Ad-Aware - Safe Mode
AVG Anti-Spyware - Safe Mode
Spybot SD - Safe Mode - Didn't find anything, so no post
Kaspersky Online - Safe Mode
RootkitRevealer - Normal Mode
HijackThis - Normal Mode
-----------------------------------------------------------------------------------------------------------------------------
Ad-Aware...
Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, March 07, 2007 11:07:15 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R157 05.03.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Other(TAC index:5):1 total references
SpyDawn(TAC index:3):1 total references
Tracking Cookie(TAC index:3):32 total references
Win32.Trojandownloader.Zlob(TAC index:10):19 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Dump details about unhandled exceptions to disk
Set : Play sound at scan completion if scan locates critical objects
3-7-2007 11:07:15 AM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 560
ThreadCreationTime : 3-7-2007 4:02:51 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 608
ThreadCreationTime : 3-7-2007 4:02:55 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 3-7-2007 4:02:56 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 676
ThreadCreationTime : 3-7-2007 4:02:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 688
ThreadCreationTime : 3-7-2007 4:02:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 844
ThreadCreationTime : 3-7-2007 4:03:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 912
ThreadCreationTime : 3-7-2007 4:03:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1056
ThreadCreationTime : 3-7-2007 4:03:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1084
ThreadCreationTime : 3-7-2007 4:03:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1224
ThreadCreationTime : 3-7-2007 4:03:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1596
ThreadCreationTime : 3-7-2007 4:03:16 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:12 [cpserver.exe]
FilePath : C:\Program Files\SurfControl\CyberPatrol\
ProcessID : 1784
ThreadCreationTime : 3-7-2007 4:03:18 PM
BasePriority : Normal
FileVersion : 7, 6, 0, 63
ProductVersion : 7.6.0.63
ProductName : CyberPatrol®
CompanyName : SurfControl plc.
FileDescription : CyberPatrol® Server
InternalName : CyberPatrol® Server
LegalCopyright : Copyright © 1996-2006 SurfControl plc.
OriginalFilename : cpserver.exe
#:13 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2000
ThreadCreationTime : 3-7-2007 4:03:52 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@adopt.euroclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@adopt.euroclick[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@ads.pointroll[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@ads.pointroll[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@advertising[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@apmebf[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@apmebf[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@bfast[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@bfast[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@bluestreak[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@bluestreak[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@ehg-findlaw.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@ehg-findlaw.hitbox[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@hitbox[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@insightexpressai[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@insightexpressai[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@overture[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@perf.overture[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@realmedia[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@revsci[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@revsci[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@tacoda[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@tacoda[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@tradedoubler[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@trafficmp[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@trafficmp[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@unicast[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@unicast[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@adopt.euroclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@adopt.euroclick[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@ads.pointroll[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@ads.pointroll[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@advertising[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@bluestreak[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@bluestreak[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@buy[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@buy[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@insightexpressai[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@insightexpressai[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@mediaplex[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@mediaplex[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@overture[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@realmedia[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@revsci[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@revsci[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@tradedoubler[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kk&kayla@trafficmp[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@trafficmp[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : wonderfulme@AdRotator[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\WONDERFULME\Cookies\wonderfulme@AdRotator[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : wonderfulme@AdRotator[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\WONDERFULME\Cookies\wonderfulme@AdRotator[3].txt
Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : iesplugin.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\Video Access ActiveX Object\
Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : pmsnrr.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\Video Access ActiveX Object\
Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0001492.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP10\
Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0001605.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP11\
Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0001651.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP11\
SpyDawn Object Recognized!
Type : File
Data : A0001662.exe
TAC Rating : 3
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP11\
FileVersion : 3.0.0.0
ProductVersion : 3.0.0.0
ProductName : SpyDawn
CompanyName : SpyDawn.com
FileDescription : Anti- spyware and adware
InternalName : SpyDawn.exe
LegalCopyright : © SpyDawn.com. All rights reserved.
OriginalFilename : SpyDawn.exe
Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0001694.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP12\
Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0001710.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP12\
Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0001718.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP12\
Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0001726.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP12\
Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0002741.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP13\
Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0004744.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP14\
Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0005762.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP15\
Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0001456.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP9\
Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0001467.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP9\
Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : A0001478.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP9\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 48
Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 48
Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 48
Deep scanning and examining files (H:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for H:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 48
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 48
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\internet security
Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\internet security
Value : 65007
Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\policies\explorer\run
Value : user32.dll
Win32.Trojandownloader.Zlob Object Recognized!
Type : Folder
TAC Rating : 10
Category : Malware
Comment : Win32.Trojandownloader.Zlob
Object : C:\Program Files\Video Access ActiveX Object
Other Object Recognized!
Type : File
Data : PMSNRR.EXE-06CA8879.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 53
11:25:03 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:17:47.657
Objects scanned:290661
Objects identified:54
Objects ignored:0
New critical objects:54
-----------------------------------------------------------------------------------------------------------------------------
AVG...
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:19:31 PM 3/7/2007
+ Scan result:
C:\WINDOWS\system32\SearchTool\uninstallSE.exe -> Adware.Beginto : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP16\A0005861.dll -> Adware.ProtectionBar : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP10\A0001534.ini -> Adware.Qworke : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP11\A0001660.exe -> Adware.Trymedia : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP11\A0001661.exe -> Adware.Trymedia : No action taken.
C:\Documents and Settings\ANDY\Local Settings\Temp\lafFC.tmp -> Adware.WorldSecurityOnline : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP16\A0005867.exe -> Downloader.Zlob.bng : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP16\A0005862.exe -> Downloader.Zlob.bor : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP10\A0001491.dll -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP10\A0001493.exe -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP11\A0001604.dll -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP11\A0001606.exe -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP11\A0001652.dll -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP11\A0001653.exe -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP11\A0001657.exe -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP16\A0005863.dll -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP16\A0005864.exe -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP16\A0005865.exe -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP9\A0001454.dll -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP9\A0001455.exe -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP9\A0001466.dll -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP9\A0001468.exe -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP9\A0001476.dll -> Downloader.Zlob.bpf : No action taken.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP9\A0001477.exe -> Downloader.Zlob.bpf : No action taken.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.36:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Dealtime : No action taken.
C:\Documents and Settings\ANDY\Cookies\andy@www.dealtime[2].txt -> TrackingCookie.Dealtime : No action taken.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@enhance[2].txt -> TrackingCookie.Enhance : No action taken.
:mozilla.106:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Real : No action taken.
:mozilla.24:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Real : No action taken.
:mozilla.25:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Real : No action taken.
:mozilla.26:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Real : No action taken.
:mozilla.27:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Real : No action taken.
:mozilla.28:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Real : No action taken.
:mozilla.29:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Real : No action taken.
:mozilla.30:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Real : No action taken.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\KK&KAYLA\Local Settings\Temp\Cookies\kk&kayla@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.27:C:\Documents and Settings\ANDY\Application Data\Mozilla\Profiles\default\k0dwrfg2.slt\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.28:C:\Documents and Settings\ANDY\Application Data\Mozilla\Profiles\default\k0dwrfg2.slt\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.92:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.93:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.94:C:\Documents and Settings\ANDY\Application Data\Mozilla\Firefox\Profiles\xcw8p7iq.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@anat.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\KK&KAYLA\Cookies\kk&kayla@login.tracking101[2].txt -> TrackingCookie.Tracking101 : No action taken.
::Report end
-----------------------------------------------------------------------------------------------------------------------------
Kaspersky Online...
Wednesday, March 07, 2007 2:55:53 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/03/2007
Kaspersky Anti-Virus database records: 262751
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 159730
Number of viruses found 1
Number of infected objects 6 / 0
Number of suspicious objects 0
Duration of the scan process 01:21:38
Infected Object Name Virus Name Last Action
C:\Andy\Anti-Malware\AdvancedSpywareRemover\ASRLSetup.exe/Stream/data0001 Infected: Backdoor.Win32.VB.ate skipped
C:\Andy\Anti-Malware\AdvancedSpywareRemover\ASRLSetup.exe/Stream Infected: Backdoor.Win32.VB.ate skipped
C:\Andy\Anti-Malware\AdvancedSpywareRemover\ASRLSetup.exe Inno: infected - 2 skipped
C:\Andy\Anti-Malware\AdvancedSpywareRemover\Update\ASRLSetup.exe/Stream/data0001 Infected: Backdoor.Win32.VB.ate skipped
C:\Andy\Anti-Malware\AdvancedSpywareRemover\Update\ASRLSetup.exe/Stream Infected: Backdoor.Win32.VB.ate skipped
C:\Andy\Anti-Malware\AdvancedSpywareRemover\Update\ASRLSetup.exe Inno: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\05acee3c1fc5626b63818dc1e0163c29_0b868c2e-0d3e-4380-8488-a2adfccc296f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e124cf757ec97ef8f507228db12f588_0b868c2e-0d3e-4380-8488-a2adfccc296f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\41d90e611b504966eb3c18ae7501549a_0b868c2e-0d3e-4380-8488-a2adfccc296f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\afaef41ffcdc019a2d3e452c74fe06d4_0b868c2e-0d3e-4380-8488-a2adfccc296f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d3d8feee505b4856cf6c6182a66a1e71_0b868c2e-0d3e-4380-8488-a2adfccc296f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\ANDY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\ANDY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\ANDY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\ANDY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ANDY\ntuser.dat Object is locked skipped
C:\Documents and Settings\ANDY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP16\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\ANDY\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
-----------------------------------------------------------------------------------------------------------------------------
Rootkit Revealer...
HKLM\S-1-5-21-606747145-1645522239-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings 3/7/2007 2:59 PM 87 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-606747145-1645522239-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{38E70A65-D629-E7F8-C433-120793699B6D}* 10/9/2006 10:51 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{38E70A65-D629-E7F8-C433-120793699B6D}\InProcServer32* 10/21/2006 12:36 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{F3EC8C23-88F0-45dd-9525-15E8B74569A1}\2_2001\P\7kWBEQG-gd7ad3H-E1te6TU-E6lC0\Data2 3/7/2007 2:58 PM 204 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 3/7/2007 2:59 PM 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\MSSYCLM\Start 3/7/2007 2:58 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System* 9/18/2006 10:24 AM 0 bytes Key name contains embedded nulls (*)
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173284541jtun_ncodat70307005-70307006.x01.full.zip 3/7/2007 3:03 PM 4.16 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\3236C040.TMP 3/7/2007 3:23 PM 0 bytes Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003 3/7/2007 10:32 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\Catalog.dat 11/23/2006 6:10 AM 1.74 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\full-webauth.sql.bin 3/7/2007 10:32 AM 3.99 MB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\Identifiers.xml.bin 3/7/2007 10:32 AM 629.75 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\Indicators.xml.bin 3/7/2007 10:32 AM 63.85 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\nppw.zip 3/7/2007 6:11 AM 289.77 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\PopularSites.xml.bin 3/7/2007 10:32 AM 2.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\Redirectors.xml.bin 3/7/2007 10:32 AM 46.32 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\Resources.xml.bin 3/7/2007 10:32 AM 556 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\SafeList.xml.bin 3/7/2007 10:32 AM 554.16 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\SearchServices.xml.bin 3/7/2007 10:32 AM 19.66 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\Throttle.xml.bin 3/7/2007 10:32 AM 454 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\TrustedDomains.xml.bin 3/7/2007 10:32 AM 242.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\URLAnalysis.xml.bin 3/7/2007 10:32 AM 555.43 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\v.grd 3/7/2007 2:05 AM 1.06 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\v.sig 3/7/2007 2:05 AM 2.21 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\virscan1.dat 3/7/2007 2:05 AM 32 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.003\WebHostingSites.xml.bin 3/7/2007 10:32 AM 20.99 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006 3/7/2007 3:03 PM 0 bytes Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\Catalog.dat 11/23/2006 6:10 AM 1.74 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\full-webauth.sql.bin 3/7/2007 3:03 PM 3.99 MB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\Identifiers.xml.bin 3/7/2007 3:03 PM 619.73 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\Indicators.xml.bin 3/7/2007 3:03 PM 63.85 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\nppw.zip 3/7/2007 3:03 PM 288.98 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\PopularSites.xml.bin 3/7/2007 3:03 PM 2.63 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\Redirectors.xml.bin 3/7/2007 3:03 PM 46.32 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\Resources.xml.bin 3/7/2007 3:03 PM 556 bytes Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\SafeList.xml.bin 3/7/2007 3:03 PM 554.21 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\SearchServices.xml.bin 3/7/2007 3:03 PM 19.66 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\Throttle.xml.bin 3/7/2007 3:03 PM 454 bytes Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\TrustedDomains.xml.bin 3/7/2007 3:03 PM 242.99 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\URLAnalysis.xml.bin 3/7/2007 3:03 PM 555.43 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\v.grd 3/7/2007 9:25 AM 1.06 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\v.sig 3/7/2007 9:25 AM 2.21 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\virscan1.dat 3/7/2007 9:25 AM 32 bytes Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070307.006\WebHostingSites.xml.bin 3/7/2007 3:03 PM 20.99 KB Hidden from Windows API.
C:\System Volume Information\_restore{4AFEB9DA-7390-4D03-B211-936145519A87}\RP16\A0005890.data 3/7/2007 10:28 AM 29.54 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 3/7/2007 2:58 PM 64.00 KB Visible in Windows API, but not in MFT or directory index.
-----------------------------------------------------------------------------------------------------------------------------
HijackThis...
Logfile of HijackThis v1.99.1
Scan saved at 3:46:24 PM, on 3/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\SurfControl\CyberPatrol\cphq.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\SurfControl\CyberPatrol\cpserver.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SurfControl\CyberPatrol\cpACtrl.exe
C:\Program Files\SurfControl\CyberPatrol\cpCCtrl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SurfControl\CyberPatrol\cpkbinst.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Wisdom-soft ScreenHunter Free\ScreenHunter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f588.mail....d=aulbrmoupqfdn
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software