pest trap removal

ag · Joined: 14 Feb 2006 Posts: 3

pest trap got installed on my pc, and i restarted right away b/c i thought something was suspicious with the program. after restarting, i deleted pesttrap folder from program files, and uninstalled from add/remove software(control panel). i then did system restore. after restarting, the pc is running just like before-it seems completely fine and no signs of pesttrap. CAN I BE SURE that it is completely removed?

thanx

JohnL · Joined: 14 Feb 2006 Posts: 4 Location: Australia

I too had a similar problem. A ballon popped up from my System Bar saying that the PC was infected and that Microsoft could fix the problem. I clicked the ballon and it started to install the program. I suspected soemthing was amiss and stop the process via system manager. It isntalled a shortcut on my desktop which I deleted. I also rmeoved it via "add or remove programs".

I ran Adaware and AVG. They found virus' but it still seems to be there as the ballon continues to pop up. Any hints anyone?

Thanks for your help.
_________________
But these amps go up to 11
-------------------------------------------

Are you a Top Bloke? Take the quiz
www.topblokeday.com

JohnL · Joined: 14 Feb 2006 Posts: 4 Location: Australia

Here is the logfile:

Spyware Doctor Activity Report
Generated on 15/02/2006 5:00:36 PM Spyware Doctor Homepage PC Tools Homepage Technical Support

Scans (basic information only):

Scan Results:
scan start: 15/02/2006 5:00:59 PM
scan stop: 15/02/2006 5:13:20 PM
scanned items: 85570
found items: 199
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts file scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner

Infection Name Location Risk
Windows AdStatus HKLM\Software\Microsoft\Windows\CurrentVersion\Run##AdTools Service High
Trojan.LowZones.DF HKLM\Software\Microsoft\Windows\CurrentVersion\Run##licli High
Trojan.FakeAlert HKCU\Software\Microsoft\Windows\CurrentVersion\Run##Windows installer High
Trojan.FakeAlert HKCU\Software\Microsoft\Windows\CurrentVersion\Run##pro High
Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll Elevated
Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll## Elevated
Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll##.Owner Elevated
Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll##{7F8C8173-AD80-4807-AA75-5672F22B4582} Elevated
Common Components Unrelated HKCU\Software\Microsoft\Internet Explorer\Main##Search Page_bak Medium
Common Components Unrelated HKCU\Software\Microsoft\Internet Explorer\Main##Start Page_bak Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649} Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}## Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid## Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid32 Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid32## Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\TypeLib Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\TypeLib## Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\TypeLib##Version Medium
InternetOptimizer HKLM\Software\Microsoft\Internet Explorer\Main##BandRest High
InternetOptimizer HKU\S-1-5-21-583907252-1409082233-839522115-1006\Software\Microsoft\Internet Explorer\Main##BandRest High
InternetOptimizer HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt High
InternetOptimizer HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt## High
ISTbar HKCR\ISTx.Installer High
ISTbar HKCR\ISTx.Installer## High
ISTbar HKCR\ISTx.Installer\CLSID High
ISTbar HKCR\ISTx.Installer\CLSID## High
ISTbar HKCU\Software\Microsoft\Internet Explorer\Main##BandRest High
ISTbar HKLM\SOFTWARE\Microsoft\Internet Explorer\Main##BandRest High
ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll High
ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll## High
ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll##.Owner High
ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll##{7C559105-9ECF-42B8-B3F7-832E75EDD959} High
ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs##C:\WINDOWS\Downloaded Program Files\ISTactivex.dll High
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A} Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}## Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1 Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1## Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0 Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0## Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0\win32 Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0\win32## Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\FLAGS Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\FLAGS## Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\HELPDIR Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\HELPDIR## Elevated
SahAgent HKCR\WEBInstaller.CExecute Elevated
SahAgent HKCR\WEBInstaller.CExecute## Elevated
SahAgent HKCR\WEBInstaller.CExecute\CLSID Elevated
SahAgent HKCR\WEBInstaller.CExecute\CLSID## Elevated
SahAgent HKCR\WEBInstaller.CExecute\CurVer Elevated
SahAgent HKCR\WEBInstaller.CExecute\CurVer## Elevated
SahAgent HKCR\WEBInstaller.CExecute.1 Elevated
SahAgent HKCR\WEBInstaller.CExecute.1## Elevated
SahAgent HKCR\WEBInstaller.CExecute.1\CLSID Elevated
SahAgent HKCR\WEBInstaller.CExecute.1\CLSID## Elevated
SpywareNo HKCU\Software\SNO2 High
SpywareNo HKCU\Software\SNO2## High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006} High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\InprocServer32 High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\ProgID High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Programmable High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\TypeLib High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\VersionIndependentProgID High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006} High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\InprocServer32 High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\ProgID High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Programmable High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\TypeLib High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\VersionIndependentProgID High
ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006} High
ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\Contains High
ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\Contains\Files High
ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\DownloadInformation High
ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\InstalledVersion High
ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959} High
ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InfFile High
ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InprocServer32 High
ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\ProgID High
ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959} High
ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InfFile High
ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InprocServer32 High
ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\ProgID High
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\InprocServer32 Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\ProgID Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Programmable Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\TypeLib Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\VersionIndependentProgID Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\InprocServer32 Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\ProgID Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Programmable Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\TypeLib Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\VersionIndependentProgID Elevated
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@112.2o7[1].txt Medium
Known Bad Sites C:\Documents and Settings\Mine\Cookies\mine@ocean.directtrack[2].txt High
2nd-thought.com C:\Documents and Settings\Mine\Cookies\mine@sel.as-eu.falkag[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@serving-sys[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@statse.webtrendslive[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@valueclick[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@realmedia[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@atdmt[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@media.fastclick[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@boards[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@counter2.hitslink[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@bizrate[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@qksrv[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@lb3.netster[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@b4.boards2go[1].txt Medium
Known Bad Sites C:\Documents and Settings\Mine\Cookies\mine@directtrack[1].txt High
eXact Advertising C:\Documents and Settings\Mine\Cookies\mine@trafficmp[2].txt Elevated
Advertising C:\Documents and Settings\Mine\Cookies\mine@ad.zanox[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg.hitbox[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@doubleclick[1].txt Low
Common Components for Claria C:\Documents and Settings\Mine\Cookies\mine@dist.belnk[2].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@atwola[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@2o7[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@data1.perf.overture[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@banner3.inet-traffic[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@servedby.advertising[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@itxt.vibrantmedia[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@digitalhomediscountptyltd.122.2o7[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@casalemedia[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg-imation.hitbox[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@S118485[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@paycounter[1].txt Low
Common Components for Claria C:\Documents and Settings\Mine\Cookies\mine@belnk[1].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@S109868[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg-knightridder.hitbox[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@z1.adserver[1].txt Low
Advertising C:\Documents and Settings\Mine\Cookies\mine@24582792[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ad.yieldmanager[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@247realmedia[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@inet-traffic[2].txt Medium
WinFixer 2005 C:\Documents and Settings\Mine\Cookies\mine@www.winfixer[2].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@bs.serving-sys[1].txt Medium
WinFixer 2005 C:\Documents and Settings\Mine\Cookies\mine@winfixer[2].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@tribalfusion[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@bfast[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@statcounter[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@server4.web-stat[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@com[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@apmebf[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@zedo[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@belointeractive[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@network[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg-alkemi.hitbox[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@maxserving[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@questionmarket[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@hitbox[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@experts-exchange[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[2].txt Medium
Rogue Anti-Spyware Products C:\Documents and Settings\Mine\Cookies\mine@www.myspywarecleaner[1].txt High
Advertising C:\Documents and Settings\Mine\Cookies\mine@advertising[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ads.belointeractive[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@www.ratestogo[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@spinbox[2].txt Medium
2nd-thought.com C:\Documents and Settings\Mine\Cookies\mine@as-eu.falkag[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@counter.hitslink[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@mediaplex[2].txt Low
Advertising C:\Documents and Settings\Mine\Cookies\mine@burstnet[1].txt Low
Advertising C:\Documents and Settings\Mine\Cookies\mine@fastclick[1].txt Low
Advertising C:\Documents and Settings\Mine\Cookies\mine@ads.addynamix[2].txt Low
Advertising C:\Documents and Settings\Mine\Cookies\mine@hc2.humanclick[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@dcsc5k1y36twkfwddu2xlbvwn_2p6y[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@perf.overture[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@ads.pointroll[2].txt Low
2nd-thought.com C:\Documents and Settings\Mine\Cookies\mine@as-us.falkag[2].txt Medium
Trojan.FakeAlert C:\Documents and Settings\Mine\Application Data\Install.dat High
Windows AdStatus C:\Program Files\AdTools Service High
Dapsol C:\WINDOWS\System32\paydial.exe Elevated
Trojan.StartPage.GEN C:\WINDOWS\System32\paytime.exe High
Common Components for Trojans C:\WINDOWS\System32\paytime.exe Medium
SahAgent C:\WINDOWS\System32\SahImages Elevated
SahAgent C:\WINDOWS\System32\SahImages\new_pop_03.gif Elevated
SahAgent C:\WINDOWS\System32\SahImages\new_pop_shopnow.gif Elevated
TIBS Premium Rate Dialer C:\WINDOWS\System32\tibs.exe Elevated
Trojan.FakeAlert C:\winstall.exe High
Trojan.LowZones.DF C:\ntzl.exe High
Common Components for 180Solutions items C:\temp\salmau.dat Elevated
Common Components for 180Solutions items C:\temp\salm_gdf.dat Elevated
Common Components for 180Solutions items C:\temp\salm_kyf.dat Elevated
ErrorGuard C:\WINDOWS\Downloaded Program Files\Install.dll High
ErrorGuard C:\WINDOWS\Downloaded Program Files\Install.inf High
Trojan.LowZones.DF C:\WINDOWS\system32\li.exe High

Scan Results:
scan start: 15/02/2006 5:14:52 PM
scan stop: 15/02/2006 5:14:59 PM
scanned items: 4339
found items: 0
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts file scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner

Infection Name Location Risk

Scan Results:
scan start: 15/02/2006 5:15:54 PM
scan stop: 15/02/2006 5:26:44 PM
scanned items: 159341
found items: 195
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts file scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner

Infection Name Location Risk
Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll Elevated
Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll## Elevated
Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll##.Owner Elevated
Altnet Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/atl.dll##{7F8C8173-AD80-4807-AA75-5672F22B4582} Elevated
Common Components Unrelated HKCU\Software\Microsoft\Internet Explorer\Main##Search Page_bak Medium
Common Components Unrelated HKCU\Software\Microsoft\Internet Explorer\Main##Start Page_bak Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649} Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}## Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid## Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid32 Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\ProxyStubClsid32## Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\TypeLib Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\TypeLib## Medium
Dialer.Montil HKCR\Interface\{C7EFC431-CB29-435F-8BCD-D24B77530649}\TypeLib##Version Medium
InternetOptimizer HKLM\Software\Microsoft\Internet Explorer\Main##BandRest High
InternetOptimizer HKU\S-1-5-21-583907252-1409082233-839522115-1006\Software\Microsoft\Internet Explorer\Main##BandRest High
InternetOptimizer HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt High
InternetOptimizer HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt## High
ISTbar HKCR\ISTx.Installer High
ISTbar HKCR\ISTx.Installer## High
ISTbar HKCR\ISTx.Installer\CLSID High
ISTbar HKCR\ISTx.Installer\CLSID## High
ISTbar HKCU\Software\Microsoft\Internet Explorer\Main##BandRest High
ISTbar HKLM\SOFTWARE\Microsoft\Internet Explorer\Main##BandRest High
ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll High
ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll## High
ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll##.Owner High
ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll##{7C559105-9ECF-42B8-B3F7-832E75EDD959} High
ISTbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs##C:\WINDOWS\Downloaded Program Files\ISTactivex.dll High
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A} Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}## Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1 Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1## Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0 Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0## Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0\win32 Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\0\win32## Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\FLAGS Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\FLAGS## Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\HELPDIR Elevated
SahAgent HKCR\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A}\1.1\HELPDIR## Elevated
SahAgent HKCR\WEBInstaller.CExecute Elevated
SahAgent HKCR\WEBInstaller.CExecute## Elevated
SahAgent HKCR\WEBInstaller.CExecute\CLSID Elevated
SahAgent HKCR\WEBInstaller.CExecute\CLSID## Elevated
SahAgent HKCR\WEBInstaller.CExecute\CurVer Elevated
SahAgent HKCR\WEBInstaller.CExecute\CurVer## Elevated
SahAgent HKCR\WEBInstaller.CExecute.1 Elevated
SahAgent HKCR\WEBInstaller.CExecute.1## Elevated
SahAgent HKCR\WEBInstaller.CExecute.1\CLSID Elevated
SahAgent HKCR\WEBInstaller.CExecute.1\CLSID## Elevated
SpywareNo HKCU\Software\SNO2 High
SpywareNo HKCU\Software\SNO2## High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006} High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\InprocServer32 High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\ProgID High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Programmable High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\TypeLib High
ErrorGuard HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\VersionIndependentProgID High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006} High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\InprocServer32 High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\ProgID High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\Programmable High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\TypeLib High
ErrorGuard HKLM\Software\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}\VersionIndependentProgID High
ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006} High
ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\Contains High
ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\Contains\Files High
ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\DownloadInformation High
ErrorGuard HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}\InstalledVersion High
ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959} High
ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InfFile High
ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InprocServer32 High
ISTbar HKCR\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\ProgID High
ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959} High
ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InfFile High
ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InprocServer32 High
ISTbar HKLM\Software\Classes\CLSID\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\ProgID High
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\InprocServer32 Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\ProgID Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Programmable Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\TypeLib Elevated
SahAgent HKCR\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\VersionIndependentProgID Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\InprocServer32 Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\ProgID Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\Programmable Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\TypeLib Elevated
SahAgent HKLM\Software\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\VersionIndependentProgID Elevated
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@112.2o7[1].txt Medium
Known Bad Sites C:\Documents and Settings\Mine\Cookies\mine@ocean.directtrack[2].txt High
2nd-thought.com C:\Documents and Settings\Mine\Cookies\mine@sel.as-eu.falkag[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@serving-sys[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@statse.webtrendslive[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@valueclick[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@realmedia[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@atdmt[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@media.fastclick[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@boards[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@counter2.hitslink[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@bizrate[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@qksrv[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@lb3.netster[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@b4.boards2go[1].txt Medium
Known Bad Sites C:\Documents and Settings\Mine\Cookies\mine@directtrack[1].txt High
eXact Advertising C:\Documents and Settings\Mine\Cookies\mine@trafficmp[2].txt Elevated
Advertising C:\Documents and Settings\Mine\Cookies\mine@ad.zanox[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg.hitbox[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@doubleclick[1].txt Low
Common Components for Claria C:\Documents and Settings\Mine\Cookies\mine@dist.belnk[2].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@atwola[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@2o7[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@data1.perf.overture[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@banner3.inet-traffic[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@servedby.advertising[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@itxt.vibrantmedia[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@digitalhomediscountptyltd.122.2o7[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@casalemedia[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg-imation.hitbox[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@S118485[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@paycounter[1].txt Low
Common Components for Claria C:\Documents and Settings\Mine\Cookies\mine@belnk[1].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@S109868[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg-knightridder.hitbox[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@z1.adserver[1].txt Low
Advertising C:\Documents and Settings\Mine\Cookies\mine@24582792[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ad.yieldmanager[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@247realmedia[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@inet-traffic[2].txt Medium
WinFixer 2005 C:\Documents and Settings\Mine\Cookies\mine@www.winfixer[2].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@bs.serving-sys[1].txt Medium
WinFixer 2005 C:\Documents and Settings\Mine\Cookies\mine@winfixer[2].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@tribalfusion[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@bfast[2].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@statcounter[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@server4.web-stat[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@com[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@apmebf[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@zedo[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@belointeractive[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@network[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ehg-alkemi.hitbox[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@maxserving[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@questionmarket[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@hitbox[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@experts-exchange[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[2].txt Medium
Rogue Anti-Spyware Products C:\Documents and Settings\Mine\Cookies\mine@www.myspywarecleaner[1].txt High
Advertising C:\Documents and Settings\Mine\Cookies\mine@advertising[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@ads.belointeractive[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@www.ratestogo[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@spinbox[2].txt Medium
2nd-thought.com C:\Documents and Settings\Mine\Cookies\mine@as-eu.falkag[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@counter.hitslink[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@mediaplex[2].txt Low
Advertising C:\Documents and Settings\Mine\Cookies\mine@burstnet[1].txt Low
Advertising C:\Documents and Settings\Mine\Cookies\mine@fastclick[1].txt Low
Advertising C:\Documents and Settings\Mine\Cookies\mine@ads.addynamix[2].txt Low
Advertising C:\Documents and Settings\Mine\Cookies\mine@hc2.humanclick[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@dcsc5k1y36twkfwddu2xlbvwn_2p6y[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@perf.overture[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Mine\Cookies\mine@cgi-bin[1].txt Medium
Advertising C:\Documents and Settings\Mine\Cookies\mine@ads.pointroll[2].txt Low
2nd-thought.com C:\Documents and Settings\Mine\Cookies\mine@as-us.falkag[2].txt Medium
Trojan.FakeAlert C:\Documents and Settings\Mine\Application Data\Install.dat High
Windows AdStatus C:\Program Files\AdTools Service High
Dapsol C:\WINDOWS\System32\paydial.exe Elevated
Trojan.StartPage.GEN C:\WINDOWS\System32\paytime.exe High
Common Components for Trojans C:\WINDOWS\System32\paytime.exe Medium
SahAgent C:\WINDOWS\System32\SahImages Elevated
SahAgent C:\WINDOWS\System32\SahImages\new_pop_03.gif Elevated
SahAgent C:\WINDOWS\System32\SahImages\new_pop_shopnow.gif Elevated
TIBS Premium Rate Dialer C:\WINDOWS\System32\tibs.exe Elevated
Trojan.FakeAlert C:\winstall.exe High
Trojan.LowZones.DF C:\ntzl.exe High
Common Components for 180Solutions items C:\temp\salmau.dat Elevated
Common Components for 180Solutions items C:\temp\salm_gdf.dat Elevated
Common Components for 180Solutions items C:\temp\salm_kyf.dat Elevated
ErrorGuard C:\WINDOWS\Downloaded Program Files\Install.dll High
ErrorGuard C:\WINDOWS\Downloaded Program Files\Install.inf High
Trojan.LowZones.DF C:\WINDOWS\system32\li.exe High

Other Sections:
_________________
But these amps go up to 11
-------------------------------------------

Are you a Top Bloke? Take the quiz
www.topblokeday.com

JohnL · Joined: 14 Feb 2006 Posts: 4 Location: Australia

I ended up downloading the yahoo Anit Spy via their toolbar and it seemed to fix the problem. No more pop ups in the system bar. Hope that helps....
_________________
But these amps go up to 11
-------------------------------------------

Are you a Top Bloke? Take the quiz
www.topblokeday.com

JohnL · Joined: 14 Feb 2006 Posts: 4 Location: Australia

How is it that the program still seems to be there on another profile on my machine? It is no longer popping up on my profile....Please HELP!!!!!
_________________
But these amps go up to 11
-------------------------------------------

Are you a Top Bloke? Take the quiz
www.topblokeday.com

GTO · Joined: 15 Nov 2005 Posts: 1519

Hi, JohnL. Welcome to 2-Spyware.com forums!

Please download the HijackThis program and run a system scan. Then create a thread in the HijackThis log analysis section and post your log here.

ag, please post your HijackThis log too.

ag · Joined: 14 Feb 2006 Posts: 3

heres the log;

Logfile of HijackThis v1.99.1
Scan saved at 4:57:19 PM, on 16/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
E:\Program Files\Microsoft Office\Office\1033\msoffice.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\G\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/30c970ae1da587748c06/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139685198239
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139685189105
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80608712-1C53-44B3-B74B-7DC1DFF6AB89}: NameServer = 206.47.244.55 206.47.244.111
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe

GTO · Joined: 15 Nov 2005 Posts: 1519

Hi, ag

Your HijackThis log looks clean to me. However, you should fix the following entries:
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
These are not malicious, but simply aren't used anymore.

P.S. Your system is not up-to-date! You have to install Service Pack 2 for Microsoft Windows XP and Service Pack 2 for Microsoft Internet Explorer. Also apply all latest updates and security fixes.

ag · Joined: 14 Feb 2006 Posts: 3

ok i'll do those things. what a relief pc isnt infected. thanks a lot!