Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.downloader.conhook Cannot Be Removed....help Please!


  • Please log in to reply
13 replies to this topic

#1 swazimedic

swazimedic

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 20 July 2007 - 10:28 AM

Hi

I am running on Windows XP SP2, i have spyware doctor installed and it has picked up Trojan.downloader.ConHook. I fix the problem with the fix on the program but on startup and full system scan it still picks it up. I also have Norton internet security all these programs are up to date. I am quite frustrated that the programs i have paid money for are not doing the job they were intended for. Please help

I have also pasted the HJT log. i really appreciate the assistance.

Logfile of HijackThis v1.99.1
Scan saved at 04:38:42 PM, on 2007/07/20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Elantech\ktp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\AlfaClock\AlfaClock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\alg.exe
E:\PhoneConnectorVMC.exe
E:\vmc.exe
C:\Program Files\Hijack this\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mecer.co.za/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\pmnnl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [VMCL] F:\\VMC_PBStarter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlfaClock Classic] "C:\Program Files\AlfaClock\AlfaClock.exe" /startup
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.mecer.co.za
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.flatcast.info/objects/NpFv412.dll
O16 - DPF: {48E59293-9880-11CF-9754-00AA00C00908} (Microsoft Internet Transfer Control 6.0 (SP4)) - file:///D:/WNZ_CD/OCX.CAB
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1157480622656
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178812338218
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95D1F11C-468B-4893-B8FC-766A2DA52544}: NameServer = 196.207.32.69 196.43.45.190
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: pmnnl - C:\WINDOWS\SYSTEM32\pmnnl.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: msdde - {68E4C8DA-580D-43C4-BB7B-773FB89211EA} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 PM

Posted 26 July 2007 - 04:31 AM

Download the latest version of ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#3 swazimedic

swazimedic
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 26 July 2007 - 11:27 AM

Ok have done what you have requested. see below with the combofix log nd HJT log respectively.

Thanks

"Marcorious" - 2007-07-26 18:12:38 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\023F3451.urr
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt


((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 )))))))))))))))))))))))))))))))


2007-07-26 18:10 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-23 21:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-07-23 20:11 <DIR> d-------- C:\DOCUME~1\MARCOR~1\APPLIC~1\WinRAR
2007-07-23 19:47 <DIR> d-------- C:\Program Files\Universal Extractor
2007-07-23 17:42 16,377,344 --a------ C:\WINDOWS\RTHDCPL.exe
2007-07-23 17:41 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-07-23 17:41 315,392 --a------ C:\WINDOWS\HideWin.exe
2007-07-23 17:41 1,826,816 --a------ C:\WINDOWS\SkyTel.exe
2007-07-23 17:40 <DIR> d-------- C:\Intel
2007-07-23 10:07 <DIR> d-------- C:\WINDOWS\$regcmp$
2007-07-21 11:56 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-20 15:13 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-20 15:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-07-20 14:53 <DIR> d-------- C:\Program Files\Smitfraudfix
2007-07-20 14:48 <DIR> d-------- C:\Program Files\Hijack this
2007-07-15 17:25 <DIR> d-------- C:\DOCUME~1\MARCOR~1\.lincity
2007-07-15 15:53 <DIR> d-------- C:\DOCUME~1\MARCOR~1\APPLIC~1\WordWeb
2007-07-14 19:48 <DIR> d-------- C:\DOCUME~1\MARCOR~1\MI3
2007-07-14 11:27 <DIR> d-------- C:\Program Files\LinCity-NG
2007-07-14 11:24 <DIR> d-------- C:\Program Files\Wesnoth
2007-07-14 11:23 <DIR> d-------- C:\Program Files\HighwayPursuit
2007-07-14 11:22 3,364,957 --ahs---- C:\WINDOWS\system32\rsetup.exe
2007-07-14 11:20 <DIR> d-------- C:\Program Files\Pekka Kana 2
2007-07-14 10:56 176,235 --a------ C:\WINDOWS\system32\Primomonnt.dll
2007-07-14 10:56 <DIR> d-------- C:\WINDOWS\PrimoPDF
2007-07-14 10:54 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-07-14 10:54 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-07-14 10:50 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag
2007-07-14 10:48 <DIR> d-------- C:\Program Files\PeaZip
2007-07-14 10:35 <DIR> d-------- C:\Program Files\DiskSweeper20
2007-07-14 10:23 <DIR> d-------- C:\Program Files\Mangofile
2007-07-14 10:10 <DIR> d-------- C:\Program Files\Registry Clean Expert
2007-07-14 10:08 <DIR> d-------- C:\Program Files\EZ Wipe
2007-07-14 10:07 <DIR> d-------- C:\Program Files\CD Recovery Toolbox Free
2007-07-14 10:02 1,042,304 --a------ C:\WINDOWS\wweb32.dll
2007-07-14 10:02 <DIR> d-------- C:\Program Files\WordWeb
2007-07-14 09:52 <DIR> d-------- C:\DOCUME~1\MARCOR~1\APPLIC~1\Buddi
2007-07-11 15:18 <DIR> d-------- C:\LEGACY
2007-07-10 15:33 <DIR> d-------- C:\Program Files\PimpFish
2007-07-10 15:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zabersoft
2007-07-10 15:18 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-07-10 15:18 <DIR> d-------- C:\DOCUME~1\MARCOR~1\APPLIC~1\MAGIX
2007-07-10 15:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
2007-07-10 15:17 94,208 --a------ C:\WINDOWS\system32\DLLCPY32.dll
2007-07-10 15:17 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2007-07-10 15:17 65,536 --a------ C:\WINDOWS\system32\DLLPTL32.dll
2007-07-10 15:17 61,440 --a------ C:\WINDOWS\system32\DLLCDF32.dll
2007-07-10 15:17 57,344 --a------ C:\WINDOWS\system32\DLLTPO32.dll
2007-07-10 15:17 53,248 --a------ C:\WINDOWS\system32\DLLPRJ32.dll
2007-07-10 15:17 49,152 --a------ C:\WINDOWS\system32\DLLPRF32.dll
2007-07-10 15:17 49,152 --a------ C:\WINDOWS\system32\DLLIO32.dll
2007-07-10 15:17 462,848 --a------ C:\WINDOWS\system32\DLLAV32.dll
2007-07-10 15:17 45,056 --a------ C:\WINDOWS\system32\DLLIMG32.dll
2007-07-10 15:17 430,080 --a------ C:\WINDOWS\system32\MXRestore.exe
2007-07-10 15:17 40,960 --a------ C:\WINDOWS\system32\DLLRD32.dll
2007-07-10 15:17 36,864 --a------ C:\WINDOWS\system32\DLLPNT32.dll
2007-07-10 15:17 32,768 --a------ C:\WINDOWS\system32\STRING32.dll
2007-07-10 15:17 32,768 --a------ C:\WINDOWS\system32\DLLMSC32.dll
2007-07-10 15:17 32,768 --a------ C:\WINDOWS\system32\DLLISO32.dll
2007-07-10 15:17 32,768 --a------ C:\WINDOWS\system32\DLLDIR32.dll
2007-07-10 15:17 24,576 --a------ C:\WINDOWS\system32\TTIC32.dll
2007-07-10 15:17 24,576 --a------ C:\WINDOWS\system32\TTI32.dll
2007-07-10 15:17 24,576 --a------ C:\WINDOWS\system32\DLLIX.dll
2007-07-10 15:17 188,416 --a------ C:\WINDOWS\system32\DLLRES32.dll
2007-07-10 15:17 163,840 --a------ C:\WINDOWS\system32\DLLDEV32.dll
2007-07-10 15:17 151,552 --a------ C:\WINDOWS\system32\DLLDRV32.dll
2007-07-10 15:17 114,688 --a------ C:\WINDOWS\system32\DLLCDA32.dll
2007-07-10 15:17 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2007-07-10 15:17 <DIR> d-------- C:\Program Files\Common Files\MAGIX Shared
2007-07-10 15:17 <DIR> d-------- C:\MAGIX
2007-07-10 15:16 634,880 --a------ C:\WINDOWS\system32\mgxoschk.dll
2007-07-10 15:16 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2007-07-09 14:17 40,960 --a------ C:\WINDOWS\RAUNINST.EXE
2007-07-09 14:17 <DIR> d-------- C:\WESTWOOD
2007-07-08 20:19 24,576 --a------ C:\WINDOWS\system32\ys_boss.dll
2007-07-08 11:04 <DIR> d-------- C:\Program Files\Activision
2007-07-08 08:38 <DIR> d-------- C:\games
2007-07-07 18:27 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-06 16:19 10 --a------ C:\WINDOWS\popcinfo.dat
2007-07-06 15:19 <DIR> d-------- C:\jbpub
2007-07-06 15:12 <DIR> d--h----- C:\WINDOWS\PIF
2007-07-05 13:50 82,944 --a------ C:\WINDOWS\zlib.dll
2007-07-05 13:50 268,800 --a------ C:\WINDOWS\buggy.exe
2007-07-05 11:01 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-07-04 15:18 585,728 --------- C:\WINDOWS\system32\AReadyLB.dll
2007-07-04 15:18 38 --a------ C:\WINDOWS\system32\net32gdilib.dll
2007-07-04 15:18 229,376 --------- C:\WINDOWS\system32\AudDevicePlugin.dll
2007-07-04 15:18 <DIR> d-------- C:\Program Files\J River
2007-07-04 15:16 <DIR> d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2007-07-04 15:16 <DIR> d-------- C:\Program Files\DNsoft.be
2007-07-04 15:15 200,704 --a------ C:\WINDOWS\system32\bih.dll
2007-07-04 15:15 <DIR> d-------- C:\Program Files\BatteryInfo
2007-07-04 15:12 <DIR> d-------- C:\DOCUME~1\MARCOR~1\APPLIC~1\BinarySense
2007-07-04 14:11 <DIR> d-------- C:\Program Files\Autorota
2007-07-04 14:04 <DIR> d-------- C:\Program Files\IrfanView
2007-07-04 13:56 <DIR> d-------- C:\Program Files\AlfaClock
2007-07-04 13:44 <DIR> d-------- C:\Program Files\Smart Projects
2007-07-04 13:32 <DIR> d-------- C:\Program Files\Pryme
2007-07-04 13:21 <DIR> d-------- C:\Program Files\Free Hide Folder
2007-07-04 13:18 <DIR> d-------- C:\Program Files\PC Inspector File Recovery


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-26 16:15:41 -------- d-----w C:\Program Files\Spyware Doctor
2007-07-26 16:08:47 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-26 16:01:59 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-23 15:41:53 -------- d-----w C:\Program Files\Realtek
2007-07-23 09:29:49 -------- d-----w C:\DOCUME~1\MARCOR~1\APPLIC~1\Skype
2007-07-23 09:03:20 5,046 ----a-w C:\WINDOWS\system32\tmp.reg
2007-07-16 20:04:22 -------- d-----w C:\Program Files\Yahoo!
2007-06-29 12:14:45 28,672 ----a-w C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-06-22 16:14:40 4,432,384 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-06-19 20:08:34 -------- d-----w C:\Program Files\Elantech
2007-06-19 19:30:23 -------- d-----w C:\DOCUME~1\MARCOR~1\APPLIC~1\Media Player Classic
2007-06-11 03:23:30 -------- d-----w C:\Program Files\WEBnewszine
2007-05-27 18:10:35 -------- d-----w C:\DOCUME~1\MARCOR~1\APPLIC~1\Apple Computer
2007-05-27 16:26:16 -------- d-----w C:\Program Files\QuickTime
2007-05-27 16:24:36 -------- d-----w C:\Program Files\Apple Software Update
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-30 20:42:53 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2007-04-29 19:20:32 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
2007-04-29 19:20:31 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 08:50 C:\WINDOWS\AGRSMMSG.exe]
"KTPWare"="C:\Program Files\Elantech\ktp.exe" [2006-03-27 21:36]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 23:25]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 23:25]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 23:29]
"CASS"="C:\Program Files\Compal Electronics" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 03:22]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-13 11:51]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [2007-04-08 18:44]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-27 18:02]
"RegistryMechanic"="" []
"DriverMagicLogon"="C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" [2005-10-14 09:01]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-18 12:18]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-05-03 17:51]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 14:49 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMCL"="F:\\VMC_PBStarter.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00]
"AlfaClock Classic"="C:\Program Files\AlfaClock\AlfaClock.exe" [2005-07-13 19:38]
"WiFiSiStr"="" []

C:\Documents and Settings\Marcorious\Start Menu\Programs\Startup\
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [2007-07-14 10:02:25]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-06 23:34:40]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 08:15:54]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-07-23 21:58:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnl]
pmnnl.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

R1 CPEb;CPEb;C:\WINDOWS\system32\drivers\CPEb.sys
R1 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys
R1 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys
R1 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys
R1 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys
R1 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS
R1 SRTSPX;SRTSPX;C:\WINDOWS\system32\Drivers\SRTSPX.SYS
R2 BTSERIAL;Bluetooth Serial Driver;\??\C:\WINDOWS\system32\drivers\btserial.sys
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R2 sbbotdi;sbbotdi;\??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys
R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
R3 Ktp;Elantech Touchpad;C:\WINDOWS\system32\DRIVERS\Ktp.sys
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver;C:\WINDOWS\system32\DRIVERS\w39n51.sys
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S3 BTWDNDIS;Bluetooth LAN Access Server;C:\WINDOWS\system32\DRIVERS\btwdndis.sys
S3 btwmodem;Bluetooth Modem;C:\WINDOWS\system32\DRIVERS\btwmodem.sys
S3 CO_Mon;CO_Mon;\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe
S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.SYS


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54b44a8e-195a-11dc-a5f5-0016cfe5d27e}]
AutoRun\command- E:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{678444ec-f2b8-11db-a5ad-0019d234c16c}]
AutoRun\command- E:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{678444ed-f2b8-11db-a5ad-0019d234c16c}]
AutoRun\command- F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90540c32-2997-11dc-a61b-0016d461ce88}]
AutoRun\command- E:\wd_windows_tools\setup.exe

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-07-23 15:46:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-20 18:42:00 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Marcorious.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-26 18:15:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-26 18:16:43
C:\ComboFix-quarantined-files.txt ... 2007-07-26 18:16

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 06:20:23 PM, on 2007/07/26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Elantech\ktp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AlfaClock\AlfaClock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\PhoneConnectorVMC.exe
E:\vmc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijack this\Hi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mecer.co.za/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [VMCL] F:\\VMC_PBStarter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlfaClock Classic] "C:\Program Files\AlfaClock\AlfaClock.exe" /startup
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.mecer.co.za
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.flatcast.info/objects/NpFv412.dll
O16 - DPF: {48E59293-9880-11CF-9754-00AA00C00908} - file:///D:/WNZ_CD/OCX.CAB
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1157480622656
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178812338218
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95D1F11C-468B-4893-B8FC-766A2DA52544}: NameServer = 196.207.32.69 196.43.45.190
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: pmnnl - pmnnl.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

#4 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 PM

Posted 26 July 2007 - 01:12 PM

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 .
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
Your log shows you have Download Accelerator Plus (DAP or dap.exe) installed. DAP is not technically malware, but it may include malware and allow it into your system. Note that the free version is adware based. If it is the free, ad-supported version, then I recommend that you switch to Leechget 2006 Download Manager - this is adware-free freeware. Another free, and spyware free, alternative is Star Downloader. You can find other Safer Alternatives. Should you choose to remove it, uninstall it through Control Panel=>Add/Remove Programs.

Although Incredimail is considered to be a legitimate program that people install intentionally, please read this information regarding Incredimail very carefully and use you best judgment in deciding if you want to keep this program on your computer or not.
The use of Incredimail opens your system to attacks, and in the User Agreement, claims permanent ownership of everything sent through their mail service. See the full article. I read this article and noticed the date was 10/10/02 so just in case the information had changed since then and was no longer a concern, I downloaded Incredimail from Incredimail's site. Before installing, I read the EULA and there it was still. It may be worthwhile to fix it with HijackThis. To uninstall Incredimail:
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight Incredimail , click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.
Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O20 - Winlogon Notify: pmnnl - pmnnl.dll (file missing)

Then close all windows except HijackThis and click Fix Checked

Then please upload this file:

D:\WNZ_CD\OCX.CAB

To either jotti or virustotal

Go here to run an online scannner from Kaspersky.
  • Click on "Kaspersky Online Scanner"
  • A new smaller window will pop up. Press on "Accept". After reading the contents.
  • Now Kaspersky will update the anti-virus database. Let it run.
  • Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
  • Then click on "My Computer", and the scan will start.
  • Once finished, save the log as "KAV.txt" to the desktop.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post back with the jotti/virustotal results, the kaspersky log and a new HijackThis log

#5 swazimedic

swazimedic
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 27 July 2007 - 02:26 PM

i have done all that you requested , however i could not find the D:\WNZ_CD\OCX.CAB you requested thast i upload. D drive is my dvd/cd drive and i also looked for it on the C drive and still could not locate it. Please let me know where i can find this file so i can complete the process as you requested.

Please find below the Kapesky log and HJT log respectively.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, July 27, 2007 9:11:10 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 27/07/2007
Kaspersky Anti-Virus database records: 368653
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 59770
Number of viruses found: 1
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 01:10:00

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-07-27_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\2F4EF387.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\C6B8CF91.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Marcorious\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Marcorious\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Marcorious\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Marcorious\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Marcorious\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Marcorious\Local Settings\History\History.IE5\MSHist012007072720070728\index.dat Object is locked skipped
C:\Documents and Settings\Marcorious\Local Settings\Temp\~DF84FB.tmp Object is locked skipped
C:\Documents and Settings\Marcorious\Local Settings\Temp\~DFBF9A.tmp Object is locked skipped
C:\Documents and Settings\Marcorious\Local Settings\Temp\~DFBFC0.tmp Object is locked skipped
C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\F8H337PQ\fr[1].gif Object is locked skipped
C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\M6ATJGFR\e_mail[1].gif Object is locked skipped
C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\M6ATJGFR\lang_ger[1].gif Object is locked skipped
C:\Documents and Settings\Marcorious\My Documents\Download_Accelerator_Plus_(DAP)_All_Versions.zip Object is locked skipped
C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\SmitfraudFix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\SmitfraudFix\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Marcorious\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Marcorious\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Marcorious\UserData\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Smitfraudfix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\Smitfraudfix\SmitfraudFix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\Smitfraudfix\SmitfraudFix\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Program Files\Smitfraudfix\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\Smitfraudfix\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\Smitfraudfix\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C8281C39-B011-4725-BA9D-174D1F685BFF}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



Logfile of HijackThis v1.99.1
Scan saved at 09:24:42 PM, on 2007/07/27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Elantech\ktp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AlfaClock\AlfaClock.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\System32\alg.exe
E:\PhoneConnectorVMC.exe
E:\vmc.exe
C:\Program Files\LeechGet 2007\LeechGet.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijack this\Hi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mecer.co.za/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [VMCL] E:\\VMC_PBStarter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlfaClock Classic] "C:\Program Files\AlfaClock\AlfaClock.exe" /startup
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2007\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.mecer.co.za
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.flatcast.info/objects/NpFv412.dll
O16 - DPF: {48E59293-9880-11CF-9754-00AA00C00908} - file:///D:/WNZ_CD/OCX.CAB
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1157480622656
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178812338218
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95D1F11C-468B-4893-B8FC-766A2DA52544}: NameServer = 196.207.32.69 196.43.45.190
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

#6 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 PM

Posted 27 July 2007 - 02:33 PM

i have done all that you requested , however i could not find the D:\WNZ_CD\OCX.CAB you requested thast i upload. D drive is my dvd/cd drive and i also looked for it on the C drive and still could not locate it. Please let me know where i can find this file so i can complete the process as you requested.


That's fine, the file doesn't exist so we'll just clear up the HijackThis entry:

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

O16 - DPF: {48E59293-9880-11CF-9754-00AA00C00908} - file:///D:/WNZ_CD/OCX.CAB

Then close all windows except HijackThis and click Fix Checked

Post a new HijackThis log & let me know of any remaining problems

#7 swazimedic

swazimedic
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 27 July 2007 - 03:17 PM

There doesn't seem to be anymore problems, i did download leechget as you suggested and removed Download accelerator aswell as updated the Java.
I do also have problems on my Desktop computer but i guess i will have to start a new topic for that one.

Thank you once again for your assistance. Please find the HJT log below. sorry just one more thing, Spydoctor Picked up a trojan spy.banker.abg it removed it but i am still worried as the likes of Norton did not pick it up.

Logfile of HijackThis v1.99.1
Scan saved at 10:09:11 PM, on 2007/07/27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Elantech\ktp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AlfaClock\AlfaClock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WordWeb\wweb32.exe
E:\PhoneConnectorVMC.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\vmc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Hijack this\Hi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mecer.co.za/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [VMCL] E:\\VMC_PBStarter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlfaClock Classic] "C:\Program Files\AlfaClock\AlfaClock.exe" /startup
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2007\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.mecer.co.za
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.flatcast.info/objects/NpFv412.dll
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1157480622656
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178812338218
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95D1F11C-468B-4893-B8FC-766A2DA52544}: NameServer = 196.207.32.69 196.43.45.190
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

#8 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 PM

Posted 27 July 2007 - 03:38 PM

Spydoctor Picked up a trojan spy.banker.abg it removed it but i am still worried as the likes of Norton did not pick it up.


Can you post the spyware doctor log? It may well have just been a false positive or leftover item

#9 swazimedic

swazimedic
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 27 July 2007 - 04:01 PM

i have attached the spydoctor "log"


PC Tools Spyware Doctor
Date Status
2007/07/20 10:31:37 AM:250 Scan Finished
Scan Type - Intelli-Scan
Items Processed - 103985
Threats Detected - 1
Infections Detected - 5
Infections Ignored - 0

2007/07/20 10:31:50 AM:156 Infection quarantined
Threat Name - Trojan.Downloader.ConHook
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26}

2007/07/20 10:31:50 AM:250 Infection quarantined
Threat Name - Trojan.Downloader.ConHook
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26}\InprocServer32

2007/07/20 10:31:50 AM:359 Infection quarantined
Threat Name - Trojan.Downloader.ConHook
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26}\InprocServer32, ThreadingModel

2007/07/20 10:31:50 AM:671 Infection quarantined
Threat Name - Trojan.Downloader.ConHook
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26}\InprocServer32, (Default)

2007/07/20 10:31:50 AM:890 Infection quarantined
Threat Name - Trojan.Downloader.ConHook
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26}

2007/07/20 10:31:50 AM:890 Infection cleaned
Threat Name - Trojan.Downloader.ConHook
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26}

2007/07/20 10:31:50 AM:890 Infection cleaned
Threat Name - Trojan.Downloader.ConHook
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26}\InprocServer32

2007/07/20 10:31:50 AM:890 Infection cleaned
Threat Name - Trojan.Downloader.ConHook
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26}\InprocServer32, ThreadingModel

2007/07/20 10:31:50 AM:890 Infection cleaned
Threat Name - Trojan.Downloader.ConHook
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26}\InprocServer32, (Default)

2007/07/20 10:31:50 AM:937 Infection cleaned
Threat Name - Trojan.Downloader.ConHook
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26}

2007/07/20 10:31:52 AM:984 Infections Quarantined/Removed Summary
Quarantined - 5
Quarantine Failed - 0
Removed - 5
Remove Failed - 0

2007/07/21 12:10:04 PM:750 Service Started
Spyware Doctor Service Application started
2007/07/21 12:10:05 PM:656 Immuniser Results
ActiveX section has been immunised. No items were processed.
2007/07/21 12:10:08 PM:156 Scan Started
Scan Type - Intelli-Scan

2007/07/21 12:10:08 PM:156 Startup Scan
Initialising Startup Scan:Intelli-Scan of this computer
2007/07/21 12:11:03 PM:500 Infection was detected on this computer
Threat Name - Trojan.Downloader.ConHook
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26}

2007/07/21 12:11:10 PM:31 Infection was detected on this computer
Threat Name - Trojan.Downloader.ConHook
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26}\InprocServer32, (Default)

2007/07/21 12:11:10 PM:46 Infection was detected on this computer
Threat Name - Trojan.Downloader.ConHook
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26}\InprocServer32, ThreadingModel

2007/07/21 12:11:10 PM:46 Infection was detected on this computer
Threat Name - Trojan.Downloader.ConHook
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26}\InprocServer32

2007/07/21 12:11:10 PM:46 Infection was detected on this computer
Threat Name - Trojan.Downloader.ConHook
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26}

2007/07/21 12:19:51 PM:906 Scan Finished
Scan Type - Intelli-Scan
Items Processed - 75267
Threats Detected - 1
Infections Detected - 5
Infections Ignored - 0

2007/07/21 01:36:32 PM:406 Service Stopped
Spyware Doctor Service Application Stopped
2007/07/21 04:37:57 PM:15 Service Started
Spyware Doctor Service Application started
2007/07/21 04:37:57 PM:828 Immuniser Results
ActiveX section has been immunised. No items were processed.
2007/07/21 04:38:00 PM:484 Scan Started
Scan Type - Intelli-Scan

2007/07/21 04:38:00 PM:484 Startup Scan
Initialising Startup Scan:Intelli-Scan of this computer
2007/07/21 04:46:29 PM:796 Scan Finished
Scan Type - Intelli-Scan
Items Processed - 77783
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

2007/07/21 05:55:11 PM:359 Scan Started
Scan Type - Full Scan

2007/07/21 06:47:06 PM:453 Scan Finished
Scan Type - Full Scan
Items Processed - 143694
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

2007/07/21 06:50:18 PM:296 Service Stopped
Spyware Doctor Service Application Stopped
2007/07/23 11:01:15 AM:968 Service Started
Spyware Doctor Service Application started
2007/07/23 11:01:16 AM:781 Immuniser Results
ActiveX section has been immunised, Processed 51 items.
2007/07/23 11:01:21 AM:562 Scan Started
Scan Type - Intelli-Scan

2007/07/23 11:01:21 AM:562 Startup Scan
Initialising Startup Scan:Intelli-Scan of this computer
2007/07/23 11:09:50 AM:453 Service Stopped
Spyware Doctor Service Application Stopped
2007/07/23 11:09:51 AM:750 Scan Finished
Scan Type - Intelli-Scan
Items Processed - 85627
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

2007/07/25 05:54:09 PM:421 Service Started
Spyware Doctor Service Application started
2007/07/25 05:54:10 PM:312 Immuniser Results
ActiveX section has been immunised. No items were processed.
2007/07/25 05:54:12 PM:671 OnGuards status
All OnGuards were Enabled
2007/07/25 05:54:21 PM:859 Scan Started
Scan Type - Intelli-Scan

2007/07/25 05:54:21 PM:859 Startup Scan
Initialising Startup Scan:Intelli-Scan of this computer
2007/07/25 05:54:58 PM:0 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\1PVOE44N\3575[1].gif - http://img.directtrack.com/intermarkmedia/3575.gif

2007/07/25 05:54:58 PM:390 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\MGQY5IS3\ban3[1].gif - http://fhg.icoonet.com/pics_256/pics2005lo/ban3.gif

2007/07/25 05:54:58 PM:984 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\U5YF77UX\menu[1].js - http://www.freeserials.com/ssi/menu.js

2007/07/25 05:54:59 PM:468 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\U5YF77UX\freeserials[1].htm - http://www.freeserials.com/

2007/07/25 05:54:59 PM:500 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\UA7E2UX3\off[1].gif - http://www.freeserials.com/img/off.gif

2007/07/25 05:54:59 PM:500 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\UA7E2UX3\on[1].gif - http://www.freeserials.com/img/on.gif

2007/07/25 05:54:59 PM:500 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\QNXGGXMJ\sel[1].gif - http://www.freeserials.com/img/sel.gif

2007/07/25 05:54:59 PM:500 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\KTIEMT90\style[1].css - http://www.freeserials.com/ssi/style.css

2007/07/25 05:54:59 PM:562 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\CMRUUQCD\pixelblack[1].gif - http://www.freeserials.com/img/pixelblack.gif

2007/07/25 05:54:59 PM:562 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\MGQY5IS3\bg[1].gif - http://www.freeserials.com/img/bg.gif

2007/07/25 05:54:59 PM:562 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\menu[1].gif - http://www.freeserials.com/img/menu.gif

2007/07/25 05:54:59 PM:562 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\3Q21KXW3\line2[1].gif - http://www.freeserials.com/img/line2.gif

2007/07/25 05:54:59 PM:562 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\N0U2H2GM\search%3Fq%3Dfree+program+keys%26rls%3Dcom.microsoft%3Aen-za%3AIE-SearchBox%26ie%3DUTF-8%26oe%3DUTF-8%26sourceid%3Die7%26rlz%3D1I7ADBS;0[1].gif - http://warlog.info:8081/18786;1280x800;32;...257923357111465

2007/07/25 05:54:59 PM:593 Infection was detected on this computer
Threat Name - Adware.CrackSpider
Type - Entry
Risk Level - Medium
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\UA7E2UX3\style[1].css - http://crackspider.net/img/style.css

2007/07/25 05:54:59 PM:593 Infection was detected on this computer
Threat Name - Adware.CrackSpider
Type - Entry
Risk Level - Medium
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\KTIEMT90\header1[1].gif - http://crackspider.net/img/header1.gif

2007/07/25 05:54:59 PM:593 Infection was detected on this computer
Threat Name - Adware.CrackSpider
Type - Entry
Risk Level - Medium
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\CMRUUQCD\submit1[1].gif - http://crackspider.net/img/submit1.gif

2007/07/25 05:54:59 PM:593 Infection was detected on this computer
Threat Name - Adware.CrackSpider
Type - Entry
Risk Level - Medium
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\MGQY5IS3\search1[1].gif - http://crackspider.net/img/search1.gif

2007/07/25 05:54:59 PM:593 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\right_h[1].gif - http://img.thebugs.ws/spider/right_h.gif

2007/07/25 05:54:59 PM:593 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\net002-1[1].gif - http://img.thebugs.ws/bn/asta.net/net002-1.gif

2007/07/25 05:54:59 PM:593 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\5WY6T99Z\120x60ani[1].gif - http://img.thebugs.ws/bn/webfile/120x60ani.gif

2007/07/25 05:54:59 PM:593 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\1PVOE44N\120x160_1[1].gif - http://img.thebugs.ws/120x160_1.gif

2007/07/25 05:54:59 PM:687 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\3BERT61E\pixel[1].gif - http://img.thebugs.ws/spider/pixel.gif

2007/07/25 05:54:59 PM:718 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\U5YF77UX\strbtm[1].gif - http://img.thebugs.ws/spider/strbtm.gif

2007/07/25 05:54:59 PM:718 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\UA7E2UX3\88x31_2[1].gif - http://img.thebugs.ws/88x31_2.gif

2007/07/25 05:54:59 PM:718 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\QNXGGXMJ\footer[1].gif - http://img.thebugs.ws/spider/footer.gif

2007/07/25 05:54:59 PM:812 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\U5YF77UX\2[1].gif - http://asta-killer.com/2.gif

2007/07/25 05:54:59 PM:812 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\U5YF77UX\asta-killer[1].htm - http://asta-killer.com/

2007/07/25 05:54:59 PM:812 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\UA7E2UX3\1[1].gif - http://asta-killer.com/1.gif

2007/07/25 05:54:59 PM:812 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\QNXGGXMJ\3[1].gif - http://asta-killer.com/3.gif

2007/07/25 05:54:59 PM:812 Infection was detected on this computer
Threat Name - Trojan.CWS
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\KTIEMT90\iframe[1].htm - http://www.dewis.us/iframe.html

2007/07/25 05:54:59 PM:859 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\3Q21KXW3\4[1].gif - http://asta-killer.com/4.gif

2007/07/25 05:54:59 PM:859 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\N0U2H2GM\search%3Fq%3Dcracks%26rls%3Dcom.microsoft%3Aen-za%3AIE-SearchBox%26ie%3DUTF-8%26oe%3DUTF-8%26sourceid%3Die7%26rlz%3D1I7ADBS;0[1].gif - http://warlog.info:8081/2674;1280x800;32;1...001737337842177

2007/07/25 05:54:59 PM:921 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\5WY6T99Z\favicon[1].ico - http://asta-killer.com/favicon.ico

2007/07/25 05:54:59 PM:984 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\KTIEMT90\search[1].htm - http://www.freeserials.com/serials/search....uery=Search+%21

2007/07/25 05:55:00 PM:0 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\1PVOE44N\;0[1].gif - http://warlog.info:8081/18786;1280x800;32;...295767111919027

2007/07/25 05:55:00 PM:343 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\box_01[1].jpg - http://fhg.icoonet.com/icoof/d2/box_01.jpg

2007/07/25 05:55:00 PM:484 Infection was detected on this computer
Threat Name - Trojan.VX2.Look2Me
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\links[1].htm - http://popunder.paypopup.com/links.php?dat...1a4c49b1b92a381

2007/07/25 05:55:00 PM:593 Infection was detected on this computer
Threat Name - Trojan.VX2.Look2Me
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\CMRUUQCD\links[2].htm - http://popunder.paypopup.com/links.php?dat...8aa961ce8229133

2007/07/25 05:55:00 PM:859 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\MGQY5IS3\icooframe[1].htm - http://fhg.icoonet.com/icoof/icooframe.php...amp;s=2&p=1

2007/07/25 05:55:00 PM:937 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\she_males_from_rio_4[1].jpg - http://fhg.icoonet.com/!!all_compr..._from_rio_4.jpg

2007/07/25 05:55:00 PM:937 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\3Q21KXW3\box_02[1].jpg - http://fhg.icoonet.com/icoof/d2/box_02.jpg

2007/07/25 05:55:01 PM:78 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\3BERT61E\todays10dvd[1].htm - http://icoocash.com/js/todays10dvd.php?adv...1&maxdvds=5

2007/07/25 05:55:01 PM:140 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\UA7E2UX3\download2[1].gif - http://fhg.icoonet.com/pics_256/pics2005lo/download2.gif

2007/07/25 05:55:01 PM:140 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\QNXGGXMJ\lista[1].gif - http://fhg.icoonet.com/pics_256/pics2005lo/lista.gif

2007/07/25 05:55:01 PM:203 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\MGQY5IS3\icooframe[2].htm - http://fhg.icoonet.com/icoof/icooframe.php...amp;s=2&p=1

2007/07/25 05:55:01 PM:515 Infection was detected on this computer
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\ass_to_mouth_10[1].jpg - http://fhg.icoonet.com/!!all_compr...to_mouth_10.jpg

2007/07/25 05:55:23 PM:921 Infection was detected on this computer
Threat Name - Trojan.Common_Components_for_Trojans
Type - Registry Value
Risk Level - Medium
Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, BIH

2007/07/25 05:59:42 PM:781 Scan Finished
Scan Type - Intelli-Scan
Items Processed - 94165
Threats Detected - 5
Infections Detected - 47
Infections Ignored - 0

2007/07/25 06:00:06 PM:750 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\ass_to_mouth_10[1].jpg - http://fhg.icoonet.com/!!all_compr...to_mouth_10.jpg

2007/07/25 06:00:06 PM:906 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\MGQY5IS3\icooframe[2].htm - http://fhg.icoonet.com/icoof/icooframe.php...amp;s=2&p=1

2007/07/25 06:00:07 PM:78 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\QNXGGXMJ\lista[1].gif - http://fhg.icoonet.com/pics_256/pics2005lo/lista.gif

2007/07/25 06:00:07 PM:187 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\UA7E2UX3\download2[1].gif - http://fhg.icoonet.com/pics_256/pics2005lo/download2.gif

2007/07/25 06:00:07 PM:328 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\3BERT61E\todays10dvd[1].htm - http://icoocash.com/js/todays10dvd.php?adv...1&maxdvds=5

2007/07/25 06:00:07 PM:437 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\3Q21KXW3\box_02[1].jpg - http://fhg.icoonet.com/icoof/d2/box_02.jpg

2007/07/25 06:00:07 PM:625 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\she_males_from_rio_4[1].jpg - http://fhg.icoonet.com/!!all_compr..._from_rio_4.jpg

2007/07/25 06:00:07 PM:734 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\MGQY5IS3\icooframe[1].htm - http://fhg.icoonet.com/icoof/icooframe.php...amp;s=2&p=1

2007/07/25 06:00:07 PM:828 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\box_01[1].jpg - http://fhg.icoonet.com/icoof/d2/box_01.jpg

2007/07/25 06:00:07 PM:984 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\1PVOE44N\;0[1].gif - http://warlog.info:8081/18786;1280x800;32;...295767111919027

2007/07/25 06:00:08 PM:234 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\KTIEMT90\search[1].htm - http://www.freeserials.com/serials/search....uery=Search+%21

2007/07/25 06:00:08 PM:546 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\5WY6T99Z\favicon[1].ico - http://asta-killer.com/favicon.ico

2007/07/25 06:00:08 PM:718 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\N0U2H2GM\search%3Fq%3Dcracks%26rls%3Dcom.microsoft%3Aen-za%3AIE-SearchBox%26ie%3DUTF-8%26oe%3DUTF-8%26sourceid%3Die7%26rlz%3D1I7ADBS;0[1].gif - http://warlog.info:8081/2674;1280x800;32;1...001737337842177

2007/07/25 06:00:08 PM:843 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\3Q21KXW3\4[1].gif - http://asta-killer.com/4.gif

2007/07/25 06:00:09 PM:15 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\QNXGGXMJ\3[1].gif - http://asta-killer.com/3.gif

2007/07/25 06:00:09 PM:140 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\UA7E2UX3\1[1].gif - http://asta-killer.com/1.gif

2007/07/25 06:00:09 PM:265 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\U5YF77UX\asta-killer[1].htm - http://asta-killer.com/

2007/07/25 06:00:09 PM:375 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\U5YF77UX\2[1].gif - http://asta-killer.com/2.gif

2007/07/25 06:00:09 PM:531 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\QNXGGXMJ\footer[1].gif - http://img.thebugs.ws/spider/footer.gif

2007/07/25 06:00:09 PM:671 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\UA7E2UX3\88x31_2[1].gif - http://img.thebugs.ws/88x31_2.gif

2007/07/25 06:00:09 PM:750 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\U5YF77UX\strbtm[1].gif - http://img.thebugs.ws/spider/strbtm.gif

2007/07/25 06:00:09 PM:875 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\3BERT61E\pixel[1].gif - http://img.thebugs.ws/spider/pixel.gif

2007/07/25 06:00:09 PM:984 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\1PVOE44N\120x160_1[1].gif - http://img.thebugs.ws/120x160_1.gif

2007/07/25 06:00:10 PM:125 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\5WY6T99Z\120x60ani[1].gif - http://img.thebugs.ws/bn/webfile/120x60ani.gif

2007/07/25 06:00:10 PM:250 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\net002-1[1].gif - http://img.thebugs.ws/bn/asta.net/net002-1.gif

2007/07/25 06:00:10 PM:359 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\right_h[1].gif - http://img.thebugs.ws/spider/right_h.gif

2007/07/25 06:00:10 PM:468 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\N0U2H2GM\search%3Fq%3Dfree+program+keys%26rls%3Dcom.microsoft%3Aen-za%3AIE-SearchBox%26ie%3DUTF-8%26oe%3DUTF-8%26sourceid%3Die7%26rlz%3D1I7ADBS;0[1].gif - http://warlog.info:8081/18786;1280x800;32;...257923357111465

2007/07/25 06:00:10 PM:625 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\3Q21KXW3\line2[1].gif - http://www.freeserials.com/img/line2.gif

2007/07/25 06:00:10 PM:750 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\menu[1].gif - http://www.freeserials.com/img/menu.gif

2007/07/25 06:00:10 PM:906 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\MGQY5IS3\bg[1].gif - http://www.freeserials.com/img/bg.gif

2007/07/25 06:00:11 PM:0 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\CMRUUQCD\pixelblack[1].gif - http://www.freeserials.com/img/pixelblack.gif

2007/07/25 06:00:11 PM:125 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\KTIEMT90\style[1].css - http://www.freeserials.com/ssi/style.css

2007/07/25 06:00:11 PM:234 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\QNXGGXMJ\sel[1].gif - http://www.freeserials.com/img/sel.gif

2007/07/25 06:00:11 PM:343 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\UA7E2UX3\on[1].gif - http://www.freeserials.com/img/on.gif

2007/07/25 06:00:11 PM:453 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\UA7E2UX3\off[1].gif - http://www.freeserials.com/img/off.gif

2007/07/25 06:00:11 PM:656 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\U5YF77UX\freeserials[1].htm - http://www.freeserials.com/

2007/07/25 06:00:11 PM:765 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\U5YF77UX\menu[1].js - http://www.freeserials.com/ssi/menu.js

2007/07/25 06:00:11 PM:921 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\MGQY5IS3\ban3[1].gif - http://fhg.icoonet.com/pics_256/pics2005lo/ban3.gif

2007/07/25 06:00:12 PM:62 Infection quarantined
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\1PVOE44N\3575[1].gif - http://img.directtrack.com/intermarkmedia/3575.gif

2007/07/25 06:00:12 PM:125 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\ass_to_mouth_10[1].jpg - http://fhg.icoonet.com/!!all_compr...to_mouth_10.jpg

2007/07/25 06:00:12 PM:125 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\MGQY5IS3\icooframe[2].htm - http://fhg.icoonet.com/icoof/icooframe.php...amp;s=2&p=1

2007/07/25 06:00:12 PM:125 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\QNXGGXMJ\lista[1].gif - http://fhg.icoonet.com/pics_256/pics2005lo/lista.gif

2007/07/25 06:00:12 PM:125 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\UA7E2UX3\download2[1].gif - http://fhg.icoonet.com/pics_256/pics2005lo/download2.gif

2007/07/25 06:00:12 PM:140 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\3BERT61E\todays10dvd[1].htm - http://icoocash.com/js/todays10dvd.php?adv...1&maxdvds=5

2007/07/25 06:00:12 PM:140 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\3Q21KXW3\box_02[1].jpg - http://fhg.icoonet.com/icoof/d2/box_02.jpg

2007/07/25 06:00:12 PM:140 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\she_males_from_rio_4[1].jpg - http://fhg.icoonet.com/!!all_compr..._from_rio_4.jpg

2007/07/25 06:00:12 PM:171 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\MGQY5IS3\icooframe[1].htm - http://fhg.icoonet.com/icoof/icooframe.php...amp;s=2&p=1

2007/07/25 06:00:12 PM:296 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\box_01[1].jpg - http://fhg.icoonet.com/icoof/d2/box_01.jpg

2007/07/25 06:00:12 PM:328 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\1PVOE44N\;0[1].gif - http://warlog.info:8081/18786;1280x800;32;...295767111919027

2007/07/25 06:00:12 PM:359 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\KTIEMT90\search[1].htm - http://www.freeserials.com/serials/search....uery=Search+%21

2007/07/25 06:00:12 PM:359 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\5WY6T99Z\favicon[1].ico - http://asta-killer.com/favicon.ico

2007/07/25 06:00:12 PM:375 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\N0U2H2GM\search%3Fq%3Dcracks%26rls%3Dcom.microsoft%3Aen-za%3AIE-SearchBox%26ie%3DUTF-8%26oe%3DUTF-8%26sourceid%3Die7%26rlz%3D1I7ADBS;0[1].gif - http://warlog.info:8081/2674;1280x800;32;1...001737337842177

2007/07/25 06:00:12 PM:375 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\3Q21KXW3\4[1].gif - http://asta-killer.com/4.gif

2007/07/25 06:00:12 PM:375 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\QNXGGXMJ\3[1].gif - http://asta-killer.com/3.gif

2007/07/25 06:00:12 PM:375 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\UA7E2UX3\1[1].gif - http://asta-killer.com/1.gif

2007/07/25 06:00:12 PM:390 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\U5YF77UX\asta-killer[1].htm - http://asta-killer.com/

2007/07/25 06:00:12 PM:390 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\U5YF77UX\2[1].gif - http://asta-killer.com/2.gif

2007/07/25 06:00:12 PM:390 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\QNXGGXMJ\footer[1].gif - http://img.thebugs.ws/spider/footer.gif

2007/07/25 06:00:12 PM:390 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\UA7E2UX3\88x31_2[1].gif - http://img.thebugs.ws/88x31_2.gif

2007/07/25 06:00:12 PM:406 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\U5YF77UX\strbtm[1].gif - http://img.thebugs.ws/spider/strbtm.gif

2007/07/25 06:00:12 PM:406 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\3BERT61E\pixel[1].gif - http://img.thebugs.ws/spider/pixel.gif

2007/07/25 06:00:12 PM:406 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\1PVOE44N\120x160_1[1].gif - http://img.thebugs.ws/120x160_1.gif

2007/07/25 06:00:12 PM:406 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\5WY6T99Z\120x60ani[1].gif - http://img.thebugs.ws/bn/webfile/120x60ani.gif

2007/07/25 06:00:12 PM:421 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\net002-1[1].gif - http://img.thebugs.ws/bn/asta.net/net002-1.gif

2007/07/25 06:00:12 PM:421 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\right_h[1].gif - http://img.thebugs.ws/spider/right_h.gif

2007/07/25 06:00:12 PM:437 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\N0U2H2GM\search%3Fq%3Dfree+program+keys%26rls%3Dcom.microsoft%3Aen-za%3AIE-SearchBox%26ie%3DUTF-8%26oe%3DUTF-8%26sourceid%3Die7%26rlz%3D1I7ADBS;0[1].gif - http://warlog.info:8081/18786;1280x800;32;...257923357111465

2007/07/25 06:00:12 PM:453 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\3Q21KXW3\line2[1].gif - http://www.freeserials.com/img/line2.gif

2007/07/25 06:00:12 PM:453 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\menu[1].gif - http://www.freeserials.com/img/menu.gif

2007/07/25 06:00:12 PM:453 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\MGQY5IS3\bg[1].gif - http://www.freeserials.com/img/bg.gif

2007/07/25 06:00:12 PM:453 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\CMRUUQCD\pixelblack[1].gif - http://www.freeserials.com/img/pixelblack.gif

2007/07/25 06:00:12 PM:468 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\KTIEMT90\style[1].css - http://www.freeserials.com/ssi/style.css

2007/07/25 06:00:12 PM:468 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\QNXGGXMJ\sel[1].gif - http://www.freeserials.com/img/sel.gif

2007/07/25 06:00:12 PM:468 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\UA7E2UX3\on[1].gif - http://www.freeserials.com/img/on.gif

2007/07/25 06:00:12 PM:468 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\UA7E2UX3\off[1].gif - http://www.freeserials.com/img/off.gif

2007/07/25 06:00:12 PM:484 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\U5YF77UX\freeserials[1].htm - http://www.freeserials.com/

2007/07/25 06:00:12 PM:484 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\U5YF77UX\menu[1].js - http://www.freeserials.com/ssi/menu.js

2007/07/25 06:00:12 PM:484 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\MGQY5IS3\ban3[1].gif - http://fhg.icoonet.com/pics_256/pics2005lo/ban3.gif

2007/07/25 06:00:12 PM:500 Infection cleaned
Threat Name - Spyware.Known_Bad_Sites
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\1PVOE44N\3575[1].gif - http://img.directtrack.com/intermarkmedia/3575.gif

2007/07/25 06:00:12 PM:812 Infection quarantined
Threat Name - Adware.CrackSpider
Type - Entry
Risk Level - Medium
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\MGQY5IS3\search1[1].gif - http://crackspider.net/img/search1.gif

2007/07/25 06:00:12 PM:921 Infection quarantined
Threat Name - Adware.CrackSpider
Type - Entry
Risk Level - Medium
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\CMRUUQCD\submit1[1].gif - http://crackspider.net/img/submit1.gif

2007/07/25 06:00:13 PM:62 Infection quarantined
Threat Name - Adware.CrackSpider
Type - Entry
Risk Level - Medium
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\KTIEMT90\header1[1].gif - http://crackspider.net/img/header1.gif

2007/07/25 06:00:13 PM:218 Infection quarantined
Threat Name - Adware.CrackSpider
Type - Entry
Risk Level - Medium
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\UA7E2UX3\style[1].css - http://crackspider.net/img/style.css

2007/07/25 06:00:13 PM:234 Infection cleaned
Threat Name - Adware.CrackSpider
Type - Entry
Risk Level - Medium
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\MGQY5IS3\search1[1].gif - http://crackspider.net/img/search1.gif

2007/07/25 06:00:13 PM:234 Infection cleaned
Threat Name - Adware.CrackSpider
Type - Entry
Risk Level - Medium
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\CMRUUQCD\submit1[1].gif - http://crackspider.net/img/submit1.gif

2007/07/25 06:00:13 PM:250 Infection cleaned
Threat Name - Adware.CrackSpider
Type - Entry
Risk Level - Medium
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\KTIEMT90\header1[1].gif - http://crackspider.net/img/header1.gif

2007/07/25 06:00:13 PM:250 Infection cleaned
Threat Name - Adware.CrackSpider
Type - Entry
Risk Level - Medium
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\UA7E2UX3\style[1].css - http://crackspider.net/img/style.css

2007/07/25 06:00:13 PM:406 Infection quarantined
Threat Name - Trojan.CWS
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\KTIEMT90\iframe[1].htm - http://www.dewis.us/iframe.html

2007/07/25 06:00:13 PM:421 Infection cleaned
Threat Name - Trojan.CWS
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\KTIEMT90\iframe[1].htm - http://www.dewis.us/iframe.html

2007/07/25 06:00:13 PM:453 Infection was detected on this computer
Threat Name - Trojan.CWS
Type - Registry Value
Risk Level - High
Infection - HKEY_USERS\S-1-5-21-1700450866-1009433233-2918691814-1004\Software\Microsoft\Internet Explorer\Main, Use Custom Search URL

2007/07/25 06:00:13 PM:875 Infection quarantined
Threat Name - Trojan.VX2.Look2Me
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\CMRUUQCD\links[2].htm - http://popunder.paypopup.com/links.php?dat...8aa961ce8229133

2007/07/25 06:00:14 PM:156 Infection quarantined
Threat Name - Trojan.VX2.Look2Me
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\links[1].htm - http://popunder.paypopup.com/links.php?dat...1a4c49b1b92a381

2007/07/25 06:00:14 PM:187 Infection cleaned
Threat Name - Trojan.VX2.Look2Me
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\CMRUUQCD\links[2].htm - http://popunder.paypopup.com/links.php?dat...8aa961ce8229133

2007/07/25 06:00:14 PM:187 Infection cleaned
Threat Name - Trojan.VX2.Look2Me
Type - Entry
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\Local Settings\Temporary Internet Files\Content.IE5\V93JZKAX\links[1].htm - http://popunder.paypopup.com/links.php?dat...1a4c49b1b92a381

2007/07/25 06:00:14 PM:375 Infection quarantined
Threat Name - Trojan.Common_Components_for_Trojans
Type - Registry Value
Risk Level - Medium
Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, BIH

2007/07/25 06:00:14 PM:421 Infection cleaned
Threat Name - Trojan.Common_Components_for_Trojans
Type - Registry Value
Risk Level - Medium
Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, BIH

2007/07/25 06:00:16 PM:468 Infections Quarantined/Removed Summary
Quarantined - 47
Quarantine Failed - 0
Removed - 47
Remove Failed - 0

2007/07/25 06:01:02 PM:140 Infection quarantined
Threat Name - Trojan.CWS
Type - Registry Value
Risk Level - High
Infection - HKEY_USERS\S-1-5-21-1700450866-1009433233-2918691814-1004\Software\Microsoft\Internet Explorer\Main, Use Custom Search URL

2007/07/26 07:47:08 PM:656 Service Started
Spyware Doctor Service Application started
2007/07/26 07:47:09 PM:546 Immuniser Results
ActiveX section has been immunised, Processed 13 items.
2007/07/26 07:47:10 PM:62 OnGuards status
All OnGuards were Enabled
2007/07/26 07:47:10 PM:765 Scan Started
Scan Type - Intelli-Scan

2007/07/26 07:47:10 PM:765 Startup Scan
Initialising Startup Scan:Intelli-Scan of this computer
2007/07/26 07:47:20 PM:93 Infection was detected on this computer
Threat Name - Trojan-PWS.Tanspy
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load

2007/07/26 07:49:46 PM:31 Scan Finished
Scan Type - Intelli-Scan
Items Processed - 78419
Threats Detected - 1
Infections Detected - 1
Infections Ignored - 0

2007/07/26 07:53:30 PM:359 Infection quarantined
Threat Name - Trojan-PWS.Tanspy
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load

2007/07/26 07:53:30 PM:359 Infection cleaned
Threat Name - Trojan-PWS.Tanspy
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load

2007/07/26 07:53:32 PM:421 Infections Quarantined/Removed Summary
Quarantined - 1
Quarantine Failed - 0
Removed - 1
Remove Failed - 0

2007/07/26 07:55:22 PM:968 Scan Started
Scan Type - Full Scan

2007/07/26 08:05:51 PM:500 Infection was detected on this computer
Threat Name - Adware.Agent.BN
Type - File
Risk Level - Medium
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\backups\backup-20070630-024244-401.dll

2007/07/26 08:05:53 PM:687 Infection was detected on this computer
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\english

2007/07/26 08:05:54 PM:593 Infection was detected on this computer
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\english_1

2007/07/26 08:05:55 PM:500 Infection was detected on this computer
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\english_2

2007/07/26 08:13:16 PM:671 Infection was detected on this computer
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe

2007/07/26 08:35:38 PM:281 Scan Finished
Scan Type - Full Scan
Items Processed - 153852
Threats Detected - 2
Infections Detected - 5
Infections Ignored - 0

2007/07/26 08:38:12 PM:140 OnGuard: System Event Blocked
Threat Name - Trojan-Spy.Banker.ABG
Details - Spyware Doctor has blocked an application attempting to access a file.
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\Bye.bye

2007/07/26 08:38:24 PM:234 OnGuard: System Event Blocked
Threat Name - Trojan-Spy.Banker.ABG
Details - Spyware Doctor has blocked an application attempting to access a file.
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\Bye.bye00

2007/07/26 08:38:27 PM:843 OnGuard: System Event Blocked
Threat Name - Trojan-Spy.Banker.ABG
Details - Spyware Doctor has blocked an application attempting to access a file.
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\Bye.bye0

2007/07/26 08:39:00 PM:734 OnGuard: System Event Blocked
Threat Name - Trojan-Spy.Banker.ABG
Details - Spyware Doctor has blocked an application attempting to access a file.
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\Bye.bye000

2007/07/26 08:39:04 PM:750 OnGuard: System Event Blocked
Threat Name - Trojan-Spy.Banker.ABG
Details - Spyware Doctor has blocked an application attempting to access a file.
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\Bye.bye

2007/07/26 08:39:07 PM:328 OnGuard: System Event Blocked
Threat Name - Trojan-Spy.Banker.ABG
Details - Spyware Doctor has blocked an application attempting to access a file.
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\Bye.bye0

2007/07/26 08:39:29 PM:343 OnGuard: System Event Blocked
Threat Name - Trojan-Spy.Banker.ABG
Details - Spyware Doctor has blocked an application attempting to access a file.
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\oatxlauqof

2007/07/26 08:40:11 PM:359 OnGuard: System Event Blocked
Threat Name - Trojan-Spy.Banker.ABG
Details - Spyware Doctor has blocked an application attempting to access a file.
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\otqtrbtwsi

2007/07/26 08:40:35 PM:859 OnGuard: System Event Blocked
Threat Name - Trojan-Spy.Banker.ABG
Details - Spyware Doctor has blocked an application attempting to access a file.
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\Bye.bye

2007/07/26 08:40:50 PM:31 OnGuard: System Event Blocked
Threat Name - Trojan-Spy.Banker.ABG
Details - Spyware Doctor has blocked an application attempting to access a file.
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\Bye.bye0

2007/07/26 08:41:00 PM:515 Infection quarantined
Threat Name - Adware.Agent.BN
Type - File
Risk Level - Medium
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\backups\backup-20070630-024244-401.dll

2007/07/26 08:41:00 PM:515 Infection cleaned
Threat Name - Adware.Agent.BN
Type - File
Risk Level - Medium
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\backups\backup-20070630-024244-401.dll

2007/07/26 08:41:01 PM:312 Infection quarantined
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe

2007/07/26 08:41:01 PM:343 Infection quarantined
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\english_2

2007/07/26 08:41:01 PM:343 Infection quarantined
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\english_1

2007/07/26 08:41:01 PM:343 Infection quarantined
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\english

2007/07/26 08:41:01 PM:359 Infection cleaned
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe

2007/07/26 08:41:01 PM:359 Infection cleaned
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\english_2

2007/07/26 08:41:01 PM:359 Infection cleaned
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\english_1

2007/07/26 08:41:01 PM:359 Infection cleaned
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\english

2007/07/26 08:41:03 PM:531 Infections Quarantined/Removed Summary
Quarantined - 5
Quarantine Failed - 0
Removed - 5
Remove Failed - 0

2007/07/26 08:48:09 PM:890 Scan Started
Scan Type - Full Scan

2007/07/26 08:56:05 PM:515 Infection was detected on this computer
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\Bye.bye

2007/07/26 08:56:06 PM:281 Infection was detected on this computer
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\Bye.bye0

2007/07/26 09:03:03 PM:187 Infection was detected on this computer
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\RECYCLER\S-1-5-21-1700450866-1009433233-2918691814-1004\Dc3.bye

2007/07/26 09:09:53 PM:828 Scan Finished
Scan Type - Full Scan
Items Processed - 153976
Threats Detected - 1
Infections Detected - 3
Infections Ignored - 0

2007/07/26 09:10:24 PM:453 Infection quarantined
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\RECYCLER\S-1-5-21-1700450866-1009433233-2918691814-1004\Dc3.bye

2007/07/26 09:10:24 PM:984 Infection quarantined
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\Bye.bye0

2007/07/26 09:10:25 PM:453 Infection quarantined
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\Bye.bye

2007/07/26 09:10:25 PM:453 Infection cleaned
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\RECYCLER\S-1-5-21-1700450866-1009433233-2918691814-1004\Dc3.bye

2007/07/26 09:10:25 PM:453 Infection cleaned
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\Bye.bye0

2007/07/26 09:10:25 PM:453 Infection cleaned
Threat Name - Trojan-Spy.Banker.ABG
Type - File
Risk Level - High
Infection - C:\Documents and Settings\Marcorious\My Documents\My Completed Downloads\Bye.bye

2007/07/26 09:10:27 PM:515 Infections Quarantined/Removed Summary
Quarantined - 3
Quarantine Failed - 0
Removed - 3
Remove Failed - 0

2007/07/27 07:48:28 AM:406 Service Started
Spyware Doctor Service Application started
2007/07/27 07:48:28 AM:468 OnGuards status
All OnGuards were Enabled
2007/07/27 07:48:29 AM:343 Immuniser Results
ActiveX section has been immunised. No items were processed.
2007/07/27 07:48:29 AM:562 Scan Started
Scan Type - Intelli-Scan

2007/07/27 07:48:29 AM:562 Startup Scan
Initialising Startup Scan:Intelli-Scan of this computer
2007/07/27 07:50:23 AM:359 Scan Finished
Scan Type - Intelli-Scan
Items Processed - 98517
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

2007/07/27 08:16:19 AM:843 Service Stopped
Spyware Doctor Service Application Stopped
2007/07/27 09:55:44 PM:828 Service Started
Spyware Doctor Service Application started
2007/07/27 09:55:45 PM:750 Immuniser Results
ActiveX section has been immunised. No items were processed.
2007/07/27 09:55:46 PM:234 OnGuards status
All OnGuards were Enabled
2007/07/27 09:55:47 PM:46 Scan Started
Scan Type - Intelli-Scan

2007/07/27 09:55:47 PM:46 Startup Scan
Initialising Startup Scan:Intelli-Scan of this computer
2007/07/27 09:57:11 PM:171 Scan Finished
Scan Type - Intelli-Scan
Items Processed - 81162
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

#10 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 PM

Posted 27 July 2007 - 04:35 PM

You spyware doctor log appears to indicate you been visiting sites that distribute software cracks, is this the case?

#11 swazimedic

swazimedic
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 27 July 2007 - 04:55 PM

yes i did, it was a once off thing....

#12 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 PM

Posted 28 July 2007 - 09:52 AM

When you run spyware doctor, does it sill detect any problems?

#13 swazimedic

swazimedic
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 28 July 2007 - 09:58 AM

no more messages it picked something up this morning but all is quiet now. but my computer tends to run abit slow at times especially on start up.

#14 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 PM

Posted 28 July 2007 - 10:16 AM

Try this guide for troubleshooting a slow PC:

http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users