Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old January 6th, 2008, 04:57 AM
Moon Maiden's Avatar
Moon Maiden Moon Maiden is offline
Member
 
Join Date: Sep 2005
O/S: Windows Vista 32-bit
Posts: 63
Time for cleanup

Hello...

I'd like to clean my computer of any/all nasties and would like some guidance, natch I came here! Tia.

Spent some time doing various scans and am hoping someone will check them over to see if any problems can be spotted and resolved. Results as follows in the order in which I did each scan:


AVG Scan Virus Results:

Not sure if this is normal but these first 3 always seem to show up whenever I do an AVG scan -
(1) Object = C:\WINDOWS\system32\kernel32.dll Result = Change Status = Changed
(2) Object = C:\WINDOWS\system32\shell32.dll Result = Change Status = Changed
(3) Object = C:\WINDOWS\system32\drivers\etc\hosts Result = Change Status = Changed


Spyware Doctor Scan Results:

Application.TrackingCookies (3 infections) -
(1) atwola.com/atwola.com
(2) realmedia.com/realmedia.com
(3) www.burstbeacon.com/www.burstbeacon.com

Adware.Advertising (2 infections) -
(1) statcounter.com/statcounter.com
(2) www.burstnet.com/www.burstnet.com
Clicked on "fixed checked" and got "Congratulations, all infections sucessfully removed!"


Norton Security Full System Scan Results:

Note: I'm fairly certain that the Trojan.ByteVerify shows up each time I do a Norton scan but is supposed to be deleted, perhaps the other two as well but not quite sure.

Level - High Title - Trojan.ByteVerify State - Deleted
Level - High Title - Trojan.ByteVerify State - Deleted
Level - High Title - Downloader State - Deleted
Level - High Title - SecurityRisk.Downldr State - Deleted

Note: Due to too many characters to post, had to create multiple posts, sorry.

Last edited by Moon Maiden; January 6th, 2008 at 05:21 AM. Reason: error in number of posts needed
Reply With Quote
  #2  
Old January 6th, 2008, 05:04 AM
Moon Maiden's Avatar
Moon Maiden Moon Maiden is offline
Member
 
Join Date: Sep 2005
O/S: Windows Vista 32-bit
Posts: 63
Part 2

Adaware Scan Results:

Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, January 05, 20086:21:27 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R210 27.12.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):20 total references
Tracking Cookie(TAC index:3):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

1-5-20086:21:27 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 392
ThreadCreationTime : 1-5-20084:32:07 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 440
ThreadCreationTime : 1-5-20084:32:09 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 464
ThreadCreationTime : 1-5-20084:32:11 PM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 508
ThreadCreationTime : 1-5-20084:32:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 520
ThreadCreationTime : 1-5-20084:32:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 664
ThreadCreationTime : 1-5-2008 4:32:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 1-5-2008 4:32:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 772
ThreadCreationTime : 1-5-2008 4:32:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 832
ThreadCreationTime : 1-5-2008 4:32:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 952
ThreadCreationTime : 1-5-2008 4:32:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1136
ThreadCreationTime : 1-5-2008 4:32:16 PM
BasePriority : Normal
FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
ProductVersion : 6.00.2900.3156
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1144
ThreadCreationTime : 1-5-2008 4:32:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 1360
ThreadCreationTime : 1-5-2008 4:32:18 PM
BasePriority : Normal
FileVersion : 7.5.0.496
ProductVersion : 7.5.0.496
ProductName : AVG Anti-Virus system
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:14 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 1416
ThreadCreationTime : 1-5-2008 4:32:20 PM
BasePriority : Normal
FileVersion : 7.5.0.420
ProductVersion : 7.5.0.420
ProductName : AVG 7.5 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:15 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 1436
ThreadCreationTime : 1-5-2008 4:32:20 PM
BasePriority : Normal
FileVersion : 7.5.0.494
ProductVersion : 7.5.0.494
ProductName : AVG Anti-Virus system
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:16 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 1476
ThreadCreationTime : 1-5-2008 4:32:22 PM
BasePriority : Normal
FileVersion : 7.5.0.497
ProductVersion : 7.5.0.497
ProductName : AVG Anti-Virus system
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:17 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.6.0_02\bin\
ProcessID : 1500
ThreadCreationTime : 1-5-2008 4:32:22 PM
BasePriority : Normal

#:18 [hpwuschd2.exe]
FilePath : C:\Program Files\HP\HP Software Update\
ProcessID : 1520
ThreadCreationTime : 1-5-2008 4:32:22 PM
BasePriority : Normal
FileVersion : 2, 0, 39, 0
ProductVersion : 2, 0, 39, 0
ProductName : Hewlett-Packard hpwuSchd
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd2.exe

#:19 [hpcmpmgr.exe]
FilePath : C:\Program Files\HP\hpcoretech\
ProcessID : 1528
ThreadCreationTime : 1-5-2008 4:32:23 PM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.5
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright (C) Hewlett-Packard. 2002-2004
OriginalFilename : HpCmpMgr.exe


Continued in the next post...
Reply With Quote
  #3  
Old January 6th, 2008, 05:09 AM
Moon Maiden's Avatar
Moon Maiden Moon Maiden is offline
Member
 
Join Date: Sep 2005
O/S: Windows Vista 32-bit
Posts: 63
Part 3

Adaware Scan Results Cont…:

#:20 [zlclient.exe]
FilePath : C:\Program Files\Zone Alarm\ZoneAlarm\
ProcessID : 1536
ThreadCreationTime : 1-5-20084:32:23 PM
BasePriority : Normal
FileVersion : 7.0.408.000
ProductVersion : 7.0.408.000
ProductName : ZoneAlarm Client
CompanyName : Zone Labs, LLC
FileDescription : ZoneAlarm Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:21 [ewidoctrl.exe]
FilePath : C:\Program Files\Ewido Security Trial\ewido anti-malware\
ProcessID : 1544
ThreadCreationTime : 1-5-20084:32:23 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:22 [sdtrayapp.exe]
FilePath : C:\Program Files\Spyware Doctor\
ProcessID : 1548
ThreadCreationTime : 1-5-20084:32:23 PM
BasePriority : Normal
FileVersion : 5.0.5.31
ProductVersion : 5.0.5
CompanyName : PC Tools
FileDescription : PC Tools Tray Application
LegalCopyright : Copyright © 2007 PC Tools. All rights reserved.

#:23 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1596
ThreadCreationTime : 1-5-20084:32:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:24 [googleupdater.exe]
FilePath : C:\Program Files\Google\Google Updater\
ProcessID : 1612
ThreadCreationTime : 1-5-20084:32:24 PM
BasePriority : Normal
FileVersion : 2.2.969.23408.beta
ProductVersion : 2.2.969.23408.beta
ProductName : Google Updater
CompanyName : Google
FileDescription : Google Updater
InternalName : Google Updater
LegalCopyright : ©2005-2006 Google. All Rights Reserved.
OriginalFilename : GoogleUpdater.exe
Comments : Google Updater

#:25 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 1620
ThreadCreationTime : 1-5-20084:32:24 PM
BasePriority : Normal
FileVersion : 43.1.5.000
ProductVersion : 043.001.005.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:26 [easyshare.exe]
FilePath : C:\Program Files\Kodak\Kodak EasyShare software\bin\
ProcessID : 1640
ThreadCreationTime : 1-5-20084:32:24 PM
BasePriority : Normal
FileVersion : 6, 31, 25, 90
ProductVersion : 6, 3, 1, 30
ProductName : Kodak EasyShare Software
CompanyName : Eastman Kodak Company
FileDescription : Kodak EasyShare Software
InternalName : EasyShare
LegalCopyright : © Eastman Kodak Company, 2002-2006. All Rights Reserved.
OriginalFilename : EasyShare.exe

#:27 [kodak software updater.exe]
FilePath : C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\
ProcessID : 1652
ThreadCreationTime : 1-5-20084:32:24 PM
BasePriority : Normal

#:28 [tabuserw.exe]
FilePath : C:\WINDOWS\system32\WTablet\
ProcessID : 1660
ThreadCreationTime : 1-5-20084:32:25 PM
BasePriority : Normal
FileVersion : 4.94-3
ProductVersion : 4.94-3
ProductName : Wacom Technology, Corp. TABUSERW
CompanyName : Wacom Technology, Corp.
FileDescription : TABUSERW
InternalName : TABUSERW
LegalCopyright : Copyright © 1997,1998,1999,2000,2001,2002,2003,2004,2005 Wacom Technology, Corp.
OriginalFilename : TABUSERW.EXE
Comments : TestBuild_Mon_12-05-2005__1155_AM

#:29 [googleupdaterservice.exe]
FilePath : C:\Program Files\Google\Common\Google Updater\
ProcessID : 1668
ThreadCreationTime : 1-5-20084:32:27 PM
BasePriority : Normal
FileVersion : 2.2.824.5515.beta
ProductVersion : 2.2.824.5515.beta
ProductName : Google Updater
CompanyName : Google
FileDescription : gusvc
InternalName : gusvc
LegalCopyright : ©2005-2006 Google. All Rights Reserved.
OriginalFilename : GoogleUpdaterService.exe
Comments : Google Updater

Continued...
Reply With Quote
  #4  
Old January 6th, 2008, 05:12 AM
Moon Maiden's Avatar
Moon Maiden Moon Maiden is offline
Member
 
Join Date: Sep 2005
O/S: Windows Vista 32-bit
Posts: 63
Part 4

Adaware Scan Results Cont…:

#:30 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1752
ThreadCreationTime : 1-5-20084:32:28 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:31 [svcntaux.exe]
FilePath : C:\Program Files\Spyware Doctor\
ProcessID : 1860
ThreadCreationTime : 1-5-20084:32:29 PM
BasePriority : Normal
FileVersion : 5.0.5.2
ProductVersion : 5.0.5
CompanyName : PC Tools
FileDescription : PC Tools Auxiliary Service
LegalCopyright : Copyright © 2007 PC Tools. All rights reserved.

#:32 [swdsvc.exe]
FilePath : C:\Program Files\Spyware Doctor\
ProcessID : 1936
ThreadCreationTime : 1-5-20084:32:32 PM
BasePriority : Normal
FileVersion : 5.0.5.23
ProductVersion : 5.0.5
CompanyName : PC Tools
FileDescription : Spyware Doctor Service
LegalCopyright : Copyright © 2007 PC Tools. All rights reserved.

#:33 [hpqgalry.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 2020
ThreadCreationTime : 1-5-20084:32:34 PM
BasePriority : Normal

#:34 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 384
ThreadCreationTime : 1-5-20084:32:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:35 [tablet.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 424
ThreadCreationTime : 1-5-20084:32:39 PM
BasePriority : High

#:36 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 884
ThreadCreationTime : 1-5-20084:32:40 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:37 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 984
ThreadCreationTime : 1-5-20084:32:41 PM
BasePriority : Normal
FileVersion : 7.0.408.000
ProductVersion : 7.0.408.000
ProductName : TrueVectorService
CompanyName : Zone Labs, LLC
FileDescription : TrueVectorService
InternalName : vsmon
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:38 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2876
ThreadCreationTime : 1-5-20084:33:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:39 [wordpad.exe]
FilePath : C:\Program Files\Windows NT\Accessories\
ProcessID : 3452
ThreadCreationTime : 1-5-20087:26:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WordPad MFC Application
InternalName : wordpad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wordpad

#:40 [ad-aware.exe]
FilePath : C:\Program Files\Adaware\Ad-Aware SEPersonal\
ProcessID : 944
ThreadCreationTime : 1-5-200811:12:57 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Continued...
Reply With Quote
  #5  
Old January 6th, 2008, 05:15 AM
Moon Maiden's Avatar
Moon Maiden Moon Maiden is offline
Member
 
Join Date: Sep 2005
O/S: Windows Vista 32-bit
Posts: 63
Part 5

Adaware Scan Results Cont…:

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
MRU List Object Recognized!
Location: : C:\Documents and Settings\me\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office

MRU List Object Recognized!
Location: : C:\Documents and Settings\me\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\jasc\paint shop pro 7\general
Description : last save as directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\jasc\paint shop pro 7\recent file list
Description : list of recently used files in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\jasc\paint shop pro 8\recent file list
Description : list of recently used files in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\direct3d\mostrecentapplica tion
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\direct3d\mostrecentapplica tion
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplicatio n
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\directinput\mostrecentappl ication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\directinput\mostrecentappl ication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant

MRU List Object Recognized!
Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\windows\currentversion\exp lorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\windows\currentversion\exp lorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\windows\currentversion\exp lorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-1202660629-1085031214-725345543-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : me@revsci[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:me@revsci.net/
Expires : 12-19-20081:54:12 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : me@realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:me@realmedia.com/
Expires : 12-31-20207:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : me@about[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:206
Value : Cookie:me@about.com/
Expires : 12-30-1899
LastSync : Hits:206
UseCount : 0
Hits : 206
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : me@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:me@statcounter.com/
Expires : 12-19-20122:42:42 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : me@tacoda[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:325
Value : Cookie:me@tacoda.net/
Expires : 12-26-20084:41:44 PM
LastSync : Hits:325
UseCount : 0
Hits : 325
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : me@www.burstnet[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:me@www.burstnet.com/
Expires : 1-3-20082:26:54 PM
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 26


Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
40 entries scanned.
New critical objects:0
Objects found so far: 26



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26
6:56:10 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:34:43.78
Objects scanned:224463
Objects identified:6
Objects ignored:0
New critical objects:6

Continued...
Reply With Quote
  #6  
Old January 6th, 2008, 05:19 AM
Moon Maiden's Avatar
Moon Maiden Moon Maiden is offline
Member
 
Join Date: Sep 2005
O/S: Windows Vista 32-bit
Posts: 63
Part 6

Superantispyware Scan Results:

Note: atwola and burstbeacon show up again in this scan but were supposedly "successfully removed" by the Spyware Doctor scan.

Adware.TrackingCookie (4 items)
(1) C:\Documents and Settings\me\Cookies\me@ads.revsci.txt
(2) C:\Documents and Settings\me\Cookies\me@anad.tacoda.txt
(3) C:\Documents and Settings\me\Cookies\me@atwola.txt
(4) C:\Documents and Settings\me\Cookies\me@www.burstbeacon.txt



HijackthisLogfile:

Logfile of HijackThis v1.99.1
Scan saved at 8:30:40 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Zone Alarm\ZoneAlarm\zlclient.exe
C:\Program Files\Ewido Security Trial\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\HijackThis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 65.75.216.6 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.54 www.winmx.com err.winmx.com
O1 - Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com
O1 - Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.1 cache3.winmx.com test3204.winmx.com
O1 - Hosts: 205.238.40.2 cache4.winmx.com test3205.winmx.com
O1 - Hosts: 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O1 - Hosts: 65.75.216.6 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
O1 - Hosts: 205.238.40.54 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
O1 - Hosts: 65.75.216.6 test0.winmxgroup.net test5.winmxgroup.net
O1 - Hosts: 65.75.216.7 test1.winmxgroup.net test6.winmxgroup.net
O1 - Hosts: 82.43.229.238 test2.winmxgroup.net
O1 - Hosts: 205.238.40.1 test3.winmxgroup.net
O1 - Hosts: 205.238.40.2 test4.winmxgroup.net
O1 - Hosts: 65.75.216.6 cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net
O1 - Hosts: 65.75.216.7 cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net
O1 - Hosts: 82.43.229.238 cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net
O1 - Hosts: 205.238.40.1 cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net
O1 - Hosts: 205.238.40.2 cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: GoogleToolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Alarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} - http://www.silvercrk.com/php/hweuchr...3_10968041.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames...e.cab50108.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames...l.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames...A.cab40641.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{48E60D89-D0F7-4A1C-A2B5-75593E9C71FC}: NameServer = 207.164.234.193 207.164.234.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{48E60D89-D0F7-4A1C-A2B5-75593E9C71FC}: NameServer = 207.164.234.193 207.164.234.129
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SuperAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido Security Trial\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Again, thanks in advance and sorry for so many posts.
Reply With Quote
  #7  
Old January 9th, 2008, 05:26 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Hello Moon Maiden,

Yes, with all the extra posting you did in your own request thread there really is no way one of us would know this request was not being actively worked with. However, I don't see any real indication of infection in all this. Ad-Aware logs tend to make things look nefarious but often finds little in the way of infection. Looks like your concerns over the file change alerts brought all this on - have you updated AVG since then and run another scan with it?
Reply With Quote
  #8  
Old January 10th, 2008, 06:25 AM
Moon Maiden's Avatar
Moon Maiden Moon Maiden is offline
Member
 
Join Date: Sep 2005
O/S: Windows Vista 32-bit
Posts: 63
Hi Tom:
Thanks for replying.

I updated AVG and ran another scan tonight, it came back clean except for:

(1) Object = C:\WINDOWS\system32\kernel32.dll Result = Change Status = Changed
(2) Object = C:\WINDOWS\system32\shell32.dll Result = Change Status = Changed
(3) Object = C:\WINDOWS\system32\drivers\etc\hosts Result = Change Status = Changed

Again, I've no clue whether this is normal or not.

I also ran a Kaspersky scan directly after the AVG scan and it said that my computer is infected with Exploit.Java.ByteVerify, which would explain why in my previous scans (posted) that Norton keeps showing "Trojan.ByteVerify" every time I scan with Nortion (of course it also keeps saying that it's deleted it too). If you'd like, I can post a copy of the Kaspersky scan as I saved it just in case.

Another thing that concerns me is that Superantispyware showed atwola and burstbeacon after they were both supposedly sucessfully removed by Spyware Doctor. I haven't yet scanned again for spyware/adware since my last postings.

Will do whatever you suggest.

P.S. - is your siggy from a movie called Summer Rental?
Reply With Quote
  #9  
Old January 10th, 2008, 04:23 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Not sure about the movie. I don't see many of them. The many items being found, though with seemingly mean sounding names, are just cookies. You will always get these, and some will have names like that depending on what tracking or info they have. The AVG issues are likely then interaction with the other security software there. If Spyware Doctor is placing a block on Hosts file changes, AVG is finding a change to the Hosts file. Just an example of what might be occurring. Disable all other security software and check again, also reboot if you haven't recently as well in all this.
Reply With Quote
  #10  
Old January 13th, 2008, 08:53 PM
Moon Maiden's Avatar
Moon Maiden Moon Maiden is offline
Member
 
Join Date: Sep 2005
O/S: Windows Vista 32-bit
Posts: 63
Hi Tom:

Thank you for your time and advice.
Reply With Quote
  #11  
Old January 14th, 2008, 03:41 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Glad to assist - it was corrected then?
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
cleanup b|ingB|ing Windows XP 25 July 24th, 2006 10:56 PM
Freeware to find files by date and TIME? Time is the key! j_hallgren Applications 0 April 18th, 2005 05:23 PM
CleanUp! t20009 Applications 9 December 11th, 2004 07:57 AM
cleanup dumb Windows ME 2 June 24th, 2003 02:48 PM


All times are GMT +1. The time now is 03:07 PM.