|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
||||
|
||||
Time for cleanup
Hello...
I'd like to clean my computer of any/all nasties and would like some guidance, natch I came here! Tia. Spent some time doing various scans and am hoping someone will check them over to see if any problems can be spotted and resolved. Results as follows in the order in which I did each scan: AVG Scan Virus Results: Not sure if this is normal but these first 3 always seem to show up whenever I do an AVG scan - (1) Object = C:\WINDOWS\system32\kernel32.dll Result = Change Status = Changed (2) Object = C:\WINDOWS\system32\shell32.dll Result = Change Status = Changed (3) Object = C:\WINDOWS\system32\drivers\etc\hosts Result = Change Status = Changed Spyware Doctor Scan Results: Application.TrackingCookies (3 infections) - (1) atwola.com/atwola.com (2) realmedia.com/realmedia.com (3) www.burstbeacon.com/www.burstbeacon.com Adware.Advertising (2 infections) - (1) statcounter.com/statcounter.com (2) www.burstnet.com/www.burstnet.com Clicked on "fixed checked" and got "Congratulations, all infections sucessfully removed!" Norton Security Full System Scan Results: Note: I'm fairly certain that the Trojan.ByteVerify shows up each time I do a Norton scan but is supposed to be deleted, perhaps the other two as well but not quite sure. Level - High Title - Trojan.ByteVerify State - Deleted Level - High Title - Trojan.ByteVerify State - Deleted Level - High Title - Downloader State - Deleted Level - High Title - SecurityRisk.Downldr State - Deleted Note: Due to too many characters to post, had to create multiple posts, sorry. Last edited by Moon Maiden; January 6th, 2008 at 05:21 AM. Reason: error in number of posts needed |
#2
|
||||
|
||||
Part 2
Adaware Scan Results:
Ad-Aware SE Build 1.06r1 Logfile Created on:Saturday, January 05, 20086:21:27 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R210 27.12.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» » References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):20 total references Tracking Cookie(TAC index:3):6 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 1-5-20086:21:27 PM - Scan started. (Custom mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 392 ThreadCreationTime : 1-5-20084:32:07 PM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 440 ThreadCreationTime : 1-5-20084:32:09 PM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 464 ThreadCreationTime : 1-5-20084:32:11 PM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 508 ThreadCreationTime : 1-5-20084:32:12 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 520 ThreadCreationTime : 1-5-20084:32:12 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 664 ThreadCreationTime : 1-5-2008 4:32:13 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 732 ThreadCreationTime : 1-5-2008 4:32:13 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 772 ThreadCreationTime : 1-5-2008 4:32:13 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 832 ThreadCreationTime : 1-5-2008 4:32:14 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 952 ThreadCreationTime : 1-5-2008 4:32:15 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1136 ThreadCreationTime : 1-5-2008 4:32:16 PM BasePriority : Normal FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) ProductVersion : 6.00.2900.3156 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:12 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1144 ThreadCreationTime : 1-5-2008 4:32:16 PM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:13 [avgamsvr.exe] FilePath : C:\PROGRA~1\Grisoft\AVG7\ ProcessID : 1360 ThreadCreationTime : 1-5-2008 4:32:18 PM BasePriority : Normal FileVersion : 7.5.0.496 ProductVersion : 7.5.0.496 ProductName : AVG Anti-Virus system CompanyName : GRISOFT, s.r.o. FileDescription : AVG Alert Manager InternalName : avgamsvr LegalCopyright : Copyright © 2007 GRISOFT, s.r.o. OriginalFilename : avgamsvr.EXE #:14 [avgupsvc.exe] FilePath : C:\PROGRA~1\Grisoft\AVG7\ ProcessID : 1416 ThreadCreationTime : 1-5-2008 4:32:20 PM BasePriority : Normal FileVersion : 7.5.0.420 ProductVersion : 7.5.0.420 ProductName : AVG 7.5 Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Update Service InternalName : avgupsvc LegalCopyright : Copyright © 2006 GRISOFT, s.r.o. OriginalFilename : avgupdsvc.EXE #:15 [avgemc.exe] FilePath : C:\PROGRA~1\Grisoft\AVG7\ ProcessID : 1436 ThreadCreationTime : 1-5-2008 4:32:20 PM BasePriority : Normal FileVersion : 7.5.0.494 ProductVersion : 7.5.0.494 ProductName : AVG Anti-Virus system CompanyName : GRISOFT, s.r.o. FileDescription : AVG E-Mail Scanner InternalName : avgemc LegalCopyright : Copyright © 2007 GRISOFT, s.r.o. OriginalFilename : avgemc.exe #:16 [avgcc.exe] FilePath : C:\PROGRA~1\Grisoft\AVG7\ ProcessID : 1476 ThreadCreationTime : 1-5-2008 4:32:22 PM BasePriority : Normal FileVersion : 7.5.0.497 ProductVersion : 7.5.0.497 ProductName : AVG Anti-Virus system CompanyName : GRISOFT, s.r.o. FileDescription : AVG Control Center InternalName : AvgCC LegalCopyright : Copyright © 2007 GRISOFT, s.r.o. OriginalFilename : AvgCC.EXE #:17 [jusched.exe] FilePath : C:\Program Files\Java\jre1.6.0_02\bin\ ProcessID : 1500 ThreadCreationTime : 1-5-2008 4:32:22 PM BasePriority : Normal #:18 [hpwuschd2.exe] FilePath : C:\Program Files\HP\HP Software Update\ ProcessID : 1520 ThreadCreationTime : 1-5-2008 4:32:22 PM BasePriority : Normal FileVersion : 2, 0, 39, 0 ProductVersion : 2, 0, 39, 0 ProductName : Hewlett-Packard hpwuSchd CompanyName : Hewlett-Packard Company FileDescription : hpwuSchd InternalName : hpwuSchd LegalCopyright : Copyright © 2003 OriginalFilename : hpwuSchd2.exe #:19 [hpcmpmgr.exe] FilePath : C:\Program Files\HP\hpcoretech\ ProcessID : 1528 ThreadCreationTime : 1-5-2008 4:32:23 PM BasePriority : Normal FileVersion : 2.1.1.0 ProductVersion : 2.1.5 ProductName : hp coretech (COmponent REuse TECHnology) CompanyName : Hewlett-Packard Company FileDescription : HP Framework Component Manager Service InternalName : HPComponentManagerService module LegalCopyright : Copyright (C) Hewlett-Packard. 2002-2004 OriginalFilename : HpCmpMgr.exe Continued in the next post... |
#3
|
||||
|
||||
Part 3
Adaware Scan Results Cont…:
#:20 [zlclient.exe] FilePath : C:\Program Files\Zone Alarm\ZoneAlarm\ ProcessID : 1536 ThreadCreationTime : 1-5-20084:32:23 PM BasePriority : Normal FileVersion : 7.0.408.000 ProductVersion : 7.0.408.000 ProductName : ZoneAlarm Client CompanyName : Zone Labs, LLC FileDescription : ZoneAlarm Client InternalName : zlclient LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC OriginalFilename : zlclient.exe #:21 [ewidoctrl.exe] FilePath : C:\Program Files\Ewido Security Trial\ewido anti-malware\ ProcessID : 1544 ThreadCreationTime : 1-5-20084:32:23 PM BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : ewido control CompanyName : ewido networks FileDescription : ewido control InternalName : ewido control LegalCopyright : Copyright © 2004 OriginalFilename : ewidoctrl.exe #:22 [sdtrayapp.exe] FilePath : C:\Program Files\Spyware Doctor\ ProcessID : 1548 ThreadCreationTime : 1-5-20084:32:23 PM BasePriority : Normal FileVersion : 5.0.5.31 ProductVersion : 5.0.5 CompanyName : PC Tools FileDescription : PC Tools Tray Application LegalCopyright : Copyright © 2007 PC Tools. All rights reserved. #:23 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1596 ThreadCreationTime : 1-5-20084:32:23 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:24 [googleupdater.exe] FilePath : C:\Program Files\Google\Google Updater\ ProcessID : 1612 ThreadCreationTime : 1-5-20084:32:24 PM BasePriority : Normal FileVersion : 2.2.969.23408.beta ProductVersion : 2.2.969.23408.beta ProductName : Google Updater CompanyName : Google FileDescription : Google Updater InternalName : Google Updater LegalCopyright : ©2005-2006 Google. All Rights Reserved. OriginalFilename : GoogleUpdater.exe Comments : Google Updater #:25 [hpqtra08.exe] FilePath : C:\Program Files\HP\Digital Imaging\bin\ ProcessID : 1620 ThreadCreationTime : 1-5-20084:32:24 PM BasePriority : Normal FileVersion : 43.1.5.000 ProductVersion : 043.001.005.000 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP Digital Imaging Monitor (CUE) InternalName : HPQTRA00 LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2004 OriginalFilename : HPQTRA00.EXE Comments : HP Digital Imaging Monitor (CUE) #:26 [easyshare.exe] FilePath : C:\Program Files\Kodak\Kodak EasyShare software\bin\ ProcessID : 1640 ThreadCreationTime : 1-5-20084:32:24 PM BasePriority : Normal FileVersion : 6, 31, 25, 90 ProductVersion : 6, 3, 1, 30 ProductName : Kodak EasyShare Software CompanyName : Eastman Kodak Company FileDescription : Kodak EasyShare Software InternalName : EasyShare LegalCopyright : © Eastman Kodak Company, 2002-2006. All Rights Reserved. OriginalFilename : EasyShare.exe #:27 [kodak software updater.exe] FilePath : C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\ ProcessID : 1652 ThreadCreationTime : 1-5-20084:32:24 PM BasePriority : Normal #:28 [tabuserw.exe] FilePath : C:\WINDOWS\system32\WTablet\ ProcessID : 1660 ThreadCreationTime : 1-5-20084:32:25 PM BasePriority : Normal FileVersion : 4.94-3 ProductVersion : 4.94-3 ProductName : Wacom Technology, Corp. TABUSERW CompanyName : Wacom Technology, Corp. FileDescription : TABUSERW InternalName : TABUSERW LegalCopyright : Copyright © 1997,1998,1999,2000,2001,2002,2003,2004,2005 Wacom Technology, Corp. OriginalFilename : TABUSERW.EXE Comments : TestBuild_Mon_12-05-2005__1155_AM #:29 [googleupdaterservice.exe] FilePath : C:\Program Files\Google\Common\Google Updater\ ProcessID : 1668 ThreadCreationTime : 1-5-20084:32:27 PM BasePriority : Normal FileVersion : 2.2.824.5515.beta ProductVersion : 2.2.824.5515.beta ProductName : Google Updater CompanyName : Google FileDescription : gusvc InternalName : gusvc LegalCopyright : ©2005-2006 Google. All Rights Reserved. OriginalFilename : GoogleUpdaterService.exe Comments : Google Updater Continued... |
#4
|
||||
|
||||
Part 4
Adaware Scan Results Cont…:
#:30 [mdm.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\ ProcessID : 1752 ThreadCreationTime : 1-5-20084:32:28 PM BasePriority : Normal FileVersion : 7.00.9064.9150 ProductVersion : 7.00.9064.9150 ProductName : Microsoft Development Environment CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000 OriginalFilename : mdm.exe #:31 [svcntaux.exe] FilePath : C:\Program Files\Spyware Doctor\ ProcessID : 1860 ThreadCreationTime : 1-5-20084:32:29 PM BasePriority : Normal FileVersion : 5.0.5.2 ProductVersion : 5.0.5 CompanyName : PC Tools FileDescription : PC Tools Auxiliary Service LegalCopyright : Copyright © 2007 PC Tools. All rights reserved. #:32 [swdsvc.exe] FilePath : C:\Program Files\Spyware Doctor\ ProcessID : 1936 ThreadCreationTime : 1-5-20084:32:32 PM BasePriority : Normal FileVersion : 5.0.5.23 ProductVersion : 5.0.5 CompanyName : PC Tools FileDescription : Spyware Doctor Service LegalCopyright : Copyright © 2007 PC Tools. All rights reserved. #:33 [hpqgalry.exe] FilePath : C:\Program Files\HP\Digital Imaging\bin\ ProcessID : 2020 ThreadCreationTime : 1-5-20084:32:34 PM BasePriority : Normal #:34 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 384 ThreadCreationTime : 1-5-20084:32:38 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:35 [tablet.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 424 ThreadCreationTime : 1-5-20084:32:39 PM BasePriority : High #:36 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 884 ThreadCreationTime : 1-5-20084:32:40 PM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:37 [vsmon.exe] FilePath : C:\WINDOWS\system32\ZoneLabs\ ProcessID : 984 ThreadCreationTime : 1-5-20084:32:41 PM BasePriority : Normal FileVersion : 7.0.408.000 ProductVersion : 7.0.408.000 ProductName : TrueVectorService CompanyName : Zone Labs, LLC FileDescription : TrueVectorService InternalName : vsmon LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC OriginalFilename : vsmon.exe #:38 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2876 ThreadCreationTime : 1-5-20084:33:45 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:39 [wordpad.exe] FilePath : C:\Program Files\Windows NT\Accessories\ ProcessID : 3452 ThreadCreationTime : 1-5-20087:26:25 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WordPad MFC Application InternalName : wordpad LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wordpad #:40 [ad-aware.exe] FilePath : C:\Program Files\Adaware\Ad-Aware SEPersonal\ ProcessID : 944 ThreadCreationTime : 1-5-200811:12:57 PM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Continued... |
#5
|
||||
|
||||
Part 5
Adaware Scan Results Cont…:
Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 MRU List Object Recognized! Location: : C:\Documents and Settings\me\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\me\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\jasc\paint shop pro 7\general Description : last save as directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\jasc\paint shop pro 7\recent file list Description : list of recently used files in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\jasc\paint shop pro 8\recent file list Description : list of recently used files in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\direct3d\mostrecentapplica tion Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\direct3d\mostrecentapplica tion Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplicatio n Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\directinput\mostrecentappl ication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\directinput\mostrecentappl ication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\windows\currentversion\exp lorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\windows\currentversion\exp lorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\windows\currentversion\exp lorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\windows media\wmsdk\general Description : windows media sdk Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : me@revsci[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:me@revsci.net/ Expires : 12-19-20081:54:12 PM LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : me@realmedia[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:me@realmedia.com/ Expires : 12-31-20207:00:00 PM LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : me@about[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:206 Value : Cookie:me@about.com/ Expires : 12-30-1899 LastSync : Hits:206 UseCount : 0 Hits : 206 Tracking Cookie Object Recognized! Type : IECache Entry Data : me@statcounter[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:me@statcounter.com/ Expires : 12-19-20122:42:42 PM LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : me@tacoda[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:325 Value : Cookie:me@tacoda.net/ Expires : 12-26-20084:41:44 PM LastSync : Hits:325 UseCount : 0 Hits : 325 Tracking Cookie Object Recognized! Type : IECache Entry Data : me@www.burstnet[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:7 Value : Cookie:me@www.burstnet.com/ Expires : 1-3-20082:26:54 PM LastSync : Hits:7 UseCount : 0 Hits : 7 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 6 Objects found so far: 26 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 26 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 40 entries scanned. New critical objects:0 Objects found so far: 26 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 26 6:56:10 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:34:43.78 Objects scanned:224463 Objects identified:6 Objects ignored:0 New critical objects:6 Continued... |
#6
|
||||
|
||||
Part 6
Superantispyware Scan Results:
Note: atwola and burstbeacon show up again in this scan but were supposedly "successfully removed" by the Spyware Doctor scan. Adware.TrackingCookie (4 items) (1) C:\Documents and Settings\me\Cookies\me@ads.revsci.txt (2) C:\Documents and Settings\me\Cookies\me@anad.tacoda.txt (3) C:\Documents and Settings\me\Cookies\me@atwola.txt (4) C:\Documents and Settings\me\Cookies\me@www.burstbeacon.txt HijackthisLogfile: Logfile of HijackThis v1.99.1 Scan saved at 8:30:40 PM, on 1/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Zone Alarm\ZoneAlarm\zlclient.exe C:\Program Files\Ewido Security Trial\ewido anti-malware\ewidoctrl.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Windows NT\Accessories\wordpad.exe C:\Program Files\HijackThis\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: 65.75.216.6 www.winmx.com err.winmx.com O1 - Hosts: 205.238.40.54 www.winmx.com err.winmx.com O1 - Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com O1 - Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com O1 - Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com O1 - Hosts: 205.238.40.1 cache3.winmx.com test3204.winmx.com O1 - Hosts: 205.238.40.2 cache4.winmx.com test3205.winmx.com O1 - Hosts: 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com O1 - Hosts: 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com O1 - Hosts: 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com O1 - Hosts: 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com O1 - Hosts: 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com O1 - Hosts: 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com O1 - Hosts: 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com O1 - Hosts: 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com O1 - Hosts: 82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com O1 - Hosts: 82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com O1 - Hosts: 65.75.216.6 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com O1 - Hosts: 205.238.40.54 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com O1 - Hosts: 65.75.216.6 test0.winmxgroup.net test5.winmxgroup.net O1 - Hosts: 65.75.216.7 test1.winmxgroup.net test6.winmxgroup.net O1 - Hosts: 82.43.229.238 test2.winmxgroup.net O1 - Hosts: 205.238.40.1 test3.winmxgroup.net O1 - Hosts: 205.238.40.2 test4.winmxgroup.net O1 - Hosts: 65.75.216.6 cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net O1 - Hosts: 65.75.216.7 cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net O1 - Hosts: 82.43.229.238 cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net O1 - Hosts: 205.238.40.1 cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net O1 - Hosts: 205.238.40.2 cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: GoogleToolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Alarm\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} - http://www.silvercrk.com/php/hweuchr...3_10968041.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames...e.cab50108.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames...l.cab56649.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames...A.cab40641.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{48E60D89-D0F7-4A1C-A2B5-75593E9C71FC}: NameServer = 207.164.234.193 207.164.234.129 O17 - HKLM\System\CS1\Services\Tcpip\..\{48E60D89-D0F7-4A1C-A2B5-75593E9C71FC}: NameServer = 207.164.234.193 207.164.234.129 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SuperAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido Security Trial\ewido anti-malware\ewidoctrl.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Again, thanks in advance and sorry for so many posts. |
#7
|
||||
|
||||
Hello Moon Maiden,
Yes, with all the extra posting you did in your own request thread there really is no way one of us would know this request was not being actively worked with. However, I don't see any real indication of infection in all this. Ad-Aware logs tend to make things look nefarious but often finds little in the way of infection. Looks like your concerns over the file change alerts brought all this on - have you updated AVG since then and run another scan with it? |
#8
|
||||
|
||||
Hi Tom:
Thanks for replying. I updated AVG and ran another scan tonight, it came back clean except for: (1) Object = C:\WINDOWS\system32\kernel32.dll Result = Change Status = Changed (2) Object = C:\WINDOWS\system32\shell32.dll Result = Change Status = Changed (3) Object = C:\WINDOWS\system32\drivers\etc\hosts Result = Change Status = Changed Again, I've no clue whether this is normal or not. I also ran a Kaspersky scan directly after the AVG scan and it said that my computer is infected with Exploit.Java.ByteVerify, which would explain why in my previous scans (posted) that Norton keeps showing "Trojan.ByteVerify" every time I scan with Nortion (of course it also keeps saying that it's deleted it too). If you'd like, I can post a copy of the Kaspersky scan as I saved it just in case. Another thing that concerns me is that Superantispyware showed atwola and burstbeacon after they were both supposedly sucessfully removed by Spyware Doctor. I haven't yet scanned again for spyware/adware since my last postings. Will do whatever you suggest. P.S. - is your siggy from a movie called Summer Rental? |
#9
|
||||
|
||||
Not sure about the movie. I don't see many of them. The many items being found, though with seemingly mean sounding names, are just cookies. You will always get these, and some will have names like that depending on what tracking or info they have. The AVG issues are likely then interaction with the other security software there. If Spyware Doctor is placing a block on Hosts file changes, AVG is finding a change to the Hosts file. Just an example of what might be occurring. Disable all other security software and check again, also reboot if you haven't recently as well in all this.
|
#10
|
||||
|
||||
Hi Tom:
Thank you for your time and advice. |
#11
|
||||
|
||||
Glad to assist - it was corrected then?
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
cleanup | b|ingB|ing | Windows XP | 25 | July 24th, 2006 10:56 PM |
Freeware to find files by date and TIME? Time is the key! | j_hallgren | Applications | 0 | April 18th, 2005 05:23 PM |
CleanUp! | t20009 | Applications | 9 | December 11th, 2004 07:57 AM |
cleanup | dumb | Windows ME | 2 | June 24th, 2003 02:48 PM |
All times are GMT +1. The time now is 10:49 AM.