|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
08-05-2007, 10:52 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2007
Location: Midwest, US
Posts: 196
OS: Windows XP SP3
|
Posible WIN32:ctx
I have tried trials of Norton, Panda, and McAffee. Recently I attempted to install Avast! and upon the first scan when it rebooted, it said I had WIN:32ctx but could not fix it. Imediately afterwards I ran into problems and needed to do a system restore which of course erased the install that I had done. At the same time I had Panda on my computer, not knowing that it should be removed or that Norton and McAfee need special tools to completely remove them for that matter. Presently I am using AVG and all others (to my knowledge) are removed.
Panda has not detected the WIN32:ctx. Nor did it come up during the "5 Step Process". Do I really have it? Some of the problems I have experienced have been: --some times my computer runs slow but its not consistant, seems to be most noticeable when I turn it on or when I start up on Internet Express. for awhile before installing Avast my outlook express kept closing on me when I'd open it. --windows wont install some of the patches that say they are available to me. and wont install windows update 3.1. --Oh I also seem to have a DSS/Agent that keeps getting fixed and showing up. here is the log requested: Deckard's System Scanner v20070804.61 Run by Mr. Hill on 2007-08-05 at 22:30:29 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 57: 2007-08-06 03:31:07 UTC - RP57 - Deckard's System Scanner Restore Point 56: 2007-08-05 04:50:42 UTC - RP56 - Software Distribution Service 3.0 55: 2007-08-04 15:45:09 UTC - RP55 - Software Distribution Service 3.0 54: 2007-08-04 06:33:12 UTC - RP54 - Software Distribution Service 3.0 53: 2007-08-03 15:32:04 UTC - RP53 - Spyware Doctor: Cleaning Threats -- First Restore Point -- 1: 2007-06-23 19:27:46 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. Total Physical Memory: 256 MiB (512 MiB recommended). -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of HijackThis v1.99.1 Scan saved at 2007-08-05 22:35:29 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\Program Files\Grisoft\AVG7\avgamsvr.exe C:\Program Files\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\usrmlnka.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRnote.exe C:\WINDOWS\system32\usrshuta.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\usrmlnka.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nero\data\Xtras\mssysmgr.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\HighPoint Technologies, Inc\HighPoint ATA RAID Management Software\raidman.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe C:\Documents and Settings\Mr. Hill\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kcpottery.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll O4 - HKEY_LOCAL_MACHINE\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKEY_LOCAL_MACHINE\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O4 - HKEY_LOCAL_MACHINE\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKEY_LOCAL_MACHINE\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKEY_LOCAL_MACHINE\..\Run: [PLNRNote] "C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe" O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKEY_LOCAL_MACHINE\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKEY_LOCAL_MACHINE\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe O4 - Global Startup: HighPoint ATA RAID Management Software.lnk = C:\Program Files\HighPoint Technologies, Inc\HighPoint ATA RAID Management Software\raidman.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1108841201032 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1185479249309 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL O20 - Winlogon Notify: avldr - C:\WINDOWS\system32\ O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe O23 - Service: GoogleDesktopManager - Google - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 hptpro - c:\windows\system32\drivers\hptpro.sys <Not Verified; HighPoint Technologies, Inc.; HighPoint Filter Driver> R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver> R2 hardlock - c:\windows\system32\drivers\hardlock.sys <Not Verified; Aladdin Knowledge Systems; Hardlock Device Driver for Windows NT> R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver> S0 viaagp (VIA AGP Bus Filter) - c:\windows\system32\drivers\viaagp1.sys (file missing) S0 viaagp1 (VIA AGP Filter) - c:\windows\system32\drivers\viaagp1.sys (file missing) S3 3c1807pd (U.S. Robotics V.92 Fax Win Int) - c:\windows\system32\drivers\3c1807pd.sys <Not Verified; U.S. Robotics Corporation; U.S. Robotics Modem Driver> S3 MagicBox (Embroidery Conversion Box Plus) - c:\windows\system32\drivers\magicbox.sys <Not Verified; OESD; Embroidery Conversion Box> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- All services whitelisted. -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2007-07-05 and 2007-08-05 ----------------------------- 2007-08-03 23:07:46 0 d-------- C:\ie-spyad 2007-08-03 22:44:41 0 d-------- C:\Program Files\SpywareBlaster 2007-08-03 07:13:48 0 d-------- C:\Documents and Settings\Mr. Hill\Application Data\AVG7 2007-08-03 07:11:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-08-03 07:10:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-08-02 07:42:14 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-07-19 10:32:51 0 d-------- C:\Program Files\Spyware Doctor -- Find3M Report --------------------------------------------------------------- 2007-08-03 04:47:03 0 d-------- C:\Program Files\Common Files\Panda Software 2007-08-03 01:02:28 0 d-------- C:\Program Files\Google 2007-07-29 15:38:23 0 d-------- C:\Documents and Settings\Mr. Hill\Application Data\U3 2007-07-03 08:25:22 0 d-------- C:\Program Files\Panda Software 2007-07-03 05:27:52 0 --a------ C:\AUTOEXEC.BAT 2007-07-01 00:38:25 0 d-------- C:\Program Files\Starry Night Backyard 2007-06-30 12:20:07 0 d-------- C:\Program Files\Alwil Software 2007-06-24 23:16:54 0 d-------- C:\Program Files\HP 2007-06-23 14:15:30 0 d-------- C:\Program Files\msn gaming zone 2007-06-23 14:12:35 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-06-11 07:39:01 0 d-------- C:\Documents and Settings\Mr. Hill\Application Data\Sun 2007-06-11 00:35:37 0 d-------- C:\Program Files\Java 2007-06-11 00  10 0 d-------- C:\Program Files\Common Files2007-06-11 00 10 0 d-------- C:\Program Files\Common Files\Java2007-06-10 23:25:27 0 d-------- C:\Program Files\Common Files\Nova Development -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [12/14/2004 11:07 AM] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [10/31/2003 08:42 PM] "USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [08/04/2004 07:00 AM] "3c1807pd"="" [] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/22/2004 09:10 PM] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/13/2004 03:49 PM] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07/29/2007 07:48 PM] "PLNRNote"="C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe" [11/23/2004 08:24 AM] "@"="" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [06/12/2007 01:19 PM] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/03/2007 07:10 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM] "PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" [02/25/2005 07:28 PM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/07/2007 07:20 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe [2/19/2005 12:46:01 PM] HighPoint ATA RAID Management Software.lnk - C:\Program Files\HighPoint Technologies, Inc\HighPoint ATA RAID Management Software\raidman.exe [2/19/2005 11:57:42 AM] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 7:28:24 PM] HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 7:50:52 PM] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 3:05:56 PM] QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [9/19/2006 11:36:08 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] AutoRun\command- G:\LaunchU3.exe -a -- End of Deckard's System Scanner: finished at 2007-08-05 at 22:38:19 ---------
__________________
Susanna |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
08-09-2007, 10:17 AM
|
#3 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,798
OS: WinXP and Vista
|
Re: Posible WIN32:ctx
Hello SusannaKB,
I do not see any malware in your log and as WIN32:ctx. and DSS/Agent are general terms, without a location of where these were detected, I don't have much to go on. Did your online scan at Panda detect anything at all? Did you save the report--if so, please post that here. What program is detecting DSS/Agent? ------------------------------------------------------------- I do see an orphaned entry leftover from Panda Titanium, you can fix it with HijackThis, but it doesn't appear that you allowed dss.exe to download HijackThis when prompted. The HijackThis log above is a cloned version. Please download HijackThis to your desktop. Make sure you close down EVERY open window and close ALL browser windows. The only thing that should be open is the HijackThis program.
Run a scan with HijackThis and 'check' the following entry: O20 - Winlogon Notify: avldr - C:\WINDOWS\system32\ Click 'Fix Checked' and close HijackThis. -------------------------------------------------------- You should also uninstall your old version of Java as it's no longer needed and poses a security risk to your system. Click Start>Control Panel>Add or Remove programs and uninstall the following: Java 2 Runtime Environment Standard Edition v1.3.1_03 **Leave Java(TM) SE Runtime Environment 6 Update 1 intact. Last edited by Ried; 08-09-2007 at 10:31 AM. |
|
|
|
|
08-10-2007, 01:57 PM
|
#4 (permalink) |
|
Registered User
Join Date: Jul 2007
Location: Midwest, US
Posts: 196
OS: Windows XP SP3
|
Re: Posible WIN32:ctx
My response to your first question:
My online scan at Panda didn't detect anything but a DSS/Agent if I remember correctly. And I believe that I saved the report I just cant remember where it saved it to can you tell me? You asked what program was detecting the DSS/Agent: Spyware DR has and Panda. But Spyware DR would find it and then get rid of it. But it seemed that I kept getting them. Perhaps they were each different ones and I, not knowing much, thought they were all the same thing continuing to return. Today I ran a Spyware DR scan and it came out clean. You said: "it doesn't appear that you allowed dss.exe to download HijackThis when prompted. The HijackThis log above is a cloned version." I thought I followed the 5 step process very carefully, should I do something over? I downloaded Hijack This and I could not see O20 - Winlogon Notify:avldr - C:\WINDOWS\system32\ so I didnt do anything just closed it. Finally, I did uninstall the Java that you suggested. I will wait to hear again from you with further instructions - Thank you for your help
__________________
Susanna |
|
|
|
|
08-10-2007, 08:41 PM
|
#5 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,798
OS: WinXP and Vista
|
Re: Posible WIN32:ctx
Hiya,
You would have chosen where Panda would have saved the report, so no, I can't say where it is on your system. Let's just get a fresh scan from another source and see if it detects anything lurking about. Perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
|
|
|
|
|
08-11-2007, 12:44 AM
|
#6 (permalink) |
|
Registered User
Join Date: Jul 2007
Location: Midwest, US
Posts: 196
OS: Windows XP SP3
|
Re: Posible WIN32:ctx
Here is that scan:
KASPERSKY ONLINE SCANNER REPORT Saturday, August 11, 2007 1:28:50 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 11/08/2007 Kaspersky Anti-Virus database records: 378541 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ Scan Statistics Total number of scanned objects 65967 Number of viruses found 0 Number of infected objects 0 Number of suspicious objects 0 Duration of the scan process 01:05:12 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\AVG7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Mr. Hill\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\dbc2e.ht1 Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\dbdam Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\dbdao Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\dbeam Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\dbeao Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\dbm Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\dbu2d.ht1 Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\dbvm.cf1 Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\dbvmh.ht1 Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\fii.cf1 Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\fiih.ht1 Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\hp Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\hpt2i.ht1 Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\rpm.cf1 Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\rpm1m.cf1 Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\rpm1mh.ht1 Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\rpmh.ht1 Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\safeweb\goog-black-enchashm.cf1 Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\safeweb\goog-black-enchashmh.ht1 Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\safeweb\goog-black-urlm.cf1 Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\safeweb\goog-black-urlmh.ht1 Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\safeweb\goog-malware-domainm.cf1 Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\safeweb\goog-malware-domainmh.ht1 Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\safeweb\goog-white-domainm.cf1 Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Google\Google Desktop\11cd44a461b9\safeweb\goog-white-domainmh.ht1 Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Identities\{3434976A-606F-4026-9910-26251B2666EC}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Identities\{3434976A-606F-4026-9910-26251B2666EC}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Identities\{3434976A-606F-4026-9910-26251B2666EC}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Identities\{3434976A-606F-4026-9910-26251B2666EC}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Temp\hpodvd09.log Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Temp\~DF3B61.tmp Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Temp\~DFB6FF.tmp Object is locked skipped C:\Documents and Settings\Mr. Hill\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Mr. Hill\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Mr. Hill\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{9A4903EC-007B-443B-AB0C-CCE36953FDDB}\RP67\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\ModemLog_U.S. Robotics 56K Fax Win.txt Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{A4665FA0-EB33-4093-8E42-08817C68BC40}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\QB GDS P.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
__________________
Susanna |
|
|
|
|
08-11-2007, 07:53 AM
|
#7 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,798
OS: WinXP and Vista
|
Re: Posible WIN32:ctx
As you can see, Kapsersky came up clean. The next time Spyware Doctor reports DSS/Agent, I'd like to see the full location of where it found it so I can perhaps set your mind at ease.
What issues remain for you? |
|
|
|
|
08-11-2007, 08:17 AM
|
#8 (permalink) |
|
Registered User
Join Date: Jul 2007
Location: Midwest, US
Posts: 196
OS: Windows XP SP3
|
Re: Posible WIN32:ctx
Does this mean that I really don't have WIN32:ctx?
Another issue: I have a Print Master program that is used for making greeting cards. It is made by Broderbund and at times the DSS/Agents that I have seen come with Broderbund in their info. Is this bad? should it be prevented? or is just running a Spyware scan every so often all I need to do remedy this? Please tell me what you suggest. I also have other issues that are related to drivers and windows not properly updating and applying patches. Would you suggest that I post them elseware?
__________________
Susanna |
|
|
|
|
08-11-2007, 08:45 AM
|
#9 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,798
OS: WinXP and Vista
|
Re: Posible WIN32:ctx
Hi Susanna,
Correct--I'm not finding any infections in any of the logs presented. Without having the location it was detected in, I'd just be guessing at why, and what it was. Again, I would have to know the exact location DSS/Agent is being found, in order to determine if the 'source' is something we can permanently delete safely or not. In the meantime, let your onboard tools continue to clean it when detected. And yes, as the focus if this forum is malware removal, you'd be better served discussing your other issues in the Windows XP section of this forum. 
Last edited by Ried; 08-11-2007 at 08:47 AM. |
|
|
|
|
08-11-2007, 11:24 AM
|
#11 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,798
OS: WinXP and Vista
|
Re: Posible WIN32:ctx
You're welcome.
To help protect your system in the future, I'd like to suggest adding these free programs: McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
Update all of your onboard programs regularly. Without regular updates you will not be protected when new malicious programs are released. ****************************************** In light of your recent questions in the General Security section, please take a look at these well written articles, they may help you understand 'internet life' and how to best protect yourself: PC Safety and Security--What Do I Need? HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. Take care. 
|
|
|
|
| Thread Tools | |
|
|
