pest trap removal

[ag]

pest trap got installed on my pc, and i restarted right away b/c i thought something was suspicious with the program. after restarting, i deleted pesttrap folder from program files, and uninstalled from add/remove software(control panel). i then did system restore. after restarting, the pc is running just like before-it seems completely fine and no signs of pesttrap. CAN I BE SURE that it is completely removed?

thanx

[JohnL]

I too had a similar problem. A ballon popped up from my System Bar saying that the PC was infected and that Microsoft could fix the problem. I clicked the ballon and it started to install the program. I suspected soemthing was amiss and stop the process via system manager. It isntalled a shortcut on my desktop which I deleted. I also rmeoved it via "add or remove programs".

I ran Adaware and AVG. They found virus' but it still seems to be there as the ballon continues to pop up. Any hints anyone?

Thanks for your help.

[JohnL]

Here is the logfile:

Spyware Doctor Activity Report
Generated on 15/02/2006 5:00:36 PM Spyware Doctor Homepage  PC Tools Homepage  Technical Support  
 
 
Scans (basic information only):
 
Scan Results:
scan start: 15/02/2006 5:00:59 PM
scan stop: 15/02/2006 5:13:20 PM
scanned items: 85570
found items: 199
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts file scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner
 
 
   
 Infection Name Location Risk
 Windows AdStatus HKLM\Software\Microsoft\Windows\CurrentVersion\Run##AdTools Service High
 Trojan.LowZones.DF HKLM\Software\Microsoft\Windows\CurrentVersion\Run##licli High
 Trojan.FakeAlert HKCU\Software\Microsoft\Windows\CurrentVersion\Run##Windows installer High
 Trojan.FakeAlert HKCU\Software\Microsoft\Windows\CurrentVersion\Run##pro High
 Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll Elevated
 Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll## Elevated
 Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll##.Owner Elevated
 Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll##{7F8C8173-AD80-4807-AA75-5672F22B4582} Elevated
 Common Components Unrelated HKCU\Software\Microsoft\Internet Explorer\Main##Search Page_bak Medium
 Common Components Unrelated HKCU\Software\Microsoft\Internet Explorer\Main##Start Page_bak Medium
 Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649} Medium
 Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}## Medium
 Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid Medium
 Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid## Medium
 Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid32 Medium
 Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid32## Medium
 Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\TypeLib Medium
 Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\TypeLib## Medium
 Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\TypeLib##Version Medium
 InternetOptimizer HKLM\Software\Microsoft\Internet Explorer\Main##BandRest High
 InternetOptimizer HKU\S-1-5-21-583907252-1409082233-839522115-1006\Software\Microsoft\Internet Explorer\Main##BandRest High
 InternetOptimizer HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt High
 InternetOptimizer HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt## High
 ISTbar HKCR\ISTx.Installer High
 ISTbar HKCR\ISTx.Installer## High
 ISTbar HKCR\ISTx.Installer\CLSID High
 ISTbar HKCR\ISTx.Installer\CLSID## High
 ISTbar HKCU\Software\Microsoft\Internet Explorer\Main##BandRest High
 ISTbar HKLM\SOFTWARE\Microsoft\Internet Explorer\Main##BandRest High
 ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll High
 ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll## High
 ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll##.Owner High
 ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll##{7C559105-9ECF-42B8-B3F7-832E75EDD959} High
 ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs##C:\WINDOWS\Downloaded Program Files\ISTactivex.dll High
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A} Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}## Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1 Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1## Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0 Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0## Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0\win32 Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0\win32## Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\FLAGS Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\FLAGS## Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\HELPDIR Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\HELPDIR## Elevated
 SahAgent HKCR\WEBInstaller.CExecute Elevated
 SahAgent HKCR\WEBInstaller.CExecute## Elevated
 SahAgent HKCR\WEBInstaller.CExecute\CLSID Elevated
 SahAgent HKCR\WEBInstaller.CExecute\CLSID## Elevated
 SahAgent HKCR\WEBInstaller.CExecute\CurVer Elevated
 SahAgent HKCR\WEBInstaller.CExecute\CurVer## Elevated
 SahAgent HKCR\WEBInstaller.CExecute.1 Elevated
 SahAgent HKCR\WEBInstaller.CExecute.1## Elevated
 SahAgent HKCR\WEBInstaller.CExecute.1\CLSID Elevated
 SahAgent HKCR\WEBInstaller.CExecute.1\CLSID## Elevated
 SpywareNo HKCU\Software\SNO2 High
 SpywareNo HKCU\Software\SNO2## High
 ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006} High
 ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories High
 ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} High
 ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} High
 ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\InprocServer32 High
 ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\ProgID High
 ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Programmable High
 ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\TypeLib High
 ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\VersionIndependentProgID High
 ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006} High
 ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories High
 ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} High
 ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} High
 ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\InprocServer32 High
 ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\ProgID High
 ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Programmable High
 ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\TypeLib High
 ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\VersionIndependentProgID High
 ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006} High
 ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\Contains High
 ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\Contains\Files High
 ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\DownloadInformation High
 ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\InstalledVersion High
 ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959} High
 ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InfFile High
 ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InprocServer32 High
 ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\ProgID High
 ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959} High
 ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InfFile High
 ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InprocServer32 High
 ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\ProgID High
 SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} Elevated
 SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories Elevated
 SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
 SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
 SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\InprocServer32 Elevated
 SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\ProgID Elevated
 SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Programmable Elevated
 SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\TypeLib Elevated
 SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\VersionIndependentProgID Elevated
 SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} Elevated
 SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories Elevated
 SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
 SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
 SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\InprocServer32 Elevated
 SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\ProgID Elevated
 SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Programmable Elevated
 SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\TypeLib Elevated
 SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\VersionIndependentProgID Elevated
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@112.2o7[1].txt Medium
 Known Bad Sites C:\Documents and Settings\Mine\Cookies\mine@ocean.directtrack[2].txt High
 2nd-thought.com C:\Documents and Settings\Mine\Cookies\mine@sel.as-eu.falkag[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@serving-sys[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@statse.webtrendslive[2].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@valueclick[2].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@realmedia[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@atdmt[2].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@media.fastclick[2].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@boards[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@counter2.hitslink[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@bizrate[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@qksrv[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@lb3.netster[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@b4.boards2go[1].txt Medium
 Known Bad Sites C:\Documents and Settings\Mine\Cookies\mine@directtrack[1].txt High
 eXact Advertising C:\Documents and Settings\Mine\Cookies\mine@trafficmp[2].txt Elevated
 Advertising C:\Documents and Settings\Mine\Cookies\mine@ad.zanox[2].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg.hitbox[2].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@doubleclick[1].txt Low
 Common Components for Claria C:\Documents and Settings\Mine\Cookies\mine@dist.belnk[2].txt Elevated
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@atwola[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@2o7[1].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@data1.perf.overture[1].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@banner3.inet-traffic[1].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@servedby.advertising[1].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@itxt.vibrantmedia[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@digitalhomediscountptyltd.122.2o7[1].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@casalemedia[2].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg-imation.hitbox[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@S118485[2].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@paycounter[1].txt Low
 Common Components for Claria C:\Documents and Settings\Mine\Cookies\mine@belnk[1].txt Elevated
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@S109868[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg-knightridder.hitbox[2].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@z1.adserver[1].txt Low
 Advertising C:\Documents and Settings\Mine\Cookies\mine@24582792[1].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ad.yieldmanager[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@247realmedia[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@inet-traffic[2].txt Medium
 WinFixer 2005 C:\Documents and Settings\Mine\Cookies\mine@www.winfixer[2].txt Elevated
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@bs.serving-sys[1].txt Medium
 WinFixer 2005 C:\Documents and Settings\Mine\Cookies\mine@winfixer[2].txt Elevated
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@tribalfusion[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@bfast[2].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@statcounter[2].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@server4.web-stat[1].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@com[2].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@apmebf[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@zedo[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@belointeractive[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@network[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg-alkemi.hitbox[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@maxserving[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@questionmarket[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@hitbox[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@experts-exchange[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[2].txt Medium
 Rogue Anti-Spyware Products C:\Documents and Settings\Mine\Cookies\mine@www.myspywarecleaner[1].txt High
 Advertising C:\Documents and Settings\Mine\Cookies\mine@advertising[2].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ads.belointeractive[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@www.ratestogo[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@spinbox[2].txt Medium
 2nd-thought.com C:\Documents and Settings\Mine\Cookies\mine@as-eu.falkag[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@counter.hitslink[1].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@mediaplex[2].txt Low
 Advertising C:\Documents and Settings\Mine\Cookies\mine@burstnet[1].txt Low
 Advertising C:\Documents and Settings\Mine\Cookies\mine@fastclick[1].txt Low
 Advertising C:\Documents and Settings\Mine\Cookies\mine@ads.addynamix[2].txt Low
 Advertising C:\Documents and Settings\Mine\Cookies\mine@hc2.humanclick[1].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@dcsc5k1y36twkfwddu2xlbvwn_2p6y[1].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@perf.overture[1].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[1].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@ads.pointroll[2].txt Low
 2nd-thought.com C:\Documents and Settings\Mine\Cookies\mine@as-us.falkag[2].txt Medium
 Trojan.FakeAlert C:\Documents and Settings\Mine\Application Data\Install.dat High
 Windows AdStatus C:\Program Files\AdTools Service High
 Dapsol C:\WINDOWS\System32\paydial.exe Elevated
 Trojan.StartPage.GEN C:\WINDOWS\System32\paytime.exe High
 Common Components for Trojans C:\WINDOWS\System32\paytime.exe Medium
 SahAgent C:\WINDOWS\System32\SahImages Elevated
 SahAgent C:\WINDOWS\System32\SahImages\new_pop_03.gif Elevated
 SahAgent C:\WINDOWS\System32\SahImages\new_pop_shopnow.gif Elevated
 TIBS Premium Rate Dialer C:\WINDOWS\System32\tibs.exe Elevated
 Trojan.FakeAlert C:\winstall.exe High
 Trojan.LowZones.DF C:\ntzl.exe High
 Common Components for 180Solutions items C:\temp\salmau.dat Elevated
 Common Components for 180Solutions items C:\temp\salm_gdf.dat Elevated
 Common Components for 180Solutions items C:\temp\salm_kyf.dat Elevated
 ErrorGuard C:\WINDOWS\Downloaded Program Files\Install.dll High
 ErrorGuard C:\WINDOWS\Downloaded Program Files\Install.inf High
 Trojan.LowZones.DF C:\WINDOWS\system32\li.exe High
   
Scan Results:
scan start: 15/02/2006 5:14:52 PM
scan stop: 15/02/2006 5:14:59 PM
scanned items: 4339
found items: 0
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts file scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner
 
 
   
 Infection Name Location Risk
   
Scan Results:
scan start: 15/02/2006 5:15:54 PM
scan stop: 15/02/2006 5:26:44 PM
scanned items: 159341
found items: 195
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts file scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner
 
 
   
 Infection Name Location Risk
 Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll Elevated
 Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll## Elevated
 Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll##.Owner Elevated
 Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll##{7F8C8173-AD80-4807-AA75-5672F22B4582} Elevated
 Common Components Unrelated HKCU\Software\Microsoft\Internet Explorer\Main##Search Page_bak Medium
 Common Components Unrelated HKCU\Software\Microsoft\Internet Explorer\Main##Start Page_bak Medium
 Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649} Medium
 Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}## Medium
 Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid Medium
 Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid## Medium
 Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid32 Medium
 Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid32## Medium
 Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\TypeLib Medium
 Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\TypeLib## Medium
 Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\TypeLib##Version Medium
 InternetOptimizer HKLM\Software\Microsoft\Internet Explorer\Main##BandRest High
 InternetOptimizer HKU\S-1-5-21-583907252-1409082233-839522115-1006\Software\Microsoft\Internet Explorer\Main##BandRest High
 InternetOptimizer HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt High
 InternetOptimizer HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt## High
 ISTbar HKCR\ISTx.Installer High
 ISTbar HKCR\ISTx.Installer## High
 ISTbar HKCR\ISTx.Installer\CLSID High
 ISTbar HKCR\ISTx.Installer\CLSID## High
 ISTbar HKCU\Software\Microsoft\Internet Explorer\Main##BandRest High
 ISTbar HKLM\SOFTWARE\Microsoft\Internet Explorer\Main##BandRest High
 ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll High
 ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll## High
 ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll##.Owner High
 ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll##{7C559105-9ECF-42B8-B3F7-832E75EDD959} High
 ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs##C:\WINDOWS\Downloaded Program Files\ISTactivex.dll High
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A} Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}## Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1 Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1## Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0 Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0## Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0\win32 Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0\win32## Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\FLAGS Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\FLAGS## Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\HELPDIR Elevated
 SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\HELPDIR## Elevated
 SahAgent HKCR\WEBInstaller.CExecute Elevated
 SahAgent HKCR\WEBInstaller.CExecute## Elevated
 SahAgent HKCR\WEBInstaller.CExecute\CLSID Elevated
 SahAgent HKCR\WEBInstaller.CExecute\CLSID## Elevated
 SahAgent HKCR\WEBInstaller.CExecute\CurVer Elevated
 SahAgent HKCR\WEBInstaller.CExecute\CurVer## Elevated
 SahAgent HKCR\WEBInstaller.CExecute.1 Elevated
 SahAgent HKCR\WEBInstaller.CExecute.1## Elevated
 SahAgent HKCR\WEBInstaller.CExecute.1\CLSID Elevated
 SahAgent HKCR\WEBInstaller.CExecute.1\CLSID## Elevated
 SpywareNo HKCU\Software\SNO2 High
 SpywareNo HKCU\Software\SNO2## High
 ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006} High
 ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories High
 ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} High
 ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} High
 ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\InprocServer32 High
 ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\ProgID High
 ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Programmable High
 ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\TypeLib High
 ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\VersionIndependentProgID High
 ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006} High
 ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories High
 ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} High
 ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} High
 ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\InprocServer32 High
 ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\ProgID High
 ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Programmable High
 ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\TypeLib High
 ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\VersionIndependentProgID High
 ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006} High
 ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\Contains High
 ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\Contains\Files High
 ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\DownloadInformation High
 ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\InstalledVersion High
 ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959} High
 ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InfFile High
 ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InprocServer32 High
 ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\ProgID High
 ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959} High
 ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InfFile High
 ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InprocServer32 High
 ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\ProgID High
 SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} Elevated
 SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories Elevated
 SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
 SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
 SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\InprocServer32 Elevated
 SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\ProgID Elevated
 SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Programmable Elevated
 SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\TypeLib Elevated
 SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\VersionIndependentProgID Elevated
 SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} Elevated
 SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories Elevated
 SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
 SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
 SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\InprocServer32 Elevated
 SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\ProgID Elevated
 SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Programmable Elevated
 SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\TypeLib Elevated
 SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\VersionIndependentProgID Elevated
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@112.2o7[1].txt Medium
 Known Bad Sites C:\Documents and Settings\Mine\Cookies\mine@ocean.directtrack[2].txt High
 2nd-thought.com C:\Documents and Settings\Mine\Cookies\mine@sel.as-eu.falkag[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@serving-sys[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@statse.webtrendslive[2].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@valueclick[2].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@realmedia[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@atdmt[2].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@media.fastclick[2].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@boards[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@counter2.hitslink[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@bizrate[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@qksrv[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@lb3.netster[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@b4.boards2go[1].txt Medium
 Known Bad Sites C:\Documents and Settings\Mine\Cookies\mine@directtrack[1].txt High
 eXact Advertising C:\Documents and Settings\Mine\Cookies\mine@trafficmp[2].txt Elevated
 Advertising C:\Documents and Settings\Mine\Cookies\mine@ad.zanox[2].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg.hitbox[2].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@doubleclick[1].txt Low
 Common Components for Claria C:\Documents and Settings\Mine\Cookies\mine@dist.belnk[2].txt Elevated
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@atwola[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@2o7[1].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@data1.perf.overture[1].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@banner3.inet-traffic[1].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@servedby.advertising[1].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@itxt.vibrantmedia[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@digitalhomediscountptyltd.122.2o7[1].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@casalemedia[2].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg-imation.hitbox[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@S118485[2].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@paycounter[1].txt Low
 Common Components for Claria C:\Documents and Settings\Mine\Cookies\mine@belnk[1].txt Elevated
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@S109868[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg-knightridder.hitbox[2].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@z1.adserver[1].txt Low
 Advertising C:\Documents and Settings\Mine\Cookies\mine@24582792[1].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ad.yieldmanager[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@247realmedia[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@inet-traffic[2].txt Medium
 WinFixer 2005 C:\Documents and Settings\Mine\Cookies\mine@www.winfixer[2].txt Elevated
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@bs.serving-sys[1].txt Medium
 WinFixer 2005 C:\Documents and Settings\Mine\Cookies\mine@winfixer[2].txt Elevated
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@tribalfusion[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@bfast[2].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@statcounter[2].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@server4.web-stat[1].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@com[2].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@apmebf[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@zedo[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@belointeractive[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@network[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg-alkemi.hitbox[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@maxserving[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@questionmarket[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@hitbox[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@experts-exchange[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[2].txt Medium
 Rogue Anti-Spyware Products C:\Documents and Settings\Mine\Cookies\mine@www.myspywarecleaner[1].txt High
 Advertising C:\Documents and Settings\Mine\Cookies\mine@advertising[2].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ads.belointeractive[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@www.ratestogo[1].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@spinbox[2].txt Medium
 2nd-thought.com C:\Documents and Settings\Mine\Cookies\mine@as-eu.falkag[2].txt Medium
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@counter.hitslink[1].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@mediaplex[2].txt Low
 Advertising C:\Documents and Settings\Mine\Cookies\mine@burstnet[1].txt Low
 Advertising C:\Documents and Settings\Mine\Cookies\mine@fastclick[1].txt Low
 Advertising C:\Documents and Settings\Mine\Cookies\mine@ads.addynamix[2].txt Low
 Advertising C:\Documents and Settings\Mine\Cookies\mine@hc2.humanclick[1].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@dcsc5k1y36twkfwddu2xlbvwn_2p6y[1].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@perf.overture[1].txt Low
 Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[1].txt Medium
 Advertising C:\Documents and Settings\Mine\Cookies\mine@ads.pointroll[2].txt Low
 2nd-thought.com C:\Documents and Settings\Mine\Cookies\mine@as-us.falkag[2].txt Medium
 Trojan.FakeAlert C:\Documents and Settings\Mine\Application Data\Install.dat High
 Windows AdStatus C:\Program Files\AdTools Service High
 Dapsol C:\WINDOWS\System32\paydial.exe Elevated
 Trojan.StartPage.GEN C:\WINDOWS\System32\paytime.exe High
 Common Components for Trojans C:\WINDOWS\System32\paytime.exe Medium
 SahAgent C:\WINDOWS\System32\SahImages Elevated
 SahAgent C:\WINDOWS\System32\SahImages\new_pop_03.gif Elevated
 SahAgent C:\WINDOWS\System32\SahImages\new_pop_shopnow.gif Elevated
 TIBS Premium Rate Dialer C:\WINDOWS\System32\tibs.exe Elevated
 Trojan.FakeAlert C:\winstall.exe High
 Trojan.LowZones.DF C:\ntzl.exe High
 Common Components for 180Solutions items C:\temp\salmau.dat Elevated
 Common Components for 180Solutions items C:\temp\salm_gdf.dat Elevated
 Common Components for 180Solutions items C:\temp\salm_kyf.dat Elevated
 ErrorGuard C:\WINDOWS\Downloaded Program Files\Install.dll High
 ErrorGuard C:\WINDOWS\Downloaded Program Files\Install.inf High
 Trojan.LowZones.DF C:\WINDOWS\system32\li.exe High
   
 
Other Sections:

[JohnL]

I ended up downloading the yahoo Anit Spy via their toolbar and it seemed to fix the problem. No more pop ups in the system bar. Hope that helps....

[JohnL]

How is it that the program still seems to be there on another profile on my machine? It is no longer popping up on my profile....Please HELP!!!!!

[GTO]

Hi, JohnL. Welcome to 2-Spyware.com forums!

Please download the HijackThis program and run a system scan. Then create a thread in the HijackThis log analysis section and post your log here.

ag, please post your HijackThis log too.

[ag]

heres the log;



Logfile of HijackThis v1.99.1
Scan saved at 4:57:19 PM, on 16/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
E:\Program Files\Microsoft Office\Office\1033\msoffice.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\G\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/30c970ae1da587748c06/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139685198239
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139685189105
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80608712-1C53-44B3-B74B-7DC1DFF6AB89}: NameServer = 206.47.244.55 206.47.244.111
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe

[GTO]

Hi, ag

Your HijackThis log looks clean to me. However, you should fix the following entries:
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
These are not malicious, but simply aren't used anymore.


P.S. Your system is not up-to-date! You have to install Service Pack 2 for Microsoft Windows XP and Service Pack 2 for Microsoft Internet Explorer. Also apply all latest updates and security fixes.

[ag]

ok i'll do those things. what a relief pc isnt infected. thanks a lot!