Jump to content


Privacy Danger, Will Robinson!

Started by Magnetic, Jun 27 2007 11:10 PM

  • You cannot reply to this topic
12 replies to this topic

#1 OFFLINE   Magnetic

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 27 June 2007 - 11:10 PM

And so it seems that I too have the Privacy Danger bug. So far, Zonealarm, Norton Antivirus, SUPERAntiSpyware (Free Edition), TrojanHunter, Counterspy, and a few other anti-spyware and anti-virus programs have each failed, although the situation seems to have improved somewhat.

Currently, the only obvious items are the red desktop background with the biohazard and, on more-or-less infrequent occasions, the attempt to open up a webpage to download "Privacy Protection" software. Prior to running software to remove the malicious content, it was accompanied by the text being typed being messed up liekso and much more frequent set of attempts to open Internet Explorer and load the "Privacy Protection" webpages. Those, at least, are the obvious symptoms.

I have attached a screenshot of the image overlayed upon the desktop. You can close out of it using the menu that's been opened in the upper left-hand corner, but it reappears after some time.

Attached File  PRIVACY_DANGER.jpg   89.15K   28 downloads





Here is the HijackThis log.


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:21:35 PM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\sd301r3c\dc\DcrServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Program Files\MemoryBoost\MemoryBoost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\WorldClock\WorldClock.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrus Alarm Clock\citrusac.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\wwSecure.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sun\SUN.EXE
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\My Download Files D\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2DFC54AD-2B04-4E4A-96FA-79D2701F3763} - C:\PROGRA~1\EvoCorp\WEBCAL~1\WEBCAL~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: MSVPS System - {A1770FD6-A7CB-44DA-AD2C-692D2A2B521B} - C:\WINDOWS\vpsnetwork.dll
O2 - BHO: MSVPS System - {E4BAF378-7320-4A48-91DD-D9CCDDF6458E} - C:\WINDOWS\vpsnetwork.dll
O2 - BHO: IE to Lightning Helper - {F1FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\Lightning Download\LD_Catch.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [MemoryBoost] "C:\Program Files\MemoryBoost\MemoryBoost.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Enterra Icon Keeper] "C:\Program Files\Enterra\Icon Keeper\IcnKeepr.exe" ssp /s
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKCU\..\Run: [Controlled StartUp] C:\Program Files\StartUp Organizer\Ctrl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [WorldClock] "C:\Program Files\WorldClock\WorldClock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Program Files\Citrus Alarm Clock\citrusac.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "(Name Deleted)"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: WebCaliber - {2DFC54AE-2B04-4E4A-96FA-79D2701F3763} - C:\PROGRA~1\EvoCorp\WEBCAL~1\WEBCAL~1.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} - http://www.windowsec...an/TDECntrl.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - http://www.pestscan....r/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_1_0_0_41.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126655062287
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth.ne...bls_speedop.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - http://pbells.broadjump.com/wizlet/Standar...wActiveXCab.CAB
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: vpssup - {9C6ABEE6-60DF-4E0D-BBB8-22371E7AF791} - C:\WINDOWS\vpssup.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DriveCrypt Service (DriveCryptService) - Unknown owner - C:\WINDOWS\sd301r3c\dc\DcrServ.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 12510 bytes




Edit: Heh. I didn't even notice the pixel by pixel size of the image. It sort of fits the red background, do you think not?

#2 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 27 June 2007 - 11:42 PM

Welcome to the forum. :)

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

#3 OFFLINE   Magnetic

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 28 June 2007 - 02:17 AM

SDFix Report:


SDFix: Version 1.88

Run by (Name Deleted) on Wed 06/27/2007 at 09:41 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\DOCUME~1\(Name Deleted)~1\LOCALS~1\Temp\hd-log.txt - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\expro.dll - Deleted
C:\WINDOWS\main_uninstaller.exe - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\vpsnetwork.dll - Deleted
C:\WINDOWS\vpssup.dll - Deleted


Folder C:\WINDOWS\privacy_danger - Removed

Removing Temp Files...

ADS Check:

Checking C:\WINDOWS
C:\WINDOWS
: 8
Total size: 8 bytes.

WINDOWS: Access is denied.

Checking for remaining Streams

C:\WINDOWS
: 8
Total size: 8 bytes.


Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard

profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program

Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"G:\\nrdrs_root\\Secure Tunnel\\stunnel.exe"="G:\\nrdrs_root\\Secure

Tunnel\\stunnel.exe:*:Enabled:SecureShell Tunnel"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG

Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG

Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program

Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program

Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Netscape\\Communicator\\Program\\AIM\\aim.exe"="C:\\Program

Files\\Netscape\\Communicator\\Program\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network

Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program

Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG

Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG

Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common

Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program

Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program

Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program

Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program

Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpr

ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Netscape\\Communicator\\Program\\AIM\\aim.exe"="C:\\Program

Files\\Netscape\\Communicator\\Program\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network

Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Listing Files with Hidden Attributes:

C:\Documents and Settings\(Name Deleted)\Desktop\(Name Deleted)\Lux\Support\.com.mat
C:\WINDOWS\neoqaz2.dll
C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe
C:\Program Files\Dell\Backup\DellBckp.exe
C:\Program Files\iolo\System Mechanic 7\unins000.exe
C:\5jnjovma.sys
C:\WINDOWS\FontSizeXP˙.sys
C:\WINDOWS\USB2VISTA˙.sys
C:\WINDOWS\system32\FontSize˙.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Listing User Accounts:


Administrator ASPNET Guest
HelpAssistant (Name Deleted) SUPPORT_388945a0


Finished

#4 OFFLINE   Magnetic

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 28 June 2007 - 02:20 AM

My apologies for the double post, but I thought that for the purpose of making my two reports differentiable with more ease, I should seperate their posts.

Thank you for the welcomes, by the way!



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:18:22 PM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\sd301r3c\dc\DcrServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wwSecure.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MemoryBoost\MemoryBoost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\WorldClock\WorldClock.exe
C:\Program Files\Citrus Alarm Clock\citrusac.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Sun\SUN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Support.com\bin\jobcheck.exe
C:\Program Files\Support.com\bin\tgshell.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\My Download Files D\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2DFC54AD-2B04-4E4A-96FA-79D2701F3763} - C:\PROGRA~1\EvoCorp\WEBCAL~1\WEBCAL~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: IE to Lightning Helper - {F1FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\Lightning Download\LD_Catch.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [MemoryBoost] "C:\Program Files\MemoryBoost\MemoryBoost.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Enterra Icon Keeper] "C:\Program Files\Enterra\Icon Keeper\IcnKeepr.exe" ssp /s
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKCU\..\Run: [Controlled StartUp] C:\Program Files\StartUp Organizer\Ctrl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [WorldClock] "C:\Program Files\WorldClock\WorldClock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Program Files\Citrus Alarm Clock\citrusac.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: WebCaliber - {2DFC54AE-2B04-4E4A-96FA-79D2701F3763} - C:\PROGRA~1\EvoCorp\WEBCAL~1\WEBCAL~1.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} - http://www.windowsec...an/TDECntrl.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - http://www.pestscan....r/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_1_0_0_41.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126655062287
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth.ne...bls_speedop.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - http://pbells.broadjump.com/wizlet/Standar...wActiveXCab.CAB
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DriveCrypt Service (DriveCryptService) - Unknown owner - C:\WINDOWS\sd301r3c\dc\DcrServ.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 12003 bytes

#5 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 28 June 2007 - 02:37 AM

Run Kaspersky WebScanner
  • Please go HERE and click Kaspersky Online Scanner
  • Read and Accept the Agreement
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • If you see a Windows dialog asking if you want to install this software, click the Install button.
  • The program will launch and then begin downloading the latest definition files,
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
  • Paste kaspersky log onto forum.

#6 OFFLINE   Magnetic

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 28 June 2007 - 06:43 PM

I think that since this forum has so many privacy danger topics, it's become easily found by the search engines. Likely, this forum will have an even greater influx of people requesting assistance. Already, I see quite a few new users asking for fixes.

I salute all for their great assistance!


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, June 28, 2007 2:29:43 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 28/06/2007
Kaspersky Anti-Virus database records: 354841
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
R:\
V:\
Z:\

Scan Statistics:
Total number of scanned objects: 176928
Number of viruses found: 15
Number of infected objects: 78
Number of suspicious objects: 0
Duration of the scan process: 03:53:47

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\iolo\ioloDB.fdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\(Named Deleted)\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\(Named Deleted)\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\(Named Deleted)\Desktop\Zac\Worms\WormsWorldParty-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Documents and Settings\(Named Deleted)\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\(Named Deleted)\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\(Named Deleted)\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\(Named Deleted)\Local Settings\History\History.IE5\MSHist012007062820070629\index.dat Object is locked skipped
C:\Documents and Settings\(Named Deleted)\Local Settings\Temp\fb_2112.lck Object is locked skipped
C:\Documents and Settings\(Named Deleted)\Local Settings\Temp\Perflib_Perfdata_840.dat Object is locked skipped
C:\Documents and Settings\(Named Deleted)\Local Settings\Temp\Perflib_Perfdata_dac.dat Object is locked skipped
C:\Documents and Settings\(Named Deleted)\Local Settings\Temp\~DF31E1.tmp Object is locked skipped
C:\Documents and Settings\(Named Deleted)\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\(Named Deleted)\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\(Named Deleted)\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\(Named Deleted)\ntuser.dat.LOG Object is locked skipped
C:\Program Files\iolo\System Mechanic 7\SystemAnalyzer.log Object is locked skipped
C:\Program Files\Support.com\backup\Tr\Trash\6644392_5a02929ff_/Trash/[From pbaggio18@msn.com][Date Mon, 23 Aug 2004 18:42:29 -0700]/UNNAMED/[From "Betty Fastenberg" <bfastenberg@phoenixrealty.net>][Date Thu, 26 Aug 2004 10:49:16 -0400]/text/[From CJSREALTOR@aol.com][Date Tue, 15 Feb 2005 14:32:33 EST]/UNNAMED/[From billing@verizonwireless.com][Date Thu, 10 Feb 2005 16:37:45 -0500 (EST)]/html/[From (Named Deleted) <starswim ... /[From "World Wide Aquatics" <WWANews-1 ... /[From ... /[From aw-confirm@ebay.com][Date Sun, 17 Apr 2005 04:54:58 -070 ... /text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Program Files\Support.com\backup\Tr\Trash\6644392_5a02929ff_/Trash/[From pbaggio18@msn.com][Date Mon, 23 Aug 2004 18:42:29 -0700]/UNNAMED/[From "Betty Fastenberg" <bfastenberg@phoenixrealty.net>][Date Thu, 26 Aug 2004 10:49:16 -0400]/text/[From CJSREALTOR@aol.com][Date Tue, 15 Feb 2005 14:32:33 EST]/UNNAMED/[From billing@verizonwireless.com][Date Thu, 10 Feb 2005 16:37:45 -0500 (EST)]/html/[From (Named Deleted) <starswim ... /[From "World Wide Aquatics" <WWANews-1 ... /[From .. ... /[From aw-confirm@ebay.com][Date Sun, 17 Apr 2005 22:45:55 -0700]/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Program Files\Support.com\backup\Tr\Trash\6644392_5a02929ff_/Trash/[From pbaggio18@msn.com][Date Mon, 23 Aug 2004 18:42:29 -0700]/UNNAMED/[From "Betty Fastenberg" <bfastenberg@phoenixrealty.net>][Date Thu, 26 Aug 2004 10:49:16 -0400]/text/[From CJSREALTOR@aol.com][Date Tue, 15 Feb 2005 14:32:33 EST]/UNNAMED/[From billing@verizonwireless.com][Date Thu, 10 Feb 2005 16:37:45 -0500 (EST)]/html/[From (Named Deleted) <starswim ... /[From "World Wide Aquatics" <WWANews-1 ... /[From ... /[From aw-confirm@ebay.com][Date Sun, 17 Apr 2005 04:54:58 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Program Files\Support.com\backup\Tr\Trash\6644392_5a02929ff_/Trash/[From pbaggio18@msn.com][Date Mon, 23 Aug 2004 18:42:29 -0700]/UNNAMED/[From "Betty Fastenberg" <bfastenberg@phoenixrealty.net>][Date Thu, 26 Aug 2004 10:49:16 -0400]/text/[From CJSREALTOR@aol.com][Date Tue, 15 Feb 2005 14:32:33 EST]/UNNAMED/[From billing@verizonwireless.com][Date Thu, 10 Feb 2005 16:37:45 -0500 (EST)]/html/[From (Named Deleted) <starswim ... /[From "World Wide Aquatics" <WWANews-1 ... /[From bi ... /[From aw-confirm@ebay.com][Date Mon, 18 Apr 2005 15:03:06 -0700]/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Program Files\Support.com\backup\Tr\Trash\6644392_5a02929ff_/Trash/[From pbaggio18@msn.com][Date Mon, 23 Aug 2004 18:42:29 -0700]/UNNAMED/[From "Betty Fastenberg" <bfastenberg@phoenixrealty.net>][Date Thu, 26 Aug 2004 10:49:16 -0400]/text/[From CJSREALTOR@aol.com][Date Tue, 15 Feb 2005 14:32:33 EST]/UNNAMED/[From billing@verizonwireless.com][Date Thu, 10 Feb 2005 16:37:45 -0500 (EST)]/html/[From (Named Deleted) <starswim ... /[From "World Wide Aquatics" <WW ... /[From "KaDiE ... /[From aw-confirm@ebay.com][Date Fri, 22 Apr 2005 10:07:45 -070 ... /text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Program Files\Support.com\backup\Tr\Trash\6644392_5a02929ff_/Trash/[From pbaggio18@msn.com][Date Mon, 23 Aug 2004 18:42:29 -0700]/UNNAMED/[From "Betty Fastenberg" <bfastenberg@phoenixrealty.net>][Date Thu, 26 Aug 2004 10:49:16 -0400]/text/[From CJSREALTOR@aol.com][Date Tue, 15 Feb 2005 14:32:33 EST]/UNNAMED/[From billing@verizonwireless.com][Date Thu, 10 Feb 2005 16:37:45 -0500 (EST)]/html/[From (Named Deleted) <starswim ... /[From "World Wide Aquatics" <WW ... /[From "KaDiE ... /[From aw-confirm@ebay.com][Date Fri, 22 Apr 2005 10:07:45 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Program Files\Support.com\backup\Tr\Trash\6644392_5a02929ff_/Trash/[From pbaggio18@msn.com][Date Mon, 23 Aug 2004 18:42:29 -0700]/UNNAMED/[From "Betty Fastenberg" <bfastenberg@phoenixrealty.net>][Date Thu, 26 Aug 2004 10:49:16 -0400]/text/[From CJSREALTOR@aol.com][Date Tue, 15 Feb 2005 14:32:33 EST]/UNNAMED/[From billing@verizonwireless.com][Date Thu, 10 Feb 2005 16:37:45 -0500 (EST)]/html/[From (Named Deleted) <starswim ... /[From "World Wide Aquatics" <WW ... /[From "KaDiE K." <kadie760@yahoo.com>][Date Tue, 19 Apr 2005 10:44:07 -0700 (PDT)]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Program Files\Support.com\backup\Tr\Trash\6644392_5a02929ff_/Trash/[From pbaggio18@msn.com][Date Mon, 23 Aug 2004 18:42:29 -0700]/UNNAMED/[From "Betty Fastenberg" <bfastenberg@phoenixrealty.net>][Date Thu, 26 Aug 2004 10:49:16 -0400]/text/[From CJSREALTOR@aol.com][Date Tue, 15 Feb 2005 14:32:33 EST]/UNNAMED/[From billing@verizonwireless.com][Date Thu, 10 Feb 2005 16:37:45 -0500 (EST)]/html/[From (Named Deleted) <starswim ... /[From "World Wide Aquatics" <WWANews-1 ... /[From bill ... /[From RCR91744@aol.com][Date Mon, 18 Apr 2005 14:29:32 EDT]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Program Files\Support.com\backup\Tr\Trash\6644392_5a02929ff_/Trash/[From pbaggio18@msn.com][Date Mon, 23 Aug 2004 18:42:29 -0700]/UNNAMED/[From "Betty Fastenberg" <bfastenberg@phoenixrealty.net>][Date Thu, 26 Aug 2004 10:49:16 -0400]/text/[From CJSREALTOR@aol.com][Date Tue, 15 Feb 2005 14:32:33 EST]/UNNAMED/[From billing@verizonwireless.com][Date Thu, 10 Feb 2005 16:37:45 -0500 (EST)]/html/[From (Named Deleted) <starswim ... /[From "World Wide Aquatics" <WWANews-1 ... /[From billing@verizonwireless.com][Date Wed, 13 Oct 2004 15:11:21 -0400 (EDT)]/html Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Program Files\Support.com\backup\Tr\Trash\6644392_5a02929ff_/Trash/[From pbaggio18@msn.com][Date Mon, 23 Aug 2004 18:42:29 -0700]/UNNAMED/[From "Betty Fastenberg" <bfastenberg@phoenixrealty.net>][Date Thu, 26 Aug 2004 10:49:16 -0400]/text/[From CJSREALTOR@aol.com][Date Tue, 15 Feb 2005 14:32:33 EST]/UNNAMED/[From billing@verizonwireless.com][Date Thu, 10 Feb 2005 16:37:45 -0500 (EST)]/html/[From (Named Deleted) <starswim ... /[From "World Wide Aquatics" <WWANews-11460293-105@News.WorldWideDataSystems.com>][Date Sun, 24 Oct 2004 07:22:37 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Program Files\Support.com\backup\Tr\Trash\6644392_5a02929ff_/Trash/[From pbaggio18@msn.com][Date Mon, 23 Aug 2004 18:42:29 -0700]/UNNAMED/[From "Betty Fastenberg" <bfastenberg@phoenixrealty.net>][Date Thu, 26 Aug 2004 10:49:16 -0400]/text/[From CJSREALTOR@aol.com][Date Tue, 15 Feb 2005 14:32:33 EST]/UNNAMED/[From billing@verizonwireless.com][Date Thu, 10 Feb 2005 16:37:45 -0500 (EST)]/html/[From (Named Deleted) <starswimme ... /[From "World Wide Aquatics" <WWANews-12214535-8470@News.WorldWideDataSystems.com>][Date Mon, 10 Jan 2005 08:17:06 -0500]/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Program Files\Support.com\backup\Tr\Trash\6644392_5a02929ff_/Trash/[From pbaggio18@msn.com][Date Mon, 23 Aug 2004 18:42:29 -0700]/UNNAMED/[From "Betty Fastenberg" <bfastenberg@phoenixrealty.net>][Date Thu, 26 Aug 2004 10:49:16 -0400]/text/[From CJSREALTOR@aol.com][Date Tue, 15 Feb 2005 14:32:33 EST]/UNNAMED/[From billing@verizonwireless.com][Date Thu, 10 Feb 2005 16:37:45 -0500 (EST)]/html/[From (Named Deleted) <starswimmer13@yahoo.com>][Date Fri, 28 Jan ... /[ ... /[From (Named Deleted) <(Named Deleted)@nashuarpc.org>][Date Tue, 11 Jan 2005 08:21:52 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Program Files\Support.com\backup\Tr\Trash\6644392_5a02929ff_/Trash/[From pbaggio18@msn.com][Date Mon, 23 Aug 2004 18:42:29 -0700]/UNNAMED/[From "Betty Fastenberg" <bfastenberg@phoenixrealty.net>][Date Thu, 26 Aug 2004 10:49:16 -0400]/text/[From CJSREALTOR@aol.com][Date Tue, 15 Feb 2005 14:32:33 EST]/UNNAMED/[From billing@verizonwireless.com][Date Thu, 10 Feb 2005 16:37:45 -0500 (EST)]/html/[From (Named Deleted) <starswimmer13@yahoo.com>][Date Fri, 28 Jan ... /[From "Houston, Roger" <houstonr@ci.nashua.nh.us>][Date Wed, 26 Jan 2005 11:53:32 -0500]/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Program Files\Support.com\backup\Tr\Trash\6644392_5a02929ff_/Trash/[From pbaggio18@msn.com][Date Mon, 23 Aug 2004 18:42:29 -0700]/UNNAMED/[From "Betty Fastenberg" <bfastenberg@phoenixrealty.net>][Date Thu, 26 Aug 2004 10:49:16 -0400]/text/[From CJSREALTOR@aol.com][Date Tue, 15 Feb 2005 14:32:33 EST]/UNNAMED/[From billing@verizonwireless.com][Date Thu, 10 Feb 2005 16:37:45 -0500 (EST)]/html/[From (Named Deleted) <starswimmer13@yahoo.com>][Date Fri, 28 Jan 2005 05:03:14 -0800 (PST)]/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Program Files\Support.com\backup\Tr\Trash\6644392_5a02929ff_/Trash/[From pbaggio18@msn.com][Date Mon, 23 Aug 2004 18:42:29 -0700]/UNNAMED/[From "Betty Fastenberg" <bfastenberg@phoenixrealty.net>][Date Thu, 26 Aug 2004 10:49:16 -0400]/text/[From CJSREALTOR@aol.com][Date Tue, 15 Feb 2005 14:32:33 EST]/UNNAMED/[From billing@verizonwireless.com][Date Thu, 10 Feb 2005 16:37:45 -0500 (EST)]/html Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Program Files\Support.com\backup\Tr\Trash\6644392_5a02929ff_/Trash/[From pbaggio18@msn.com][Date Mon, 23 Aug 2004 18:42:29 -0700]/UNNAMED/[From "Betty Fastenberg" <bfastenberg@phoenixrealty.net>][Date Thu, 26 Aug 2004 10:49:16 -0400]/text/[From CJSREALTOR@aol.com][Date Tue, 15 Feb 2005 14:32:33 EST]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Program Files\Support.com\backup\Tr\Trash\6644392_5a02929ff_/Trash/[From pbaggio18@msn.com][Date Mon, 23 Aug 2004 18:42:29 -0700]/UNNAMED/[From "Betty Fastenberg" <bfastenberg@phoenixrealty.net>][Date Thu, 26 Aug 2004 10:49:16 -0400]/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Program Files\Support.com\backup\Tr\Trash\6644392_5a02929ff_/Trash/[From pbaggio18@msn.com][Date Mon, 23 Aug 2004 18:42:29 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Program Files\Support.com\backup\Tr\Trash\6644392_5a02929ff_/Trash Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Program Files\Support.com\backup\Tr\Trash\6644392_5a02929ff_ CAB: infected - 19 skipped
C:\SDFix\backups\backups.zip/backups/expro.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\SDFix\backups\backups.zip/backups/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Agent.bjc skipped
C:\SDFix\backups\backups.zip/backups/vpsnetwork.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\SDFix\backups\backups.zip/backups/vpssup.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\SDFix\backups\backups.zip ZIP: infected - 4 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419553.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419554.exe Infected: Trojan-Downloader.Win32.Agent.bjc skipped
C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419555.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419556.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419562.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419563.exe Infected: Trojan-Downloader.Win32.Agent.bjc skipped
C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419564.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419565.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\change.log Object is locked skipped
C:\utemp\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\CODENAMEDELL.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{4EB4C39B-C05D-4798-B9BF-CD5B83E3C51A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT04051.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT0405e.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0009/wbhshare.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0009/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0009/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0009/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0009/whieshm.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0009/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0009 Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0010/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.w skipped
D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0010/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0010 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!! Inno: infected - 10 skipped
D:\My Download Files D\cat\cat Utilities-Internet\CUTE4032.EXE/WISE0011.BIN/CTInstall.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
D:\My Download Files D\cat\cat Utilities-Internet\CUTE4032.EXE/WISE0011.BIN/SimpleRegistration.dll Infected: not-a-virus:AdWare.Win32.TimeSink skipped
D:\My Download Files D\cat\cat Utilities-Internet\CUTE4032.EXE/WISE0011.BIN/tsad.dll Infected: not-a-virus:AdWare.Win32.TimeSink skipped
D:\My Download Files D\cat\cat Utilities-Internet\CUTE4032.EXE/WISE0011.BIN/TSUninstaller.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
D:\My Download Files D\cat\cat Utilities-Internet\CUTE4032.EXE/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.TimeSink skipped
D:\My Download Files D\cat\cat Utilities-Internet\CUTE4032.EXE WiseSFX: infected - 5 skipped
D:\My Download Files D\cat\cat Screensavers\xmasaware.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.Gator.3013 skipped
D:\My Download Files D\cat\cat Screensavers\xmasaware.exe WiseSFX: infected - 1 skipped
D:\My Download Files D\LAKEFREE.EXE/setup.exe/SAVENOWINST.EXE/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.av skipped
D:\My Download Files D\LAKEFREE.EXE/setup.exe/SAVENOWINST.EXE/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
D:\My Download Files D\LAKEFREE.EXE/setup.exe/SAVENOWINST.EXE Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
D:\My Download Files D\LAKEFREE.EXE/setup.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
D:\My Download Files D\LAKEFREE.EXE ZIP: infected - 4 skipped
D:\My Download Files D\POKESOL.ZIP/pokesol.exe/data Infected: not-a-virus:AdWare.Win32.ShowBehind.a skipped
D:\My Download Files D\POKESOL.ZIP/pokesol.exe Infected: not-a-virus:AdWare.Win32.ShowBehind.a skipped
D:\My Download Files D\POKESOL.ZIP ZIP: infected - 2 skipped
D:\My Download Files D\SWIMFREE.EXE/setup.exe/HBINST.EXE Infected: not-a-virus:AdWare.Win32.HotBar.ab skipped
D:\My Download Files D\SWIMFREE.EXE/setup.exe/SAVENOWINST.EXE/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.av skipped
D:\My Download Files D\SWIMFREE.EXE/setup.exe/SAVENOWINST.EXE/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
D:\My Download Files D\SWIMFREE.EXE/setup.exe/SAVENOWINST.EXE Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
D:\My Download Files D\SWIMFREE.EXE/setup.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
D:\My Download Files D\SWIMFREE.EXE ZIP: infected - 5 skipped
D:\My Download Files D\spdlr131.zip/setup.exe/SP Dialer.dll Infected: not-a-virus:Server-Proxy.Win32.SPDialer.a skipped
D:\My Download Files D\spdlr131.zip/setup.exe/SP Dialer.exe Infected: not-a-virus:Server-Proxy.Win32.SPDialer.a skipped
D:\My Download Files D\spdlr131.zip/setup.exe Infected: not-a-virus:Server-Proxy.Win32.SPDialer.a skipped
D:\My Download Files D\spdlr131.zip ZIP: infected - 3 skipped
D:\My Download Files D\lightartist_install.exe/EXE-file/file79 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
D:\My Download Files D\lightartist_install.exe/EXE-file Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
D:\My Download Files D\lightartist_install.exe Embedded EXE: infected - 2 skipped
D:\My Download Files D\NewMediaCodecInstaller.exe/data0007 Infected: Trojan-Downloader.Win32.Agent.bjc skipped
D:\My Download Files D\NewMediaCodecInstaller.exe NSIS: infected - 1 skipped
D:\_OTMoveIt\MovedFiles\WINDOWS\vpssup.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
D:\_OTMoveIt\MovedFiles\WINDOWS\expro.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\xtemp\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\ytemp\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

#7 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 29 June 2007 - 10:55 PM

I think your easiest solution to clean all of the stuff up that was found in that scan would be to temporarilly switch AV's.
Go ahead and uninstall AVG Antivirus and then follow the below instructions:

Please download Active Virus Shield (Powered by Kaspersky) and save it to your desktop.
  • Please remember to register for your Activation Code using a legitimate email address.
  • Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:

    Posted Image

  • Then please update the program and run a scan on "My Computer". Allow it to neutralize all that it finds.
  • When done, launch Active Virus Shield's main window.

    Posted Image

  • Click the "Scan" button on the left, and then click "Detected".

    Posted Image

  • In the next window, click the "Save As" button to save a copy of the log.
  • Copy and paste that log in your next reply.
Post the AOL AV log and new hijackthis log.

#8 OFFLINE   Magnetic

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 02 July 2007 - 07:03 PM

AVS log.

Protection
----------
Total scanned: 4152
Detected: 40
Untreated: 0
Start time: 7/2/2007 2:36:25 PM
Duration: 00:12:52


Detected
--------
Status Object
------ ------
not found: adware not-a-virus:AdWare.Win32.Agent.bn File: C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419553.dll/PE_Patch.UPX/UPX
deleted: Trojan program Trojan-Downloader.Win32.Agent.bjc File: C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419554.exe/PE_Patch.UPX/UPX
deleted: adware not-a-virus:AdWare.Win32.Agent.bn File: C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419555.dll/PE_Patch.UPX/UPX
deleted: adware not-a-virus:AdWare.Win32.Agent.bn File: C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419556.dll/PE_Patch.UPX/UPX
deleted: adware not-a-virus:AdWare.Win32.Agent.bn File: C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419562.dll/PE_Patch.UPX/UPX
deleted: Trojan program Trojan-Downloader.Win32.Agent.bjc File: C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419563.exe/PE_Patch.UPX/UPX
deleted: adware not-a-virus:AdWare.Win32.Agent.bn File: C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419564.dll/PE_Patch.UPX/UPX
deleted: adware not-a-virus:AdWare.Win32.Agent.bn File: C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419565.dll/PE_Patch.UPX/UPX
deleted: adware not-a-virus:AdWare.Win32.Trymedia.b File: C:\Documents and Settings\(Name Deleted)\Desktop\(Name Deleted)\Worms\WormsWorldParty-dm.exe
deleted: adware not-a-virus:AdWare.Win32.SaveNow.av File: D:\My Download Files D\LAKEFREE.EXE/setup.exe/SAVENOWINST.EXE/SaveNow.exe
deleted: adware not-a-virus:AdWare.Win32.SaveNow.au File: D:\My Download Files D\LAKEFREE.EXE/setup.exe/SAVENOWINST.EXE/Uninst.exe
deleted: adware not-a-virus:AdWare.Win32.ShowBehind.a File: D:\My Download Files D\POKESOL.ZIP\pokesol.exe/data/PECompact
deleted: adware not-a-virus:AdWare.Win32.HotBar.ab File: D:\My Download Files D\SWIMFREE.EXE/setup.exe/HBINST.EXE
deleted: adware not-a-virus:AdWare.Win32.SaveNow.au File: D:\My Download Files D\SWIMFREE.EXE/setup.exe/SAVENOWINST.EXE
deleted: adware not-a-virus:AdWare.Win32.Trymedia.b File: C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0428021.exe
deleted: adware not-a-virus:AdWare.Win32.Trymedia.b File: C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0429031.exe
deleted: adware not-a-virus:AdWare.Win32.SaveNow.av File: D:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0429033.EXE/setup.exe/SAVENOWINST.EXE/SaveNow.exe
deleted: adware not-a-virus:AdWare.Win32.SaveNow.au File: D:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0429033.EXE/setup.exe/SAVENOWINST.EXE/Uninst.exe
deleted: adware not-a-virus:AdWare.Win32.HotBar.ab File: D:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0429034.EXE/setup.exe/HBINST.EXE
deleted: adware not-a-virus:AdWare.Win32.SaveNow.au File: D:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0429034.EXE/setup.exe/SAVENOWINST.EXE
deleted: adware not-a-virus:AdWare.Win32.Agent.bn File: C:\SDFix\backups\backups.zip\backups/expro.dll/PE_Patch.UPX/UPX
deleted: Trojan program Trojan-Downloader.Win32.Agent.bjc File: C:\SDFix\backups\backups.zip\backups/main_uninstaller.exe/PE_Patch.UPX/UPX
deleted: adware not-a-virus:AdWare.Win32.Agent.bn File: C:\SDFix\backups\backups.zip\backups/vpsnetwork.dll/PE_Patch.UPX/UPX
deleted: adware not-a-virus:AdWare.Win32.Agent.bn File: C:\SDFix\backups\backups.zip\backups/vpssup.dll/PE_Patch.UPX/UPX
deleted: Trojan program Trojan-Downloader.Win32.Agent.bjc File: D:\My Download Files D\NewMediaCodecInstaller.exe/data0007/PE_Patch.UPX/UPX
deleted: adware not-a-virus:AdWare.Win32.WebHancer.214 File: D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0009/wbhshare.dll
deleted: adware not-a-virus:AdWare.Win32.WebHancer File: D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0009/Webhdll.dll
deleted: adware not-a-virus:AdWare.Win32.WebHancer.214 File: D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0009/WhAgent.exe
deleted: adware not-a-virus:AdWare.Win32.WebHancer.214 File: D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0009/whiehlpr.dll
deleted: adware not-a-virus:AdWare.Win32.WebHancer.214 File: D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0009/whieshm.dll
deleted: adware not-a-virus:AdWare.Win32.WebHancer.214 File: d:\my download files d\cat\z_rejects\shllsrch.exe this is spyware!!/data0009/whInstaller.exe
deleted: adware not-a-virus:AdWare.Win32.SaveNow.w File: D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0010/SaveNow.exe
deleted: adware not-a-virus:AdWare.Win32.SaveNow.au File: d:\my download files d\cat\z_rejects\shllsrch.exe this is spyware!!/data0010/Uninst.exe
deleted: adware not-a-virus:AdWare.Win32.TimeSink File: D:\My Download Files D\cat\cat Utilities-Internet\CUTE4032.EXE/WISE0011.BIN/CTInstall.exe
deleted: adware not-a-virus:AdWare.Win32.TimeSink File: D:\My Download Files D\cat\cat Utilities-Internet\CUTE4032.EXE/WISE0011.BIN/SimpleRegistration.dll
deleted: adware not-a-virus:AdWare.Win32.TimeSink File: D:\My Download Files D\cat\cat Utilities-Internet\CUTE4032.EXE/WISE0011.BIN/tsad.dll
deleted: adware not-a-virus:AdWare.Win32.TimeSink File: D:\My Download Files D\cat\cat Utilities-Internet\CUTE4032.EXE/WISE0011.BIN/TSUninstaller.exe
deleted: adware not-a-virus:AdWare.Win32.Gator.3013 File: D:\My Download Files D\cat\cat Screensavers\xmasaware.exe/WISE0015.BIN
deleted: adware not-a-virus:AdWare.Win32.Agent.bn File: D:\_OTMoveIt\MovedFiles\WINDOWS\vpssup.dll/PE_Patch.UPX/UPX
deleted: adware not-a-virus:AdWare.Win32.Agent.bn File: D:\_OTMoveIt\MovedFiles\WINDOWS\expro.dll/PE_Patch.UPX/UPX


Events
------
Time Event
---- -----
6/30/2007 11:57:07 AM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
6/30/2007 1:25:11 PM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
6/30/2007 1:26:41 PM Process (PID 1060) tried to access Active Virus Shield process (PID 496), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 1:36:01 PM Please restart your computer to complete the installation of new or updated protection components.
6/30/2007 1:36:15 PM Update error: incorrect signature.
6/30/2007 1:36:15 PM The threat signatures are obsolete. Your computer is at risk. You are advised to update the signatures immediately.
6/30/2007 1:38:16 PM Active Virus Shield is not activated.
6/30/2007 1:40:55 PM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
6/30/2007 1:40:59 PM Process (PID 1624) tried to access Active Virus Shield process (PID 480), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 1:42:26 PM Process (PID 1952) tried to access Active Virus Shield process (PID 480), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 1:50:38 PM Update completed successfully.
6/30/2007 3:38:00 PM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
6/30/2007 3:38:02 PM Process (PID 1604) tried to access Active Virus Shield process (PID 480), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 3:40:26 PM Process (PID 2152) tried to access Active Virus Shield process (PID 480), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 3:40:26 PM Process (PID 2152) tried to access Active Virus Shield process (PID 2192), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 3:59:15 PM Update completed successfully.
6/30/2007 6:09:03 PM Update completed successfully.
6/30/2007 8:18:49 PM Update completed successfully.
6/30/2007 10:33:26 PM Your license key is invalid. Please contact your dealer or local support service.
6/30/2007 10:37:56 PM Process (PID 1564) tried to access Active Virus Shield process (PID 480), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 10:37:56 PM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
6/30/2007 10:40:37 PM Process (PID 2304) tried to access Active Virus Shield process (PID 480), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 10:40:38 PM Process (PID 2304) tried to access Active Virus Shield process (PID 2348), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 10:53:33 PM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
6/30/2007 10:53:33 PM Process (PID 1624) tried to access Active Virus Shield process (PID 584), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 10:56:21 PM Process (PID 2340) tried to access Active Virus Shield process (PID 2368), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 10:56:21 PM Process (PID 2340) tried to access Active Virus Shield process (PID 584), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 11:00:52 PM Update completed successfully.
6/30/2007 11:08:37 PM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
6/30/2007 11:08:43 PM Process (PID 1608) tried to access Active Virus Shield process (PID 480), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 11:11:25 PM Process (PID 2244) tried to access Active Virus Shield process (PID 480), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 11:11:25 PM Process (PID 2244) tried to access Active Virus Shield process (PID 2368), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 11:22:14 PM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
6/30/2007 11:22:23 PM Process (PID 1628) tried to access Active Virus Shield process (PID 468), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 11:24:43 PM Process (PID 1152) tried to access Active Virus Shield process (PID 468), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 11:24:43 PM Process (PID 1152) tried to access Active Virus Shield process (PID 1344), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 11:30:44 PM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
6/30/2007 11:30:54 PM Process (PID 1712) tried to access Active Virus Shield process (PID 476), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 11:33:14 PM Process (PID 1248) tried to access Active Virus Shield process (PID 476), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 11:33:14 PM Process (PID 1248) tried to access Active Virus Shield process (PID 2100), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 11:41:21 PM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
6/30/2007 11:41:38 PM Process (PID 1724) tried to access Active Virus Shield process (PID 480), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 11:43:26 PM Process (PID 1104) tried to access Active Virus Shield process (PID 480), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/30/2007 11:43:26 PM Process (PID 1104) tried to access Active Virus Shield process (PID 1164), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 2:11:22 AM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
7/1/2007 2:11:43 AM Process (PID 1864) tried to access Active Virus Shield process (PID 524), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 2:13:44 AM Process (PID 168) tried to access Active Virus Shield process (PID 524), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 2:13:44 AM Process (PID 168) tried to access Active Virus Shield process (PID 1384), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 2:16:07 AM Update completed successfully.
7/1/2007 2:19:47 AM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
7/1/2007 2:20:07 AM Process (PID 1788) tried to access Active Virus Shield process (PID 476), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 2:21:28 AM Process (PID 1904) tried to access Active Virus Shield process (PID 476), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 2:21:28 AM Process (PID 1904) tried to access Active Virus Shield process (PID 1652), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 2:38:51 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419553.dll/PE_Patch.UPX/UPX: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/1/2007 2:38:51 AM Security threats have been detected. You are advised to neutralize them immediately.
7/1/2007 2:38:52 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419553.dll/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 2:38:53 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419554.exe/PE_Patch.UPX/UPX: detected Trojan program Trojan-Downloader.Win32.Agent.bjc
7/1/2007 2:38:53 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419554.exe/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 2:38:53 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419555.dll/PE_Patch.UPX/UPX: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/1/2007 2:38:53 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419555.dll/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 2:38:53 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419556.dll/PE_Patch.UPX/UPX: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/1/2007 2:38:53 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419556.dll/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 2:38:53 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419562.dll/PE_Patch.UPX/UPX: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/1/2007 2:38:53 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419562.dll/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 2:38:54 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419563.exe/PE_Patch.UPX/UPX: detected Trojan program Trojan-Downloader.Win32.Agent.bjc
7/1/2007 2:38:54 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419563.exe/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 2:38:54 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419564.dll/PE_Patch.UPX/UPX: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/1/2007 2:38:54 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419564.dll/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 2:38:54 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419565.dll/PE_Patch.UPX/UPX: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/1/2007 2:38:54 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419565.dll/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 3:43:53 AM File C:\Documents and Settings\(Name Deleted)\Desktop\(Name Deleted)\Worms\WormsWorldParty-dm.exe: detected adware not-a-virus:AdWare.Win32.Trymedia.b
7/1/2007 3:43:54 AM File C:\Documents and Settings\(Name Deleted)\Desktop\(Name Deleted)\Worms\WormsWorldParty-dm.exe: is not disinfected, postponed
7/1/2007 4:38:26 AM File D:\My Download Files D\LAKEFREE.EXE/setup.exe/SAVENOWINST.EXE/SaveNow.exe: detected adware not-a-virus:AdWare.Win32.SaveNow.av
7/1/2007 4:38:26 AM File D:\My Download Files D\LAKEFREE.EXE/setup.exe/SAVENOWINST.EXE/SaveNow.exe: is not disinfected, postponed
7/1/2007 4:38:26 AM File D:\My Download Files D\LAKEFREE.EXE/setup.exe/SAVENOWINST.EXE/Uninst.exe: detected adware not-a-virus:AdWare.Win32.SaveNow.au
7/1/2007 4:38:36 AM File D:\My Download Files D\POKESOL.ZIP\pokesol.exe/data/PECompact: detected adware not-a-virus:AdWare.Win32.ShowBehind.a
7/1/2007 4:38:36 AM File D:\My Download Files D\POKESOL.ZIP\pokesol.exe/data/PECompact: is not disinfected, postponed
7/1/2007 4:39:08 AM File D:\My Download Files D\SWIMFREE.EXE/setup.exe/HBINST.EXE: detected adware not-a-virus:AdWare.Win32.HotBar.ab
7/1/2007 4:39:08 AM File D:\My Download Files D\SWIMFREE.EXE/setup.exe/HBINST.EXE: is not disinfected, postponed
7/1/2007 4:39:08 AM File D:\My Download Files D\SWIMFREE.EXE/setup.exe/SAVENOWINST.EXE: detected adware not-a-virus:AdWare.Win32.SaveNow.au
7/1/2007 4:50:17 AM Your license key is invalid. Please contact your dealer or local support service.
7/1/2007 4:53:12 AM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
7/1/2007 4:53:34 AM Process (PID 1944) tried to access Active Virus Shield process (PID 512), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 4:53:45 AM Security threats have been detected. You are advised to neutralize them immediately.
7/1/2007 4:54:56 AM Process (PID 1560) tried to access Active Virus Shield process (PID 512), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 4:54:56 AM Process (PID 1560) tried to access Active Virus Shield process (PID 1660), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 5:02:59 AM Active Virus Shield is not activated.
7/1/2007 5:05:13 AM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
7/1/2007 5:05:33 AM Process (PID 1892) tried to access Active Virus Shield process (PID 480), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 5:06:46 AM Process (PID 1556) tried to access Active Virus Shield process (PID 480), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 5:06:46 AM Process (PID 1556) tried to access Active Virus Shield process (PID 1580), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 5:07:23 AM Security threats have been detected. You are advised to neutralize them immediately.
7/1/2007 5:12:49 AM Update error: cannot establish connection.
7/1/2007 5:18:19 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419553.dll/PE_Patch.UPX/UPX: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/1/2007 5:18:19 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419553.dll/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 5:18:19 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419554.exe/PE_Patch.UPX/UPX: detected Trojan program Trojan-Downloader.Win32.Agent.bjc
7/1/2007 5:18:19 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419554.exe/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 5:18:20 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419555.dll/PE_Patch.UPX/UPX: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/1/2007 5:18:20 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419555.dll/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 5:18:21 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419556.dll/PE_Patch.UPX/UPX: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/1/2007 5:18:21 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419556.dll/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 5:18:21 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419562.dll/PE_Patch.UPX/UPX: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/1/2007 5:18:21 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419562.dll/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 5:18:21 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419563.exe/PE_Patch.UPX/UPX: detected Trojan program Trojan-Downloader.Win32.Agent.bjc
7/1/2007 5:18:21 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419563.exe/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 5:18:21 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419564.dll/PE_Patch.UPX/UPX: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/1/2007 5:18:21 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419564.dll/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 5:18:21 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419565.dll/PE_Patch.UPX/UPX: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/1/2007 5:18:21 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1627\A0419565.dll/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 5:22:56 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0428021.exe: detected adware not-a-virus:AdWare.Win32.Trymedia.b
7/1/2007 5:22:56 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0428021.exe: is not disinfected, postponed
7/1/2007 5:22:58 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0429031.exe: detected adware not-a-virus:AdWare.Win32.Trymedia.b
7/1/2007 5:22:58 AM File C:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0429031.exe: is not disinfected, postponed
7/1/2007 5:23:12 AM File D:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0429033.EXE/setup.exe/SAVENOWINST.EXE/SaveNow.exe: detected adware not-a-virus:AdWare.Win32.SaveNow.av
7/1/2007 5:23:12 AM File D:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0429033.EXE/setup.exe/SAVENOWINST.EXE/SaveNow.exe: is not disinfected, postponed
7/1/2007 5:23:12 AM File D:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0429033.EXE/setup.exe/SAVENOWINST.EXE/Uninst.exe: detected adware not-a-virus:AdWare.Win32.SaveNow.au
7/1/2007 5:23:14 AM File D:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0429034.EXE/setup.exe/HBINST.EXE: detected adware not-a-virus:AdWare.Win32.HotBar.ab
7/1/2007 5:23:14 AM File D:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0429034.EXE/setup.exe/HBINST.EXE: is not disinfected, postponed
7/1/2007 5:23:14 AM File D:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0429034.EXE/setup.exe/SAVENOWINST.EXE: detected adware not-a-virus:AdWare.Win32.SaveNow.au
7/1/2007 5:38:07 AM Update error: cannot establish connection.
7/1/2007 5:45:19 AM Update completed successfully.
7/1/2007 6:23:09 AM File C:\Documents and Settings\(Name Deleted)\Desktop\(Name Deleted)\Worms\WormsWorldParty-dm.exe: detected adware not-a-virus:AdWare.Win32.Trymedia.b
7/1/2007 6:23:09 AM File C:\Documents and Settings\(Name Deleted)\Desktop\(Name Deleted)\Worms\WormsWorldParty-dm.exe: is not disinfected, postponed
7/1/2007 7:55:21 AM Update completed successfully.
7/1/2007 7:57:23 AM File C:\SDFix\backups\backups.zip\backups/expro.dll/PE_Patch.UPX/UPX: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/1/2007 7:57:23 AM File C:\SDFix\backups\backups.zip\backups/expro.dll/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 7:57:23 AM File C:\SDFix\backups\backups.zip\backups/main_uninstaller.exe/PE_Patch.UPX/UPX: detected Trojan program Trojan-Downloader.Win32.Agent.bjc
7/1/2007 7:57:23 AM File C:\SDFix\backups\backups.zip\backups/main_uninstaller.exe/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 7:57:24 AM File C:\SDFix\backups\backups.zip\backups/vpsnetwork.dll/PE_Patch.UPX/UPX: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/1/2007 7:57:24 AM File C:\SDFix\backups\backups.zip\backups/vpsnetwork.dll/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 7:57:24 AM File C:\SDFix\backups\backups.zip\backups/vpssup.dll/PE_Patch.UPX/UPX: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/1/2007 7:57:24 AM File C:\SDFix\backups\backups.zip\backups/vpssup.dll/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 8:32:41 AM File D:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0429033.EXE/setup.exe/SAVENOWINST.EXE/SaveNow.exe: detected adware not-a-virus:AdWare.Win32.SaveNow.av
7/1/2007 8:32:41 AM File D:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0429033.EXE/setup.exe/SAVENOWINST.EXE/SaveNow.exe: is not disinfected, postponed
7/1/2007 8:32:41 AM File D:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0429033.EXE/setup.exe/SAVENOWINST.EXE/Uninst.exe: detected adware not-a-virus:AdWare.Win32.SaveNow.au
7/1/2007 8:32:44 AM File D:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0429034.EXE/setup.exe/HBINST.EXE: detected adware not-a-virus:AdWare.Win32.HotBar.ab
7/1/2007 8:32:44 AM File D:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0429034.EXE/setup.exe/HBINST.EXE: is not disinfected, postponed
7/1/2007 8:32:44 AM File D:\System Volume Information\_restore{3181B80A-B3A1-4171-AA3B-2830373AF5B6}\RP1634\A0429034.EXE/setup.exe/SAVENOWINST.EXE: detected adware not-a-virus:AdWare.Win32.SaveNow.au
7/1/2007 9:25:21 AM File D:\My Download Files D\NewMediaCodecInstaller.exe/data0007/PE_Patch.UPX/UPX: detected Trojan program Trojan-Downloader.Win32.Agent.bjc
7/1/2007 9:25:21 AM File D:\My Download Files D\NewMediaCodecInstaller.exe/data0007/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 9:27:31 AM File D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0009/wbhshare.dll: detected adware not-a-virus:AdWare.Win32.WebHancer.214
7/1/2007 9:27:31 AM File D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0009/wbhshare.dll: is not disinfected, postponed
7/1/2007 9:27:31 AM File D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0009/Webhdll.dll: detected adware not-a-virus:AdWare.Win32.WebHancer
7/1/2007 9:27:31 AM File D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0009/WhAgent.exe: detected adware not-a-virus:AdWare.Win32.WebHancer.214
7/1/2007 9:27:31 AM File D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0009/whiehlpr.dll: detected adware not-a-virus:AdWare.Win32.WebHancer.214
7/1/2007 9:27:31 AM File D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0009/whieshm.dll: detected adware not-a-virus:AdWare.Win32.WebHancer.214
7/1/2007 9:27:31 AM File D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0009/whInstaller.exe: detected adware not-a-virus:AdWare.Win32.WebHancer.214
7/1/2007 9:27:31 AM File D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0010/SaveNow.exe: detected adware not-a-virus:AdWare.Win32.SaveNow.w
7/1/2007 9:27:31 AM File D:\My Download Files D\cat\Z_REJECTS\SHLLSRCH.EXE this is spyware!!/data0010/Uninst.exe: detected adware not-a-virus:AdWare.Win32.SaveNow.au
7/1/2007 9:28:04 AM File D:\My Download Files D\cat\cat Utilities-Internet\CUTE4032.EXE/WISE0011.BIN/CTInstall.exe: detected adware not-a-virus:AdWare.Win32.TimeSink
7/1/2007 9:28:04 AM File D:\My Download Files D\cat\cat Utilities-Internet\CUTE4032.EXE/WISE0011.BIN/CTInstall.exe: is not disinfected, postponed
7/1/2007 9:28:05 AM File D:\My Download Files D\cat\cat Utilities-Internet\CUTE4032.EXE/WISE0011.BIN/SimpleRegistration.dll: detected adware not-a-virus:AdWare.Win32.TimeSink
7/1/2007 9:28:05 AM File D:\My Download Files D\cat\cat Utilities-Internet\CUTE4032.EXE/WISE0011.BIN/tsad.dll: detected adware not-a-virus:AdWare.Win32.TimeSink
7/1/2007 9:28:05 AM File D:\My Download Files D\cat\cat Utilities-Internet\CUTE4032.EXE/WISE0011.BIN/TSUninstaller.exe: detected adware not-a-virus:AdWare.Win32.TimeSink
7/1/2007 9:29:55 AM File D:\My Download Files D\cat\cat Screensavers\xmasaware.exe/WISE0015.BIN: detected adware not-a-virus:AdWare.Win32.Gator.3013
7/1/2007 9:29:56 AM File D:\My Download Files D\cat\cat Screensavers\xmasaware.exe/WISE0015.BIN: is not disinfected, postponed
7/1/2007 9:43:22 AM File D:\_OTMoveIt\MovedFiles\WINDOWS\vpssup.dll/PE_Patch.UPX/UPX: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/1/2007 9:43:23 AM File D:\_OTMoveIt\MovedFiles\WINDOWS\vpssup.dll/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 9:43:23 AM File D:\_OTMoveIt\MovedFiles\WINDOWS\expro.dll/PE_Patch.UPX/UPX: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/1/2007 9:43:23 AM File D:\_OTMoveIt\MovedFiles\WINDOWS\expro.dll/PE_Patch.UPX/UPX: is not disinfected, postponed
7/1/2007 9:59:40 AM File c:\system volume information\_restore{3181b80a-b3a1-4171-aa3b-2830373af5b6}\rp1627\a0419553.dll/PE_Patch.UPX/UPX: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/1/2007 10:06:37 AM Update completed successfully.
7/1/2007 11:17:10 AM File c:\system volume information\_restore{3181b80a-b3a1-4171-aa3b-2830373af5b6}\rp1627\a0419553.dll: deleted
7/1/2007 12:16:35 PM Update completed successfully.
7/1/2007 2:46:29 PM Update error: cannot establish connection.
7/1/2007 3:16:29 PM Update error: cannot establish connection.
7/1/2007 3:46:29 PM Update error: cannot establish connection.
7/1/2007 4:08:37 PM Update completed successfully.
7/1/2007 6:19:39 PM Update completed successfully.
7/1/2007 8:24:36 PM Process (PID 1972) tried to access Active Virus Shield process (PID 524), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 8:25:48 PM Process (PID 1568) tried to access Active Virus Shield process (PID 524), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 8:25:48 PM Process (PID 1568) tried to access Active Virus Shield process (PID 1604), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 8:26:36 PM Security threats have been detected. You are advised to neutralize them immediately.
7/1/2007 8:27:57 PM Update completed successfully.
7/1/2007 8:36:02 PM Process (PID 1904) tried to access Active Virus Shield process (PID 468), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 8:37:12 PM Process (PID 1492) tried to access Active Virus Shield process (PID 468), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 8:37:12 PM Process (PID 1492) tried to access Active Virus Shield process (PID 1476), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 8:37:50 PM Security threats have been detected. You are advised to neutralize them immediately.
7/1/2007 8:46:33 PM Process (PID 1824) tried to access Active Virus Shield process (PID 480), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 8:47:57 PM Process (PID 1460) tried to access Active Virus Shield process (PID 480), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 8:47:57 PM Process (PID 1460) tried to access Active Virus Shield process (PID 1524), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 8:48:27 PM Security threats have been detected. You are advised to neutralize them immediately.
7/1/2007 8:55:29 PM Process (PID 1684) tried to access Active Virus Shield process (PID 476), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 8:56:50 PM Process (PID 1540) tried to access Active Virus Shield process (PID 476), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 8:56:50 PM Process (PID 1540) tried to access Active Virus Shield process (PID 1552), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/1/2007 8:57:15 PM Security threats have been detected. You are advised to neutralize them immediately.
7/2/2007 2:38:54 AM Process (PID 1904) tried to access Active Virus Shield process (PID 512), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 2:40:09 AM Process (PID 1552) tried to access Active Virus Shield process (PID 512), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 2:40:09 AM Process (PID 1552) tried to access Active Virus Shield process (PID 1456), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 2:40:57 AM Security threats have been detected. You are advised to neutralize them immediately.
7/2/2007 2:42:13 AM Update completed successfully.
7/2/2007 1:48:06 PM Process (PID 1772) tried to access Active Virus Shield process (PID 512), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 1:49:53 PM Security threats have been detected. You are advised to neutralize them immediately.
7/2/2007 1:50:55 PM Process (PID 1120) tried to access Active Virus Shield process (PID 512), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 1:50:55 PM Process (PID 1120) tried to access Active Virus Shield process (PID 904), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 1:53:52 PM Update completed successfully.
7/2/2007 1:57:49 PM Process (PID 1728) tried to access Active Virus Shield process (PID 500), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 1:59:05 PM Process (PID 1512) tried to access Active Virus Shield process (PID 500), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 1:59:05 PM Process (PID 1512) tried to access Active Virus Shield process (PID 1548), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 2:07:17 PM Process (PID 1896) tried to access Active Virus Shield process (PID 480), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 2:08:28 PM Process (PID 1428) tried to access Active Virus Shield process (PID 480), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 2:08:28 PM Process (PID 1428) tried to access Active Virus Shield process (PID 1504), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 2:09:10 PM Security threats have been detected. You are advised to neutralize them immediately.
7/2/2007 2:16:40 PM Process (PID 1800) tried to access Active Virus Shield process (PID 468), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 2:17:49 PM Process (PID 1460) tried to access Active Virus Shield process (PID 468), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 2:17:49 PM Process (PID 1460) tried to access Active Virus Shield process (PID 1608), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 2:25:19 PM Process (PID 1868) tried to access Active Virus Shield process (PID 480), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 2:26:28 PM Process (PID 1588) tried to access Active Virus Shield process (PID 480), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 2:26:28 PM Process (PID 1588) tried to access Active Virus Shield process (PID 1468), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 2:27:12 PM Security threats have been detected. You are advised to neutralize them immediately.
7/2/2007 2:36:14 PM Process (PID 1872) tried to access Active Virus Shield process (PID 464), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 2:37:30 PM Process (PID 1416) tried to access Active Virus Shield process (PID 464), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 2:37:30 PM Process (PID 1416) tried to access Active Virus Shield process (PID 1644), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/2/2007 2:38:02 PM Security threats have been detected. You are advised to neutralize them immediately.


Reports
-------
Task Status Start Finish Size
---- ------ ----- ------ ----

File Anti-Virus paused 7/2/2007 2:36:25 PM 4.5 KB
Mail Anti-Virus paused 7/2/2007 2:36:25 PM 0 bytes
Scan Startup Objects completed 7/2/2007 2:38:54 PM 7/2/2007 2:53:28 PM 362.3 KB


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----
Infected: adware not-a-virus:AdWare.Win32.Agent.bn d:\_otmoveit\movedfiles\windows\expro.dll 88 KB
Infected: adware not-a-virus:AdWare.Win32.Agent.bn c:\system volume information\_restore{3181b80a-b3a1-4171-aa3b-2830373af5b6}\rp1627\a0419562.dll 79.5 KB
Infected: adware not-a-virus:AdWare.Win32.TimeSink d:\my download files d\cat\cat utilities-internet\cute4032.exe 1.3 MB
Infected: adware not-a-virus:AdWare.Win32.HotBar.ab d:\system volume information\_restore{3181b80a-b3a1-4171-aa3b-2830373af5b6}\rp1634\a0429034.exe 1.5 MB
Infected: Trojan program Trojan-Downloader.Win32.Agent.bjc c:\system volume information\_restore{3181b80a-b3a1-4171-aa3b-2830373af5b6}\rp1627\a0419554.exe 30 KB
Infected: Trojan program Trojan-Downloader.Win32.Agent.bjc c:\system volume information\_restore{3181b80a-b3a1-4171-aa3b-2830373af5b6}\rp1627\a0419563.exe 30 KB
Infected: adware not-a-virus:AdWare.Win32.Agent.bn c:\system volume information\_restore{3181b80a-b3a1-4171-aa3b-2830373af5b6}\rp1627\a0419564.dll 93 KB
Infected: Trojan program Trojan-Downloader.Win32.Agent.bjc d:\my download files d\newmediacodecinstaller.exe 154.6 KB
Infected: adware not-a-virus:AdWare.Win32.Agent.bn c:\system volume information\_restore{3181b80a-b3a1-4171-aa3b-2830373af5b6}\rp1627\a0419556.dll 75.5 KB
Infected: adware not-a-virus:AdWare.Win32.SaveNow.av d:\my download files d\lakefree.exe 1.5 MB
Infected: adware not-a-virus:AdWare.Win32.Gator.3013 d:\my download files d\cat\cat screensavers\xmasaware.exe 792.4 KB
Infected: adware not-a-virus:AdWare.Win32.ShowBehind.a d:\my download files d\pokesol.zip 957.1 KB
Infected: adware not-a-virus:AdWare.Win32.Trymedia.b c:\system volume information\_restore{3181b80a-b3a1-4171-aa3b-2830373af5b6}\rp1634\a0428021.exe 208 KB
Infected: adware not-a-virus:AdWare.Win32.Trymedia.b c:\system volume information\_restore{3181b80a-b3a1-4171-aa3b-2830373af5b6}\rp1634\a0429031.exe 208 KB
Infected: adware not-a-virus:AdWare.Win32.Trymedia.b c:\documents and settings\(Name Deleted)\desktop\(Name Deleted)\worms\wormsworldparty-dm.exe 208 KB
Infected: adware not-a-virus:AdWare.Win32.Agent.bn c:\sdfix\backups\backups.zip 316.8 KB
Infected: adware not-a-virus:AdWare.Win32.HotBar.ab d:\my download files d\swimfree.exe 1.5 MB
Infected: adware not-a-virus:AdWare.Win32.Agent.bn c:\system volume information\_restore{3181b80a-b3a1-4171-aa3b-2830373af5b6}\rp1627\a0419565.dll 75.5 KB
Infected: adware not-a-virus:AdWare.Win32.SaveNow.av d:\system volume information\_restore{3181b80a-b3a1-4171-aa3b-2830373af5b6}\rp1634\a0429033.exe 1.5 MB
Infected: adware not-a-virus:AdWare.Win32.Agent.bn c:\system volume information\_restore{3181b80a-b3a1-4171-aa3b-2830373af5b6}\rp1627\a0419555.dll 93 KB
Infected: adware not-a-virus:AdWare.Win32.Agent.bn d:\_otmoveit\movedfiles\windows\vpssup.dll 75.5 KB
Infected: adware not-a-virus:AdWare.Win32.WebHancer.214 d:\my download files d\cat\z_rejects\shllsrch.exe this is spyware!! 1.2 MB
Infected: Trojan program Trojan-Downloader.Win32.Agent.bjc c:\sdfix\backups\backups.zip 345.7 KB

#9 OFFLINE   Magnetic

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 02 July 2007 - 07:04 PM

HijackThis Log:



Logfile of HijackThis v1.98.2
Scan saved at 3:02:25 PM, on 7/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\sd301r3c\dc\DcrServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wwSecure.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\WorldClock\WorldClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrus Alarm Clock\citrusac.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Sun\SUN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2DFC54AD-2B04-4E4A-96FA-79D2701F3763} - C:\PROGRA~1\EvoCorp\WEBCAL~1\WEBCAL~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: IE to Lightning Helper - {F1FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\Lightning Download\LD_Catch.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [MemoryBoost] "C:\Program Files\MemoryBoost\MemoryBoost.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [Controlled StartUp] C:\Program Files\StartUp Organizer\Ctrl.exe
O4 - HKCU\..\Run: [WorldClock] "C:\Program Files\WorldClock\WorldClock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Program Files\Citrus Alarm Clock\citrusac.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: WebCaliber - {2DFC54AE-2B04-4E4A-96FA-79D2701F3763} - C:\PROGRA~1\EvoCorp\WEBCAL~1\WEBCAL~1.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} - http://www.windowsec...an/TDECntrl.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - http://www.pestscan....r/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_1_0_0_41.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126655062287
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth.ne...bls_speedop.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - http://pbells.broadjump.com/wizlet/Standar...wActiveXCab.CAB
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

#10 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 02 July 2007 - 08:24 PM

I dont know why but you didn't use the same copy of hijackthis in that last log. The log you just posted is from a really old version of hijackthis. You need to post a log from the newest version(2.0 beta)

#11 OFFLINE   Magnetic

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 02 July 2007 - 10:34 PM

That's odd... Presumably, since this is a shared computer, someone must have downloaded it a long time ago. I, being quite proficient in forgetting my placing of HijackThis, must have found it in my perusing for its downloaded location. Additionally, someone seems to have deleted it.

Anywho, here's the proper log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:32:09 PM, on 7/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\sd301r3c\dc\DcrServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wwSecure.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\WorldClock\WorldClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrus Alarm Clock\citrusac.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Sun\SUN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Lightning Download\Lightning.exe
D:\My Download Files D\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2DFC54AD-2B04-4E4A-96FA-79D2701F3763} - C:\PROGRA~1\EvoCorp\WEBCAL~1\WEBCAL~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: IE to Lightning Helper - {F1FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\Lightning Download\LD_Catch.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [MemoryBoost] "C:\Program Files\MemoryBoost\MemoryBoost.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [Controlled StartUp] C:\Program Files\StartUp Organizer\Ctrl.exe
O4 - HKCU\..\Run: [WorldClock] "C:\Program Files\WorldClock\WorldClock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Program Files\Citrus Alarm Clock\citrusac.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: WebCaliber - {2DFC54AE-2B04-4E4A-96FA-79D2701F3763} - C:\PROGRA~1\EvoCorp\WEBCAL~1\WEBCAL~1.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} - http://www.windowsec...an/TDECntrl.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - http://www.pestscan....r/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_1_0_0_41.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126655062287
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth.ne...bls_speedop.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - http://pbells.broadjump.com/wizlet/Standar...wActiveXCab.CAB
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DriveCrypt Service (DriveCryptService) - Unknown owner - C:\WINDOWS\sd301r3c\dc\DcrServ.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 11633 bytes

#12 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 05 July 2007 - 01:51 AM

Sorry for the wait. I forgot about this one. :(
Does everything seem back to normal on your computer?

You have a couple of programs that I don't know anything about. If you know they are safe then don't worry about it.

O4 - HKCU\..\Run: [Controlled StartUp] C:\Program Files\StartUp Organizer\Ctrl.exe
O4 - HKCU\..\Run: [WorldClock] "C:\Program Files\WorldClock\WorldClock.exe"
C:\Program Files\Lightning Download\Lightning.exe

If everything seems back to normal and you know the above programs are safe then all you need to do is clear your restore points and make another one:

To Flush the infected restore points:

Click Start Menu > All Programs > Accessories > System Tools > SystemRestore

Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

#13 OFFLINE   Magnetic

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 05 July 2007 - 11:01 PM

For the removal of other restore points bit, since this computer has two hard drives, one of which is partitioned, I did the removal on each drive.

I salute thee, and thank you for assisting me in removing the Privacy Danger from my computer!

As for the programs you knew not, this computer has had WorldClock for years, without any problems. (This computer is seven years of age, you see.) Lightning Download, it has had for a couple of years, during which time there were a couple of issues with it lagging the computer, but an update fixed it. As for the final program, as this is a shared computer, it's someone else's. According to that person, it too is safe. Of course, I'm not the most reliable source, so needless to say, don't go by my word.

All is good to go!
Back to Spyware Hell


  1. Piriform Community Forums
  2. Computer Help and Discussion
  3. Spyware Hell