Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected


  • This topic is locked This topic is locked
15 replies to this topic

#1 sifurone

sifurone

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 11 March 2007 - 08:16 AM

When I run ad-aware I find registry values altered, registy keys altered and a ridiculous amount of critical objects found, which is unusual. Also, whenever I right click on something, I usually have to right click it more than once, becuz after the first time, the options list disappears...sometimes, my whole window disappears following clicking on a link. Also, sometimes my browser freezes up altogether. At that point, I can neither delete my browsing history or go to any options in my toolbar. I have to open up a new browser to access toolbar options after that, and then when I do that, only a few options actually work. Help, what do I need to do.

Moderator Edit: Moved topic to more appropriate forum. ~ Animal

Edited by Animal, 11 March 2007 - 01:53 PM.


BC AdBot (Login to Remove)

 


#2 Jesse Bassett

Jesse Bassett

  • Members
  • 418 posts
  • OFFLINE
  •  
  • Location:Rosemount, MINN.
  • Local time:11:14 AM

Posted 11 March 2007 - 08:17 AM

What are the results of the AdAware scans? What things does it find?
Windows XP Media Center Edition 2005 l McAfee Total Protection l Super AntiSpyware Free Edition l AdAware SE Personal l Spyware Blaster l Spyware Guard l Safe Eyes 2007

#3 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:05:14 PM

Posted 11 March 2007 - 08:19 AM

In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.

1. Detects and removes malware ( viruses, worms, trojans, etc. )
2. Detects and removes grayware and spyware
3. Restores damage caused by malware to your system.
4. Notifies about vulnerabilities in installed programs and connected network services.
5. Multi-platform support for: Windows, Linux, Solaris.
6. Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.

#4 sifurone

sifurone
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 11 March 2007 - 08:28 AM

Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, March 11, 2007 7:57:57 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R157 05.03.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
DSSAgent(TAC index:8):7 total references
MRU List(TAC index:0):14 total references
Tracking Cookie(TAC index:3):44 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


3/11/2007 7:57:57 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\SIFUR\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\SIFUR\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1312234442-237657822-1884600604-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1312234442-237657822-1884600604-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1312234442-237657822-1884600604-1005\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1312234442-237657822-1884600604-1005\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1312234442-237657822-1884600604-1005\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-1312234442-237657822-1884600604-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1312234442-237657822-1884600604-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1312234442-237657822-1884600604-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1312234442-237657822-1884600604-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 388
ThreadCreationTime : 3/10/2007 1:06:18 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 484
ThreadCreationTime : 3/10/2007 1:06:22 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 508
ThreadCreationTime : 3/10/2007 1:06:22 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 552
ThreadCreationTime : 3/10/2007 1:06:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 564
ThreadCreationTime : 3/10/2007 1:06:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 3/10/2007 1:06:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 760
ThreadCreationTime : 3/10/2007 1:06:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 828
ThreadCreationTime : 3/10/2007 1:06:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 860
ThreadCreationTime : 3/10/2007 1:06:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1000
ThreadCreationTime : 3/10/2007 1:06:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1056
ThreadCreationTime : 3/10/2007 1:06:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1192
ThreadCreationTime : 3/10/2007 1:06:29 PM
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1232
ThreadCreationTime : 3/10/2007 1:06:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1744
ThreadCreationTime : 3/10/2007 1:06:33 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:15 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1940
ThreadCreationTime : 3/10/2007 1:06:38 PM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:16 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 1948
ThreadCreationTime : 3/10/2007 1:06:38 PM
BasePriority : Normal
FileVersion : 6.5.737.000
ProductVersion : 6.5.737.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:17 [defwatch.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 1972
ThreadCreationTime : 3/10/2007 1:06:38 PM
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright 1998 - 2004 Symantec Corporation. All rights reserved.
OriginalFilename : DefWatch.exe

#:18 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 2024
ThreadCreationTime : 3/10/2007 1:06:38 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:19 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 160
ThreadCreationTime : 3/10/2007 1:06:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:20 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 172
ThreadCreationTime : 3/10/2007 1:06:39 PM
BasePriority : Normal
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
ProductName : Modem
FileDescription : User-Level Modem Service
InternalName : slserv
LegalCopyright : Copyright © 1999-2000
OriginalFilename : slserv.exe

#:21 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 212
ThreadCreationTime : 3/10/2007 1:06:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [rtvscan.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 112
ThreadCreationTime : 3/10/2007 1:06:40 PM
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:23 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 1336
ThreadCreationTime : 3/10/2007 1:06:47 PM
BasePriority : Normal
FileVersion : 6.5.737.000
ProductVersion : 6.5.737.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:24 [xcommsvr.exe]
FilePath : C:\Program Files\Common Files\Softwin\BitDefender Communicator\
ProcessID : 1544
ThreadCreationTime : 3/10/2007 1:06:55 PM
BasePriority : Normal
FileVersion : 1, 8, 9, 0
ProductVersion : 1, 8, 9, 0
ProductName : Softwin BitDefender Communicator Server
CompanyName : Softwin
FileDescription : BitDefender Communicator Server
InternalName : XCOMMSVR
LegalCopyright : Copyright © 2003-2004 Softwin
OriginalFilename : xcommsvr.exe
Comments : Manages communication between BitDefender components

#:25 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1572
ThreadCreationTime : 3/10/2007 1:06:55 PM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:26 [fxssvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1588
ThreadCreationTime : 3/10/2007 1:06:56 PM
BasePriority : Normal
FileVersion : 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.2.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Fax Service
InternalName : FXSSVC.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : FXSSVC.EXE

#:27 [bdss.exe]
FilePath : C:\Program Files\Common Files\Softwin\BitDefender Scan Server\
ProcessID : 1712
ThreadCreationTime : 3/10/2007 1:06:58 PM
BasePriority : Normal


#:28 [slrundll.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2652
ThreadCreationTime : 3/10/2007 1:07:38 PM
BasePriority : Normal


#:29 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3396
ThreadCreationTime : 3/10/2007 1:08:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:30 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 3180
ThreadCreationTime : 3/10/2007 1:36:58 PM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:31 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 4784
ThreadCreationTime : 3/10/2007 7:09:44 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:32 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 4184
ThreadCreationTime : 3/10/2007 8:40:33 PM
BasePriority : Normal
FileVersion : 7.00.6000.16414 (vista_gdr.070108-1520)
ProductVersion : 7.00.6000.16414
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:33 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 4620
ThreadCreationTime : 3/10/2007 9:33:14 PM
BasePriority : Normal
FileVersion : 7.00.6000.16414 (vista_gdr.070108-1520)
ProductVersion : 7.00.6000.16414
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:34 [ntvdm.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 5520
ThreadCreationTime : 3/10/2007 10:02:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : NTVDM.EXE
InternalName : NTVDM.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NTVDM.EXE

#:35 [yahoomessenger.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 13420
ThreadCreationTime : 3/11/2007 11:47:04 AM
BasePriority : Normal
FileVersion : 8,1,0,209
ProductVersion : 8,1,0,209
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
LegalCopyright : © 1998-2006 Yahoo! Inc. All rights reserved.

#:36 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 16448
ThreadCreationTime : 3/11/2007 12:56:49 PM
BasePriority : Normal
FileVersion : 7.00.6000.16414 (vista_gdr.070108-1520)
ProductVersion : 7.00.6000.16414
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:37 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 17556
ThreadCreationTime : 3/11/2007 12:57:09 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DSSAgent Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\broderbund software\dss

DSSAgent Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\broderbund software\dss
Value : CobwebInterval

DSSAgent Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\broderbund software\dss
Value : ContentCheckDelay

DSSAgent Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\broderbund software\dss
Value : ServerURL

DSSAgent Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\broderbund software\dss
Value : StorageLocation

DSSAgent Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment : "DSS"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : DSS

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 20


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@insightexpressai[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:sifur@insightexpressai.com/
Expires : 12/31/2020
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@mediaplex[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:sifur@mediaplex.com/
Expires : 6/21/2009 7:00:00 PM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:sifur@realmedia.com/
Expires : 12/31/2020 7:00:00 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@questionmarket[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:sifur@questionmarket.com/
Expires : 4/30/2008 1:11:18 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:sifur@live365.com/
Expires : 3/13/2012 12:52:00 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@adultfriendfinder[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:sifur@adultfriendfinder.com/
Expires : 4/10/2007 7:10:08 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:59
Value : Cookie:sifur@casalemedia.com/
Expires : 2/29/2008 3:01:58 PM
LastSync : Hits:59
UseCount : 0
Hits : 59

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:sifur@perf.overture.com/
Expires : 3/9/2011 12:26:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:sifur@fastclick.net/
Expires : 3/9/2009 7:53:20 PM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:30
Value : Cookie:sifur@hitbox.com/
Expires : 3/9/2008 7:06:06 PM
LastSync : Hits:30
UseCount : 0
Hits : 30

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:40
Value : Cookie:sifur@statse.webtrendslive.com/
Expires : 3/7/2017 5:20:10 PM
LastSync : Hits:40
UseCount : 0
Hits : 40

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:20
Value : Cookie:sifur@2o7.net/
Expires : 3/8/2012 4:36:58 PM
LastSync : Hits:20
UseCount : 0
Hits : 20

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@revsci[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:sifur@revsci.net/
Expires : 3/5/2027 12:24:46 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@ehg-cedarpoint.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:sifur@ehg-cedarpoint.hitbox.com/
Expires : 3/9/2008 7:06:06 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:sifur@112.2o7.net/
Expires : 3/8/2012 10:51:44 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@data.coremetrics[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:sifur@data.coremetrics.com/
Expires : 3/9/2022 4:37:14 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@adrevolver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:28
Value : Cookie:sifur@adrevolver.com/
Expires : 3/9/2008 3:02:42 PM
LastSync : Hits:28
UseCount : 0
Hits : 28

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@sextracker[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:sifur@sextracker.com/
Expires : 3/12/2007 7:05:02 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@ads.addynamix[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:sifur@ads.addynamix.com/
Expires : 3/11/2007 9:55:36 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:214
Value : Cookie:sifur@advertising.com/
Expires : 3/9/2012 2:51:34 AM
LastSync : Hits:214
UseCount : 0
Hits : 214

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@videoegg.adbureau[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:sifur@videoegg.adbureau.net/
Expires : 2/27/2008 7:00:00 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:sifur@overture.com/
Expires : 3/7/2017 12:25:56 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@edge.ru4[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:sifur@edge.ru4.com/
Expires : 3/2/2037 10:43:54 AM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@ehg-shoes.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:sifur@ehg-shoes.hitbox.com/
Expires : 5/9/2007 12:26:04 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@ads.pointroll[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:sifur@ads.pointroll.com/
Expires : 12/31/2009 7:00:00 PM
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:sifur@bluestreak.com/
Expires : 3/7/2017 5:10:50 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:sifur@zedo.com/
Expires : 3/7/2017 6:08:16 PM
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@server2.bkvtrack[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:sifur@server2.bkvtrack.com/
Expires : 1/4/2008 12:24:50 PM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@ehg-davidsbridal.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:sifur@ehg-davidsbridal.hitbox.com/
Expires : 3/9/2008 12:25:04 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@adlegend[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:sifur@adlegend.com/
Expires : 3/10/2017 8:04:56 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:sifur@adtech.de/
Expires : 3/7/2017 3:14:52 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@ehg-randomhouse.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:29
Value : Cookie:sifur@ehg-randomhouse.hitbox.com/
Expires : 3/9/2008 3:43:14 PM
LastSync : Hits:29
UseCount : 0
Hits : 29

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@media.adrevolver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:26
Value : Cookie:sifur@media.adrevolver.com/adrevolver/
Expires : 11/30/2009 6:52:30 PM
LastSync : Hits:26
UseCount : 0
Hits : 26

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@tacoda[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:sifur@tacoda.net/
Expires : 3/9/2008 10:50:34 AM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@counter11.sextracker[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:sifur@counter11.sextracker.com/
Expires : 3/12/2007 12:02:24 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@leeenterprises.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:sifur@leeenterprises.112.2o7.net/
Expires : 3/8/2012 10:45:46 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@counter6.sextracker[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:sifur@counter6.sextracker.com/
Expires : 3/12/2007 12:05:02 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@roiservice[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:sifur@roiservice.com/
Expires : 3/10/2027 9:48:18 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:sifur@doubleclick.net/
Expires : 3/9/2010 9:02:02 AM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:sifur@atdmt.com/
Expires : 3/7/2012 7:00:00 PM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@ehg-theviptour.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:sifur@ehg-theviptour.hitbox.com/
Expires : 3/9/2008 9:50:32 AM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@cs.sexcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:sifur@cs.sexcounter.com/
Expires : 5/12/2024 1:07:28 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@counter5.sextracker[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:sifur@counter5.sextracker.com/
Expires : 3/12/2007 12:02:16 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sifur@ad.yieldmanager[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:646
Value : Cookie:sifur@ad.yieldmanager.com/
Expires : 8/13/2017 7:00:00 PM
LastSync : Hits:646
UseCount : 0
Hits : 646

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 44
Objects found so far: 64



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DSSAgent Object Recognized!
Type : File
Data : DSSAGENT.EXE
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\WINDOWS\BBSTORE\DSS\
FileVersion : 1, 0, 3, 0
ProductVersion : 1, 0, 3, 0
ProductName : Brødcast background agent
CompanyName : Brøderbund Software
FileDescription : Brødcast background agent
InternalName : DSSAgent
LegalCopyright : Copyright © 1998 Brøderbund Software
OriginalFilename : dssagent.exe


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 65


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 65




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 65

8:24:45 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:26:48.125
Objects scanned:174444
Objects identified:51
Objects ignored:0
New critical objects:51

#5 sifurone

sifurone
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 11 March 2007 - 08:32 AM

adaware has also found something about a DSS agent...this sux.

#6 Jesse Bassett

Jesse Bassett

  • Members
  • 418 posts
  • OFFLINE
  •  
  • Location:Rosemount, MINN.
  • Local time:11:14 AM

Posted 11 March 2007 - 08:36 AM

What antivirus program do you use?
Windows XP Media Center Edition 2005 l McAfee Total Protection l Super AntiSpyware Free Edition l AdAware SE Personal l Spyware Blaster l Spyware Guard l Safe Eyes 2007

#7 sifurone

sifurone
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 11 March 2007 - 08:36 AM

zone alarm pro and symantec

#8 Jesse Bassett

Jesse Bassett

  • Members
  • 418 posts
  • OFFLINE
  •  
  • Location:Rosemount, MINN.
  • Local time:11:14 AM

Posted 11 March 2007 - 08:37 AM

Do a scan with Symantec. Let me know what that finds. Zone Alarm Pro does not include an antivirus mechanism.
Windows XP Media Center Edition 2005 l McAfee Total Protection l Super AntiSpyware Free Edition l AdAware SE Personal l Spyware Blaster l Spyware Guard l Safe Eyes 2007

#9 sifurone

sifurone
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 11 March 2007 - 09:24 AM

symantec says nothing found...

#10 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:05:14 PM

Posted 11 March 2007 - 10:35 AM

Have a look here

#11 sifurone

sifurone
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 11 March 2007 - 01:23 PM

Jesse Bassett, symantec found nothing and ad aware keeps finding a DSS Agent.

#12 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:05:14 PM

Posted 11 March 2007 - 08:37 PM

Have a look here

0r here

Edited by fozzie, 11 March 2007 - 08:39 PM.


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:14 PM

Posted 12 March 2007 - 06:01 PM

Try the approach offered in this bleeping computer tutorial L@@K
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:14 PM

Posted 27 March 2007 - 08:02 AM

I have split your HJT log away from this thread and moved it into the HJT forum.

You can find it here: http://www.bleepingcomputer.com/forums/t/86254/computer-infected-registry-keys-and-reg-values-altered/

Now that your log is posted there, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files on your own, etc.) unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and complicate the malware removal process.

Please be patient and wait for a response from an HJT Team member. It may take a while to get a response because team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. While waiting, please DO NOT make another reply to your log until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have no replies as this makes it easier for them to identify those who have not been helped. If you post another response, a team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 sifurone

sifurone
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 27 March 2007 - 08:39 AM

Before I got ur reply, I had told my SuperAntiSpyware to clean up after the scan...sooooo, here's the new Hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 8:34:49 AM, on 3/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\SIFUR\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: http://www.bebo.com
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users