1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Access member area virus

Discussion in 'Windows - Virus and spyware problems' started by aasimn, Mar 25, 2006.

Page 2 of 2
  1. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok, you're welcome =)
     
    JaPK, Apr 1, 2006
    #21
  2. aasimn

    aasimn Member

    Joined:
    Mar 24, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    16
    M SORRY BUT SPYWARE DOCTOR SEEMS TO FIND TROJAN ALWAYS =S =S

    please help

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 8:06:44 PM, 4/1/2006
    + Report-Checksum: 2CF97F28

    + Scan result:

    C:\Documents and Settings\Aasim\Cookies\aasim@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Aasim\Cookies\aasim@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Aasim\Cookies\aasim@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Aasim\Cookies\aasim@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Aasim\Cookies\aasim@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Aasim\Cookies\aasim@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Aasim\Cookies\aasim@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Aasim\Cookies\aasim@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup


    ::Report End


    Logfile of HijackThis v1.99.1
    Scan saved at 8:09:06 PM, on 4/1/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\SPYWAR~1\swdoctor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
    C:\Program Files\ewido anti-malware\SecuritySuite.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwic.ac.uk/uwicnet/student
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


    HELP !
     
    aasimn, Apr 1, 2006
    #22
  3. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok, could you post the names and locations of those trojans.

    Ewido findings are just cookies and if you want to prevent them from coming to your pc, install a hostsfile -> http://www.mvps.org/winhelp2002/hosts.htm

    Your HijackThis log is clean.
     
    JaPK, Apr 1, 2006
    #23
  4. aasimn

    aasimn Member

    Joined:
    Mar 24, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    16
    this is the location !

    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie High
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie## High
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache High
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache## High
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache##0 High
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache##1 High
     
    aasimn, Apr 2, 2006
    #24
  5. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok, that might be a false positive.

    Are you using the latest Spyware Doctor software version (3.2.2.417 at the moment)? Have you updated the signature/definition file?

     
    Last edited: Apr 3, 2006
    JaPK, Apr 2, 2006
    #25
  6. aasimn

    aasimn Member

    Joined:
    Mar 24, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    16
    i got 3.2.159

    this the lastest spyware doctor result
    Scan Results:
    scan start: 3/31/2006 8:00:00 PM
    scan stop: 3/31/2006 8:49:48 PM
    scanned items: 76744
    found items: 14
    found and ignored: 0
    tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner



    Infection Name Location Risk
    Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\joke_fart_728x90[1].swf Elevated
    Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\pixy[1].gif Elevated
    Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\PSS_04july[1].jpg Elevated
    Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\300x250_rhyme_smileycentral[1].swf Elevated
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\media96505[1].gif High
    Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\index[1].htm Elevated
    Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\728x90_Coupon_xBox[1].swf Elevated
    Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\UHLE36H4\index[1].htm Elevated
    Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\casaleFlash[1].js Elevated
    Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\728x90_rhyme_smileycentral[1].swf Elevated
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@marksandspencer.122.2o7[1].txt Medium
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@media.fastclick[1].txt Low
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@casalemedia[2].txt Low
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@fastclick[2].txt Low

    Scan Results:
    scan start: 4/1/2006 7:00:07 PM
    scan stop: 4/1/2006 7:09:19 PM
    scanned items: 59600
    found items: 31
    found and ignored: 0
    tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner



    Infection Name Location Risk
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie High
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie## High
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache High
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache## High
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache##0 High
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache##1 High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\ringtonesUK_120x600[1].swf High
    Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\300x250_soccer[1].swf Elevated
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\300x250_just-cursors_en[1].swf High
    Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\casaleFlash[1].js Elevated
    Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\s[1].3621 Elevated
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\v4flash[1].js High
    Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\spideripod120x600w[1].swf Elevated
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\flash_728x90[1].swf High
    Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\P04N55SX\s[1].999846 Elevated
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\300x250_days_cursormania[1].swf High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4TU705U3\120x600_cursor3_aug8[1].swf High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\UHLE36H4\smiley_ad_120x600[1].swf High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\728X90_sc-cont_march02[1].swf High
    Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4TU705U3\s[1].330701 Elevated
    Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\s[1].284405 Elevated
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\BMSZ3D8H\Ringtone_UK_300x250[1].swf High
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@tribalfusion[1].txt Medium
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@atdmt[2].txt Medium
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@media.fastclick[1].txt Low
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@mediaplex[1].txt Low
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@doubleclick[1].txt Low
    eXact Advertising C:\Documents and Settings\Aasim\Cookies\aasim@trafficmp[1].txt Elevated
    eXact Advertising C:\Documents and Settings\Aasim\Cookies\aasim@tmpad[1].txt Elevated
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@casalemedia[1].txt Low
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@fastclick[2].txt Low

    Scan Results:
    scan start: 4/2/2006 7:00:07 PM
    scan stop: 4/2/2006 7:07:59 PM
    scanned items: 64223
    found items: 12
    found and ignored: 0
    tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner



    Infection Name Location Risk
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie High
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie## High
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache High
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache## High
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache##0 High
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache##1 High
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@as1.falkag[2].txt Medium
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@media.fastclick[1].txt Low
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@doubleclick[1].txt Low
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@casalemedia[1].txt Low
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@questionmarket[1].txt Medium
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@fastclick[2].txt Low

    Scan Results:
    scan start: 4/3/2006 6:18:49 AM
    scan stop: 4/3/2006 6:30:40 AM
    scanned items: 87614
    found items: 15
    found and ignored: 0
    tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner



    Infection Name Location Risk
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie High
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie## High
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache High
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache## High
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache##0 High
    Trojan.StartPage.GEN HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache##1 High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\media96969[1].gif High
    Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\UHLE36H4\PSS_04july[1].jpg Elevated
    Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4TU705U3\index[1].htm Elevated
    Affiliated with Browser Hijackers C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\pixy[1].gif Elevated
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@media.fastclick[1].txt Low
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@doubleclick[1].txt Low
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@casalemedia[1].txt Low
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@questionmarket[1].txt Medium
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@fastclick[2].txt Low



    n hijack thos log


    Logfile of HijackThis v1.99.1
    Scan saved at 6:37:27 AM, on 4/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\SPYWAR~1\swdoctor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Real\RealPlayer\realplay.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwic.ac.uk/uwicnet/student
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    Cheers!

    Shud i dliad the lastest one?

     
    aasimn, Apr 2, 2006
    #26
  7. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Yes you should install the latest version because that is propably a false/positive. You can download the latest version from here -> http://www.majorgeeks.com/download4241.html

    When you have installed that latest version and updated the signatures, scan again. If it still finds that "trojan", post the log to here.
     
    JaPK, Apr 3, 2006
    #27
  8. aasimn

    aasimn Member

    Joined:
    Mar 24, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    16
    seems i got a new virus !

    spyware doctor log

    Scan Results:
    scan start: 4/3/2006 5:49:01 PM
    scan stop: 4/3/2006 6:39:24 PM
    scanned items: 84140
    found items: 38
    found and ignored: 0
    tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



    Infection Name Location Risk
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR## High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Data High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##LSTV High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Brnd High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##BSTV High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##MSLIST High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SSTV High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SCLIST High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SSLIST High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##PID High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Rid High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##LID High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##PSTV High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\ibar[1].js High
    CWS C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4TU705U3\iframe[1].htm High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\ibar[1].css High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarhide[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\ibarbgon[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarshow[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\drsmartload_js[1].htm High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\P04N55SX\ibarbg[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\ibarhideon[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarinstall[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\ibarie[1].css High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\smart[1].swf High
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@tribalfusion[1].txt Medium
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@www.myaffiliateprogram[2].txt Medium
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@atdmt[2].txt Medium
    Deskwizz C:\DR140306.exe Elevated
    Adservice Scanner C:\WINDOWS\system32\AdService.bat High
    SurfSideKick C:\WINDOWS\system32\bk.exe High
    VCClient C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013671.exe High
    I-Search Desktop Search Toolbar C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013951.vbs Elevated
    PurityScan C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013953.exe High
    Dollarrevenue C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013976.exe High
    Yazzle Sudoku C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013981.exe High
    PurityScan C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP179\A0014117.exe High


    Other Sections:


    HIJACKTHIS LOG

    Logfile of HijackThis v1.99.1
    Scan saved at 7:25:51 PM, on 4/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\PROGRA~1\SPYWAR~1\swdoctor.exe
    C:\Program Files\Symantec AntiVirus\vpc32.exe
    C:\Program Files\ewido anti-malware\securitysuite.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwic.ac.uk/uwicnet/student
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    Ewido LOG

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 7:24:50 PM, 4/3/2006
    + Report-Checksum: 46AF1088

    + Scan result:

    C:\Documents and Settings\Aasim\Cookies\aasim@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Aasim\Cookies\aasim@spylog[2].txt -> TrackingCookie.Spylog : Cleaned with backup
    C:\Documents and Settings\Aasim\Cookies\aasim@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Aasim\Cookies\aasim@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup
    C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup
    C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup


    ::Report End
     
    aasimn, Apr 3, 2006
    #28
  9. aasimn

    aasimn Member

    Joined:
    Mar 24, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    16
    MORE VIRUSES =(

    can u give me a serial for spyware doctor 3.8 ?

    Scan Results:
    scan start: 4/3/2006 5:49:01 PM
    scan stop: 4/3/2006 6:39:24 PM
    scanned items: 84140
    found items: 38
    found and ignored: 0
    tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



    Infection Name Location Risk
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR## High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Data High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##LSTV High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Brnd High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##BSTV High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##MSLIST High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SSTV High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SCLIST High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SSLIST High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##PID High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Rid High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##LID High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##PSTV High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\ibar[1].js High
    CWS C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4TU705U3\iframe[1].htm High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\ibar[1].css High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarhide[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\ibarbgon[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarshow[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\drsmartload_js[1].htm High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\P04N55SX\ibarbg[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\ibarhideon[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarinstall[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\ibarie[1].css High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\smart[1].swf High
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@tribalfusion[1].txt Medium
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@www.myaffiliateprogram[2].txt Medium
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@atdmt[2].txt Medium
    Deskwizz C:\DR140306.exe Elevated
    Adservice Scanner C:\WINDOWS\system32\AdService.bat High
    SurfSideKick C:\WINDOWS\system32\bk.exe High
    VCClient C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013671.exe High
    I-Search Desktop Search Toolbar C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013951.vbs Elevated
    PurityScan C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013953.exe High
    Dollarrevenue C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013976.exe High
    Yazzle Sudoku C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013981.exe High
    PurityScan C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP179\A0014117.exe High

    Scan Results:
    scan start: 4/3/2006 7:00:55 PM
    scan stop: 4/3/2006 7:13:47 PM
    scanned items: 60833
    found items: 24
    found and ignored: 0
    tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



    Infection Name Location Risk
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR## High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Data High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##LSTV High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Brnd High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##BSTV High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##MSLIST High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SSTV High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SCLIST High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SSLIST High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##PID High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Rid High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##LID High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##PSTV High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\ibar[1].js High
    Coulomb Dialer C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\243461[1].exe Elevated
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\smart[1].swf High
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@tribalfusion[1].txt Medium
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@www.myaffiliateprogram[2].txt Medium
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@atdmt[2].txt Medium
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@spylog[2].txt Medium
    Deskwizz C:\DR140306.exe Elevated
    Adservice Scanner C:\WINDOWS\system32\AdService.bat High
    SurfSideKick C:\WINDOWS\system32\bk.exe High

    Scan Results:
    scan start: 4/3/2006 9:54:22 PM
    scan stop: 4/3/2006 10:08:09 PM
    scanned items: 89121
    found items: 66
    found and ignored: 0
    tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



    Infection Name Location Risk
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR## High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Data High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##LSTV High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Brnd High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##BSTV High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##MSLIST High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SSTV High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SCLIST High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SSLIST High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##PID High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Rid High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##LID High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##PSTV High
    CrackSpider C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\searchbg1[1].gif Medium
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\P04N55SX\left_h[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\ibar[1].js High
    CWS C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\UHLE36H4\iframe[1].htm High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\ibar[1].css High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarhide[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\drsmartload_js[1].htm High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\ibarbgon[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarshow[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\drsmartload_js[1].htm High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\P04N55SX\ibarbg[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\drsmartload_js[1].htm High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\ibarhideon[1].gif High
    Coulomb Dialer C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\243461[1].exe Elevated
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\BMSZ3D8H\phazeddl[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\strbtm[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarinstall[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4TU705U3\footer[1].gif High
    CrackSpider C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\pixel[1].gif Medium
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\ibarie[1].css High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\text_bg[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4TU705U3\header[1].gif High
    CrackSpider C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\search[1].gif Medium
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\navbar_news[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\text_bg_bott[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\smart[1].swf High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\left06[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\88x31_2[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\net002-1[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\UHLE36H4\120x160_1[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\468x60[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\P04N55SX\freepda[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\pixel[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\right_h[1].gif High
    CrackSpider C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\BMSZ3D8H\submit[1].gif Medium
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@hotlog[2].txt Medium
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@media.fastclick[1].txt Low
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@ehg-salesforce.hitbox[1].txt Medium
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@salesforce.122.2o7[1].txt Medium
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@hitbox[2].txt Medium
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@spylog[2].txt Medium
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@casalemedia[1].txt Low
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@fastclick[2].txt Low
    Deskwizz C:\DR140306.exe Elevated
    Adservice Scanner C:\WINDOWS\system32\AdService.bat High
    SurfSideKick C:\WINDOWS\system32\bk.exe High
    VCClient C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013671.exe High
    I-Search Desktop Search Toolbar C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013951.vbs Elevated
    PurityScan C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013953.exe High
    Dollarrevenue C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013976.exe High
    Yazzle Sudoku C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP175\A0013981.exe High
    PurityScan C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP179\A0014117.exe High

    Scan Results:
    scan start: 4/3/2006 10:09:22 PM
    scan stop: 4/3/2006 10:12:10 PM
    scanned items: 36107
    found items: 60
    found and ignored: 0
    tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



    Infection Name Location Risk
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR## High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Data High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##LSTV High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Brnd High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##BSTV High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##MSLIST High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SSTV High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SCLIST High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##SSLIST High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##PID High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##Rid High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##LID High
    Adservice Scanner HKLM\SOFTWARE\Microsoft\MSSMGR##PSTV High
    CrackSpider C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\searchbg1[1].gif Medium
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\P04N55SX\left_h[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\ibar[1].js High
    CWS C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\UHLE36H4\iframe[1].htm High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\ibar[1].css High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarhide[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\drsmartload_js[1].htm High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\ibarbgon[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarshow[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\drsmartload_js[1].htm High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\P04N55SX\ibarbg[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\drsmartload_js[1].htm High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\ibarhideon[1].gif High
    Coulomb Dialer C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\243461[1].exe Elevated
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\BMSZ3D8H\phazeddl[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O5I7SXY3\strbtm[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\ibarinstall[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4TU705U3\footer[1].gif High
    CrackSpider C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\pixel[1].gif Medium
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\ibarie[1].css High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\8DQ70LM3\text_bg[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4TU705U3\header[1].gif High
    CrackSpider C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\search[1].gif Medium
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\navbar_news[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\text_bg_bott[1].gif High
    Dollarrevenue C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\4ZXRAQZ1\smart[1].swf High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\left06[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\O9UF4PE7\88x31_2[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\TZZ7TPSE\net002-1[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\UHLE36H4\120x160_1[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\825P0TGJ\468x60[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\P04N55SX\freepda[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\7AIR81VW\pixel[1].gif High
    Known Bad Sites C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\SPUFS5I3\right_h[1].gif High
    CrackSpider C:\Documents and Settings\Aasim\Local Settings\Temporary Internet Files\Content.IE5\BMSZ3D8H\submit[1].gif Medium
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@hotlog[2].txt Medium
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@media.fastclick[1].txt Low
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@ehg-salesforce.hitbox[1].txt Medium
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@salesforce.122.2o7[1].txt Medium
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@hitbox[2].txt Medium
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@spylog[2].txt Medium
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@casalemedia[1].txt Low
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@fastclick[2].txt Low
    Deskwizz C:\DR140306.exe Elevated
    Adservice Scanner C:\WINDOWS\system32\AdService.bat High
    SurfSideKick C:\WINDOWS\system32\bk.exe High

    Cheers !
     
    aasimn, Apr 3, 2006
    #29
  10. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok, lets clean the findings.

    At first, update Ewido.

    Cleaning instructions

    1.Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
    Do NOT run yet.

    2.Disable your system restore:
    -> Click Start > My Computer.
    -> Click Properties.
    -> On the System Restore tab, check Turn off System Restore.
    -> Click Apply > click OK.

    3. Restart your computer to the safe mode (Press F8 button when computer is starting and choose safe mode)

    4.Make your hidden files visible:
    ->On the Tools menu in Windows Explorer, click Folder Options.
    ->Click the View tab.
    ->Under Hidden files and folders, click Show hidden files and folders.

    5. Delete these files
    C:\-->DR140306.exe
    C:\WINDOWS\system32\-->AdService.bat
    C:\WINDOWS\system32\-->bk.exe

    6. Run ATF Cleaner -> Check select all -> Press Empty selected

    7.
    Press Start
    -> Run
    -> Write this to the field: regedit

    At first, you should take a backup of your registry:
    -> (In regedit) select My Computer right-click it and press Export
    -> Name it to RegBackup and save it to the C:\

    Then go: (in regedit)
    -> HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft ->
    -> Search MSSMGR
    -> Right-Click
    -> Priviledges
    -> Choose your current account and check -> Full Rights (or priviledges): Allow
    -> Press Ok
    -> Then delete MSSMGR
    -> Close Regedit

    8. Run a scan with Ewido, clean what it finds, save a log file.

    9. Restart your computer normally.

    10. Run a scan with Spyware Doctor again, save the logfile

    11. Post Ewido's log, SpywareDoctor's log and a new HijackThis log to here.

    12. Enable system restore and make the hidden files invisible again.
     
    Last edited: Apr 3, 2006
    JaPK, Apr 3, 2006
    #30
  11. aasimn

    aasimn Member

    Joined:
    Mar 24, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    16
    hey
    couldnt find
    C:\WINDOWS\system32\-->AdService.bat
    C:\WINDOWS\system32\-->bk.exe
    by the way what does --> mean??

    do u have spydoctor full version ... i cant seem to delete the virus as i just have the trial version

    there was no findings in ewido's scan !
    -------------------
    Spyware doctor's log

    Scans (basic information only):

    Scan Results:
    scan start: 4/5/2006 3:00:22 AM
    scan stop: 4/5/2006 3:05:26 AM
    scanned items: 66338
    found items: 1
    found and ignored: 0
    tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



    Infection Name Location Risk
    Adservice Scanner C:\WINDOWS\system32\AdService.bat High

    Scan Results:
    scan start: 4/5/2006 3:41:16 AM
    scan stop: 4/5/2006 3:53:55 AM
    scanned items: 77861
    found items: 1
    found and ignored: 0
    tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



    Infection Name Location Risk
    Adservice Scanner C:\WINDOWS\system32\AdService.bat High


    Other Sections:


    ------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 5:35:49 AM, on 4/5/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\PROGRA~1\SPYWAR~1\swdoctor.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwic.ac.uk/uwicnet/student
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

     
    aasimn, Apr 4, 2006
    #31
  12. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    I don't have Spyware Doctor. We can clean the findings manually.


    Download Killbox to your desktop -> http://www.downloads.subratam.org/KillBox.zip
    Unzip it to your desktop.

    Run Killbox.exe
    -> Choose Delete on Reboot
    -> Click All Files option.

    Copy the following lines to your clipboard (choose text with your mouse, press CTRL+C or copy)

    C:\DR140306.exe
    C:\WINDOWS\system32\AdService.bat
    C:\WINDOWS\system32\bk.exe


    Then go back to Killbox
    -> go to File
    -> choose Paste from Clipboard
    -> Click the red-white Delete File option.
    -> Click Yes to Delete on Reboot question
    -> Click OK to any PendingFileRenameOperations requests (and tell me if you get any of these!)
    -> Restart your computer if Killbox won't do it.

    (If you get this error when running Killbox: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid.", download Missingfilessetup.exe form here to your desktop and run the file, then try running killbox -> http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe)

    Then run a scan with Spyware Doctor again, post the log to here and we'll see if you're clean.

    PS. the arrow (-->) just points to the file
     
    Last edited: Apr 4, 2006
    JaPK, Apr 4, 2006
    #32
  13. aasimn

    aasimn Member

    Joined:
    Mar 24, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    16
    These r the logs


    Scan Results:
    scan start: 4/5/2006 4:57:08 PM
    scan stop: 4/5/2006 5:13:16 PM
    scanned items: 79417
    found items: 2
    found and ignored: 0
    tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



    Infection Name Location Risk
    Tracking Cookie(s) C:\Documents and Settings\Aasim\Cookies\aasim@as1.falkag[2].txt Medium
    Advertising C:\Documents and Settings\Aasim\Cookies\aasim@media.fastclick[2].txt Low


    Other Sections:



    ------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 5:25:19 PM, on 4/5/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\SPYWAR~1\swdoctor.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwic.ac.uk/uwicnet/student
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

     
    aasimn, Apr 5, 2006
    #33
  14. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok, you're clean now, the findings of Spyware Doctor were just cookies. If you want to prevent cookies, install a hosts file -> http://www.mvps.org/winhelp2002/hosts.htm

    Your Java is outdated, update your Java (instructions by blade81)

     
    JaPK, Apr 5, 2006
    #34
Page 2 of 2

Share This Page