Thank you
Lop.BG
Started by
sassybrat
, Mar 25 2007 11:52 AM
#1
Posted 25 March 2007 - 11:52 AM
Thank you
#2
Posted 25 March 2007 - 01:04 PM
Hi:
Please go to the Malware section of this forum and read the pinned instructions. Once you have followed the guidelines there, which should help you to remove most of the Malware and you still have the problem, they'll ask you to post a HiJackThis log in that forum. Post back here only if asked to do so by the Malware experts.
Good luck.
Ron
Please go to the Malware section of this forum and read the pinned instructions. Once you have followed the guidelines there, which should help you to remove most of the Malware and you still have the problem, they'll ask you to post a HiJackThis log in that forum. Post back here only if asked to do so by the Malware experts.
Good luck.
Ron
#3
Posted 25 March 2007 - 03:54 PM
SUPERAntiSpyware Scan Log
Generated 03/25/2007 at 04:31 PM
Application Version : 3.6.1000
Core Rules Database Version : 3206
Trace Rules Database Version: 1216
Scan type : Complete Scan
Total Scan Time : 01:04:02
Memory items scanned : 206
Memory threats detected : 0
Registry items scanned : 2714
Registry threats detected : 1
File items scanned : 13600
File threats detected : 135
Adware.Tracking Cookie
C:\WINDOWS\Cookies\b [email protected][1].txt
C:\WINDOWS\Cookies\b taylor@1071712319[1].txt
C:\WINDOWS\Cookies\b taylor@2o7[1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@sexhound[1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@speedyclick[2].txt
c:\WINDOWS\Cookies\b taylor@sexhound[2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@bannerspace[2].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][3].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][3].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@ad-up[2].txt
c:\WINDOWS\Cookies\b taylor@uniquemedia[1].txt
c:\WINDOWS\Cookies\b taylor@atwola[1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@track4[1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@windowsmedia[2].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][3].txt
c:\WINDOWS\Cookies\b taylor@speedyclick[1].txt
c:\WINDOWS\Cookies\b taylor@clicktrade[1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@clearbluemedia[1].txt
c:\WINDOWS\Cookies\b taylor@bannerspace[1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@macromedia[2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@pennyweb[2].txt
c:\WINDOWS\Cookies\b taylor@clickthru[1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@superstats[2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][3].txt
c:\WINDOWS\Cookies\b taylor@track-star[2].txt
c:\WINDOWS\Cookies\b [email protected][4].txt
c:\WINDOWS\Cookies\b taylor@superstats[3].txt
c:\WINDOWS\Cookies\b taylor@track-star[3].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@exitexchange[2].txt
c:\WINDOWS\Cookies\b taylor@starware[2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][5].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@media[2].txt
c:\WINDOWS\Cookies\b taylor@pennyweb[1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@media[3].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][6].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][4].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@superstats[1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][4].txt
c:\WINDOWS\Cookies\b taylor@click-fr[1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@ietracking[2].txt
c:\WINDOWS\Cookies\b taylor@counter[1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@exitexchange[3].txt
c:\WINDOWS\Cookies\b [email protected][3].txt
c:\WINDOWS\Cookies\b [email protected][3].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@pennyweb[3].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@adcentriconline[2].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@media[4].txt
c:\WINDOWS\Cookies\b taylor@websponsors[1].txt
c:\WINDOWS\Cookies\b taylor@interclick[2].txt
c:\WINDOWS\Cookies\b taylor@burstnet[2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@firecrackerdesignsbypamela[1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@easy-hit-counters[1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@belnk[1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@burstnet[3].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][3].txt
c:\WINDOWS\Cookies\b taylor@adcentriconline[1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@azoogleads[2].txt
c:\WINDOWS\Cookies\b taylor@adecn[1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@directtrack[2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@burstnet[4].txt
c:\WINDOWS\Cookies\b [email protected][4].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@easy-hit-counters[2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][3].txt
c:\WINDOWS\Cookies\b taylor@focalex[2].txt
c:\WINDOWS\Cookies\b [email protected][3].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
Malware.SpywareBot
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#spywarebot [ C:\PROGRAM FILES\SPYWAREBOT\SpywareBot.exe -boot ]
Adware.TrustInCash
C:\WINDOWS\ADULT.ICO
C:\WINDOWS\CASINO.ICO
C:\WINDOWS\SPYWAREREMOVAL.ICO
Adware.Unknown Origin
C:\WINDOWS\SHOPPING.ICO
Incident Status Location
Adware:adware/searchexe Not disinfected Windows Registry
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\Downloaded Program Files\pinstall.dll
Spyware:Cookie/Ccbill Not disinfected C:\WINDOWS\Cookies\b taylor@ccbill[1].txt
Spyware:Cookie/Preferences Not disinfected C:\WINDOWS\Cookies\b taylor@preferences[1].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\b taylor@go[2].txt
Spyware:Cookie/Tucows Not disinfected C:\WINDOWS\Cookies\b taylor@tucows[1].txt
Spyware:Cookie/LinkExchange Not disinfected C:\WINDOWS\Cookies\b taylor@linkexchange[2].txt
Spyware:Cookie/Preferences Not disinfected C:\WINDOWS\Cookies\b taylor@preferences[2].txt
Spyware:Cookie/LinkExchange Not disinfected C:\WINDOWS\Cookies\b taylor@linkexchange[3].txt
Spyware:Cookie/Preferences Not disinfected C:\WINDOWS\Cookies\b taylor@preferences[3].txt
Spyware:Cookie/Kount Not disinfected C:\WINDOWS\Cookies\b taylor@kount[1].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\WINDOWS\Cookies\b [email protected][1].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\WINDOWS\Cookies\b [email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\b taylor@com[1].txt
Spyware:Cookie/LinkExchange Not disinfected C:\WINDOWS\Cookies\b taylor@linkexchange[1].txt
Spyware:Cookie/Mircx Not disinfected C:\WINDOWS\Cookies\b [email protected][1].txt
Spyware:Cookie/Rn11 Not disinfected C:\WINDOWS\Cookies\b taylor@rn11[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\b [email protected][2].txt
Spyware:Cookie/Rn11 Not disinfected C:\WINDOWS\Cookies\b taylor@rn11[3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\WINDOWS\Cookies\b taylor@cgi-bin[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\WINDOWS\Cookies\b taylor@drivecleaner[1].txt
Logfile of HijackThis v1.99.1
Scan saved at 5:51:07 PM, on 3/25/07
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PDESK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SM56HLPR.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\CD-WRITER PLUS\HP SIMPLE TRAX\HPCRON.EXE
C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ROGERS\SELFHEALING\ROGERSAGENT.EXE
C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\INSTALL FILES\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.65.101.250/sbms/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.red.client...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 66.40.16.227 www.yahoo.org
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [Zoom S3 Conflict Troubleshooter] hcfdiag.exe
O4 - HKLM\..\Run: [ussshreg] C:\PROGRA~1\ULEADS~2\USSSHREG.EXE /r
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HP Simple Trax] C:\Program Files\CD-Writer Plus\HP Simple Trax\hpcron.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\CD-Writer Plus\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service
O4 - HKCU\..\Run: [ICQ Plus] C:\PROGRA~1\ICQPLUS\vplus.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\PROGRAM FILES\ROGERS\SELFHEALING\SHS.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
O4 - Startup: Refresh.lnk = C:\Program Files\Iomega\Tools\refresh.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: zonealarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMMON\YHEXBMESCA.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMMON\YHEXBMESCA.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../CA/install.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pc.mywebexpc.../ra/ieatgpc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab53083.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\PROGRAM FILES\SUPERANTISPYWARE\SASWINLO.DLL
O21 - SSODL: rdshost - {A9270480-D971-11DB-ABFC-0080C6EE2AFC} - rdshost.dll (file missing)
Generated 03/25/2007 at 04:31 PM
Application Version : 3.6.1000
Core Rules Database Version : 3206
Trace Rules Database Version: 1216
Scan type : Complete Scan
Total Scan Time : 01:04:02
Memory items scanned : 206
Memory threats detected : 0
Registry items scanned : 2714
Registry threats detected : 1
File items scanned : 13600
File threats detected : 135
Adware.Tracking Cookie
C:\WINDOWS\Cookies\b [email protected][1].txt
C:\WINDOWS\Cookies\b taylor@1071712319[1].txt
C:\WINDOWS\Cookies\b taylor@2o7[1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@sexhound[1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@speedyclick[2].txt
c:\WINDOWS\Cookies\b taylor@sexhound[2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@bannerspace[2].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][3].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][3].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@ad-up[2].txt
c:\WINDOWS\Cookies\b taylor@uniquemedia[1].txt
c:\WINDOWS\Cookies\b taylor@atwola[1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@track4[1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@windowsmedia[2].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][3].txt
c:\WINDOWS\Cookies\b taylor@speedyclick[1].txt
c:\WINDOWS\Cookies\b taylor@clicktrade[1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@clearbluemedia[1].txt
c:\WINDOWS\Cookies\b taylor@bannerspace[1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@macromedia[2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@pennyweb[2].txt
c:\WINDOWS\Cookies\b taylor@clickthru[1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@superstats[2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][3].txt
c:\WINDOWS\Cookies\b taylor@track-star[2].txt
c:\WINDOWS\Cookies\b [email protected][4].txt
c:\WINDOWS\Cookies\b taylor@superstats[3].txt
c:\WINDOWS\Cookies\b taylor@track-star[3].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@exitexchange[2].txt
c:\WINDOWS\Cookies\b taylor@starware[2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][5].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@media[2].txt
c:\WINDOWS\Cookies\b taylor@pennyweb[1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@media[3].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][6].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][4].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@superstats[1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][4].txt
c:\WINDOWS\Cookies\b taylor@click-fr[1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@ietracking[2].txt
c:\WINDOWS\Cookies\b taylor@counter[1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@exitexchange[3].txt
c:\WINDOWS\Cookies\b [email protected][3].txt
c:\WINDOWS\Cookies\b [email protected][3].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@pennyweb[3].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@adcentriconline[2].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@media[4].txt
c:\WINDOWS\Cookies\b taylor@websponsors[1].txt
c:\WINDOWS\Cookies\b taylor@interclick[2].txt
c:\WINDOWS\Cookies\b taylor@burstnet[2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@firecrackerdesignsbypamela[1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@easy-hit-counters[1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@belnk[1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@burstnet[3].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][3].txt
c:\WINDOWS\Cookies\b taylor@adcentriconline[1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@azoogleads[2].txt
c:\WINDOWS\Cookies\b taylor@adecn[1].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@directtrack[2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b taylor@burstnet[4].txt
c:\WINDOWS\Cookies\b [email protected][4].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
c:\WINDOWS\Cookies\b taylor@easy-hit-counters[2].txt
c:\WINDOWS\Cookies\b [email protected][2].txt
c:\WINDOWS\Cookies\b [email protected][3].txt
c:\WINDOWS\Cookies\b taylor@focalex[2].txt
c:\WINDOWS\Cookies\b [email protected][3].txt
c:\WINDOWS\Cookies\b [email protected][1].txt
Malware.SpywareBot
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#spywarebot [ C:\PROGRAM FILES\SPYWAREBOT\SpywareBot.exe -boot ]
Adware.TrustInCash
C:\WINDOWS\ADULT.ICO
C:\WINDOWS\CASINO.ICO
C:\WINDOWS\SPYWAREREMOVAL.ICO
Adware.Unknown Origin
C:\WINDOWS\SHOPPING.ICO
Incident Status Location
Adware:adware/searchexe Not disinfected Windows Registry
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\Downloaded Program Files\pinstall.dll
Spyware:Cookie/Ccbill Not disinfected C:\WINDOWS\Cookies\b taylor@ccbill[1].txt
Spyware:Cookie/Preferences Not disinfected C:\WINDOWS\Cookies\b taylor@preferences[1].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\b taylor@go[2].txt
Spyware:Cookie/Tucows Not disinfected C:\WINDOWS\Cookies\b taylor@tucows[1].txt
Spyware:Cookie/LinkExchange Not disinfected C:\WINDOWS\Cookies\b taylor@linkexchange[2].txt
Spyware:Cookie/Preferences Not disinfected C:\WINDOWS\Cookies\b taylor@preferences[2].txt
Spyware:Cookie/LinkExchange Not disinfected C:\WINDOWS\Cookies\b taylor@linkexchange[3].txt
Spyware:Cookie/Preferences Not disinfected C:\WINDOWS\Cookies\b taylor@preferences[3].txt
Spyware:Cookie/Kount Not disinfected C:\WINDOWS\Cookies\b taylor@kount[1].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\WINDOWS\Cookies\b [email protected][1].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\WINDOWS\Cookies\b [email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\b taylor@com[1].txt
Spyware:Cookie/LinkExchange Not disinfected C:\WINDOWS\Cookies\b taylor@linkexchange[1].txt
Spyware:Cookie/Mircx Not disinfected C:\WINDOWS\Cookies\b [email protected][1].txt
Spyware:Cookie/Rn11 Not disinfected C:\WINDOWS\Cookies\b taylor@rn11[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\b [email protected][2].txt
Spyware:Cookie/Rn11 Not disinfected C:\WINDOWS\Cookies\b taylor@rn11[3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\WINDOWS\Cookies\b taylor@cgi-bin[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\WINDOWS\Cookies\b taylor@drivecleaner[1].txt
Logfile of HijackThis v1.99.1
Scan saved at 5:51:07 PM, on 3/25/07
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PDESK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SM56HLPR.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\CD-WRITER PLUS\HP SIMPLE TRAX\HPCRON.EXE
C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ROGERS\SELFHEALING\ROGERSAGENT.EXE
C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\INSTALL FILES\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.65.101.250/sbms/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.red.client...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 66.40.16.227 www.yahoo.org
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [Zoom S3 Conflict Troubleshooter] hcfdiag.exe
O4 - HKLM\..\Run: [ussshreg] C:\PROGRA~1\ULEADS~2\USSSHREG.EXE /r
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HP Simple Trax] C:\Program Files\CD-Writer Plus\HP Simple Trax\hpcron.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\CD-Writer Plus\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service
O4 - HKCU\..\Run: [ICQ Plus] C:\PROGRA~1\ICQPLUS\vplus.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\PROGRAM FILES\ROGERS\SELFHEALING\SHS.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
O4 - Startup: Refresh.lnk = C:\Program Files\Iomega\Tools\refresh.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: zonealarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMMON\YHEXBMESCA.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMMON\YHEXBMESCA.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../CA/install.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pc.mywebexpc.../ra/ieatgpc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab53083.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\PROGRAM FILES\SUPERANTISPYWARE\SASWINLO.DLL
O21 - SSODL: rdshost - {A9270480-D971-11DB-ABFC-0080C6EE2AFC} - rdshost.dll (file missing)
#4
Posted 25 March 2007 - 04:01 PM
Hi:
You didn't post in the Malware section. There will be no reading of your log in this section causing you delays. Please follow post #2 links.
Ron
You didn't post in the Malware section. There will be no reading of your log in this section causing you delays. Please follow post #2 links.
Ron
#5
Posted 25 March 2007 - 05:10 PM
Topic Closed
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users