My cable Internet is running very slow [CLOSED] |
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
  |
 Aug 21 2005, 03:27 PM
Post
#1
|
|
|
New Member  Posts: 5 OS: XP  |
ive had a bunch of spyware/adware on my computer.. i got rid of most of it with spyware doctor. everything was fine then suddenly my internet started running way too slow, it takes too long to load the pages. also, ive been having an error on my internet explorer and i just couldnt fix it, and this was before i had spyware on my computer.. so i started using firefox, but the error messages still keep popping up on the internet explorer.. i dont know if that has anything to do with it. anyway, heres my log from hijackthis.. thanks Logfile of HijackThis v1.99.1 Scan saved at 2:18:48 PM, on 8/21/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\WINDOWS\system32\netdde.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\explorer.exe C:\WINDOWS\System32\msdtc.exe C:\windows\sp2update.exe C:\WINDOWS\System32\AIMToday.exe C:\WINDOWS\System32\winusers.exe C:\WINDOWS\System32\msuexe.exe C:\WINDOWS\System32\up2dat5.exe C:\WINDOWS\etb\pokapoka63.exe C:\Program Files\DIGStream\digstream.exe C:\WINDOWS\System32\msvss.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\tbkwrzdd.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\PROGRA~1\AIM95\aim.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\d?xplore.exe C:\WINDOWS\System32\mqsvc.exe C:\WINDOWS\System32\mqtgsvc.exe C:\Program Files\stut\cptr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\DOCUMENTS AND SETTINGS\DAVID1\DESKTOP\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://public.windupdates.com/pop_under.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\00jpagxz.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\00jpagxz.slt\prefs.js) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - C:\DOCUME~1\David1\LOCALS~1\Temp\hoo52.tmp O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\System32\sfg.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s O4 - HKLM\..\Run: [REGRUN32] C:\explorer.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [msresearch] C:\WINDOWS\msresearch.exe O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update.exe O4 - HKLM\..\Run: [AOL Instant Messenger Today] AIMToday.exe O4 - HKLM\..\Run: [Iwgwcvsk] C:\Program Files\Kothb\Kzng.exe O4 - HKLM\..\Run: [Microsoft Update Loaders 2005] winusers.exe O4 - HKLM\..\Run: [REGRUN] C:\freexxx.exe O4 - HKLM\..\Run: [Microsoft Update Executer] msuexe.exe O4 - HKLM\..\Run: [bti7u5n2] C:\WINDOWS\System32\bti7u5n2.exe O4 - HKLM\..\Run: [Microsoft Update] up2dat5.exe O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [msvss] msvss.exe O4 - HKLM\..\Run: [Winddows XP Patch] tbkwrzdd.exe O4 - HKLM\..\RunServices: [AOL Instant Messenger Today] AIMToday.exe O4 - HKLM\..\RunServices: [Microsoft Update Loaders 2005] winusers.exe O4 - HKLM\..\RunServices: [Microsoft Update Executer] msuexe.exe O4 - HKLM\..\RunServices: [Microsoft Update] up2dat5.exe O4 - HKLM\..\RunServices: [msvss] msvss.exe O4 - HKLM\..\RunServices: [Winddows XP Patch] tbkwrzdd.exe O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [msvss] msvss.exe O4 - HKCU\..\Run: [Goti] C:\WINDOWS\System32\d?xplore.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [Csra] C:\Program Files\stut\cptr.exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O23 - Service: Acrobat Reader Update - Unknown owner - C:\WINDOWS\acrobat32.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) |
 |
 
|
|
Aug 22 2005, 05:51 AM
Post
#2
|
|
 Malware Expert  Posts: 5,018 From: Belgium OS: XP Home, XP Pro, Vista 
|
Hello,
Nice collection you have here, so we need to perform this in different steps: Download next: http://users.pandora.be/bluepatchy/LQfix.exe and place it on your desktop. Doubleclick LQfix.exe and click install. This will create a new folder called LQfix on your desktop. Open the folder and doubleclick ClickThis.bat Follow the prompts on the screen. Your system will reboot afterwards. Please be patient after reboot, because there is a script running in the background and that's why it can take a while. When done, reinstall your AVG again because it seems like you deleted it. Update your AVG and let it perform a full scan and delete everything it is finding, because your system is full of worms, trojans and viruses. Reboot and post a new hijackthislog. |
|
|
|
|
Aug 22 2005, 12:37 PM
Post
#3
|
|
|
New Member Posts: 5 OS: XP |
hi
i followed ure instructions, and avg found one trojan and fixed it. here goes the hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 11:34:21 AM, on 8/22/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\explorer.exe C:\WINDOWS\System32\AIMToday.exe C:\WINDOWS\System32\winusers.exe C:\WINDOWS\System32\msuexe.exe C:\WINDOWS\System32\up2dat5.exe C:\WINDOWS\System32\msvss.exe C:\WINDOWS\System32\tbkwrzdd.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\windows\sp2update.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\sstray.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\DIGStream\digstream.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe C:\WINDOWS\System32\devldr32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE C:\WINDOWS\System32\wintrust.exe C:\WINDOWS\System32\winproc.exe C:\Program Files\AIM95\aim.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\netdde.exe C:\WINDOWS\System32\d?xplore.exe C:\Program Files\stut\cptr.exe C:\Program Files\ATI Multimedia\main\ATISched.EXE C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\System32\msdtc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\mqsvc.exe C:\WINDOWS\System32\mqtgsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cmd.exe C:\PROGRA~1\MOZILL~1\firefox.exe C:\Documents and Settings\David1\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://public.windupdates.com/pop_under.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\00jpagxz.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\00jpagxz.slt\prefs.js) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - C:\DOCUME~1\David1\LOCALS~1\Temp\hoo52.tmp O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\System32\sfg.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [REGRUN32] C:\explorer.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [msresearch] C:\WINDOWS\msresearch.exe O4 - HKLM\..\Run: [AOL Instant Messenger Today] AIMToday.exe O4 - HKLM\..\Run: [Iwgwcvsk] C:\Program Files\Kothb\Kzng.exe O4 - HKLM\..\Run: [Microsoft Update Loaders 2005] winusers.exe O4 - HKLM\..\Run: [REGRUN] C:\freexxx.exe O4 - HKLM\..\Run: [Microsoft Update Executer] msuexe.exe O4 - HKLM\..\Run: [bti7u5n2] C:\WINDOWS\System32\bti7u5n2.exe O4 - HKLM\..\Run: [Microsoft Update] up2dat5.exe O4 - HKLM\..\Run: [msvss] msvss.exe O4 - HKLM\..\Run: [Winddows XP Patch] tbkwrzdd.exe O4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\Windows Registry Repair Pro.exe -X O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [wiesrh] C:\WINDOWS\System32\nzrpql.exe O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe O4 - HKLM\..\Run: [Wast] C:\WINDOWS\Wast2.exe 2 O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [taskmngr] C:\progra~1\common~1\Updates\msnve.exe C:\progra~1\common~1\Updates\task.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update.exe O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg.dll" O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AutoUpdater] C:\PROGRA~1\AUTOUP~1\AUTOUP~1.EXE O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKLM\..\Run: [20d6889dbeb6] C:\WINDOWS\System32\wintrust.exe O4 - HKLM\..\Run: [Windows Process Manager] winproc.exe O4 - HKLM\..\RunServices: [AOL Instant Messenger Today] AIMToday.exe O4 - HKLM\..\RunServices: [Microsoft Update Loaders 2005] winusers.exe O4 - HKLM\..\RunServices: [Microsoft Update Executer] msuexe.exe O4 - HKLM\..\RunServices: [Microsoft Update] up2dat5.exe O4 - HKLM\..\RunServices: [msvss] msvss.exe O4 - HKLM\..\RunServices: [Winddows XP Patch] tbkwrzdd.exe O4 - HKLM\..\RunServices: [Windows Process Manager] winproc.exe O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [msvss] msvss.exe O4 - HKCU\..\Run: [Goti] C:\WINDOWS\System32\d?xplore.exe O4 - HKCU\..\Run: [Csra] C:\Program Files\stut\cptr.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg.dll" O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O23 - Service: Acrobat Reader Update - Unknown owner - C:\WINDOWS\acrobat32.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) |
|
|
|
|
Aug 22 2005, 12:54 PM
Post
#4
|
|
|
Malware Expert Posts: 5,018 From: Belgium OS: XP Home, XP Pro, Vista
|
Hello,
Hmm, odd that AVG only found one item... Did you update it before the scan? Anyway, we'll try an onlinescanner afterwards. It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then. It is also important you don't miss a step and perform everything in the right order!! * Please download the trial version of Ewido Security Suite here: http://www.ewido.net/en/download/ Please read Ewido Setup Instructions Install it, and update the definitions to the newest files. Do NOT run a scan yet. * Download and install CCleaner Do not use it yet. * Please set your system to show all files; please see here if you're unsure how to do this. Place a shortcut to Panda ActiveScan on your desktop. If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates: Ad-Aware SE Setup Don't run it yet! * Reboot into Safe Mode`: ( without networking support !) °To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key. * Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://public.windupdates.com/pop_under.php R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - C:\DOCUME~1\David1\LOCALS~1\Temp\hoo52.tmp O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\System32\sfg.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [msresearch] C:\WINDOWS\msresearch.exe O4 - HKLM\..\Run: [AOL Instant Messenger Today] AIMToday.exe O4 - HKLM\..\Run: [Iwgwcvsk] C:\Program Files\Kothb\Kzng.exe O4 - HKLM\..\Run: [Microsoft Update Loaders 2005] winusers.exe O4 - HKLM\..\Run: [REGRUN] C:\freexxx.exe O4 - HKLM\..\Run: [Microsoft Update Executer] msuexe.exe O4 - HKLM\..\Run: [bti7u5n2] C:\WINDOWS\System32\bti7u5n2.exe O4 - HKLM\..\Run: [Microsoft Update] up2dat5.exe O4 - HKLM\..\Run: [msvss] msvss.exe O4 - HKLM\..\Run: [Winddows XP Patch] tbkwrzdd.exe O4 - HKLM\..\Run: [wiesrh] C:\WINDOWS\System32\nzrpql.exe O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe O4 - HKLM\..\Run: [Wast] C:\WINDOWS\Wast2.exe 2 O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [taskmngr] C:\progra~1\common~1\Updates\msnve.exe C:\progra~1\common~1\Updates\task.exe O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update.exe O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg.dll" O4 - HKLM\..\Run: [AutoUpdater] C:\PROGRA~1\AUTOUP~1\AUTOUP~1.EXE O4 - HKLM\..\Run: [20d6889dbeb6] C:\WINDOWS\System32\wintrust.exe O4 - HKLM\..\Run: [Windows Process Manager] winproc.exe O4 - HKLM\..\RunServices: [AOL Instant Messenger Today] AIMToday.exe O4 - HKLM\..\RunServices: [Microsoft Update Loaders 2005] winusers.exe O4 - HKLM\..\RunServices: [Microsoft Update Executer] msuexe.exe O4 - HKLM\..\RunServices: [Microsoft Update] up2dat5.exe O4 - HKLM\..\RunServices: [msvss] msvss.exe O4 - HKLM\..\RunServices: [Winddows XP Patch] tbkwrzdd.exe O4 - HKLM\..\RunServices: [Windows Process Manager] winproc.exe O4 - HKCU\..\Run: [msvss] msvss.exe O4 - HKCU\..\Run: [Goti] C:\WINDOWS\System32\d?xplore.exe O4 - HKCU\..\Run: [Csra] C:\Program Files\stut\cptr.exe O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg.dll" O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O23 - Service: Acrobat Reader Update - Unknown owner - C:\WINDOWS\acrobat32.exe * Click on Fix Checked when finished and exit HijackThis. * Using Windows Explorer, locate the following files/folders, and delete them if still present: C:\explorer.exe <== DON'T try to delete explorer.exe present in your Windows-folder!! C:\WINDOWS\System32\AIMToday.exe C:\WINDOWS\System32\winusers.exe C:\WINDOWS\System32\msuexe.exe C:\WINDOWS\System32\up2dat5.exe C:\WINDOWS\System32\msvss.exe C:\WINDOWS\System32\tbkwrzdd.exe C:\windows\sp2update.exe C:\WINDOWS\System32\wintrust.exe C:\WINDOWS\System32\winproc.exe C:\Program Files\stut <== folder C:\WINDOWS\msresearch.exe C:\Program Files\Kothb <== folder C:\freexxx.exe C:\WINDOWS\System32\nzrpql.exe C:\PROGRAM FILES\Save <== folder C:\WINDOWS\Wast2.exe C:\WINDOWS\System32\sfg.dll C:\Program Files\AUTOUPDATE <== folder C:\Program Files\ezula <== folder C:\WINDOWS\acrobat32.exe * Still in safe mode Start Ccleaner click "Options", click the "Advanced" tab Uncheck: "Only delete files older than 48 hrs.", click Ok Click "Cleaner" and click Run Cleaner (bottom right) * Open Ad-aware and do a full scan. Remove all it finds. Now open Ewido Security Suite Click on scanner * Click Complete System Scan and the scan will begin. * During the scan it will prompt you to clean files, click OK * When the scan is finished, look at the bottom of the screen and click the Save report button. * Save the report to your desktop Close Ewido Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Save the scan log and post it along with a new HijackThis Log, and the Ewido Log by using Add Reply. Let us know if any problems persist. |
|
|
|
|
Aug 22 2005, 11:14 PM
Post
#5
|
|
|
New Member Posts: 5 OS: XP |
thank u very much, all my problems are fixed =) u guys are great, keep up the good work! here go the logs: Logfile of HijackThis v1.99.1 Scan saved at 10:12:32 PM, on 8/22/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\WINDOWS\System32\msdtc.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\mqsvc.exe C:\WINDOWS\System32\mqtgsvc.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\sstray.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\DIGStream\digstream.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE C:\Program Files\AIM95\aim.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\ATI Multimedia\main\ATISched.EXE C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\SPYWAR~1\swdoctor.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\David1\Desktop\HijackThis.exe N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\00jpagxz.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\00jpagxz.slt\prefs.js) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [REGRUN32] C:\explorer.exe O4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\Windows Registry Repair Pro.exe -X O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) Ad-Aware SE Build 1.06r1 Logfile Created on:Monday, August 22, 2005 7:01:16 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R62 17.08.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Alexa(TAC index:5):3 total references Ebates MoneyMaker(TAC index:4):3 total references MRU List(TAC index:0):29 total references SahAgent(TAC index:9):10 total references Tracking Cookie(TAC index:3):69 total references Windows(TAC index:3):1 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 8-22-2005 7:01:16 PM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\David1\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\David1\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-1292428093-1592454029-839522115-1003\software\microsoft\clipart gallery\2.0\mrudescription Description : most recently used description in microsoft clipart gallery MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : S-1-5-21-1292428093-1592454029-839522115-1003\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : S-1-5-21-1292428093-1592454029-839522115-1003\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-1292428093-1592454029-839522115-1003\software\microsoft\mediaplayer\preferences Description : last cd record path used in microsoft windows media player MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1292428093-1592454029-839522115-1003\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\save as\file name mru Description : list of recent documents saved by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1292428093-1592454029-839522115-1003\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru Description : list of recent documents opened by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1292428093-1592454029-839522115-1003\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1292428093-1592454029-839522115-1003\software\microsoft\office\9.0\powerpoint\recent file list Description : list of recent files used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1292428093-1592454029-839522115-1003\software\microsoft\office\9.0\powerpoint\recentfolderlist Description : list of recent folders used by microsoft powerpoint MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : software\musicmatch Description : download location of the musicmatch installer MRU List Object Recognized! Location: : software\musicmatch\musicmatch jukebox\4.0\fileconv Description : file conversion location settings in musicmatch jukebox MRU List Object Recognized! Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio Description : information on the last station listened to using musicmatch radio MRU List Object Recognized! Location: : S-1-5-21-1292428093-1592454029-839522115-1003\software\nvidia corporation\global\nview\windowmanagement Description : nvidia nview cached application window positions MRU List Object Recognized! Location: : S-1-5-21-1292428093-1592454029-839522115-1003\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : S-1-5-21-1292428093-1592454029-839522115-1003\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : S-1-5-21-1292428093-1592454029-839522115-1003\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1292428093-1592454029-839522115-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 144 ThreadCreationTime : 8-23-2005 1:46:13 AM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 196 ThreadCreationTime : 8-23-2005 1:46:22 AM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 220 ThreadCreationTime : 8-23-2005 1:46:23 AM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 264 ThreadCreationTime : 8-23-2005 1:46:26 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 276 ThreadCreationTime : 8-23-2005 1:46:26 AM BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 428 ThreadCreationTime : 8-23-2005 1:46:28 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 452 ThreadCreationTime : 8-23-2005 1:46:28 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 688 ThreadCreationTime : 8-23-2005 1:46:35 AM BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:9 [notepad.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1132 ThreadCreationTime : 8-23-2005 1:57:16 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Notepad InternalName : Notepad LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : NOTEPAD.EXE #:10 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1288 ThreadCreationTime : 8-23-2005 2:00:58 AM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 29 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ebates MoneyMaker Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ebateswebsavingsdr0.xml Ebates MoneyMaker Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ebateswebsavingsdr0.xml Value : DisplayName Ebates MoneyMaker Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ebateswebsavingsdr0.xml Value : UninstallString Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-21-1292428093-1592454029-839522115-1003\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Windows Object Recognized! Type : RegData Data : "regedit.exe" "%1" TAC Rating : 3 Category : Vulnerability Comment : Possible virus infection, REG file extension compromised Rootkey : HKEY_CLASSES_ROOT Object : regfile\shell\open\command Value : Data : "regedit.exe" "%1" Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 7 Objects found so far: 36 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 36 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@promo.match[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@promo.match[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@cgi-bin[11].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@cgi-bin[11].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@hg1.hitbox[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@hg1.hitbox[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@questionmarket[3].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@questionmarket[3].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@247realmedia[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@247realmedia[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@excite[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@excite[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@z1.adserver[4].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@z1.adserver[4].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@ehg-ati.hitbox[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@ehg-ati.hitbox[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@citi.bridgetrack[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@citi.bridgetrack[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@as-us.falkag[3].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@as-us.falkag[3].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@perf.overture[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@perf.overture[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@serving-sys[3].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@serving-sys[3].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@statcounter[4].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@statcounter[4].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@centrport[3].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@centrport[3].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@mediaplex[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@mediaplex[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@a.as-us.falkag[3].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@a.as-us.falkag[3].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@findwhat[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@findwhat[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@overture[3].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@overture[3].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@xxxcounter[3].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@xxxcounter[3].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@casalemedia[4].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@casalemedia[4].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@revenue[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@revenue[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@edge.ru4[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@edge.ru4[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@realmedia[4].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@realmedia[4].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@cs.sexcounter[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@cs.sexcounter[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@counter15.sextracker[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@counter15.sextracker[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@paycounter[4].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@paycounter[4].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@counter3.sextracker[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@counter3.sextracker[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@counter11.sextracker[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@counter11.sextracker[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@counter10.sextracker[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@counter10.sextracker[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@clickagents[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@clickagents[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@landing.domainsponsor[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@landing.domainsponsor[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@tickle[4].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@tickle[4].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@sextracker[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@sextracker[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@cgi-bin[12].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@cgi-bin[12].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@servedby.advertising[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@servedby.advertising[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@ehg-inforspaceinc.hitbox[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@ehg-inforspaceinc.hitbox[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@adrevolver[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@adrevolver[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@counter9.sextracker[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@counter9.sextracker[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@trafficmp[3].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@trafficmp[3].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@xxxtoolbar[3].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@xxxtoolbar[3].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@apmebf[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@apmebf[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@real[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@real[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@ehg-autodesk.hitbox[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@ehg-autodesk.hitbox[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@ww3.shoshkeles[3].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cookies\david1@ww3.shoshkeles[3].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : david1@ads.pointroll[4].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\David1\Cook |