you should take a backup of your registry:
-> (In regedit) select My Computer right-click it and press Export
-> Name it to RegBackup and save it to the C:\
Then go: (in regedit)
-> HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft ->
-> Search MSSMGR
-> Right-Click
-> Priviledges
-> Choose your current account and check -> Full Rights (or priviledges): Allow
-> Press Ok
-> Then delete MSSMGR
-> Close Regedit
8. Run a scan with Ewido, clean what it finds, save a log file.
9. Restart your computer normally.
10. Run a scan with Spyware Doctor again, save the logfile
11. Post Ewido's log, SpywareDoctor's log and a new HijackThis log to here.
12. Enable system restore and make the hidden files invisible again.
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
This message has been edited since posting. Last time this message was edited on 3. April 2006 @ 23:42
|
|
aasimn
Junior Member
|
4. April 2006 @ 20:49 |
Link to this message
|
hey
couldnt find
C:\WINDOWS\system32\-->AdService.bat
C:\WINDOWS\system32\-->bk.exe
by the way what does --> mean??
do u have spydoctor full version ... i cant seem to delete the virus as i just have the trial version
there was no findings in ewido's scan !
-------------------
Spyware doctor's log
Scans (basic information only):
Scan Results:
scan start: 4/5/2006 3:00:22 AM
scan stop: 4/5/2006 3:05:26 AM
scanned items: 66338
found items: 1
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner
Infection Name Location Risk
Adservice Scanner C:\WINDOWS\system32\AdService.bat High
Scan Results:
scan start: 4/5/2006 3:41:16 AM
scan stop: 4/5/2006 3:53:55 AM
scanned items: 77861
found items: 1
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner
Infection Name Location Risk
Adservice Scanner C:\WINDOWS\system32\AdService.bat High
Other Sections:
------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 5:35:49 AM, on 4/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwic.ac.uk/uwicnet/student
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
|
Senior Member
|
4. April 2006 @ 23:20 |
Link to this message
|
I don't have Spyware Doctor. We can clean the findings manually.
Download Killbox to your desktop -> http://www.downloads.subratam.org/KillBox.zip
Unzip it to your desktop.
Run Killbox.exe
-> Choose Delete on Reboot
-> Click All Files option.
Copy the following lines to your clipboard (choose text with your mouse, press CTRL+C or copy)
C:\DR140306.exe
C:\WINDOWS\system32\AdService.bat
C:\WINDOWS\system32\bk.exe
Then go back to Killbox
-> go to File
-> choose Paste from Clipboard
-> Click the red-white Delete File option.
-> Click Yes to Delete on Reboot question
-> Click OK to any PendingFileRenameOperations requests (and tell me if you get any of these!)
-> Restart your computer if Killbox won't do it.
(If you get this error when running Killbox: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid.", download Missingfilessetup.exe form here to your desktop and run the file, then try running killbox -> http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe)
Then run a scan with Spyware Doctor again, post the log to here and we'll see if you're clean.
PS. the arrow (-->) just points to the file
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
This message has been edited since posting. Last time this message was edited on 4. April 2006 @ 23:21
|
|
aasimn
Junior Member
|
5. April 2006 @ 08:27 |
Link to this message
|
These r the logs
Scan Results:
scan start: 4/5/2006 4:57:08 PM
scan stop: 4/5/2006 5:13:16 PM
scanned items: 79417
found items: 2
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner
Infection Name Location Risk
Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@as1.falkag[2].txt Medium
Advertising C:\Documents and Settings\Aasim\Cookies\aasim@media.fastclick[2].txt Low
Other Sections:
------------------------
Logfile of HijackThis v1.99.1
Scan saved at 5:25:19 PM, on 4/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwic.ac.uk/uwicnet/student
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
|
|
Advertisement
|
|
|
Senior Member
|
5. April 2006 @ 19:34 |
Link to this message
|
Ok, you're clean now, the findings of Spyware Doctor were just cookies. If you want to prevent cookies, install a hosts file -> http://www.mvps.org/winhelp2002/hosts.htm
Your Java is outdated, update your Java (instructions by blade81)
Quote:
Updating Java & cleaning cache
1. Click Start->Control panel and double-click Java icon (coffee cup)
2. Move to Update tab and update Java by clicking "Update Now". After that do a restart.
3. If you can't make automatic update, get new version manually from here:
http://www.java.com/en/download/manual.jsp
4. After restart go back to your Java settings thru control panel (Start->control panel->java).
5. Select Temporary Internet Files and click Delete Files.
6. Make sure that all these three are checked:
Downloaded Applets
Downloaded Applications
Other files
7. Click ok in Delete Temporary Internet Files window (Attention: This removes all loaded applications and applets from cache)
8. Click ok to close Java window.
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
|
|
