Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

EffectiveBandToolbar + FindSpy.A Problem

Started by a-lil-lost , Jul 07 2005 03:18 AM

  • Please log in to reply

#1
a-lil-lost
Posted 07 July 2005 - 03:18 AM

a-lil-lost

    New Member

  • Member
  • Pip
  • 5 posts
Dear wizards,

I have an extremely stubborn spyware or malware problem, Spybot S&D finds after cleanup/fixing and following online connection again and again EffectiveBandToolbar + FindSpy.A :tazz:

Would you be so kind to check my logs please? First off HijackThis, but I am also attaching the logs for Ad-Aware and Startdreck, in case they help (I don't mean to overload you).

WinPatrol also pops up with this message at odd times: "WinPatrol has detected commands have been added to the file wininit.ini These Commands will be executed on the next reboot." I clicked View:
NUL=C:\Windows\tempor~1\content.IE5\index.dat
NUL=:\Windows\cookies\index.dat
Anything malicious here?

Any assistance you can give would be greatly appreciated ;) Best regards, a-lil-lost (& desperate) [sorry about the length of this post]

Logfile of HijackThis v1.99.1Scan saved at 08:44:44, on 07/07/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
D:\SECURITY\FIREWALL SYGATE\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\PROGRAMME\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\LOADQM.EXE
D:\SECURITY\ANTIVIRUS\AVGCTRL.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
D:\SECURITY\DOWNLOADS\WINPATROL\WINPATROL.EXE
D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WINJAM.EXE
D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WSMONITOR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WSPOPUP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
D:\PROGRAMME\MICROSOFT OFFICE\WORD2000\OFFICE\WINWORD.EXE
D:\SECURITY\DOWNLOADS\HIJACKTHIS NEW\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\empty\ws.js
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SECURITY\ANTISP~1\SPYBOT\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &WINSWEEP Toolbar - {E915E62E-41DA-40D0-8106-3438B4D24394} - D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\SURFBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [InstantAccess] D:\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] D:\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVGCtrl] D:\SECURITY\ANTIVIRUS\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SmcService] D:\SECURITY\FIREWA~2\SMC.EXE -startgui
O4 - HKLM\..\Run: [WinPatrol] D:\SECURITY\DOWNLOADS\WINPATROL\winpatrol.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] D:\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [SmcService] D:\SECURITY\FIREWALL SYGATE\SMC.EXE
O4 - HKCU\..\Run: [TClockEx] D:\DOWNLOADS\TCLOCK\TCLOCKEX\TCLOCKEX.EXE
O4 - HKCU\..\Run: [WINSWEEP Reklameblockierung] D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\winjam.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WINSWEEP] D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WINSWEEP.Exe /AUTO
O4 - HKCU\..\Run: [WINSWEEP Popupblocker] D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WSPopup.Exe /STEP1
O4 - Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Word2000\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../UK/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
[I uninstalled MSN Messenger, should I erase this entry too?]

* * * * * * * * * * * * *

Ad-Aware SE Build 1.05
Logfile Created on:07 July 2005 08:24:12
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R51 21.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


07-07-05 08:24:12 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\WINDOWS\Anwendungsdaten\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\doc find spec mru
Description : list of recently used search terms for locating files using the microsoft windows operating system


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293869235
Threads : 8
Priority : High
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Kernkomponente des Win32-Kernel
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294928939
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows 32-Bit-VxD-Meldungsserver
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294933979
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294918895
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:5 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294961867
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:6 [SMC.EXE]
FilePath : D:\SECURITY\FIREWALL SYGATE\
ProcessID : 4294946735
Threads : 17
Priority : Normal
FileVersion : 5.5.00.2710
ProductVersion : 5.5.00.2710
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE

#:7 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294957079
Threads : 5
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Betriebssystem Microsoft® Windows NT®
CompanyName : Microsoft Corporation
FileDescription : Windows-Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:8 [RNAAPP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294537279
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : DFÜ-Netzwerk-Programm
InternalName : RNAAPP
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : RNAAPP.EXE

#:9 [TAPISRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294554655
Threads : 5
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows® Telefonieserver
InternalName : Telefoniedienst
LegalCopyright : Copyright © Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.EXE

#:10 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294448535
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:11 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294471695
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Systemanwendung für Taskleiste
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:12 [INSTANTACCESS.EXE]
FilePath : D:\TEXTBRIDGE CLASSIC 2.0\BIN\
ProcessID : 4294490875
Threads : 1
Priority : Normal


#:13 [EM_EXEC.EXE]
FilePath : C:\PROGRAMME\MOUSE\SYSTEM\
ProcessID : 4294507407
Threads : 1
Priority : Normal
FileVersion : 9.24.80
ProductVersion : 9.24
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2000.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team

#:14 [LOADQM.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294655371
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE

#:15 [AVGCTRL.EXE]
FilePath : D:\SECURITY\ANTIVIRUS\
ProcessID : 4294447019
Threads : 3
Priority : Normal


#:16 [QTTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294641391
Threads : 2
Priority : Normal
FileVersion : 6.0.2
ProductVersion : QuickTime 6.0.2
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2002
OriginalFilename : QTTask.exe

#:17 [INTERNAT.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294681319
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Sprachanzeigeprogramm
InternalName : INTERNAT
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : INTERNAT.EXE

#:18 [WINPATROL.EXE]
FilePath : D:\SECURITY\DOWNLOADS\WINPATROL\
ProcessID : 4294453295
Threads : 1
Priority : Normal
FileVersion : 9, 5, 0, 1
ProductVersion : 9.5.0.1
ProductName : WinPatrol Monitor
CompanyName : BillP Studios
FileDescription : WinPatrol System Monitor
InternalName : WinPatrol Monitor
LegalCopyright : Copyright © 1997- 2005 BillP Studios
OriginalFilename : Scotty
Comments : Let Scotty the Windows Watchdog patrol your system.

#:19 [WINJAM.EXE]
FilePath : D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\
ProcessID : 4294447211
Threads : 2
Priority : Normal
FileVersion : 1.05.0002
ProductVersion : 1.05.0002
ProductName : WINJAM
CompanyName : Software-Entwicklung Frank-Oliver Dzewas
FileDescription : Reklameblockierung für den Internet-PC
InternalName : WinJam
LegalCopyright : Copyright © 2003-2004 Software-Entwicklung Frank-Oliver Dzewas
LegalTrademarks : WINJAM
OriginalFilename : WinJam.exe

#:20 [WSMONITOR.EXE]
FilePath : D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\
ProcessID : 4294269819
Threads : 2
Priority : Normal
FileVersion : 3.03.0004
ProductVersion : 3.03.0004
ProductName : WINSWEEP
InternalName : WSMonitor
LegalCopyright : © 2003-2004 Software-Entwicklung Frank-Oliver Dzewas
LegalTrademarks : WINSWEEP
OriginalFilename : WSMonitor.Exe

#:21 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294263455
Threads : 4
Priority : Realtime
FileVersion : 4.06.02.0436
ProductVersion : 4.06.02.0436
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : ddhelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : ddhelp.exe

#:22 [WSPOPUP.EXE]
FilePath : D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\
ProcessID : 4294686135
Threads : 1
Priority : Normal
FileVersion : 1.00.0057
ProductVersion : 1.00.0057
ProductName : WINSWEEP
CompanyName : Software-Entwicklung Frank-Oliver Dzewas
FileDescription : Popup-Blocker für den Internet-Explorer
InternalName : WSPopup
LegalCopyright : © 2003-2004 Software-Entwicklung Frank-Oliver Dzewas
LegalTrademarks : WINSWEEP
OriginalFilename : WSPopup.exe

#:23 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294219115
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:24 [AD-AWARE.EXE]
FilePath : D:\SECURITY\DOWNLOADS\_AD AWARE SE PERS 1.05\AD-AWARE SE PERSONAL\
ProcessID : 4294657575
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Deep scanning and examining files (d:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for d:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Deep scanning and examining files (e:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for e:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 4




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

08:30:59 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:47.160
Objects scanned:52937
Objects identified:0
Objects ignored:0
New critical objects:0

* * * * * * * * * * * * *

StartDreck (build 2.1.7 public stable) - 2005-07-07 @ 08:47:57 (GMT +01:00)
Platform: Windows 98 (Win 4.10.1998 )
Internet Explorer: 6.0.2800.1106
Logged in as FM at G3V3Z6

»Registry
»Run Keys
»Current User
»Run
*TClockEx=D:\DOWNLOADS\TCLOCK\TCLOCKEX\TCLOCKEX.EXE
*WINSWEEP Reklameblockierung=D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\winjam.exe
*MsnMsgr="C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
*WINSWEEP=D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WINSWEEP.Exe /AUTO
*WINSWEEP Popupblocker=D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WSPopup.Exe /STEP1
»RunOnce
»Default User
»Run
*TClockEx=D:\DOWNLOADS\TCLOCK\TCLOCKEX\TCLOCKEX.EXE
*WINSWEEP Reklameblockierung=D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\winjam.exe
*MsnMsgr="C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
*WINSWEEP=D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WINSWEEP.Exe /AUTO
*WINSWEEP Popupblocker=D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WSPopup.Exe /STEP1
»RunOnce
»Local Machine
»Run
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*TaskMonitor=C:\WINDOWS\taskmon.exe
*SystemTray=SysTray.Exe
*AtiPTA=Atiptaxx.exe
*InstantAccess=D:\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
*RegisterDropHandler=D:\TEXTBR~1.0\BIN\REGIST~1.EXE
*AtiQiPcl=AtiQiPcl.exe
*mdac_runonce=C:\WINDOWS\SYSTEM\runonce.exe
*EM_EXEC=C:\PROGRA~1\MOUSE\SYSTEM\EM_EXEC.EXE
*LoadQM=loadqm.exe
*AVGCtrl=D:\SECURITY\ANTIVIRUS\AVGCTRL.EXE /min
*QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*internat.exe=internat.exe
*SmcService=D:\SECURITY\FIREWA~2\SMC.EXE -startgui
*WinPatrol=D:\SECURITY\DOWNLOADS\WINPATROL\winpatrol.exe
+OptionalComponents
+IMAIL
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
»RunOnce
»RunServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*SchedulingAgent=mstask.exe
*RegisterDropHandler=D:\TEXTBR~1.0\BIN\REGIST~1.EXE
*SmcService=D:\SECURITY\FIREWALL SYGATE\SMC.EXE
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="D:\SECURITY\ANTI SPY\SPYBOT\SPYBOT - SEARCH & DESTROY\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
+.htm
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.html
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.js
*JSFile=C:\WINDOWS\WScript.exe "%1" %*
+.jse
*JSEFile=C:\WINDOWS\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=C:\WINDOWS\NOTEPAD.EXE %1
+.vbs
*VBSFile=C:\WINDOWS\WScript.exe "%1" %*
+.vbe
*VBEFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsh
*WSHFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsf
*WSFFile=C:\WINDOWS\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Browser Helper Objects (LM)
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=D:\SECURITY\ANTISP~1\SPYBOT\SPYBOT~1\SDHELPER.DLL
»Files
»Autostart Folders
»Current User
*C:\WINDOWS\Startmenü\Programme\Autostart\Microsoft Office.lnk
»Default User
*C:\WINDOWS\Startmenü\Programme\Autostart\Microsoft Office.lnk
»Local Machine
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\msdos.sys
*C:\config.sys
*C:\autoexec.bat
*C:\WINDOWS\wininit.bak
*C:\WINDOWS\hosts
»System/Drivers
»Running Processes
+FFEF3EB3=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFF6A2B=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFF7DDB=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFF42EF=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFFFEACB=C:\WINDOWS\SYSTEM\MSTASK.EXE
+FFFFAFAF=D:\SECURITY\FIREWALL SYGATE\SMC.EXE
+FFFFD817=C:\WINDOWS\EXPLORER.EXE
+FFF9703F=C:\WINDOWS\SYSTEM\RNAAPP.EXE
+FFF9B41F=C:\WINDOWS\SYSTEM\TAPISRV.EXE
+FFF81597=C:\WINDOWS\TASKMON.EXE
+FFF8700F=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
+FFF8BAFB=D:\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
+FFF8FB8F=C:\PROGRAMME\MOUSE\SYSTEM\EM_EXEC.EXE
+FFFB3D8B=C:\WINDOWS\LOADQM.EXE
+FFF80FAB=D:\SECURITY\ANTIVIRUS\AVGCTRL.EXE
+FFFB06EF=C:\WINDOWS\SYSTEM\QTTASK.EXE
+FFFBA2E7=C:\WINDOWS\SYSTEM\INTERNAT.EXE
+FFF8282F=D:\SECURITY\DOWNLOADS\WINPATROL\WINPATROL.EXE
+FFF8106B=D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WINJAM.EXE
+FFF55B7B=D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WSMONITOR.EXE
+FFF5429F=C:\WINDOWS\SYSTEM\DDHELP.EXE
+FFFBB5B7=D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WSPOPUP.EXE
+FFF4956B=C:\WINDOWS\SYSTEM\SPOOL32.EXE
+FFF50217=D:\SECURITY\DOWNLOADS\_START DRECK\STARTDRECK\STARTDRECK.EXE
»NT Services
»Application specific
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP