home
::Find ISP ::Forum ::Info 
Forum HomeMain  SearchSearch  please registerplease register  Log inLog in  FAQFAQ  RULESRULES  
Trojan horse dialer.9.n

 
Post new topic   Reply to topic    Forum Index -> PC Protection
View previous topic :: View next topic  
Author Message
Greg

Guest
 
PostPosted: Thu Aug 12, 2004 23:15 pm    Post subject: Trojan horse dialer.9.n Reply with quote
am running xp, and getting the trojan virus pop up here and there, avg removes all but one. Any suggestions?
Back to top
EASTER

Malware Response Team
 Malware Response Team

Joined: 03 Aug 2004
Posts: 4
Location: Jasper, Indiana
PostPosted: Fri Aug 13, 2004 7:24 am    Post subject: Reply with quote
Welcome Greg To Freedomlist!

A new and improved version of Ad-Aware has been released.

You can download Ad-AwareSE 1.03. See the links below:

AdAwareSE Download Site
 http://www.majorgeeks.com/download506.html 

Download.com:  http://www.download.com/3000-2144-10045910...page&tag=button 

After you have installed the new version, scan your pc and post your logfile:

Much Luck!!! Thanks
Back to top
View user's profile Send private message
linatoot

Guest
 
PostPosted: Thu Aug 26, 2004 11:40 am    Post subject: trojan horse dialer.9.n Reply with quote
avg 6.0 free version will identify and remove trojan horses
Back to top
Greg

Guest
 
PostPosted: Thu Aug 26, 2004 15:50 pm    Post subject: Log File as requested Reply with quote
exclaim WEBUPDATE Requested exclaim
Log edited out to avoid confusion.

Lavasoft Ad-Aware Personal Build 1.03
Logfile created on:August 26, 2004 4:16:45 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R3 12.08.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Cydoor(TAC index:7):2 total references
Dialer(TAC index:5):2 total references
HotBar(TAC index:7):2 total references
IBIS Toolbar(TAC index:5):1 total references
Lop(TAC index:7):1 total references
MSView(TAC index:10):9 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
Tracking Cookie(TAC index:3):250 total references
WhenU(TAC index:10):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Back to top
Corrine

Administrator
 
Joined: 18 Jan 2001
Posts: 13172
Location: Upstate, NY
PostPosted: Thu Aug 26, 2004 17:15 pm    Post subject: Reply with quote
Hi, Greg.

With 250 tracking cookies, you need to remove them or your post is going to take up several screeens. In addition, you need to do a WebUpdate as the current Definitions File is at SE1R5.

So, here's what you need to do -- launch Ad-Aware, do a WebUpdate (Click on the Globe icon, Click connect, Click OK, Click Finish.)

Then please make this additional change. Click on the Gear to access the Configurations Menu. Click the Tweak Button > Scanning Options: Check "Obtain command line of scanned processes"

Click on "Scan Now". Please deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat. If these are included in your logfile it will be removed and we will not give advice on them. They are the user's choice.

Run the scanner using the Full Scan (Perform full system scan) mode. When the scan has completed, click "Scan Summary". Select the "tracking cookie" family, click Next, click OK.

Then, rescan the same way and post the logfile here as a reply. Note: it may take more than one reply for the full log to be posted. Just continue copy/pasting until the "Summary" at the end is posted.
_________________
Freedomlist.com (March 1, 2000 - 2012)



Take a walk through my Security Garden
Back to top
View user's profile Send private message
Greg

Guest
 
PostPosted: Fri Aug 27, 2004 7:59 am    Post subject: log file Reply with quote
Lavasoft Ad-Aware Personal Build 1.03
Logfile created on:August 27, 2004 8:45:13 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R5 22.08.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IBIS Toolbar(TAC index:5):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


27-08-2004 8:45:13 AM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\
Command Line : n/a
ProcessID : 468
ThreadCreationTime : 27-08-2004 12:18:48 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\D:\WINDOWS\system32\
Command Line : D:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 528
ThreadCreationTime : 27-08-2004 12:18:51 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\D:\WINDOWS\system32\
Command Line : winlogon.exe
ProcessID : 556
ThreadCreationTime : 27-08-2004 12:18:51 PM
BasePriority : High


#:4 [services.exe]
ModuleName : D:\WINDOWS\system32\
Command Line : D:\WINDOWS\system32\services.exe
ProcessID : 600
ThreadCreationTime : 27-08-2004 12:18:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : D:\WINDOWS\system32\
Command Line : D:\WINDOWS\system32\lsass.exe
ProcessID : 612
ThreadCreationTime : 27-08-2004 12:18:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : D:\WINDOWS\system32\
Command Line : D:\WINDOWS\system32\svchost -k rpcss
ProcessID : 776
ThreadCreationTime : 27-08-2004 12:18:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : D:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 884
ThreadCreationTime : 27-08-2004 12:18:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : D:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1016
ThreadCreationTime : 27-08-2004 12:18:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : D:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1080
ThreadCreationTime : 27-08-2004 12:18:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : D:\WINDOWS\system32\
Command Line : D:\WINDOWS\system32\spoolsv.exe
ProcessID : 1180
ThreadCreationTime : 27-08-2004 12:18:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [ccevtmgr.exe]
ModuleName : D:\Program Files\Common Files\Symantec Shared\
Command Line : "D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1208
ThreadCreationTime : 27-08-2004 12:18:53 PM
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:12 [explorer.exe]
ModuleName : D:\WINDOWS\
Command Line : D:\WINDOWS\Explorer.EXE
ProcessID : 1560
ThreadCreationTime : 27-08-2004 12:18:58 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [atiptaxx.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : "D:\WINDOWS\System32\atiptaxx.exe"
ProcessID : 1708
ThreadCreationTime : 27-08-2004 12:19:01 PM
BasePriority : Normal
FileVersion : 6.13.2519
ProductVersion : 6.13.2519
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright (C) 1998-2001 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:14 [directcd.exe]
ModuleName : D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\
Command Line : "D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
ProcessID : 1716
ThreadCreationTime : 27-08-2004 12:19:01 PM
BasePriority : Normal
FileVersion : 5.3.1.154
ProductVersion : 5.3.1.154
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright (c) 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:15 [ccapp.exe]
ModuleName : D:\Program Files\Common Files\Symantec Shared\
Command Line : "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 1724
ThreadCreationTime : 27-08-2004 12:19:01 PM
BasePriority : Normal
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:16 [qttask.exe]
ModuleName : D:\Program Files\QuickTime\
Command Line : "D:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1752
ThreadCreationTime : 27-08-2004 12:19:01 PM
BasePriority : Normal
FileVersion : 6.0.2
ProductVersion : QuickTime 6.0.2
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2002
OriginalFilename : QTTask.exe

#:17 [winampa.exe]
ModuleName : D:\Program Files\Winamp3\
Command Line : "D:\Program Files\Winamp3\winampa.exe"
ProcessID : 1760
ThreadCreationTime : 27-08-2004 12:19:01 PM
BasePriority : Normal


#:18 [realsched.exe]
ModuleName : D:\Program Files\Common Files\Real\Update_OB\
Command Line : "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1768
ThreadCreationTime : 27-08-2004 12:19:01 PM
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:19 [jusched.exe]
ModuleName : D:\Program Files\Java\j2re1.4.2_03\bin\
Command Line : "D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
ProcessID : 1796
ThreadCreationTime : 27-08-2004 12:19:01 PM
BasePriority : Normal


#:20 [avgcc32.exe]
ModuleName : D:\PROGRA~1\Grisoft\AVG6\
Command Line : "D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe" /STARTUP
ProcessID : 1804
ThreadCreationTime : 27-08-2004 12:19:01 PM
BasePriority : Normal
FileVersion : 6, 0, 0, 515
ProductVersion : 6, 0, 0, 0
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC32
LegalCopyright : Copyright © 2003 GRISOFT s.r.o.
OriginalFilename : AvgCC32.EXE

#:21 [msnappau.exe]
ModuleName : D:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-ca\
Command Line : "D:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-ca\msnappau.exe"
ProcessID : 1812
ThreadCreationTime : 27-08-2004 12:19:02 PM
BasePriority : Normal


#:22 [ctfmon.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : "D:\WINDOWS\System32\ctfmon.exe"
ProcessID : 1820
ThreadCreationTime : 27-08-2004 12:19:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:23 [spysweeper.exe]
ModuleName : D:\Program Files\Webroot\Spy Sweeper\
Command Line : "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
ProcessID : 1864
ThreadCreationTime : 27-08-2004 12:19:02 PM
BasePriority : Normal
FileVersion : 3.0.0.129
ProductVersion : 3.0i
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper
LegalCopyright : Copyright (c) 2001-2004 Webroot Software, Inc.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.

#:24 [wusb11cfg.exe]
ModuleName : D:\Program Files\Linksys\WUSB11 Config Utility\
Command Line : "D:\Program Files\Linksys\WUSB11 Config Utility\WUSB11Cfg.exe"
ProcessID : 1872
ThreadCreationTime : 27-08-2004 12:19:02 PM
BasePriority : Normal
FileVersion : 2, 86, 0, 0
ProductVersion : 2, 86, 0, 0
ProductName : Wireless USB Network Adapter Configuration Utility
CompanyName : Linksys Group, Inc.
FileDescription : WUSB11Cfg
InternalName : WUSB11Cfg
LegalCopyright : Copyright (C) 2001
LegalTrademarks : Instant Wireless
OriginalFilename : WUSB11Cfg.EXE
Comments : Wireless USB Network Adapter Configuration Utility

#:25 [alg.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : D:\WINDOWS\System32\alg.exe
ProcessID : 2000
ThreadCreationTime : 27-08-2004 12:19:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:26 [avgserv.exe]
ModuleName : D:\PROGRA~1\Grisoft\AVG6\
Command Line : D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
ProcessID : 148
ThreadCreationTime : 27-08-2004 12:19:04 PM
BasePriority : Normal
FileVersion : 6.0.1.696
ProductVersion : 6.0.1.696
ProductName : AVG6
CompanyName : GRISOFT s.r.o
FileDescription : AvgServ - displays notification message
InternalName : AvgServ
LegalCopyright : Copyright (c) GRISOFT 1998-2004
OriginalFilename : AvgServ

#:27 [devldr32.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : D:\WINDOWS\System32\devldr32.exe
ProcessID : 228
ThreadCreationTime : 27-08-2004 12:19:05 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright (C) Creative Technology Ltd. 1998-2001
OriginalFilename : DevLdr32.exe

#:28 [navapsvc.exe]
ModuleName : D:\Program Files\Norton AntiVirus\
Command Line : "D:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 268
ThreadCreationTime : 27-08-2004 12:19:05 PM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:29 [nprotect.exe]
ModuleName : D:\Program Files\Norton AntiVirus\AdvTools\
Command Line : "D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE"
ProcessID : 312
ThreadCreationTime : 27-08-2004 12:19:10 PM
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright (C) 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:30 [svchost.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : D:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1024
ThreadCreationTime : 27-08-2004 12:19:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:31 [msimn.exe]
ModuleName : D:\Program Files\Outlook Express\
Command Line : "D:\Program Files\Outlook Express\msimn.exe"
ProcessID : 3440
ThreadCreationTime : 27-08-2004 12:19:50 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Outlook Express
InternalName : MSIMN
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSIMN.EXE

#:32 [wuauclt.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : "D:\WINDOWS\System32\wuauclt.exe"
ProcessID : 3972
ThreadCreationTime : 27-08-2004 12:20:15 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:33 [aim.exe]
ModuleName : D:\Program Files\AIM95\
Command Line : "D:\Program Files\AIM95\aim.exe"
ProcessID : 4036
ThreadCreationTime : 27-08-2004 12:21:52 PM
BasePriority : Normal
FileVersion : 4.7.2517
ProductVersion : 4.7.2517
ProductName : AOL Instant Messenger (SM)
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger (SM)
InternalName : AIM
LegalCopyright : Copyright © 1996-2001 America Online, Inc.
OriginalFilename : AIM.EXE

#:34 [iexplore.exe]
ModuleName : D:\Program Files\Internet Explorer\
Command Line : "D:\Program Files\Internet Explorer\IEXPLORE.EXE"
ProcessID : 3224
ThreadCreationTime : 27-08-2004 12:22:57 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:35 [ad-aware.exe]
ModuleName : D:\Program Files\Lavasoft\Ad-Aware SE Personal\
Command Line : "D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3280
ThreadCreationTime : 27-08-2004 12:26:20 PM
BasePriority : Normal
FileVersion : 6.2.0.162
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:36 [ypager.exe]
ModuleName : D:\Program Files\Yahoo!\Messenger\
Command Line : "D:\Program Files\Yahoo!\Messenger\YPager.exe"
ProcessID : 2480
ThreadCreationTime : 27-08-2004 12:27:25 PM
BasePriority : Normal
FileVersion : 6,0,0,1750
ProductVersion : 6,0,0,1750
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
InternalName : Yahoo! Messengerr
LegalCopyright : Copyright 1998-2004
OriginalFilename : YPager.exe

#:37 [iexplore.exe]
ModuleName : D:\Program Files\Internet Explorer\
Command Line : "D:\Program Files\Internet Explorer\IEXPLORE.EXE"
ProcessID : 2032
ThreadCreationTime : 27-08-2004 12:30:09 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:38 [excel.exe]
ModuleName : D:\Program Files\Microsoft Office\Office10\
Command Line : "D:\Program Files\Microsoft Office\Office10\excel.exe" /e
ProcessID : 2108
ThreadCreationTime : 27-08-2004 12:35:45 PM
BasePriority : Normal


#:39 [msmsgs.exe]
ModuleName : D:\Program Files\Messenger\
Command Line : "D:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 2456
ThreadCreationTime : 27-08-2004 12:44:35 PM
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\btiein

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Disk Scan Result for D:\WINDOWS\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Disk Scan Result for D:\DOCUME~1\MS86BF~1.PIG\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Scanning Hosts file......
Hosts file location:"D:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 1




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

8:49:24 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:10.500
Objects scanned:60561
Objects identified:1
Objects ignored:0
New critical objects:1
Back to top
normmork


 
Joined: 08 Dec 2003
Posts: 204
Location: Canada
PostPosted: Fri Aug 27, 2004 10:46 am    Post subject: Reply with quote
Follow the removal instructions agian and see if you can remove the last IBIS entry
Back to top
View user's profile Send private message
Greg

Guest
 
PostPosted: Fri Aug 27, 2004 23:41 pm    Post subject: Reply with quote
The trojan dialer.9.n is still there, its coming up in my windows media player.exe

Any suggestions?
Back to top
Guest


 
PostPosted: Mon Aug 30, 2004 6:23 am    Post subject: Reply with quote
Please download Hijackthis 1.98.2
 Hijackthis 1.98.2 Download 


Scan and post a new log
Back to top
normmork


 
Joined: 08 Dec 2003
Posts: 204
Location: Canada
PostPosted: Mon Aug 30, 2004 9:53 am    Post subject: Reply with quote
Sorry the guest was me
Back to top
View user's profile Send private message
Greg

Guest
 
PostPosted: Thu Sep 02, 2004 21:06 pm    Post subject: HiJack this Reply with quote
when I try to open the exe, it says its opened in a temporary file and i should close it and save to a perm file, then i clki OK and it opens it and runs a 2 second scan and about 15 unchecked items appear in a window.

Today, TROJAN HORSE DIALER.9.n appeared in C:/system/volume. i have no file called that

How can i get rid of this thing?
Back to top
Greg

Guest
 
PostPosted: Thu Sep 02, 2004 22:26 pm    Post subject: logfile, after I re scanned trying to get rid IBIS Reply with quote
Lavasoft Ad-Aware Personal Build 1.03
Logfile created on:September 2, 2004 10:19:24 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R6 30.08.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IBIS Toolbar(TAC index:5):1 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


02-09-2004 10:19:24 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\
Command Line : n/a
ProcessID : 480
ThreadCreationTime : 03-09-2004 1:59:58 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\D:\WINDOWS\system32\
Command Line : D:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 528
ThreadCreationTime : 03-09-2004 2:00:01 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\D:\WINDOWS\system32\
Command Line : winlogon.exe
ProcessID : 556
ThreadCreationTime : 03-09-2004 2:00:01 AM
BasePriority : High


#:4 [services.exe]
ModuleName : D:\WINDOWS\system32\
Command Line : D:\WINDOWS\system32\services.exe
ProcessID : 600
ThreadCreationTime : 03-09-2004 2:00:01 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : D:\WINDOWS\system32\
Command Line : D:\WINDOWS\system32\lsass.exe
ProcessID : 612
ThreadCreationTime : 03-09-2004 2:00:01 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : D:\WINDOWS\system32\
Command Line : D:\WINDOWS\system32\svchost -k rpcss
ProcessID : 776
ThreadCreationTime : 03-09-2004 2:00:01 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : D:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 884
ThreadCreationTime : 03-09-2004 2:00:01 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : D:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 968
ThreadCreationTime : 03-09-2004 2:00:02 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : D:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1032
ThreadCreationTime : 03-09-2004 2:00:02 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : D:\WINDOWS\system32\
Command Line : D:\WINDOWS\system32\spoolsv.exe
ProcessID : 1180
ThreadCreationTime : 03-09-2004 2:00:03 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [ccevtmgr.exe]
ModuleName : D:\Program Files\Common Files\Symantec Shared\
Command Line : "D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1220
ThreadCreationTime : 03-09-2004 2:00:03 AM
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:12 [explorer.exe]
ModuleName : D:\WINDOWS\
Command Line : D:\WINDOWS\Explorer.EXE
ProcessID : 1548
ThreadCreationTime : 03-09-2004 2:00:07 AM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [atiptaxx.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : "D:\WINDOWS\System32\atiptaxx.exe"
ProcessID : 1692
ThreadCreationTime : 03-09-2004 2:00:09 AM
BasePriority : Normal
FileVersion : 6.13.2519
ProductVersion : 6.13.2519
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright (C) 1998-2001 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:14 [directcd.exe]
ModuleName : D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\
Command Line : "D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
ProcessID : 1700
ThreadCreationTime : 03-09-2004 2:00:09 AM
BasePriority : Normal
FileVersion : 5.3.1.154
ProductVersion : 5.3.1.154
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright (c) 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:15 [ccapp.exe]
ModuleName : D:\Program Files\Common Files\Symantec Shared\
Command Line : "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 1708
ThreadCreationTime : 03-09-2004 2:00:09 AM
BasePriority : Normal
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:16 [qttask.exe]
ModuleName : D:\Program Files\QuickTime\
Command Line : "D:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1732
ThreadCreationTime : 03-09-2004 2:00:09 AM
BasePriority : Normal
FileVersion : 6.0.2
ProductVersion : QuickTime 6.0.2
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2002
OriginalFilename : QTTask.exe

#:17 [realsched.exe]
ModuleName : D:\Program Files\Common Files\Real\Update_OB\
Command Line : "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1744
ThreadCreationTime : 03-09-2004 2:00:10 AM
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:18 [jusched.exe]
ModuleName : D:\Program Files\Java\j2re1.4.2_03\bin\
Command Line : "D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
ProcessID : 1756
ThreadCreationTime : 03-09-2004 2:00:10 AM
BasePriority : Normal


#:19 [avgcc32.exe]
ModuleName : D:\PROGRA~1\Grisoft\AVG6\
Command Line : "D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe" /STARTUP
ProcessID : 1764
ThreadCreationTime : 03-09-2004 2:00:10 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 515
ProductVersion : 6, 0, 0, 0
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC32
LegalCopyright : Copyright © 2003 GRISOFT s.r.o.
OriginalFilename : AvgCC32.EXE

#:20 [msnappau.exe]
ModuleName : D:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-ca\
Command Line : "D:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-ca\msnappau.exe"
ProcessID : 1772
ThreadCreationTime : 03-09-2004 2:00:10 AM
BasePriority : Normal


#:21 [winampa.exe]
ModuleName : D:\Program Files\Winamp\
Command Line : "D:\Program Files\Winamp\winampa.exe"
ProcessID : 1796
ThreadCreationTime : 03-09-2004 2:00:10 AM
BasePriority : Normal


#:22 [ctfmon.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : "D:\WINDOWS\System32\ctfmon.exe"
ProcessID : 1804
ThreadCreationTime : 03-09-2004 2:00:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:23 [spysweeper.exe]
ModuleName : D:\Program Files\Webroot\Spy Sweeper\
Command Line : "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
ProcessID : 1848
ThreadCreationTime : 03-09-2004 2:00:10 AM
BasePriority : Normal
FileVersion : 3.0.0.129
ProductVersion : 3.0i
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper
LegalCopyright : Copyright (c) 2001-2004 Webroot Software, Inc.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.

#:24 [wusb11cfg.exe]
ModuleName : D:\Program Files\Linksys\WUSB11 Config Utility\
Command Line : "D:\Program Files\Linksys\WUSB11 Config Utility\WUSB11Cfg.exe"
ProcessID : 1864
ThreadCreationTime : 03-09-2004 2:00:10 AM
BasePriority : Normal
FileVersion : 2, 86, 0, 0
ProductVersion : 2, 86, 0, 0
ProductName : Wireless USB Network Adapter Configuration Utility
CompanyName : Linksys Group, Inc.
FileDescription : WUSB11Cfg
InternalName : WUSB11Cfg
LegalCopyright : Copyright (C) 2001
LegalTrademarks : Instant Wireless
OriginalFilename : WUSB11Cfg.EXE
Comments : Wireless USB Network Adapter Configuration Utility

#:25 [devldr32.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : D:\WINDOWS\System32\devldr32.exe
ProcessID : 1948
ThreadCreationTime : 03-09-2004 2:00:12 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright (C) Creative Technology Ltd. 1998-2001
OriginalFilename : DevLdr32.exe

#:26 [msmsgs.exe]
ModuleName : D:\Program Files\Messenger\
Command Line : "D:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 156
ThreadCreationTime : 03-09-2004 2:00:15 AM
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:27 [alg.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : D:\WINDOWS\System32\alg.exe
ProcessID : 184
ThreadCreationTime : 03-09-2004 2:00:15 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:28 [avgserv.exe]
ModuleName : D:\PROGRA~1\Grisoft\AVG6\
Command Line : D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
ProcessID : 240
ThreadCreationTime : 03-09-2004 2:00:16 AM
BasePriority : Normal
FileVersion : 6.0.1.696
ProductVersion : 6.0.1.696
ProductName : AVG6
CompanyName : GRISOFT s.r.o
FileDescription : AvgServ - displays notification message
InternalName : AvgServ
LegalCopyright : Copyright (c) GRISOFT 1998-2004
OriginalFilename : AvgServ

#:29 [navapsvc.exe]
ModuleName : D:\Program Files\Norton AntiVirus\
Command Line : "D:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 284
ThreadCreationTime : 03-09-2004 2:00:16 AM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:30 [nprotect.exe]
ModuleName : D:\Program Files\Norton AntiVirus\AdvTools\
Command Line : "D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE"
ProcessID : 452
ThreadCreationTime : 03-09-2004 2:00:18 AM
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright (C) 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:31 [svchost.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : D:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 988
ThreadCreationTime : 03-09-2004 2:00:21 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:32 [msnmsgr.exe]
ModuleName : D:\Program Files\MSN Messenger\
Command Line : "D:\Program Files\MSN Messenger\msnmsgr.exe"
ProcessID : 2884
ThreadCreationTime : 03-09-2004 2:00:37 AM
BasePriority : Normal
FileVersion : 6.2.0137
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:33 [wuauclt.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : "D:\WINDOWS\System32\wuauclt.exe"
ProcessID : 1484
ThreadCreationTime : 03-09-2004 2:01:27 AM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:34 [avgw.exe]
ModuleName : D:\PROGRA~1\Grisoft\AVG6\
Command Line : avgw.exe
ProcessID : 2788
ThreadCreationTime : 03-09-2004 2:01:56 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 516
ProductVersion : 6, 0, 0, 0
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG 6.0 Application
InternalName : avgw
LegalCopyright : Copyright © GRISOFT, s.r.o, 1999-2003
OriginalFilename : avgw.exe

#:35 [iexplore.exe]
ModuleName : D:\Program Files\Internet Explorer\
Command Line : "D:\Program Files\Internet Explorer\IEXPLORE.EXE"
ProcessID : 2908
ThreadCreationTime : 03-09-2004 2:07:42 AM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:36 [ad-aware.exe]
ModuleName : D:\Program Files\Lavasoft\Ad-Aware SE Personal\
Command Line : "D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3872
ThreadCreationTime : 03-09-2004 2:08:32 AM
BasePriority : Normal
FileVersion : 6.2.0.162
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\btiein

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@tribalfusion[1].txt
Category : Data Miner
Comment : Cookie:ms. piggy@tribalfusion.com/
Value : Cookie:ms. piggy@tribalfusion.com/

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 2



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Scanning Hosts file......
Hosts file location:"D:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 2




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

11:21:24 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:01:01:59.409
Objects scanned:225052
Objects identified:2
Objects ignored:0
New critical objects:2
Back to top
Corrine

Administrator
 
Joined: 18 Jan 2001
Posts: 13172
Location: Upstate, NY
PostPosted: Fri Sep 03, 2004 6:33 am    Post subject: Reply with quote
Hi, Greg. I found some problems existing elsewhere on the 'net with msnappau.exe. So, please submit the file(s) below for evaluation to Lavasoft R&D at:  http://www.lavasofthelp.com/submit/  . Simply copy/paste the identified file(s) into the box that reads "Submission File". Click "Submit new or updated target". Wait for it to upload. (Repeat if more than one file is listed.)

D:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-ca\msnappau.exe

As before, run a full Ad-Aware scan and select any objects for removal.

It would be advisable to to to one or more of the sites below and run an online scan. Follow any instructions for removal.

 Panda 
 Symantec 
 TrendMicro 
 A2 Trojan Scan 

The problem you are having with HJT is that it needs to be in its own folder. It is set up that way intentionally for protection. How about if you create a HJThis folder and unzip the software to that folder.
_________________
Freedomlist.com (March 1, 2000 - 2012)



Take a walk through my Security Garden
Back to top
View user's profile Send private message
greg

Guest
 
PostPosted: Wed Sep 08, 2004 13:26 pm    Post subject: trojan Reply with quote
I cant seem to get rid of the IBIS toolbar... here is the logfile from the FULL SCAN i just did...



Lavasoft Ad-Aware Personal Build 1.03
Logfile created on:September 8, 2004 1:52:52 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R7 06.09.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IBIS Toolbar(TAC index:5):1 total references
Tracking Cookie(TAC index:3):20 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


08-09-2004 1:52:52 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\
Command Line : n/a
ProcessID : 472
ThreadCreationTime : 08-09-2004 12:10:30 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\D:\WINDOWS\system32\
Command Line : D:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 528
ThreadCreationTime : 08-09-2004 12:10:32 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\D:\WINDOWS\system32\
Command Line : winlogon.exe
ProcessID : 556
ThreadCreationTime : 08-09-2004 12:10:32 PM
BasePriority : High


#:4 [services.exe]
ModuleName : D:\WINDOWS\system32\
Command Line : D:\WINDOWS\system32\services.exe
ProcessID : 604
ThreadCreationTime : 08-09-2004 12:10:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : D:\WINDOWS\system32\
Command Line : D:\WINDOWS\system32\lsass.exe
ProcessID : 616
ThreadCreationTime : 08-09-2004 12:10:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : D:\WINDOWS\system32\
Command Line : D:\WINDOWS\system32\svchost -k rpcss
ProcessID : 780
ThreadCreationTime : 08-09-2004 12:10:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : D:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 888
ThreadCreationTime : 08-09-2004 12:10:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : D:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1012
ThreadCreationTime : 08-09-2004 12:10:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : D:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1032
ThreadCreationTime : 08-09-2004 12:10:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : D:\WINDOWS\system32\
Command Line : D:\WINDOWS\system32\spoolsv.exe
ProcessID : 1184
ThreadCreationTime : 08-09-2004 12:10:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [ccevtmgr.exe]
ModuleName : D:\Program Files\Common Files\Symantec Shared\
Command Line : "D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1220
ThreadCreationTime : 08-09-2004 12:10:35 PM
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:12 [explorer.exe]
ModuleName : D:\WINDOWS\
Command Line : D:\WINDOWS\Explorer.EXE
ProcessID : 1556
ThreadCreationTime : 08-09-2004 12:10:39 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [atiptaxx.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : "D:\WINDOWS\System32\atiptaxx.exe"
ProcessID : 1708
ThreadCreationTime : 08-09-2004 12:10:42 PM
BasePriority : Normal
FileVersion : 6.13.2519
ProductVersion : 6.13.2519
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright (C) 1998-2001 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:14 [directcd.exe]
ModuleName : D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\
Command Line : "D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
ProcessID : 1716
ThreadCreationTime : 08-09-2004 12:10:42 PM
BasePriority : Normal
FileVersion : 5.3.1.154
ProductVersion : 5.3.1.154
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright (c) 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:15 [ccapp.exe]
ModuleName : D:\Program Files\Common Files\Symantec Shared\
Command Line : "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 1724
ThreadCreationTime : 08-09-2004 12:10:42 PM
BasePriority : Normal
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:16 [qttask.exe]
ModuleName : D:\Program Files\QuickTime\
Command Line : "D:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1748
ThreadCreationTime : 08-09-2004 12:10:42 PM
BasePriority : Normal
FileVersion : 6.0.2
ProductVersion : QuickTime 6.0.2
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2002
OriginalFilename : QTTask.exe

#:17 [realsched.exe]
ModuleName : D:\Program Files\Common Files\Real\Update_OB\
Command Line : "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1756
ThreadCreationTime : 08-09-2004 12:10:42 PM
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:18 [jusched.exe]
ModuleName : D:\Program Files\Java\j2re1.4.2_03\bin\
Command Line : "D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
ProcessID : 1764
ThreadCreationTime : 08-09-2004 12:10:42 PM
BasePriority : Normal


#:19 [avgcc32.exe]
ModuleName : D:\PROGRA~1\Grisoft\AVG6\
Command Line : "D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe" /STARTUP
ProcessID : 1788
ThreadCreationTime : 08-09-2004 12:10:42 PM
BasePriority : Normal
FileVersion : 6, 0, 0, 515
ProductVersion : 6, 0, 0, 0
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC32
LegalCopyright : Copyright © 2003 GRISOFT s.r.o.
OriginalFilename : AvgCC32.EXE

#:20 [msnappau.exe]
ModuleName : D:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-ca\
Command Line : "D:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-ca\msnappau.exe"
ProcessID : 1796
ThreadCreationTime : 08-09-2004 12:10:42 PM
BasePriority : Normal


#:21 [winampa.exe]
ModuleName : D:\Program Files\Winamp\
Command Line : "D:\Program Files\Winamp\winampa.exe"
ProcessID : 1812
ThreadCreationTime : 08-09-2004 12:10:42 PM
BasePriority : Normal


#:22 [ctfmon.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : "D:\WINDOWS\System32\ctfmon.exe"
ProcessID : 1828
ThreadCreationTime : 08-09-2004 12:10:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:23 [spysweeper.exe]
ModuleName : D:\Program Files\Webroot\Spy Sweeper\
Command Line : "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
ProcessID : 1864
ThreadCreationTime : 08-09-2004 12:10:43 PM
BasePriority : Normal
FileVersion : 3.0.0.129
ProductVersion : 3.0i
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper
LegalCopyright : Copyright (c) 2001-2004 Webroot Software, Inc.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.

#:24 [wusb11cfg.exe]
ModuleName : D:\Program Files\Linksys\WUSB11 Config Utility\
Command Line : "D:\Program Files\Linksys\WUSB11 Config Utility\WUSB11Cfg.exe"
ProcessID : 1880
ThreadCreationTime : 08-09-2004 12:10:43 PM
BasePriority : Normal
FileVersion : 2, 86, 0, 0
ProductVersion : 2, 86, 0, 0
ProductName : Wireless USB Network Adapter Configuration Utility
CompanyName : Linksys Group, Inc.
FileDescription : WUSB11Cfg
InternalName : WUSB11Cfg
LegalCopyright : Copyright (C) 2001
LegalTrademarks : Instant Wireless
OriginalFilename : WUSB11Cfg.EXE
Comments : Wireless USB Network Adapter Configuration Utility

#:25 [msmsgs.exe]
ModuleName : D:\Program Files\Messenger\
Command Line : "D:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 2004
ThreadCreationTime : 08-09-2004 12:10:44 PM
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:26 [devldr32.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : D:\WINDOWS\System32\devldr32.exe
ProcessID : 2024
ThreadCreationTime : 08-09-2004 12:10:45 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright (C) Creative Technology Ltd. 1998-2001
OriginalFilename : DevLdr32.exe

#:27 [alg.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : D:\WINDOWS\System32\alg.exe
ProcessID : 228
ThreadCreationTime : 08-09-2004 12:10:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:28 [avgserv.exe]
ModuleName : D:\PROGRA~1\Grisoft\AVG6\
Command Line : D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
ProcessID : 252
ThreadCreationTime : 08-09-2004 12:10:48 PM
BasePriority : Normal
FileVersion : 6.0.1.696
ProductVersion : 6.0.1.696
ProductName : AVG6
CompanyName : GRISOFT s.r.o
FileDescription : AvgServ - displays notification message
InternalName : AvgServ
LegalCopyright : Copyright (c) GRISOFT 1998-2004
OriginalFilename : AvgServ

#:29 [navapsvc.exe]
ModuleName : D:\Program Files\Norton AntiVirus\
Command Line : "D:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 388
ThreadCreationTime : 08-09-2004 12:10:48 PM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:30 [nprotect.exe]
ModuleName : D:\Program Files\Norton AntiVirus\AdvTools\
Command Line : "D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE"
ProcessID : 796
ThreadCreationTime : 08-09-2004 12:10:53 PM
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright (C) 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:31 [svchost.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : D:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1124
ThreadCreationTime : 08-09-2004 12:10:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:32 [aim.exe]
ModuleName : D:\Program Files\AIM95\
Command Line : "D:\Program Files\AIM95\aim.exe"
ProcessID : 3224
ThreadCreationTime : 08-09-2004 12:11:23 PM
BasePriority : Normal
FileVersion : 4.7.2517
ProductVersion : 4.7.2517
ProductName : AOL Instant Messenger (SM)
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger (SM)
InternalName : AIM
LegalCopyright : Copyright © 1996-2001 America Online, Inc.
OriginalFilename : AIM.EXE

#:33 [wuauclt.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : "D:\WINDOWS\System32\wuauclt.exe"
ProcessID : 3996
ThreadCreationTime : 08-09-2004 12:11:57 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:34 [msimn.exe]
ModuleName : D:\Program Files\Outlook Express\
Command Line : "D:\Program Files\Outlook Express\msimn.exe"
ProcessID : 3180
ThreadCreationTime : 08-09-2004 3:25:04 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Outlook Express
InternalName : MSIMN
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSIMN.EXE

#:35 [wisptis.exe]
ModuleName : D:\WINDOWS\System32\
Command Line : "D:\WINDOWS\System32\wisptis.exe" -Embedding
ProcessID : 4024
ThreadCreationTime : 08-09-2004 4:31:02 PM
BasePriority : High
FileVersion : 1.0.2201.0 (xpsp1.020828-1920)
ProductVersion : 1.0.2201.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft Tablet PC Platform Component
InternalName : WISPTIS.EXE
LegalCopyright : Copyright © 1998-2002 Microsoft Corporation.
OriginalFilename : WISPTIS.EXE

#:36 [iexplore.exe]
ModuleName : D:\Program Files\Internet Explorer\
Command Line : "D:\Program Files\Internet Explorer\IEXPLORE.EXE"
ProcessID : 3420
ThreadCreationTime : 08-09-2004 5:09:52 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:37 [ypager.exe]
ModuleName : D:\Program Files\Yahoo!\Messenger\
Command Line : "D:\Program Files\Yahoo!\Messenger\YPager.exe"
ProcessID : 3756
ThreadCreationTime : 08-09-2004 5:31:53 PM
BasePriority : Normal
FileVersion : 6,0,0,1750
ProductVersion : 6,0,0,1750
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
InternalName : Yahoo! Messengerr
LegalCopyright : Copyright 1998-2004
OriginalFilename : YPager.exe

#:38 [ad-aware.exe]
ModuleName : D:\Program Files\Lavasoft\Ad-Aware SE Personal\
Command Line : "D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3912
ThreadCreationTime : 08-09-2004 5:52:26 PM
BasePriority : Normal
FileVersion : 6.2.0.162
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\btiein

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@doubleclick[1].txt
Category : Data Miner
Comment : Cookie:ms. piggy@doubleclick.net/
Value : Cookie:ms. piggy@doubleclick.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@tribalfusion[1].txt
Category : Data Miner
Comment : Cookie:ms. piggy@tribalfusion.com/
Value : Cookie:ms. piggy@tribalfusion.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@server.iad.liveperson[1].txt
Category : Data Miner
Comment : Cookie:ms. piggy@server.iad.liveperson.net/
Value : Cookie:ms. piggy@server.iad.liveperson.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@bluestreak[1].txt
Category : Data Miner
Comment : Cookie:ms. piggy@bluestreak.com/
Value : Cookie:ms. piggy@bluestreak.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@atdmt[2].txt
Category : Data Miner
Comment : Cookie:ms. piggy@atdmt.com/
Value : Cookie:ms. piggy@atdmt.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@zedo[2].txt
Category : Data Miner
Comment : Cookie:ms. piggy@zedo.com/
Value : Cookie:ms. piggy@zedo.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@hitbox[2].txt
Category : Data Miner
Comment : Cookie:ms. piggy@hitbox.com/
Value : Cookie:ms. piggy@hitbox.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@ehg-yellowpages.hitbox[1].txt
Category : Data Miner
Comment : Cookie:ms. piggy@ehg-yellowpages.hitbox.com/
Value : Cookie:ms. piggy@ehg-yellowpages.hitbox.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@data.coremetrics[1].txt
Category : Data Miner
Comment : Cookie:ms. piggy@data.coremetrics.com/
Value : Cookie:ms. piggy@data.coremetrics.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@bfast[2].txt
Category : Data Miner
Comment : Cookie:ms. piggy@bfast.com/
Value : Cookie:ms. piggy@bfast.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@centrport[2].txt
Category : Data Miner
Comment : Cookie:ms. piggy@centrport.net/
Value : Cookie:ms. piggy@centrport.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@2o7[2].txt
Category : Data Miner
Comment : Cookie:ms. piggy@2o7.net/
Value : Cookie:ms. piggy@2o7.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@clickagents[1].txt
Category : Data Miner
Comment : Cookie:ms. piggy@clickagents.com/
Value : Cookie:ms. piggy@clickagents.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@mediaplex[1].txt
Category : Data Miner
Comment : Cookie:ms. piggy@mediaplex.com/
Value : Cookie:ms. piggy@mediaplex.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@fastclick[2].txt
Category : Data Miner
Comment : Cookie:ms. piggy@fastclick.net/
Value : Cookie:ms. piggy@fastclick.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@advertising[2].txt
Category : Data Miner
Comment : Cookie:ms. piggy@advertising.com/
Value : Cookie:ms. piggy@advertising.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@edge.ru4[2].txt
Category : Data Miner
Comment : Cookie:ms. piggy@edge.ru4.com/
Value : Cookie:ms. piggy@edge.ru4.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@realmedia[1].txt
Category : Data Miner
Comment : Cookie:ms. piggy@realmedia.com/
Value : Cookie:ms. piggy@realmedia.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@servedby.advertising[1].txt
Category : Data Miner
Comment : Cookie:ms. piggy@servedby.advertising.com/
Value : Cookie:ms. piggy@servedby.advertising.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ms. piggy@ads.pointroll[1].txt
Category : Data Miner
Comment : Cookie:ms. piggy@ads.pointroll.com/
Value : Cookie:ms. piggy@ads.pointroll.com/

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 20
Objects found so far: 21



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21


Scanning Hosts file......
Hosts file location:"D:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 21




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21

2:24:09 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:31:17.209
Objects scanned:223201
Objects identified:21
Objects ignored:0
New critical objects:21
Back to top
Post new topic  Reply to topic     Forum Index -> PC Protection   All times are GMT - 5 Hours
Powered by phpBB ©    
*freedomlist.com assumes no responsibility for any postings
spacer
Find ISP | Forum | Contact Us | Submit ISP | Info | Site Map |
 © Copyright Freedomlist.com (2000 - 2012)