Matthew

Members
  • Content Count

    8
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Matthew

  • Rank
    Newbie
  1. Everything seems to be working fine and there have been no more Symantec warnings. I do have one more question though. I thought I had deleted everything from my Symantec quarantine, but I went back and checked and there are two files left. Both were originally located in a Java folder: (C:\Documents and Settings\Matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar) One is named "Java.jar-7e09d0a6-1904dbe3.zip" and the other is "loaderadv499.jar-16b64c18-4000cdf3.zip". I mention this because I think last week I saw another post that said that your computer can be more susceptible to viruses, etc if Java is not updated and I didn't know if maybe these files in quarantine had something to do with that. Anyway, I just want to know if I should delete these files from quarantine and if they suggest any lingering problem. Java is supposed to update automatically on my comp so I think I'm good there. Everything seems to working perfectly though. Thanks!
  2. Ok, here is the new rapport.txt file: SmitFraudFix v2.81 Scan done at 20:17:17.21, Sun 08/13/2006 Run from C:\Documents and Settings\Matt\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\bg_bg.gif Deleted C:\WINDOWS\big_red_x.gif Deleted C:\WINDOWS\buy_now.gif Deleted C:\WINDOWS\click_for_free_scan.gif Deleted C:\WINDOWS\close_ico.gif Deleted C:\WINDOWS\download.gif Deleted C:\WINDOWS\download_product.gif Deleted C:\WINDOWS\free_scan_red_btn.gif Deleted C:\WINDOWS\icon_warning_big.gif Deleted C:\WINDOWS\infected_top_bg.gif Deleted C:\WINDOWS\logo.gif Deleted C:\WINDOWS\navibar_bg.gif Deleted C:\WINDOWS\navibar_corner_left.gif Deleted C:\WINDOWS\navibar_corner_right.gif Deleted C:\WINDOWS\product_box.gif Deleted C:\WINDOWS\red_warning_ico.gif Deleted C:\WINDOWS\remove_spyware_header.gif Deleted C:\WINDOWS\safe_and_trusted.gif Deleted C:\WINDOWS\spyware_detected.gif Deleted C:\WINDOWS\yellow_warning_ico.gif Deleted C:\WINDOWS\system32\mshtml32.tdb Deleted C:\WINDOWS\system32\officescan.exe Deleted C:\WINDOWS\system32\smaexp32.dll Deleted C:\WINDOWS\system32\smartdrv.exe Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Hopefully this got everything, but if you want I can post another HJT log or whatever. Thanks for all your help!
  3. Ok, here is the rapport.txt file: SmitFraudFix v2.81 Scan done at 18:29:16.54, Sun 08/13/2006 Run from C:\Documents and Settings\Matt\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\bg_bg.gif FOUND ! C:\WINDOWS\big_red_x.gif FOUND ! C:\WINDOWS\buy_now.gif FOUND ! C:\WINDOWS\click_for_free_scan.gif FOUND ! C:\WINDOWS\close_ico.gif FOUND ! C:\WINDOWS\download.gif FOUND ! C:\WINDOWS\download_product.gif FOUND ! C:\WINDOWS\free_scan_red_btn.gif FOUND ! C:\WINDOWS\icon_warning_big.gif FOUND ! C:\WINDOWS\infected_top_bg.gif FOUND ! C:\WINDOWS\logo.gif FOUND ! C:\WINDOWS\navibar_bg.gif FOUND ! C:\WINDOWS\navibar_corner_left.gif FOUND ! C:\WINDOWS\navibar_corner_right.gif FOUND ! C:\WINDOWS\product_box.gif FOUND ! C:\WINDOWS\red_warning_ico.gif FOUND ! C:\WINDOWS\remove_spyware_header.gif FOUND ! C:\WINDOWS\safe_and_trusted.gif FOUND ! C:\WINDOWS\spyware_detected.gif FOUND ! C:\WINDOWS\yellow_warning_ico.gif FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\mshtml32.tdb FOUND ! C:\WINDOWS\system32\officescan.exe FOUND ! C:\WINDOWS\system32\smaexp32.dll FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Matt\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Matt\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
  4. Thanks for the reply. I'm not sure if I need help or not. My computer has been working fine, but sometimes I won't even have an IE window open and my Symantec antivirus autoprotect will pop up with warnings about some type of spyware, malware, etc. that has been quarantined. That kinda leads me to believe that maybe I got rid of the worst of it but something is still lurking. Here is my HJT log: Logfile of HijackThis v1.99.1 Scan saved at 4:13:54 PM, on 8/13/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM\aim.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\NetZero\exec.exe C:\Program Files\NetZero\exec.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\NetZero\qsacc\x1exec.exe C:\WINDOWS\system32\wuauclt.exe C:\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://resnet.baylor.edu R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://resnet.baylor.edu R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Residential Technology Services R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [ssdiag] C:\WINDOWS\ssdiag.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228 O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=https://resnet.baylor.edu O14 - IERESET.INF: MS_START_PAGE_URL=https://resnet.baylor.edu O15 - Trusted Zone: http://bigdog.baylor.edu O15 - Trusted Zone: http://its01.baylor.edu O15 - Trusted Zone: http://mail.baylor.edu O15 - Trusted Zone: http://raymond.baylor.edu O15 - Trusted Zone: http://rmsweb.baylor.edu O15 - Trusted Zone: http://bigdog.baylor.edu (HKLM) O15 - Trusted Zone: http://its01.baylor.edu (HKLM) O15 - Trusted Zone: http://mail.baylor.edu (HKLM) O15 - Trusted Zone: http://raymond.baylor.edu (HKLM) O15 - Trusted Zone: http://rmsweb.baylor.edu (HKLM) O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NICCONFIGSVC - Unknown owner - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  5. I ran Ewido and that seemed to get rid of all the negative effects and my computer is running smoothly. I quarantined everything using Ewido, so do I now need to delete these files? Is there anything else I need to do?
  6. Here is my HijackThis Log Logfile of HijackThis v1.99.1 Scan saved at 11:19:55 PM, on 8/6/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\smartdrv.exe C:\WINDOWS\system32\officescan.exe C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://resnet.baylor.edu R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://resnet.baylor.edu R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Residential Technology Services R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file) O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file) O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file) O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file) O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file) O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: office_pnl.office_panel - {B53455DB-5527-4041-AC41-F86E6947AA47} - C:\WINDOWS\system32\office_pnl.dll O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file) O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [ssdiag] C:\WINDOWS\ssdiag.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228 O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=https://resnet.baylor.edu O14 - IERESET.INF: MS_START_PAGE_URL=https://resnet.baylor.edu O15 - Trusted Zone: http://bigdog.baylor.edu O15 - Trusted Zone: http://its01.baylor.edu O15 - Trusted Zone: http://mail.baylor.edu O15 - Trusted Zone: http://raymond.baylor.edu O15 - Trusted Zone: http://rmsweb.baylor.edu O15 - Trusted Zone: http://bigdog.baylor.edu (HKLM) O15 - Trusted Zone: http://its01.baylor.edu (HKLM) O15 - Trusted Zone: http://mail.baylor.edu (HKLM) O15 - Trusted Zone: http://raymond.baylor.edu (HKLM) O15 - Trusted Zone: http://rmsweb.baylor.edu (HKLM) O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NICCONFIGSVC - Unknown owner - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  7. WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{4fdbdbad-fefe-4c4c-9cc1-1181052afb12} WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bridge WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\bridge.brdg WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\jao.jao CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\windows\currentversion\internet settings\zonemap\domains\i--search.com CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\downloadmanager CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Search Bar CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\new windows Value : PopupMgr CoolWebSearch Object Recognized! Type : RegData Data : about:blank TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Start Page Data : about:blank Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 36 Objects found so far: 114 11:02:02 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:06:30.328 Objects scanned:132330 Objects identified:87 Objects ignored:0 New critical objects:87
  8. ***UPDATE ON POST 4. READ FIRST*** Symptoms: 1. Pop-ups in the lower right-hand corner. 2. When IE is opened I'm redirected to antispy.net 3. Processes are grayed out in the task manager view, preventing me from shutting any processes down. Here is my ad-aware log: Ad-Aware SE Build 1.06r1 Logfile Created on:Sunday, August 06, 2006 10:55:32 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R117 03.08.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adware.Admess(TAC index:5):6 total references Alexa(TAC index:5):17 total references CoolWebSearch(TAC index:10):6 total references DailyToolbar(TAC index:5):14 total references FakeAlert(TAC index:5):25 total references MRU List(TAC index:0):27 total references Tracking Cookie(TAC index:3):1 total references Transponder(TAC index:10):1 total references WinFavorites(TAC index:6):12 total references VX2(TAC index:10):5 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 8-6-2006 10:55:32 PM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Matt\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\Matt\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1229272821-879983540-725345543-1003\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1229272821-879983540-725345543-1003\software\microsoft\internet explorer\main Description : last save directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1229272821-879983540-725345543-1003\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1229272821-879983540-725345543-1003\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : S-1-5-21-1229272821-879983540-725345543-1003\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-1229272821-879983540-725345543-1003\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1229272821-879983540-725345543-1003\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1229272821-879983540-725345543-1003\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-1229272821-879983540-725345543-1003\software\microsoft\office\11.0\common\general Description : list of recently used symbols in microsoft office MRU List Object Recognized! Location: : S-1-5-21-1229272821-879983540-725345543-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru Description : list of recent documents opened by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1229272821-879983540-725345543-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1229272821-879983540-725345543-1003\software\microsoft\office\11.0\publisher\recent file list Description : list of recent files used by microsoft publisher MRU List Object Recognized! Location: : S-1-5-21-1229272821-879983540-725345543-1003\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1229272821-879983540-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1229272821-879983540-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1229272821-879983540-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1229272821-879983540-725345543-1003\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : S-1-5-21-1229272821-879983540-725345543-1003\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : S-1-5-21-1229272821-879983540-725345543-1003\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1229272821-879983540-725345543-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 616 ThreadCreationTime : 8-7-2006 1:45:32 AM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 680 ThreadCreationTime : 8-7-2006 1:45:35 AM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 708 ThreadCreationTime : 8-7-2006 1:45:37 AM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 752 ThreadCreationTime : 8-7-2006 1:45:38 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 764 ThreadCreationTime : 8-7-2006 1:45:38 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 920 ThreadCreationTime : 8-7-2006 1:45:40 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 988 ThreadCreationTime : 8-7-2006 1:45:40 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1028 ThreadCreationTime : 8-7-2006 1:45:40 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1080 ThreadCreationTime : 8-7-2006 1:45:40 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1188 ThreadCreationTime : 8-7-2006 1:45:42 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [ccevtmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1472 ThreadCreationTime : 8-7-2006 1:45:42 AM BasePriority : Normal FileVersion : 103.5.7.3 ProductVersion : 103.5.7.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:12 [ccsetmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1488 ThreadCreationTime : 8-7-2006 1:45:43 AM BasePriority : Normal FileVersion : 103.5.7.3 ProductVersion : 103.5.7.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:13 [sndsrvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1500 ThreadCreationTime : 8-7-2006 1:45:43 AM BasePriority : Normal FileVersion : 6.0.1.105 ProductVersion : 6.0 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002 - 2005 Symantec Corporation OriginalFilename : SndSrvc.exe #:14 [wltrysvc.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1672 ThreadCreationTime : 8-7-2006 1:45:43 AM BasePriority : Normal #:15 [bcmwltry.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1684 ThreadCreationTime : 8-7-2006 1:45:43 AM BasePriority : Normal FileVersion : 4.10.47.3 ProductVersion : 4.10.47.3 ProductName : Dell Wireless WLAN Card Wireless Network Controller CompanyName : Dell Inc. FileDescription : Dell Wireless WLAN Card Wireless Network Controller InternalName : bcmwltry.exe LegalCopyright : 1998-2005, Dell Inc. All Rights Reserved. OriginalFilename : bcmwltry.exe #:16 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1732 ThreadCreationTime : 8-7-2006 1:45:43 AM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:17 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1876 ThreadCreationTime : 8-7-2006 1:45:45 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:18 [stsystra.exe] FilePath : C:\WINDOWS\ ProcessID : 1988 ThreadCreationTime : 8-7-2006 1:45:46 AM BasePriority : Normal FileVersion : 1.0.4717.0 nd286 cp1 ProductVersion : 1.0.4717.0 nd286 cp1 ProductName : C-Major Audio CompanyName : SigmaTel, Inc. FileDescription : Sigmatel Audio system tray application InternalName : stsystray.exe LegalCopyright : Copyright © 2004-2005, SigmaTel, Inc. OriginalFilename : stsystray.exe #:19 [syntpenh.exe] FilePath : C:\Program Files\Synaptics\SynTP\ ProcessID : 1996 ThreadCreationTime : 8-7-2006 1:45:46 AM BasePriority : Normal FileVersion : 8.2.4.3 29Nov05 ProductVersion : 8.2.4.3 29Nov05 ProductName : Synaptics Pointing Device Driver CompanyName : Synaptics, Inc. FileDescription : Synaptics TouchPad Enhancements InternalName : Synaptics Enhancements Application LegalCopyright : Copyright © Synaptics, Inc. 1996-2005 OriginalFilename : SynTPEnh.exe #:20 [wltray.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2028 ThreadCreationTime : 8-7-2006 1:45:46 AM BasePriority : Normal FileVersion : 4.10.47.3 ProductVersion : 4.10.47.3 ProductName : Dell Wireless WLAN Card Wireless Network Tray Applet CompanyName : Dell Inc. FileDescription : Dell Wireless WLAN Card Wireless Network Tray Applet InternalName : wltray.exe LegalCopyright : 1998-2005, Dell Inc. All Rights Reserved. OriginalFilename : wltray.exe #:21 [ccapp.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 292 ThreadCreationTime : 8-7-2006 1:45:47 AM BasePriority : Normal FileVersion : 103.5.7.3 ProductVersion : 103.5.7.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:22 [vptray.exe] FilePath : C:\PROGRA~1\SYMANT~1\ ProcessID : 320 ThreadCreationTime : 8-7-2006 1:45:47 AM BasePriority : Normal FileVersion : 10.0.2.2001 ProductVersion : 10.0.2.2001 ProductName : Symantec AntiVirus CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus LegalCopyright : Copyright 2005 Symantec Corporation. All rights reserved. #:23 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 588 ThreadCreationTime : 8-7-2006 1:45:49 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:24 [hpqtra08.exe] FilePath : C:\Program Files\HP\Digital Imaging\bin\ ProcessID : 1132 ThreadCreationTime : 8-7-2006 1:45:51 AM BasePriority : Normal FileVersion : 45.4.157.000 ProductVersion : 045.004.157.000 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP Digital Imaging Monitor InternalName : HPQTRA00 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004 OriginalFilename : HPQTRA00.EXE Comments : HP Digital Imaging Monitor #:25 [defwatch.exe] FilePath : C:\Program Files\Symantec AntiVirus\ ProcessID : 448 ThreadCreationTime : 8-7-2006 1:46:02 AM BasePriority : Normal FileVersion : 10.0.2.2001 ProductVersion : 10.0.2.2001 ProductName : Symantec AntiVirus CompanyName : Symantec Corporation FileDescription : Virus Definition Daemon InternalName : DefWatch LegalCopyright : Copyright 1998 - 2005 Symantec Corporation. All rights reserved. OriginalFilename : DefWatch.exe #:26 [mdm.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\ ProcessID : 672 ThreadCreationTime : 8-7-2006 1:46:03 AM BasePriority : Normal FileVersion : 7.00.9466 ProductVersion : 7.00.9466 ProductName : Microsoft® Visual Studio .NET CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : mdm.exe #:27 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1148 ThreadCreationTime : 8-7-2006 1:46:03 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:28 [rtvscan.exe] FilePath : C:\Program Files\Symantec AntiVirus\ ProcessID : 1296 ThreadCreationTime : 8-7-2006 1:46:03 AM BasePriority : Normal FileVersion : 10.0.2.2001 ProductVersion : 10.0.2.2001 ProductName : Symantec AntiVirus CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus LegalCopyright : Copyright 2005 Symantec Corporation. All rights reserved. #:29 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1424 ThreadCreationTime : 8-7-2006 1:46:03 AM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:30 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2552 ThreadCreationTime : 8-7-2006 1:46:09 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:31 [smartdrv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1548 ThreadCreationTime : 8-7-2006 3:19:24 AM BasePriority : Normal FileVersion : 1.00 ProductVersion : 1.00 ProductName : Project1 CompanyName : Trojan Factory InternalName : main OriginalFilename : main.dat #:32 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ProcessID : 2920 ThreadCreationTime : 8-7-2006 3:39:54 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:33 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ProcessID : 3180 ThreadCreationTime : 8-7-2006 3:44:22 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:34 [officescan.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1108 ThreadCreationTime : 8-7-2006 3:50:01 AM BasePriority : Normal FileVersion : 1.00 ProductVersion : 1.00 ProductName : Project1 CompanyName : Trojan Factory InternalName : officescan OriginalFilename : officescan.exe #:35 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2248 ThreadCreationTime : 8-7-2006 3:55:09 AM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 27 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adware.Admess Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\{f6bdb4e5-d6aa-4d1f-8b67-bcb0f2246e21} Adware.Admess Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\wstart.dll Adware.Admess Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{9896231a-c487-43a5-8369-6ec9b0a96cc0} Adware.Admess Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : wstart.whttphelper Adware.Admess Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : wstart.whttphelper.1 Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : alxtb.bho Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{0bbb0424-e98e-4405-9a94-481854765c80} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{0f3332b5-bc98-48af-9fac-05fec94ebe73} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{3e60160f-0ed6-4dcc-b6b6-850cde4fd217} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a69107cc-bec8-4a34-b474-211b0f46a764} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b7b84995-8b92-46bf-94aa-fa2f3dd23b84} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{fa77ad79-09cf-41fb-b171-cc856f9e737f} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : popmenu.menu Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : popup.popupkiller Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{547ab549-4dd8-4ea0-b070-f6ea062148ff} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a6a68cbd-6673-41b1-b997-3f83a25b45b0} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b71c7d9a-da43-4e8b-bb98-1684ac2af324} DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\dailytoolbar.dll DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\{951b3138-ae8e-4676-a05a-250a5f111631} DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{58f9b276-e1cc-458e-8159-21cbc021874b} DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{8333c319-0669-4893-a418-f56d9249fca6} DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : dailytoolbar.ieband DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : dailytoolbar.sysmgr DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : ietoolbar.affiliatectl DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{10195311-e434-47a9-adba-48839e3f7e4e} DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{abafa0b4-f78d-42e5-8c31-1a441d01c1df} FakeAlert Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{60e2e76b-60e2e76b-60e2e76b-60e2e76b-60e2e76b} FakeAlert Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{e52dedbb-d168-4bdb-b229-c48160800e81} WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : bridge.brdg WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1} WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : jao.jao WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27} Adware.Admess Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wsoft Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\alexa internet CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{7b55bb05-0b4d-44fd-81a6-b136188f5deb} DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\dailytoolbar DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\nix solutions\dailytoolbar Transponder Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\transponder WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{9c691a33-7dda-4c2f-be4c-c176083f35cf} WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1} WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\interface\{4fdbdbad-fefe-4c4c-9cc1-1181052afb12} WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\respondmiter VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{ffd2825e-0785-40c5-9a41-518f53a8261f} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-f09c-02b4-6ec2-ad0300000000} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-c1ec-0345-6ec2-4d0300000000} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-59d4-4008-9058-080011001200} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 47 Objects found so far: 74 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8333c319-0669-4893-a418-f56d9249fca6} FakeAlert Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e52dedbb-d168-4bdb-b229-c48160800e81} Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 76 Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:[email protected]/ Expires : 8-5-2011 10:42:14 PM LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 78 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 78 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 78 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\alexa toolbar Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\alexa toolbar Alexa Object Recognized! Type : File Data : alxres.dll TAC Rating : 5 Category : Data Miner Comment : Object : C:\WINDOWS\system32\ DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\nix solutions DailyToolbar Object Recognized! Type : File Data : dailytoolbar.dll TAC Rating : 5 Category : Misc Comment : Object : C:\WINDOWS\system32\ FakeAlert Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\windows\currentversion\runonce\srv32 spool service Value : Adware.Srv32 FakeAlert Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : Adware.Srv32 FakeAlert Object Recognized! Type : File Data : alexaie.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\ FakeAlert Object Recognized! Type : File Data : alxtb1.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\ FakeAlert Object Recognized! Type : File Data : alxie328.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\ FakeAlert Object Recognized! Type : File Data : BTGrab.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\ FakeAlert Object Recognized! Type : File Data : dlmax.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\ FakeAlert Object Recognized! Type : File Data : infected.gif TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\ FakeAlert Object Recognized! Type : File Data : Pynix.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\ FakeAlert Object Recognized! Type : File Data : susp.exe TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\ FakeAlert Object Recognized! Type : File Data : win_logo.gif TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\ FakeAlert Object Recognized! Type : File Data : ZServ.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\ FakeAlert Object Recognized! Type : File Data : a.exe TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\system32\ FakeAlert Object Recognized! Type : File Data : bridge.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\system32\ FakeAlert Object Recognized! Type : File Data : jao.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\system32\ FakeAlert Object Recognized! Type : File Data : questmod.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\system32\ FakeAlert Object Recognized! Type : File Data : runsrv32.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\system32\ FakeAlert Object Recognized! Type : File Data : runsrv32.exe TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\system32\ FakeAlert Object Recognized! Type : File Data : tcpservice2.exe TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\system32\ FakeAlert Object Recognized! Type : File Data : txfdb32.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\system32\ FakeAlert Object Recognized! Type : File Data : udpmod.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\system32\ FakeAlert Object Recognized! Type : File Data : wstart.dll TAC Rating : 5 Category : Malware Comment : Object : C:\WINDOWS\system32\ CONTINUED ON NEXT POST