Updates from my side:
1) Completed as specified. The contents of the file are:
~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~
~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~
~~~~~~~~~~~~~ Post run File Check ~~~~~~~~~~~~~
~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~
~~~~~~~~~~~~~ Post run File Check ~~~~~~~~~~~~~
2) Completed as specified. The log file is given below:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 1:37:36 PM, 10/12/2005
+ Report-Checksum: DC9463A3
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{9FF56D85-DB4F-4267-B669-8D05B0BF9A04}\TypeLib\\ -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{037C47A1-A5EB-4A81-82DD-7615EF5E7BEE}\TypeLib\\ -> Spyware.eZula : Cleaned with
backup
HKLM\SOFTWARE\Classes\Interface\{2531390A-1AA6-4F8D-8224-82808F81406E}\TypeLib\\ -> Spyware.eZula : Cleaned with
backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CLSID -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CurVer -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents.1 -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-1078081533-1563985344-1343024091-500\Software\Microsoft\Internet
Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
C:\data\Ravikumar_S\Cookies\
[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\data\Ravikumar_S\Cookies\ravikumar_s@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\data\Ravikumar_S\Cookies\ravikumar_s@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\data\Ravikumar_S\Cookies\ravikumar_s@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\data\Ravikumar_S\Cookies\ravikumar_s@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\data\Ravikumar_S\Cookies\ravikumar_s@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\data\Ravikumar_S\Cookies\
[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\data\Ravikumar_S\Cookies\ravikumar_s@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\data\Ravikumar_S\Cookies\ravikumar_s@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\data\Ravikumar_S\Cookies\ravikumar_s@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\data\Ravikumar_S\Cookies\ravikumar_s@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\data\Ravikumar_S\Cookies\
[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with
backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt -> Spyware.Cookie.Falkag :
Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@abetterinternet[2].txt ->
Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt -> Spyware.Cookie.Pointroll :
Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt -> Spyware.Cookie.Advertising :
Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned
with backup
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with
backup
C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[1].txt -> Spyware.Cookie.Bluestreak :
Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt -> Spyware.Cookie.Serving-sys :
Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[2].txt -> Spyware.Cookie.Casalemedia :
Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned
with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned
with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned
with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt -> Spyware.Cookie.Coremetrics :
Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> Spyware.Cookie.Doubleclick :
Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt -> Spyware.Cookie.Ru4 : Cleaned with
backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt -> Spyware.Cookie.Hitbox :
Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt ->
Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][3].txt ->
Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt -> Spyware.Cookie.Hitbox :
Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned
with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt -> Spyware.Cookie.Wegcash : Cleaned
with backup
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with
backup
C:\Documents and Settings\Administrator\Cookies\administrator@linksynergy[1].txt -> Spyware.Cookie.Linksynergy :
Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned
with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt -> Spyware.Cookie.Overture :
Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt -> Spyware.Cookie.Wegcash :
Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt -> Spyware.Cookie.Questionmarket
: Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt -> Spyware.Cookie.Adjuggler :
Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt ->
Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt ->
Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt -> Spyware.Cookie.Serving-sys :
Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion :
Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@valueclick[1].txt -> Spyware.Cookie.Valueclick :
Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt -> Spyware.Cookie.Burstbeacon :
Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned
with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Q319243.COM.0.AVB -> TrojanDropper.Small.hx : Cleaned
with backup
C:\Documents and Settings\ravikumar_s\Cookies\ravikumar_s@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\Documents and Settings\ravikumar_s\Cookies\ravikumar_s@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\ravikumar_s\Cookies\ravikumar_s@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned
with backup
C:\Documents and Settings\ravikumar_s\Cookies\
[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned
with backup
C:\Documents and Settings\ravikumar_s\Cookies\ravikumar_s@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with
backup
C:\Documents and Settings\ravikumar_s\Cookies\ravikumar_s@gator[1].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\Documents and Settings\ravikumar_s\Cookies\
[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with
backup
C:\Documents and Settings\ravikumar_s\Cookies\ravikumar_s@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with
backup
C:\Documents and Settings\ravikumar_s\Cookies\
[email protected][1].txt -> Spyware.Cookie.Advertising :
Cleaned with backup
C:\Documents and Settings\ravikumar_s\Cookies\ravikumar_s@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned
with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@2o7[3].txt -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][2].txt ->
Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][2].txt -> Spyware.Cookie.Addynamix :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][1].txt -> Spyware.Cookie.Pointroll :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][2].txt -> Spyware.Cookie.Pointroll :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][3].txt -> Spyware.Cookie.Pointroll :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@advertising[1].txt -> Spyware.Cookie.Advertising :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@advertising[2].txt -> Spyware.Cookie.Advertising :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@advertising[3].txt -> Spyware.Cookie.Advertising :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][1].txt -> Spyware.Cookie.Falkag :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][1].txt -> Spyware.Cookie.Falkag :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][2].txt -> Spyware.Cookie.Falkag :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with
backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@atdmt[3].txt -> Spyware.Cookie.Atdmt : Cleaned with
backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@atdmt[4].txt -> Spyware.Cookie.Atdmt : Cleaned with
backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with
backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@bfast[3].txt -> Spyware.Cookie.Bfast : Cleaned with
backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@bluestreak[1].txt -> Spyware.Cookie.Bluestreak :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@bluestreak[2].txt -> Spyware.Cookie.Bluestreak :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][1].txt -> Spyware.Cookie.Serving-sys
: Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][3].txt -> Spyware.Cookie.Serving-sys
: Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@burstnet[2].txt -> Spyware.Cookie.Burstnet :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@burstnet[3].txt -> Spyware.Cookie.Burstnet :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@casalemedia[1].txt -> Spyware.Cookie.Casalemedia :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@casalemedia[2].txt -> Spyware.Cookie.Casalemedia :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@centrport[2].txt -> Spyware.Cookie.Centrport :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@centrport[3].txt -> Spyware.Cookie.Centrport :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][1].txt ->
Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][2].txt ->
Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned
with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@com[2].txt -> Spyware.Cookie.Com : Cleaned with
backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][1].txt ->
Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][2].txt ->
Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][1].txt ->
Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@doubleclick[1].txt -> Spyware.Cookie.Doubleclick :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@doubleclick[2].txt -> Spyware.Cookie.Doubleclick :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@doubleclick[3].txt -> Spyware.Cookie.Doubleclick :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned
with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][3].txt -> Spyware.Cookie.Ru4 : Cleaned
with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][2].txt -> Spyware.Cookie.Hitbox :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][1].txt -> Spyware.Cookie.Hitbox
: Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][2].txt -> Spyware.Cookie.Hitbox :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][2].txt ->
Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][2].txt ->
Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][2].txt ->
Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][3].txt ->
Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][2].txt -> Spyware.Cookie.Hitbox
: Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][2].txt ->
Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][1].txt -> Spyware.Cookie.Hitbox
: Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][2].txt -> Spyware.Cookie.Hitbox
: Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][1].txt ->
Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@fastclick[1].txt -> Spyware.Cookie.Fastclick :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@fastclick[2].txt -> Spyware.Cookie.Fastclick :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@fastclick[3].txt -> Spyware.Cookie.Fastclick :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned
with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned
with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@mediaplex[1].txt -> Spyware.Cookie.Mediaplex :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@mediaplex[2].txt -> Spyware.Cookie.Mediaplex :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@mediaplex[3].txt -> Spyware.Cookie.Mediaplex :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][2].txt -> Spyware.Cookie.Valueclick :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][1].txt ->
Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@overture[1].txt -> Spyware.Cookie.Overture :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@paypopup[1].txt -> Spyware.Cookie.Paypopup :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][1].txt -> Spyware.Cookie.Overture :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][1].txt -> Spyware.Cookie.Hitbox :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][3].txt -> Spyware.Cookie.Hitbox :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][1].txt -> Spyware.Cookie.Paypopup
: Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][2].txt ->
Spyware.Cookie.Valuead : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@pro-market[1].txt -> Spyware.Cookie.Pro-market :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@questionmarket[1].txt ->
Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@questionmarket[2].txt ->
Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@questionmarket[3].txt ->
Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned
with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned
with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][1].txt ->
Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][2].txt ->
Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][4].txt ->
Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][2].txt ->
Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@serving-sys[1].txt -> Spyware.Cookie.Serving-sys :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@serving-sys[3].txt -> Spyware.Cookie.Serving-sys :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@serving-sys[4].txt -> Spyware.Cookie.Serving-sys :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][2].txt -> Spyware.Cookie.Onestat :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@statcounter[1].txt -> Spyware.Cookie.Statcounter :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@statcounter[2].txt -> Spyware.Cookie.Statcounter :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][1].txt ->
Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][3].txt ->
Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@targetnet[2].txt -> Spyware.Cookie.Targetnet :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler
: Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@trafficmp[1].txt -> Spyware.Cookie.Trafficmp :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@trafficmp[2].txt -> Spyware.Cookie.Trafficmp :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion
: Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion
: Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@tribalfusion[3].txt -> Spyware.Cookie.Tribalfusion
: Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\rupinder_kahlon@valueclick[2].txt -> Spyware.Cookie.Valueclick :
Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][1].txt ->
Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\rupinder_kahlon\Cookies\
[email protected][1].txt -> Spyware.Cookie.Adserver :
Cleaned with backup
C:\Program Files\ca\UAM\Agents\AMAGENT.EXE -> Worm.Bobic.k : Cleaned with backup
C:\Program Files\iPass\iPassConnect Infosys\backup\idialer.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\iPass\iPassConnect Infosys\idialer.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\Modules\svccvt.exe -> TrojanDownloader.Small.nk : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq32.tmp -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34.tmp -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq37.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39.tmp -> Spyware.Cookie.Com : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3E.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq40.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42.tmp -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\ravikumar_s\Cookies\ravikumar_s@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\ravikumar_s\Cookies\ravikumar_s@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\ravikumar_s\Cookies\ravikumar_s@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\ravikumar_s\Cookies\
[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\ravikumar_s\Cookies\ravikumar_s@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\ravikumar_s\Cookies\ravikumar_s@gator[1].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\ravikumar_s\Cookies\
[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\ravikumar_s\Cookies\ravikumar_s@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\ravikumar_s\Cookies\
[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\ravikumar_s\Cookies\ravikumar_s@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\WINDOWS\system32\MSNZX.EXE.0.AVB -> Backdoor.Codbot.ae : Cleaned with backup
C:\WINDOWS\system32\TFTP3056 -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\system32\TFTP388 -> Backdoor.Codbot.ag : Cleaned with backup
::Report End
3) Completed
4) Completed
5) I do not have a firewall, however my antivirus is still catching the same infection as before.
6) I ran Active scan, but the moment it found an infection, my CA eTrust antivrus shut down the scan. I could not save the
report but its had the following details:
adware: adware/ezula location - windows registry No disinfected.
I ran the other Trend micro scan and had the same issue. The moment it tried accessing remon.sys, my antivirus programm shut
it down.
7) The latest hijackthis report is given below:
Logfile of HijackThis v1.99.1
Scan saved at 3:13:30 PM, on 10/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\SxpInst\sxplog32.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\UMCSTUB.EXE
C:\WINDOWS\msstl.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.EXE
C:\WINDOWS\System32\CCM\CcmExec.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\sdjexec.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://sparsh/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HYDWINSOCK01:8080
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\Software\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\ljhih.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\Software\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [fwenc.exe] "C:\Program Files\CheckPoint\SecuRemote\bin\fwenc.exe"
O4 - HKLM\..\Run: [Sxplog] C:\SxpInst\sxpstub.exe
O4 - HKLM\..\Run: [CA-AMAgent] C:\Program Files\CA\UAM\Agents\amagent.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\Software\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.c...nst20040510.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.c.../ymmapi_416.dllO16 - DPF: {CAFECAFE-0013-0001-0014-ABCDEFABCDEF} (JInitiator 1.3.1.14) -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://emersonproce...bex/ieatgpc.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.infosys.com
O17 - HKLM\Software\..\Telephony: DomainName = ad.infosys.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.infosys.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ljhih - C:\WINDOWS\System32\ljhih.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Asset Management Agent (AmoAgent) - Computer Associates International, Inc. - C:\WINDOWS\UMCSTUB.EXE
O23 - Service: BusinessC (BusinessContinuity) - Unknown owner - C:\WINDOWS\msstl.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program
Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates International Inc. - C:\Program
Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: FwSRService - Unknown owner - C:\Program Files\CheckPoint\SecuRemote\bin\fwsrservice.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust
Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program
Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust
Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program
Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
O23 - Service: System Manager Service (SMSC) - Unknown owner - C:\WINDOWS\smsc.exe (file missing)
I still keep getting the win32.efewe.h virus in c:\windows\system32\remon.sys by my antivirus program. I appreciate your help
in resolving this.
Thanks