pest trap removal
| Author |
Message |
ag
Joined: 14 Feb 2006
Posts: 3
|
 Post subject: pest trap removal |
 |
|
pest trap got installed on my pc, and i restarted right away b/c i thought something was suspicious with the program. after restarting, i deleted pesttrap folder from program files, and uninstalled from add/remove software(control panel). i then did system restore. after restarting, the pc is running just like before-it seems completely fine and no signs of pesttrap. CAN I BE SURE that it is completely removed?
thanx |
|
Tue Feb 14, 2006 9:34 pm
 |
|
 |
JohnL
Joined: 14 Feb 2006
Posts: 4
Location: Australia
|
| Post subject: |
|
|
I too had a similar problem. A ballon popped up from my System Bar saying that the PC was infected and that Microsoft could fix the problem. I clicked the ballon and it started to install the program. I suspected soemthing was amiss and stop the process via system manager. It isntalled a shortcut on my desktop which I deleted. I also rmeoved it via "add or remove programs".
I ran Adaware and AVG. They found virus' but it still seems to be there as the ballon continues to pop up. Any hints anyone?
Thanks for your help.
_________________
But these amps go up to 11
-------------------------------------------
Are you a Top Bloke? Take the quiz
www.topblokeday.com |
|
Tue Feb 14, 2006 10:05 pm
|
|
|
JohnL
Joined: 14 Feb 2006
Posts: 4
Location: Australia
|
| Post subject: |
|
|
Here is the logfile:
Spyware Doctor Activity Report
Generated on 15/02/2006 5:00:36 PM Spyware Doctor Homepage PC Tools Homepage Technical Support
Scans (basic information only):
Scan Results:
scan start: 15/02/2006 5:00:59 PM
scan stop: 15/02/2006 5:13:20 PM
scanned items: 85570
found items: 199
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts file scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner
Infection Name Location Risk
Windows AdStatus HKLM\Software\Microsoft\Windows\CurrentVersion\Run##AdTools Service High
Trojan.LowZones.DF HKLM\Software\Microsoft\Windows\CurrentVersion\Run##licli High
Trojan.FakeAlert HKCU\Software\Microsoft\Windows\CurrentVersion\Run##Windows installer High
Trojan.FakeAlert HKCU\Software\Microsoft\Windows\CurrentVersion\Run##pro High
Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll Elevated
Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll## Elevated
Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll##.Owner Elevated
Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll##{7F8C8173-AD80-4807-AA75-5672F22B4582} Elevated
Common Components Unrelated HKCU\Software\Microsoft\Internet Explorer\Main##Search Page_bak Medium
Common Components Unrelated HKCU\Software\Microsoft\Internet Explorer\Main##Start Page_bak Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649} Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}## Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid## Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid32 Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid32## Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\TypeLib Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\TypeLib## Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\TypeLib##Version Medium
InternetOptimizer HKLM\Software\Microsoft\Internet Explorer\Main##BandRest High
InternetOptimizer HKU\S-1-5-21-583907252-1409082233-839522115-1006\Software\Microsoft\Internet Explorer\Main##BandRest High
InternetOptimizer HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt High
InternetOptimizer HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt## High
ISTbar HKCR\ISTx.Installer High
ISTbar HKCR\ISTx.Installer## High
ISTbar HKCR\ISTx.Installer\CLSID High
ISTbar HKCR\ISTx.Installer\CLSID## High
ISTbar HKCU\Software\Microsoft\Internet Explorer\Main##BandRest High
ISTbar HKLM\SOFTWARE\Microsoft\Internet Explorer\Main##BandRest High
ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll High
ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll## High
ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll##.Owner High
ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll##{7C559105-9ECF-42B8-B3F7-832E75EDD959} High
ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs##C:\WINDOWS\Downloaded Program Files\ISTactivex.dll High
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A} Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}## Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1 Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1## Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0 Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0## Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0\win32 Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0\win32## Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\FLAGS Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\FLAGS## Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\HELPDIR Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\HELPDIR## Elevated
SahAgent HKCR\WEBInstaller.CExecute Elevated
SahAgent HKCR\WEBInstaller.CExecute## Elevated
SahAgent HKCR\WEBInstaller.CExecute\CLSID Elevated
SahAgent HKCR\WEBInstaller.CExecute\CLSID## Elevated
SahAgent HKCR\WEBInstaller.CExecute\CurVer Elevated
SahAgent HKCR\WEBInstaller.CExecute\CurVer## Elevated
SahAgent HKCR\WEBInstaller.CExecute.1 Elevated
SahAgent HKCR\WEBInstaller.CExecute.1## Elevated
SahAgent HKCR\WEBInstaller.CExecute.1\CLSID Elevated
SahAgent HKCR\WEBInstaller.CExecute.1\CLSID## Elevated
SpywareNo HKCU\Software\SNO2 High
SpywareNo HKCU\Software\SNO2## High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006} High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\InprocServer32 High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\ProgID High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Programmable High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\TypeLib High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\VersionIndependentProgID High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006} High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\InprocServer32 High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\ProgID High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Programmable High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\TypeLib High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\VersionIndependentProgID High
ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006} High
ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\Contains High
ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\Contains\Files High
ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\DownloadInformation High
ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\InstalledVersion High
ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959} High
ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InfFile High
ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InprocServer32 High
ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\ProgID High
ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959} High
ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InfFile High
ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InprocServer32 High
ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\ProgID High
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\InprocServer32 Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\ProgID Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Programmable Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\TypeLib Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\VersionIndependentProgID Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\InprocServer32 Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\ProgID Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Programmable Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\TypeLib Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\VersionIndependentProgID Elevated
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@112.2o7[1].txt Medium
Known Bad Sites C:\Documents and Settings\Mine\Cookies\mine@ocean.directtrack[2].txt High
2nd-thought.com C:\Documents and Settings\Mine\Cookies\mine@sel.as-eu.falkag[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@serving-sys[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@statse.webtrendslive[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@valueclick[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@realmedia[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@atdmt[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@media.fastclick[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@boards[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@counter2.hitslink[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@bizrate[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@qksrv[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@lb3.netster[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@b4.boards2go[1].txt Medium
Known Bad Sites C:\Documents and Settings\Mine\Cookies\mine@directtrack[1].txt High
eXact Advertising C:\Documents and Settings\Mine\Cookies\mine@trafficmp[2].txt Elevated
Advertising C:\Documents and Settings\Mine\Cookies\mine@ad.zanox[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg.hitbox[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@doubleclick[1].txt Low
Common Components for Claria C:\Documents and Settings\Mine\Cookies\mine@dist.belnk[2].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@atwola[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@2o7[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@data1.perf.overture[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@banner3.inet-traffic[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@servedby.advertising[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@itxt.vibrantmedia[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@digitalhomediscountptyltd.122.2o7[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@casalemedia[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg-imation.hitbox[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@S118485[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@paycounter[1].txt Low
Common Components for Claria C:\Documents and Settings\Mine\Cookies\mine@belnk[1].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@S109868[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg-knightridder.hitbox[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@z1.adserver[1].txt Low
Advertising C:\Documents and Settings\Mine\Cookies\mine@24582792[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ad.yieldmanager[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@247realmedia[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@inet-traffic[2].txt Medium
WinFixer 2005 C:\Documents and Settings\Mine\Cookies\mine@www.winfixer[2].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@bs.serving-sys[1].txt Medium
WinFixer 2005 C:\Documents and Settings\Mine\Cookies\mine@winfixer[2].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@tribalfusion[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@bfast[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@statcounter[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@server4.web-stat[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@com[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@apmebf[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@zedo[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@belointeractive[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@network[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg-alkemi.hitbox[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@maxserving[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@questionmarket[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@hitbox[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@experts-exchange[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[2].txt Medium
Rogue Anti-Spyware Products C:\Documents and Settings\Mine\Cookies\mine@www.myspywarecleaner[1].txt High
Advertising C:\Documents and Settings\Mine\Cookies\mine@advertising[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ads.belointeractive[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@www.ratestogo[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@spinbox[2].txt Medium
2nd-thought.com C:\Documents and Settings\Mine\Cookies\mine@as-eu.falkag[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@counter.hitslink[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@mediaplex[2].txt Low
Advertising C:\Documents and Settings\Mine\Cookies\mine@burstnet[1].txt Low
Advertising C:\Documents and Settings\Mine\Cookies\mine@fastclick[1].txt Low
Advertising C:\Documents and Settings\Mine\Cookies\mine@ads.addynamix[2].txt Low
Advertising C:\Documents and Settings\Mine\Cookies\mine@hc2.humanclick[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@dcsc5k1y36twkfwddu2xlbvwn_2p6y[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@perf.overture[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@ads.pointroll[2].txt Low
2nd-thought.com C:\Documents and Settings\Mine\Cookies\mine@as-us.falkag[2].txt Medium
Trojan.FakeAlert C:\Documents and Settings\Mine\Application Data\Install.dat High
Windows AdStatus C:\Program Files\AdTools Service High
Dapsol C:\WINDOWS\System32\paydial.exe Elevated
Trojan.StartPage.GEN C:\WINDOWS\System32\paytime.exe High
Common Components for Trojans C:\WINDOWS\System32\paytime.exe Medium
SahAgent C:\WINDOWS\System32\SahImages Elevated
SahAgent C:\WINDOWS\System32\SahImages\new_pop_03.gif Elevated
SahAgent C:\WINDOWS\System32\SahImages\new_pop_shopnow.gif Elevated
TIBS Premium Rate Dialer C:\WINDOWS\System32\tibs.exe Elevated
Trojan.FakeAlert C:\winstall.exe High
Trojan.LowZones.DF C:\ntzl.exe High
Common Components for 180Solutions items C:\temp\salmau.dat Elevated
Common Components for 180Solutions items C:\temp\salm_gdf.dat Elevated
Common Components for 180Solutions items C:\temp\salm_kyf.dat Elevated
ErrorGuard C:\WINDOWS\Downloaded Program Files\Install.dll High
ErrorGuard C:\WINDOWS\Downloaded Program Files\Install.inf High
Trojan.LowZones.DF C:\WINDOWS\system32\li.exe High
Scan Results:
scan start: 15/02/2006 5:14:52 PM
scan stop: 15/02/2006 5:14:59 PM
scanned items: 4339
found items: 0
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts file scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner
Infection Name Location Risk
Scan Results:
scan start: 15/02/2006 5:15:54 PM
scan stop: 15/02/2006 5:26:44 PM
scanned items: 159341
found items: 195
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts file scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner
Infection Name Location Risk
Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll Elevated
Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll## Elevated
Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll##.Owner Elevated
Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll##{7F8C8173-AD80-4807-AA75-5672F22B4582} Elevated
Common Components Unrelated HKCU\Software\Microsoft\Internet Explorer\Main##Search Page_bak Medium
Common Components Unrelated HKCU\Software\Microsoft\Internet Explorer\Main##Start Page_bak Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649} Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}## Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid## Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid32 Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid32## Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\TypeLib Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\TypeLib## Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\TypeLib##Version Medium
InternetOptimizer HKLM\Software\Microsoft\Internet Explorer\Main##BandRest High
InternetOptimizer HKU\S-1-5-21-583907252-1409082233-839522115-1006\Software\Microsoft\Internet Explorer\Main##BandRest High
InternetOptimizer HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt High
InternetOptimizer HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt## High
ISTbar HKCR\ISTx.Installer High
ISTbar HKCR\ISTx.Installer## High
ISTbar HKCR\ISTx.Installer\CLSID High
ISTbar HKCR\ISTx.Installer\CLSID## High
ISTbar HKCU\Software\Microsoft\Internet Explorer\Main##BandRest High
ISTbar HKLM\SOFTWARE\Microsoft\Internet Explorer\Main##BandRest High
ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll High
ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll## High
ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll##.Owner High
ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll##{7C559105-9ECF-42B8-B3F7-832E75EDD959} High
ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs##C:\WINDOWS\Downloaded Program Files\ISTactivex.dll High
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A} Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}## Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1 Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1## Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0 Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0## Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0\win32 Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0\win32## Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\FLAGS Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\FLAGS## Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\HELPDIR Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\HELPDIR## Elevated
SahAgent HKCR\WEBInstaller.CExecute Elevated
SahAgent HKCR\WEBInstaller.CExecute## Elevated
SahAgent HKCR\WEBInstaller.CExecute\CLSID Elevated
SahAgent HKCR\WEBInstaller.CExecute\CLSID## Elevated
SahAgent HKCR\WEBInstaller.CExecute\CurVer Elevated
SahAgent HKCR\WEBInstaller.CExecute\CurVer## Elevated
SahAgent HKCR\WEBInstaller.CExecute.1 Elevated
SahAgent HKCR\WEBInstaller.CExecute.1## Elevated
SahAgent HKCR\WEBInstaller.CExecute.1\CLSID Elevated
SahAgent HKCR\WEBInstaller.CExecute.1\CLSID## Elevated
SpywareNo HKCU\Software\SNO2 High
SpywareNo HKCU\Software\SNO2## High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006} High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\InprocServer32 High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\ProgID High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Programmable High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\TypeLib High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\VersionIndependentProgID High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006} High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\InprocServer32 High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\ProgID High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Programmable High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\TypeLib High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\VersionIndependentProgID High
ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006} High
ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\Contains High
ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\Contains\Files High
ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\DownloadInformation High
ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\InstalledVersion High
ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959} High
ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InfFile High
ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InprocServer32 High
ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\ProgID High
ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959} High
ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InfFile High
ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InprocServer32 High
ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\ProgID High
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\InprocServer32 Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\ProgID Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Programmable Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\TypeLib Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\VersionIndependentProgID Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\InprocServer32 Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\ProgID Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Programmable Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\TypeLib Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\VersionIndependentProgID Elevated
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@112.2o7[1].txt Medium
Known Bad Sites C:\Documents and Settings\Mine\Cookies\mine@ocean.directtrack[2].txt High
2nd-thought.com C:\Documents and Settings\Mine\Cookies\mine@sel.as-eu.falkag[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@serving-sys[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@statse.webtrendslive[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@valueclick[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@realmedia[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@atdmt[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@media.fastclick[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@boards[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@counter2.hitslink[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@bizrate[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@qksrv[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@lb3.netster[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@b4.boards2go[1].txt Medium
Known Bad Sites C:\Documents and Settings\Mine\Cookies\mine@directtrack[1].txt High
eXact Advertising C:\Documents and Settings\Mine\Cookies\mine@trafficmp[2].txt Elevated
Advertising C:\Documents and Settings\Mine\Cookies\mine@ad.zanox[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg.hitbox[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@doubleclick[1].txt Low
Common Components for Claria C:\Documents and Settings\Mine\Cookies\mine@dist.belnk[2].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@atwola[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@2o7[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@data1.perf.overture[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@banner3.inet-traffic[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@servedby.advertising[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@itxt.vibrantmedia[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@digitalhomediscountptyltd.122.2o7[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@casalemedia[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg-imation.hitbox[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@S118485[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@paycounter[1].txt Low
Common Components for Claria C:\Documents and Settings\Mine\Cookies\mine@belnk[1].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@S109868[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg-knightridder.hitbox[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@z1.adserver[1].txt Low
Advertising C:\Documents and Settings\Mine\Cookies\mine@24582792[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ad.yieldmanager[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@247realmedia[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@inet-traffic[2].txt Medium
WinFixer 2005 C:\Documents and Settings\Mine\Cookies\mine@www.winfixer[2].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@bs.serving-sys[1].txt Medium
WinFixer 2005 C:\Documents and Settings\Mine\Cookies\mine@winfixer[2].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@tribalfusion[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@bfast[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@statcounter[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@server4.web-stat[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@com[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@apmebf[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@zedo[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@belointeractive[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@network[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg-alkemi.hitbox[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@maxserving[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@questionmarket[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@hitbox[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@experts-exchange[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[2].txt Medium
Rogue Anti-Spyware Products C:\Documents and Settings\Mine\Cookies\mine@www.myspywarecleaner[1].txt High
Advertising C:\Documents and Settings\Mine\Cookies\mine@advertising[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ads.belointeractive[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@www.ratestogo[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@spinbox[2].txt Medium
2nd-thought.com C:\Documents and Settings\Mine\Cookies\mine@as-eu.falkag[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@counter.hitslink[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@mediaplex[2].txt Low
Advertising C:\Documents and Settings\Mine\Cookies\mine@burstnet[1].txt Low
Advertising C:\Documents and Settings\Mine\Cookies\mine@fastclick[1].txt Low
Advertising C:\Documents and Settings\Mine\Cookies\mine@ads.addynamix[2].txt Low
Advertising C:\Documents and Settings\Mine\Cookies\mine@hc2.humanclick[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@dcsc5k1y36twkfwddu2xlbvwn_2p6y[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@perf.overture[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@ads.pointroll[2].txt Low
2nd-thought.com C:\Documents and Settings\Mine\Cookies\mine@as-us.falkag[2].txt Medium
Trojan.FakeAlert C:\Documents and Settings\Mine\Application Data\Install.dat High
Windows AdStatus C:\Program Files\AdTools Service High
Dapsol C:\WINDOWS\System32\paydial.exe Elevated
Trojan.StartPage.GEN C:\WINDOWS\System32\paytime.exe High
Common Components for Trojans C:\WINDOWS\System32\paytime.exe Medium
SahAgent C:\WINDOWS\System32\SahImages Elevated
SahAgent C:\WINDOWS\System32\SahImages\new_pop_03.gif Elevated
SahAgent C:\WINDOWS\System32\SahImages\new_pop_shopnow.gif Elevated
TIBS Premium Rate Dialer C:\WINDOWS\System32\tibs.exe Elevated
Trojan.FakeAlert C:\winstall.exe High
Trojan.LowZones.DF C:\ntzl.exe High
Common Components for 180Solutions items C:\temp\salmau.dat Elevated
Common Components for 180Solutions items C:\temp\salm_gdf.dat Elevated
Common Components for 180Solutions items C:\temp\salm_kyf.dat Elevated
ErrorGuard C:\WINDOWS\Downloaded Program Files\Install.dll High
ErrorGuard C:\WINDOWS\Downloaded Program Files\Install.inf High
Trojan.LowZones.DF C:\WINDOWS\system32\li.exe High
Other Sections:
_________________
But these amps go up to 11
-------------------------------------------
Are you a Top Bloke? Take the quiz
www.topblokeday.com |
|
Wed Feb 15, 2006 7:01 am
|
|
|
JohnL
Joined: 14 Feb 2006
Posts: 4
Location: Australia
|
| Post subject: |
|
|
I ended up downloading the yahoo Anit Spy via their toolbar and it seemed to fix the problem. No more pop ups in the system bar. Hope that helps....
_________________
But these amps go up to 11
-------------------------------------------
Are you a Top Bloke? Take the quiz
www.topblokeday.com |
|
Wed Feb 15, 2006 8:18 am
|
|
|
JohnL
Joined: 14 Feb 2006
Posts: 4
Location: Australia
|
| Post subject: |
|
|
How is it that the program still seems to be there on another profile on my machine? It is no longer popping up on my profile....Please HELP!!!!!
_________________
But these amps go up to 11
-------------------------------------------
Are you a Top Bloke? Take the quiz
www.topblokeday.com |
|
Wed Feb 15, 2006 12:28 pm
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
|
|
Wed Feb 15, 2006 8:46 pm
|
|
|
ag
Joined: 14 Feb 2006
Posts: 3
|
| Post subject: |
|
|
heres the log;
Logfile of HijackThis v1.99.1
Scan saved at 4:57:19 PM, on 16/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
E:\Program Files\Microsoft Office\Office\1033\msoffice.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\G\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/30c970ae1da587748c06/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139685198239
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139685189105
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80608712-1C53-44B3-B74B-7DC1DFF6AB89}: NameServer = 206.47.244.55 206.47.244.111
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe |
|
Thu Feb 16, 2006 10:27 pm
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
Hi, ag
Your HijackThis log looks clean to me. However, you should fix the following entries:
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
These are not malicious, but simply aren't used anymore.
P.S. Your system is not up-to-date! You have to install Service Pack 2 for Microsoft Windows XP and Service Pack 2 for Microsoft Internet Explorer. Also apply all latest updates and security fixes. |
|
Fri Feb 17, 2006 8:52 am
|
|
|
ag
Joined: 14 Feb 2006
Posts: 3
|
| Post subject: |
|
|
ok i'll do those things. what a relief pc isnt infected. thanks a lot! |
|
Sat Feb 18, 2006 1:02 am
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
Recommended software:
Spyware Doctor
 (91/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...
SUPERAntiSpyware
 (89/100)
SUPERAntiSpyware is a powerful, highly effective spyware remover introducing advanced parasite detection and removal features along with reliable real-time protection. The program is not...
CounterSpy
 (85/100)
CounterSpy is a powerful spyware remover based on revolutionary hybrid engine, which incorporates traditional anti-spyware and advanced antivirus engines. Such combination allows CounterSpy...
Malwarebytes Anti Malware
 (75/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...
Windows Defender
(75/100)
Windows Defender is a free anti-spyware program made by the leading software company to add native spyware protection to its most popular product - the Microsoft Windows operating...
Encyclopedia of parasites:
|
