Tech Support banner

Status
Not open for further replies.
1 - 17 of 17 Posts

·
Registered
Joined
·
31 Posts
Discussion Starter · #1 ·
How do i remove this thing from My Computer

i dont know y but from last few days i m getting this thing whenever i open my MY COMPUTER icon ..........even on some other folders i do get the same thing but after custominzing the folder it works fine below is the screen capture



can any one tell me how to remove this thing
 

·
Registered
Joined
·
31 Posts
Discussion Starter · #3 ·
with reference from my previous thread http://www.techsupportforum.com/showthread.php?t=76044
i have done all the things that were said in sticky thread

below is my Hijack this log file

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\WINNT\system32\ZONELABS\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 7:45:36 PM, on 11/9/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\WinTask.exe
C:\Program Files\GETRIGHT\GETRIGHT.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [WinTask] C:\WINNT\WinTask.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GETRIGHT\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GETRIGHT\GRbrowse.htm
O9 - Extra button: Lyric Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Lyric Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\System32\shdocvw.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} -
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AE31BFF-C76A-453A-87C2-0FBACF34166C}: NameServer = 192.168.0.1
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe


End of KRC HijackThis Analyzer Log.
====================================================================
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.

Go to http://WindowsUpdate. & install all available Critical Updates. Patch your system with the most current security fixes and plug all known vulnerabilities.

You do not appear to have an anti-virus application installed on this machine. Let's start off by getting you a free but yet effective antivirus program. Please choose one from any of these 3 programs which are free for home use:

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Please download & install CleanUp.exe


'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING



If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose Yes at the Warning prompt.
  • Expand the Tools menu.
  • Click Resident.
  • Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
  • In the File menu click Exit to exit Spybot Search & Destroy.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


With HiJackThis & place a check next to these items and select "Fix checked":

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [WinTask] C:\WINNT\WinTask.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} -
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} -



* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
    [*]Delete Newsgroup Subscriptions
    [*]Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.
* CleanUp! will not create any backups!!


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Start HiJackThis & go to Config>Misc.Tools> Delete a file on reboot...
  1. In the popup box that appears, type in C:\WINNT\WinTask.exe
  2. Click the Open button.
  3. Click YES when prompted to restart your computer.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


After you have rebooted, please perform an online scan with Internet Explorer at one of the following sites:
Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
  • Double-click the tmas-web-scan.exe icon
  • It will say "Loading TrendMicro definitions".
  • Click "Start Scan"
After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’

It would produce a log called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


In your next post, please include fresh logs from:
  1. HiJackThis
    [*] Online scan
    [*] Antispyware.log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now


Before we can proceed any further, please visit Microsoft's Windows Update Page and install ALL Critcal Updates for your system. At the minimum install at least SP4 for both Windows 2000.

Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system.

Please apply those updates BEFORE posting your next log.

Thank you for your cooperation.
 

·
Registered
Joined
·
31 Posts
Discussion Starter · #5 ·
first of all i would like to thank u for ur great suggestions.and no i didnt really had any probs while doing

steps u mentioned.......and my system is behaving much much better and the My Computer thing that i

screen captured in my first post is also gone now.but when scanning the C drive at the start up it doesnt

get completed and start again n again if windows are not shut down properly

btw my files are below
-------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 1:14:23 AM, on 11/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

192.168.0.1:8080
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [WinTask] C:\WINNT\WinTask.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GETRIGHT\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program

Files\GETRIGHT\GRbrowse.htm
O9 - Extra button: Lyric Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} -

C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Lyric Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} -

C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?113164041

9834
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AE31BFF-C76A-453A-87C2-0FBACF34166C}:

NameServer = 192.168.0.1
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common

Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. -

C:\WINNT\System32\dmadmin.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINNT\system32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common

Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file

missing)
----------------------------------------------------------


Panda Active Scan


Incident Status Location





Adware:adware/superspider No disinfected C:\PROGRAM FILES\Q330994.exe




Adware:adware/startpage.gx No disinfected C:\WINNT\DOWNLOADED PROGRAM

FILES\winsearchie32.exe


Adware:adware/favoriteman No disinfected C:\WINNT\DOWNLOADED PROGRAM

FILES\ATPartners.inf


Spyware:spyware/betterinet No disinfected C:\WINNT\SYSTEM32\in10b6s.dll




Spyware:spyware/marketscore No disinfected C:\WINNT\SYSTEM32\rk.exe




Spyware:spyware/fastsearchweb No disinfected C:\WINNT\SYSTEM32\hlp.dll




Adware:adware/twain-tech No disinfected C:\WINNT\smdat32a.sys




Adware:adware/cws.msconfd No disinfected C:\WINNT\hh.htt




Adware:adware/startpage.id No disinfected C:\msdos.exe




Adware:adware/keenvalue No disinfected C:\PROGRAM FILES\COMMON

FILES\updater


Adware:adware/whenusearch No disinfected C:\PROGRAM FILES\COMMON

FILES\WhenU


Adware:adware/p2pnetworking No disinfected C:\WINNT\SYSTEM32\P2P Networking




Dialer:dialer.bz No disinfected

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIALERDATA.INTDIALERDATA




Adware:adware/wupd No disinfected Windows Registry




Virus:Trj/Multidropper.AEC Disinfected C:\WINNT\system32\in10b6s.dll




Spyware:Spyware/MarketScore No disinfected C:\WINNT\system32\rk.exe




Virus:VBS/Redlof.A Disinfected C:\WINNT\system\Kernel32.dll




Virus:VBS/Redlof.A Disinfected C:\WINNT\Help\ciadmin.htm




Virus:VBS/Redlof.A Disinfected C:\WINNT\Help\ixqlang.htm




Virus:VBS/Redlof.A Disinfected C:\WINNT\Web\printers\ipp_0003.asp




Virus:VBS/Redlof.A Disinfected C:\WINNT\Web\printers\ipp_0014.asp




Virus:VBS/Redlof.A Disinfected C:\WINNT\Web\printers\ipp_0015.asp




Virus:VBS/Redlof.A Disinfected C:\WINNT\Web\wum.htm




Virus:Trojan Horse Disinfected C:\WINNT\Web\tips.ini




Virus:VBS/Redlof.A Disinfected C:\WINNT\Web\kjwall.gif




Adware:Adware/Startpage.CED No disinfected C:\WINNT\Downloaded Program

Files\Q330994.exe


Adware:Adware/Startpage.GX No disinfected C:\WINNT\Downloaded Program

Files\winsearchie32.exe


Dialer:Dialer.BZ No disinfected C:\WINNT\Downloaded Program Files\Dialerdata.dll




Dialer:Dialer.BZ No disinfected C:\WINNT\Downloaded Program

Files\CONFLICT.1\Dialerdata.dll


Adware:Adware/NetPals No disinfected C:\WINNT\Downloaded Program

Files\ATPartners.inf


Virus:Trojan Horse Disinfected C:\WINNT\hh.htt




Virus:VBS/Redlof.A Disinfected

C:\WINNT\$NtServicePackUninstall$\ipp_0008.asp


Virus:VBS/Redlof.A Disinfected

C:\WINNT\$NtServicePackUninstall$\ipp_0009.asp


Virus:VBS/Redlof.A Disinfected

C:\WINNT\$NtServicePackUninstall$\ipp_0011.asp


Virus:VBS/Redlof.A Disinfected

C:\WINNT\$NtServicePackUninstall$\ipp_0012.asp


Virus:VBS/Redlof.A Disinfected

C:\WINNT\$NtServicePackUninstall$\ipp_0016.asp


Virus:VBS/Redlof.A Disinfected C:\WINNT\$NtServicePackUninstall$\ciquery.htm




Virus:VBS/Redlof.A Disinfected

C:\WINNT\$NtServicePackUninstall$\ipp_0001.asp


Virus:VBS/Redlof.A Disinfected

C:\WINNT\$NtServicePackUninstall$\ipp_0002.asp


Virus:VBS/Redlof.A Disinfected

C:\WINNT\$NtServicePackUninstall$\ipp_0004.asp


Virus:VBS/Redlof.A Disinfected

C:\WINNT\$NtServicePackUninstall$\ipp_0005.asp


Virus:VBS/Redlof.A Disinfected

C:\WINNT\$NtServicePackUninstall$\ipp_0006.asp


Virus:VBS/Redlof.A Disinfected

C:\WINNT\$NtServicePackUninstall$\ipp_0007.asp


Virus:VBS/Redlof.A Disinfected

C:\WINNT\$NtServicePackUninstall$\ipp_0010.asp


Virus:VBS/Redlof.A Disinfected

C:\WINNT\$NtServicePackUninstall$\ipp_0013.asp


Virus:VBS/Redlof.A Disinfected C:\WINNT\$NtServicePackUninstall$\page1.asp




Adware:Adware/SuperSpider No disinfected C:\WINNT\new.exe




Adware:Adware/SuperSpider No disinfected C:\WINNT\precontrol.exe




Adware:Adware/SuperSpider No disinfected C:\WINNT\OPTQK.exe




Adware:Adware/SuperSpider No disinfected C:\WINNT\AOTJJSRARRSEJ.exe




Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\My

Documents\Interview\Job Interview Tips and Sample Interview Questions From Interview

Success_files\interview-success.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\My

Documents\Interview\Job Interview Tips and Sample Interview Questions From Interview Success.htm


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\My

Documents\Interview\Job Interview Tips through Job Interview Preperation - Interview

Success_files\interview-success.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\My

Documents\Interview\Job Interview Tips through Job Interview Preperation - Interview Success.htm


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\My

Documents\Interview\Answering Interview Questions - Interview Success_files\interview-success.htm


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\My

Documents\Interview\Good Job Interview Answers - Interview Success_files\interview-success.htm


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\My

Documents\Interview\Good Job Interview Answers - Interview Success.htm


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\My

Documents\Interview\Answering Interview Questions - Interview Success.htm


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\Anchors.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\Default.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\DetectVersion3.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\DetectVersion4.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\DetectVersion5.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\DetectVersion6.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash

MX\Configuration\HTML\Flash_with_AICC_Tracking.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash

MX\Configuration\HTML\Flash_with_SCORM_Tracking.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\FSCommand.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\ImageMap.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\PocketPC2002.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\QuickTime.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\Learning Extensions Srvr

Files\frameset.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\Learning Extensions Srvr

Files\results.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash

MX\Configuration\Importers\ToonboomStudioImportPlugin\start.htm


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash

MX\Configuration\Importers\ToonboomStudioImportPlugin\html\dbImporter.htm


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash

MX\Configuration\Importers\ToonboomStudioImportPlugin\html\importingLibrary.htm


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash

MX\Configuration\Importers\ToonboomStudioImportPlugin\html\importingTBS.htm


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash

MX\Configuration\Importers\ToonboomStudioImportPlugin\html\legalNotice.htm


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash

MX\Configuration\Importers\ToonboomStudioImportPlugin\html\welcome.htm


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Macromedia\Flash

MX\Configuration\Importers\ToonboomStudioImportPlugin\html\whatHappens.htm


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Real\RealOne Player\DataCache\GetMedia\main.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Real\RealOne Player\DataCache\Login\welcome.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Real\RealOne Player\DataCache\Login\cancel.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Real\RealOne Player\DataCache\Login\index.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Real\RealOne Player\DataCache\Login\login.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Real\RealOne Player\DataCache\Login\manage.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Real\RealOne Player\DataCache\GPFeat\index.htm


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Real\RealOne Player\DataCache\GPFeat\DevicesOffline\index.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Real\RealOne Player\DataCache\Radio\main.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Real\RealOne Player\DataCache\Channels\main.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Real\RealOne Player\DataCache\Devices\cdr_help.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Real\RealOne Player\DataCache\search\main.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Real\RealOne Player\DataCache\Help\technicalrequest.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Real\RealOne Player\DataCache\Help\productsurvey.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Real\RealOne Player\DataCache\Help\serviceandsupport.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Real\RealOne Player\DataCache\Help\myacct.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Real\RealOne Player\DataCache\Help\gsg.html


Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer

Khan.bak\Application Data\Real\RealOne Player\DataCache\Help\tutorial.html


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\bin\1033\nortbots.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\bin\_vti_inf.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\bin\postinfo.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admcgi\check.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admcgi\contents.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admcgi\delsbweb.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admcgi\disable.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admcgi\enable.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admcgi\footer.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admcgi\fpadmin.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admcgi\fpbanner.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admcgi\ipaddr.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admcgi\newsrvr.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admcgi\newsbweb.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admcgi\perms.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admcgi\recalc.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admcgi\rensbweb.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admcgi\direxe.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admcgi\dirnoexe.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admcgi\uninstal.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admisapi\check.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admisapi\contents.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admisapi\delsbweb.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admisapi\disable.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admisapi\enable.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admisapi\footer.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admisapi\fpadmin.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admisapi\fpbanner.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admisapi\ipaddr.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admisapi\newsrvr.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admisapi\newsbweb.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admisapi\perms.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admisapi\recalc.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admisapi\rensbweb.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admisapi\direxe.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admisapi\dirnoexe.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft

Shared\web server extensions\40\admisapi\uninstal.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\Common

Files\System\ado\MDACReadme.htm


Virus:VBS/Redlof.A Disinfected C:\Program Files\NetMeeting\netmeet.htm




Virus:VBS/Redlof.A Disinfected C:\Program Files\Adobe\Acrobat

5.0\Reader\plug_ins\WEBBUY\HTML\template1.html


Virus:VBS/Redlof.A Disinfected C:\Program Files\Adobe\Acrobat

5.0\Reader\plug_ins\WEBBUY\HTML\template2.html


Virus:VBS/Redlof.A Disinfected C:\Program Files\Adobe\Acrobat

5.0\Reader\plug_ins\WEBBUY\HTML\template5.html


Virus:VBS/Redlof.A Disinfected C:\Program Files\Adobe\Acrobat

5.0\Reader\ReadMe.html


Virus:VBS/Redlof.A Disinfected C:\Program Files\Zone

Labs\ZoneAlarm\readme.html


Virus:VBS/Redlof.A Disinfected C:\Program Files\Zone Labs\ZoneAlarm\zl_priv.htm




Virus:VBS/Soraci.A Disinfected C:\Program Files\FileLock\Help\use.htm




Virus:VBS/Soraci.A Disinfected C:\Program Files\FileLock\Help\index.htm




Virus:VBS/Soraci.A Disinfected C:\Program Files\FileLock\Help\Password.htm




Virus:VBS/Soraci.A Disinfected C:\Program Files\FileLock\Help\uninstall.htm




Virus:VBS/Soraci.A Disinfected C:\Program Files\FileLock\Help\Unlocka.htm




Virus:VBS/Soraci.A Disinfected C:\Program Files\FileLock\Help\Unlocks.htm




Virus:VBS/Soraci.A Disinfected C:\Program Files\FileLock\Help\Add.htm




Virus:VBS/Redlof.A Disinfected E:\fav\My Documents\Interview\Job Interview

Tips and Sample Interview Questions From Interview Success.htm


Virus:VBS/Redlof.A Disinfected E:\fav\My Documents\Interview\Job Interview

Tips through Job Interview Preperation - Interview Success.htm


Virus:VBS/Redlof.A Disinfected E:\fav\My Documents\Interview\Good Job

Interview Answers - Interview Success.htm


Virus:VBS/Redlof.A Disinfected E:\fav\My Documents\Interview\Answering

Interview Questions - Interview Success.htm


Virus:VBS/Redlof.A Disinfected E:\fav\My Documents\Interview\Good Job

Interview Answers - Interview Success_files\interview-success.htm


Virus:VBS/Redlof.A Disinfected E:\fav\My Documents\Interview\Answering

Interview Questions - Interview Success_files\interview-success.htm


Virus:VBS/Redlof.A Disinfected E:\fav\My Documents\Interview\Job Interview

Tips through Job Interview Preperation - Interview Success_files\interview-success.htm


Virus:VBS/Redlof.A Disinfected E:\fav\My Documents\Interview\Job Interview

Tips and Sample Interview Questions From Interview Success_files\interview-success.htm


Virus:VBS/Soraci.A Disinfected G:\Games\MozPong\register.html




Virus:VBS/Soraci.A Disinfected G:\Games\MozPong\readme.html




Hacktool:Flooder Program No disinfected G:\Rehan\SuperScan\udpflood.zip[udpflood.exe]




Virus:Trj/Nuker.SmbDie Disinfected G:\Rehan\SMBdie.exe




Virus:VBS/Soraci.A Disinfected H:\Setup Of Xp\README.HTM




Virus:VBS/Soraci.A Disinfected H:\Setup Of Xp\SPNOTES.HTM




Virus:VBS/Soraci.A Disinfected H:\Ebooks\Data and Computer

Communications\index.htm


Hacktool:HackTool/HVLScan No disinfected

H:\Ebooks\complete_set_hacking_tools+manuals\hacking_tools\hvlscan.zip[HVLScan.exe]


Virus:VBS/Soraci.A Disinfected

H:\Ebooks\complete_set_hacking_tools+manuals\Maximum Security - a Hackers Guide to

Protection\ch01\ch01.htm


Virus:VBS/Soraci.A Disinfected

H:\Ebooks\complete_set_hacking_tools+manuals\Maximum Security - a Hackers Guide to

Protection\copy.htm


Virus:VBS/Soraci.A Disinfected

H:\Ebooks\complete_set_hacking_tools+manuals\Maximum Security - a Hackers Guide to

Protection\index.htm


Virus:VBS/Soraci.A Disinfected

H:\Ebooks\complete_set_hacking_tools+manuals\BONUS!!!.htm


Virus:VBS/Soraci.A Disinfected H:\Ebooks\C in 21 Days\ebookblock.html




Virus:VBS/Soraci.A Disinfected H:\Ebooks\C in 21 Days\copy.htm




Virus:VBS/Soraci.A Disinfected H:\Ebooks\C in 21 Days\index.htm




Virus:VBS/Soraci.A Disinfected H:\Ebooks\Asp Stuff\An ASP ADO Tutorial in

Displaying Database Information on a Website with IIS - Part 4 ASP Pages.htm


Virus:VBS/Soraci.A Disinfected H:\Ebooks\mastering-network-security\index.html




Virus:VBS/Soraci.A Disinfected H:\Ebooks\mastering-network-security\ewtoc.html




Virus:VBS/Soraci.A Disinfected

H:\Ebooks\mastering-network-security\appendix-a.html


Virus:VBS/Soraci.A Disinfected

H:\Ebooks\mastering-network-security\appendix-b.html


Virus:VBS/Soraci.A Disinfected

H:\Ebooks\mastering-network-security\book-index.html


Virus:VBS/Soraci.A Disinfected H:\Program Files\GetRight\GRBrowse.htm




Virus:VBS/Soraci.A Disinfected H:\Program Files\GetRight\GRDownload.htm




Virus:VBS/Soraci.A Disinfected I:\My Docs Orignal\Misc\Was The Apollo Moon

Landing Fake.htm


Virus:VBS/Soraci.A Disinfected I:\Bs Player\doc\ini_files.html



---------------------------------------------------

Anti Spyware File

Started Scanning
Internet Cookies
Found 'atdmt.com' in 'Internet Explorer Cache'
Found 'z1.adserver.com' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'doubleclick.net' in 'Internet Explorer Cache'
Found 'hitbox.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Morpheus'
Found '' in 'Software\KaZaA\CloudLoad'
Found '' in 'Software\KaZaA\ConnectionInfo'
Found '' in 'Software\KaZaA\LocalContent'
Found '' in 'Software\SpeedBit\Download Accelerator'
Found '' in 'Software\SpeedBit\Download Accelerator\ADS'
Found '' in 'Software\SpeedBit\Download Accelerator\ADS\Default'
Found '' in 'Software\SpeedBit\Download Accelerator\NoTrigger'
Found '' in 'Software\SpeedBit\Download

Accelerator\NoTrigger\Always'
Found '' in 'Software\SpeedBit\Download

Accelerator\NoTrigger\WhenFound'
Found '' in 'Software\SpeedBit\Download

Accelerator\NoTrigger\WhenNotFound'
Found '' in

'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}'
Found '' in

'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\InprocServer32'
Found '' in

'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\ProgID'
Found '' in

'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\TypeLib'
Found '' in

'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\VersionIndependentPro

gID'
Found '' in

'SOFTWARE\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}'
Found '' in

'SOFTWARE\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}\InprocServer32'
Found '' in

'SOFTWARE\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}\ProgID'
Found '' in

'SOFTWARE\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}\VersionIndependentProg

ID'
Found '' in

'SOFTWARE\Classes\CLSID\{9738B9E6-8AFA-11D2-959E-444553540002}'
Found '' in

'SOFTWARE\Classes\CLSID\{9738B9E6-8AFA-11D2-959E-444553540002}\InProcServer32'
Found '' in

'SOFTWARE\Classes\CLSID\{9738B9E6-8AFA-11D2-959E-444553540002}\ProgID'
Found '' in 'SOFTWARE\Classes\DAPIE.Catcher.1\CLSID'
Found '' in 'SOFTWARE\Classes\DAPIE.Catcher\CLSID'
Found '' in 'SOFTWARE\Classes\DAPIE.DownloadAcceleratorIE.1'
Found '' in

'SOFTWARE\Classes\DAPIE.DownloadAcceleratorIE.1\CLSID'
Found '' in

'SOFTWARE\Classes\DAPIE.DownloadAcceleratorIE\CLSID'
Found '' in

'SOFTWARE\Classes\DAPIE.DownloadAcceleratorIE\CurVer'
Found '' in 'SOFTWARE\Classes\DAPNS.Protocol.1'
Found '' in 'SOFTWARE\Classes\DAPNS.Protocol.1\CLSID'
Found '' in

'SOFTWARE\Classes\Interface\{5BFA1DAE-5EDC-11D2-959E-00C00C02DA5E}'
Found '' in

'SOFTWARE\Classes\Interface\{5BFA1DAE-5EDC-11D2-959E-00C00C02DA5E}\ProxyStubClsid'
Found '' in

'SOFTWARE\Classes\Interface\{5BFA1DAE-5EDC-11D2-959E-00C00C02DA5E}\ProxyStubClsid32'
Found '' in

'SOFTWARE\Classes\Interface\{5BFA1DAE-5EDC-11D2-959E-00C00C02DA5E}\TypeLib'
Found '' in

'SOFTWARE\Classes\TypeLib\{5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}\1.0'
Found '' in

'SOFTWARE\Classes\TypeLib\{5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}\1.0\0\win32'
Found '' in

'SOFTWARE\Classes\TypeLib\{5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}\1.0\FLAGS'
Found '' in

'SOFTWARE\Classes\TypeLib\{5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}\1.0\HELPDIR'
Found '' in 'SOFTWARE\SpeedBit\Download Accelerator\Updates'
Found '' in 'Software\Kazaa'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found '' in

'SOFTWARE\Classes\Interface\{7138714C-9819-4AB1-9A86-E7C413C9A99E}'
Found '' in

'SOFTWARE\Classes\Interface\{7138714C-9819-4AB1-9A86-E7C413C9A99E}\ProxyStubClsid'
Found '' in

'SOFTWARE\Classes\Interface\{7138714C-9819-4AB1-9A86-E7C413C9A99E}\ProxyStubClsid32'
Found '' in

'SOFTWARE\Classes\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}'
Found '' in

'SOFTWARE\Classes\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}\InprocServer32'
Found '' in

'SOFTWARE\Classes\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}\ProgID'
Found '' in

'SOFTWARE\Classes\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}\TypeLib'
Found '' in

'SOFTWARE\Classes\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}\VersionIndependentProg

ID'
Found '' in 'SOFTWARE\Classes\Wallpaper.WallpaperManager'
Found '' in 'SOFTWARE\Classes\Wallpaper.WallpaperManager.1'
Found '' in

'SOFTWARE\Classes\Wallpaper.WallpaperManager.1\CLSID'
Found '' in

'SOFTWARE\Classes\Wallpaper.WallpaperManager\CLSID'
Found '' in

'SOFTWARE\Classes\Wallpaper.WallpaperManager\CurVer'
Found '' in 'SOFTWARE\Classes\Xmlmimefilter.XMLMimeFilterPP'
Found '' in

'SOFTWARE\Classes\Xmlmimefilter.XMLMimeFilterPP\CurVer'
Found '' in

'SOFTWARE\Classes\AppID\{0507FDDE-F3B7-49F5-9E8F-C557E991F39B}'
Found '' in 'SOFTWARE\Classes\AppID\WeatherOnTray.EXE'
Found '' in

'SOFTWARE\Classes\Interface\{A1772E14-9291-454E-AEDE-02161FBC3E59}'
Found '' in

'SOFTWARE\Classes\Interface\{A1772E14-9291-454E-AEDE-02161FBC3E59}\ProxyStubClsid'
Found '' in

'SOFTWARE\Classes\Interface\{A1772E14-9291-454E-AEDE-02161FBC3E59}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Microsoft\Code Store Database\Distribution

Units\{00000EF1-0786-4633-87C6-1AA7A44296DA}'
Found '' in 'SOFTWARE\Microsoft\Code Store Database\Distribution

Units\{00000EF1-0786-4633-87C6-1AA7A44296DA}\DownloadInformation'
Found '' in 'SOFTWARE\Microsoft\Code Store Database\Distribution

Units\{00000EF1-0786-4633-87C6-1AA7A44296DA}\InstalledVersion'
Found 'AppID' in 'SOFTWARE\Classes\AppID\WeatherOnTray.EXE'
Found 'ThreadingModel' in

'SOFTWARE\Classes\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}\InprocServer32'
Found 'b' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'DatabaseDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'DownloadDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'ListenPort' in 'SOFTWARE\Kazaa'
Found 'Tmp' in 'SOFTWARE\Kazaa'
Found 'time' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'ShareDir' in 'SOFTWARE\Kazaa\CloudLoad'
Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo'
Found '' in 'SOFTWARE\MyWay'
Found '' in

'SOFTWARE\Classes\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423}'
Found '' in

'SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324}'
Found '' in

'SOFTWARE\Classes\Interface\{3F04CBF7-CD62-4403-B090-B432DEDCB159}'
Found '' in

'SOFTWARE\Classes\Interface\{9DD19D39-2CDC-465B-BB21-1D433590BA3D}'
Found '{B195B3B3-8A05-11D3-97A4-0004ACA6948E}' in

'Software\Microsoft\Internet Explorer\Toolbar\WebBrowser'
Found '' in 'Software\Microsoft\Internet Explorer\Explorer

Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}'
Found '' in

'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Program Files\Common Files\updater'
Found '' in 'C:\Program Files\Common Files\WhenU'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Program Files\Common Files\updater' in shortcut areas.
Checking for 'C:\Program Files\Common Files\updater' in startup areas.
Cleaning 'C:\Program Files\Common Files\updater'
Checking for 'C:\Program Files\Common Files\WhenU' in shortcut areas.
Checking for 'C:\Program Files\Common Files\WhenU' in startup areas.
Cleaning 'C:\Program Files\Common Files\WhenU'
Finished Cleaning
Started Scanning
Internet Cookies
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning


---------------------------------------------------------
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Your log is very difficult to read.

Kindly turn off the word wrap feature in your text editor.
With notepad, this can be done by going to Format -> untick "Word Wrap".

Kindly re-post the above logs after you have done so.

Thank You
 

·
Registered
Joined
·
31 Posts
Discussion Starter · #7 ·
here i go again

Hijack This Log file

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\WINNT\system32\ZONELABS\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 7:45:36 PM, on 11/9/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\WinTask.exe
C:\Program Files\GETRIGHT\GETRIGHT.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [WinTask] C:\WINNT\WinTask.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GETRIGHT\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GETRIGHT\GRbrowse.htm
O9 - Extra button: Lyric Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Lyric Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\System32\shdocvw.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} -
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AE31BFF-C76A-453A-87C2-0FBACF34166C}: NameServer = 192.168.0.1
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe


End of KRC HijackThis Analyzer Log.
====================================================================



PANDA ACTIVE SCAN LOG


Incident Status Location

Adware:adware/superspider No disinfected C:\PROGRAM FILES\Q330994.exe
Adware:adware/startpage.gx No disinfected C:\WINNT\DOWNLOADED PROGRAM FILES\winsearchie32.exe
Adware:adware/favoriteman No disinfected C:\WINNT\DOWNLOADED PROGRAM FILES\ATPartners.inf
Spyware:spyware/betterinet No disinfected C:\WINNT\SYSTEM32\in10b6s.dll
Spyware:spyware/marketscore No disinfected C:\WINNT\SYSTEM32\rk.exe
Spyware:spyware/fastsearchweb No disinfected C:\WINNT\SYSTEM32\hlp.dll
Adware:adware/twain-tech No disinfected C:\WINNT\smdat32a.sys
Adware:adware/cws.msconfd No disinfected C:\WINNT\hh.htt
Adware:adware/startpage.id No disinfected C:\msdos.exe
Adware:adware/keenvalue No disinfected C:\PROGRAM FILES\COMMON FILES\updater
Adware:adware/whenusearch No disinfected C:\PROGRAM FILES\COMMON FILES\WhenU
Adware:adware/p2pnetworking No disinfected C:\WINNT\SYSTEM32\P2P Networking
Dialer:dialer.bz No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIALERDATA.INTDIALERDATA
Adware:adware/wupd No disinfected Windows Registry
Virus:Trj/Multidropper.AEC Disinfected C:\WINNT\system32\in10b6s.dll
Spyware:Spyware/MarketScore No disinfected C:\WINNT\system32\rk.exe
Virus:VBS/Redlof.A Disinfected C:\WINNT\system\Kernel32.dll
Virus:VBS/Redlof.A Disinfected C:\WINNT\Help\ciadmin.htm
Virus:VBS/Redlof.A Disinfected C:\WINNT\Help\ixqlang.htm
Virus:VBS/Redlof.A Disinfected C:\WINNT\Web\printers\ipp_0003.asp
Virus:VBS/Redlof.A Disinfected C:\WINNT\Web\printers\ipp_0014.asp
Virus:VBS/Redlof.A Disinfected C:\WINNT\Web\printers\ipp_0015.asp
Virus:VBS/Redlof.A Disinfected C:\WINNT\Web\wum.htm
Virus:Trojan Horse Disinfected C:\WINNT\Web\tips.ini
Virus:VBS/Redlof.A Disinfected C:\WINNT\Web\kjwall.gif
Adware:Adware/Startpage.CED No disinfected C:\WINNT\Downloaded Program Files\Q330994.exe
Adware:Adware/Startpage.GX No disinfected C:\WINNT\Downloaded Program Files\winsearchie32.exe
Dialer:Dialer.BZ No disinfected C:\WINNT\Downloaded Program Files\Dialerdata.dll
Dialer:Dialer.BZ No disinfected C:\WINNT\Downloaded Program Files\CONFLICT.1\Dialerdata.dll
Adware:Adware/NetPals No disinfected C:\WINNT\Downloaded Program Files\ATPartners.inf
Virus:Trojan Horse Disinfected C:\WINNT\hh.htt
Virus:VBS/Redlof.A Disinfected C:\WINNT\$NtServicePackUninstall$\ipp_0008.asp
Virus:VBS/Redlof.A Disinfected C:\WINNT\$NtServicePackUninstall$\ipp_0009.asp
Virus:VBS/Redlof.A Disinfected C:\WINNT\$NtServicePackUninstall$\ipp_0011.asp
Virus:VBS/Redlof.A Disinfected C:\WINNT\$NtServicePackUninstall$\ipp_0012.asp
Virus:VBS/Redlof.A Disinfected C:\WINNT\$NtServicePackUninstall$\ipp_0016.asp
Virus:VBS/Redlof.A Disinfected C:\WINNT\$NtServicePackUninstall$\ciquery.htm
Virus:VBS/Redlof.A Disinfected C:\WINNT\$NtServicePackUninstall$\ipp_0001.asp
Virus:VBS/Redlof.A Disinfected C:\WINNT\$NtServicePackUninstall$\ipp_0002.asp
Virus:VBS/Redlof.A Disinfected C:\WINNT\$NtServicePackUninstall$\ipp_0004.asp
Virus:VBS/Redlof.A Disinfected C:\WINNT\$NtServicePackUninstall$\ipp_0005.asp
Virus:VBS/Redlof.A Disinfected C:\WINNT\$NtServicePackUninstall$\ipp_0006.asp
Virus:VBS/Redlof.A Disinfected C:\WINNT\$NtServicePackUninstall$\ipp_0007.asp
Virus:VBS/Redlof.A Disinfected C:\WINNT\$NtServicePackUninstall$\ipp_0010.asp
Virus:VBS/Redlof.A Disinfected C:\WINNT\$NtServicePackUninstall$\ipp_0013.asp
Virus:VBS/Redlof.A Disinfected C:\WINNT\$NtServicePackUninstall$\page1.asp
Adware:Adware/SuperSpider No disinfected C:\WINNT\new.exe
Adware:Adware/SuperSpider No disinfected C:\WINNT\precontrol.exe
Adware:Adware/SuperSpider No disinfected C:\WINNT\OPTQK.exe
Adware:Adware/SuperSpider No disinfected C:\WINNT\AOTJJSRARRSEJ.exe
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\My Documents\Interview\Job Interview Tips and Sample Interview Questions From Interview Success_files\interview-success.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\My Documents\Interview\Job Interview Tips and Sample Interview Questions From Interview Success.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\My Documents\Interview\Job Interview Tips through Job Interview Preperation - Interview Success_files\interview-success.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\My Documents\Interview\Job Interview Tips through Job Interview Preperation - Interview Success.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\My Documents\Interview\Answering Interview Questions - Interview Success_files\interview-success.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\My Documents\Interview\Good Job Interview Answers - Interview Success_files\interview-success.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\My Documents\Interview\Good Job Interview Answers - Interview Success.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\My Documents\Interview\Answering Interview Questions - Interview Success.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\Anchors.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\Default.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\DetectVersion3.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\DetectVersion4.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\DetectVersion5.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\DetectVersion6.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\Flash_with_AICC_Tracking.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\Flash_with_SCORM_Tracking.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\FSCommand.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\ImageMap.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\PocketPC2002.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\QuickTime.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\Learning Extensions Srvr Files\frameset.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\HTML\Learning Extensions Srvr Files\results.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\Importers\ToonboomStudioImportPlugin\start.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\Importers\ToonboomStudioImportPlugin\html\dbImporter.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\Importers\ToonboomStudioImportPlugin\html\importingLibrary.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\Importers\ToonboomStudioImportPlugin\html\importingTBS.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\Importers\ToonboomStudioImportPlugin\html\legalNotice.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\Importers\ToonboomStudioImportPlugin\html\welcome.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Macromedia\Flash MX\Configuration\Importers\ToonboomStudioImportPlugin\html\whatHappens.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Real\RealOne Player\DataCache\GetMedia\main.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Real\RealOne Player\DataCache\Login\welcome.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Real\RealOne Player\DataCache\Login\cancel.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Real\RealOne Player\DataCache\Login\index.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Real\RealOne Player\DataCache\Login\login.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Real\RealOne Player\DataCache\Login\manage.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Real\RealOne Player\DataCache\GPFeat\index.htm
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Real\RealOne Player\DataCache\GPFeat\DevicesOffline\index.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Real\RealOne Player\DataCache\Radio\main.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Real\RealOne Player\DataCache\Channels\main.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Real\RealOne Player\DataCache\Devices\cdr_help.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Real\RealOne Player\DataCache\search\main.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Real\RealOne Player\DataCache\Help\technicalrequest.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Real\RealOne Player\DataCache\Help\productsurvey.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Real\RealOne Player\DataCache\Help\serviceandsupport.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Real\RealOne Player\DataCache\Help\myacct.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Real\RealOne Player\DataCache\Help\gsg.html
Virus:VBS/Redlof.A Disinfected C:\Documents and Settings\M Umer Khan.bak\Application Data\Real\RealOne Player\DataCache\Help\tutorial.html
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\1033\nortbots.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\_vti_inf.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\postinfo.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\check.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\contents.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\delsbweb.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\disable.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\enable.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\footer.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\fpadmin.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\fpbanner.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\ipaddr.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\newsrvr.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\newsbweb.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\perms.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\recalc.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\rensbweb.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\direxe.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\dirnoexe.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\uninstal.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\check.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\contents.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\delsbweb.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\disable.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\enable.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\footer.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\fpadmin.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\fpbanner.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\ipaddr.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\newsrvr.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\newsbweb.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\perms.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\recalc.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\rensbweb.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\direxe.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\dirnoexe.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\uninstal.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Common Files\System\ado\MDACReadme.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\NetMeeting\netmeet.htm
Virus:VBS/Redlof.A Disinfected C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\WEBBUY\HTML\template1.html
Virus:VBS/Redlof.A Disinfected C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\WEBBUY\HTML\template2.html
Virus:VBS/Redlof.A Disinfected C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\WEBBUY\HTML\template5.html
Virus:VBS/Redlof.A Disinfected C:\Program Files\Adobe\Acrobat 5.0\Reader\ReadMe.html
Virus:VBS/Redlof.A Disinfected C:\Program Files\Zone Labs\ZoneAlarm\readme.html
Virus:VBS/Redlof.A Disinfected C:\Program Files\Zone Labs\ZoneAlarm\zl_priv.htm
Virus:VBS/Soraci.A Disinfected C:\Program Files\FileLock\Help\use.htm
Virus:VBS/Soraci.A Disinfected C:\Program Files\FileLock\Help\index.htm
Virus:VBS/Soraci.A Disinfected C:\Program Files\FileLock\Help\Password.htm
Virus:VBS/Soraci.A Disinfected C:\Program Files\FileLock\Help\uninstall.htm
Virus:VBS/Soraci.A Disinfected C:\Program Files\FileLock\Help\Unlocka.htm
Virus:VBS/Soraci.A Disinfected C:\Program Files\FileLock\Help\Unlocks.htm
Virus:VBS/Soraci.A Disinfected C:\Program Files\FileLock\Help\Add.htm
Virus:VBS/Redlof.A Disinfected E:\fav\My Documents\Interview\Job Interview Tips and Sample Interview Questions From Interview Success.htm
Virus:VBS/Redlof.A Disinfected E:\fav\My Documents\Interview\Job Interview Tips through Job Interview Preperation - Interview Success.htm
Virus:VBS/Redlof.A Disinfected E:\fav\My Documents\Interview\Good Job Interview Answers - Interview Success.htm
Virus:VBS/Redlof.A Disinfected E:\fav\My Documents\Interview\Answering Interview Questions - Interview Success.htm
Virus:VBS/Redlof.A Disinfected E:\fav\My Documents\Interview\Good Job Interview Answers - Interview Success_files\interview-success.htm
Virus:VBS/Redlof.A Disinfected E:\fav\My Documents\Interview\Answering Interview Questions - Interview Success_files\interview-success.htm
Virus:VBS/Redlof.A Disinfected E:\fav\My Documents\Interview\Job Interview Tips through Job Interview Preperation - Interview Success_files\interview-success.htm
Virus:VBS/Redlof.A Disinfected E:\fav\My Documents\Interview\Job Interview Tips and Sample Interview Questions From Interview Success_files\interview-success.htm
Virus:VBS/Soraci.A Disinfected G:\Games\MozPong\register.html
Virus:VBS/Soraci.A Disinfected G:\Games\MozPong\readme.html
Hacktool:Flooder Program No disinfected G:\Rehan\SuperScan\udpflood.zip[udpflood.exe]
Virus:Trj/Nuker.SmbDie Disinfected G:\Rehan\SMBdie.exe
Virus:VBS/Soraci.A Disinfected H:\Setup Of Xp\README.HTM
Virus:VBS/Soraci.A Disinfected H:\Setup Of Xp\SPNOTES.HTM
Virus:VBS/Soraci.A Disinfected H:\Ebooks\Data and Computer Communications\index.htm
Hacktool:HackTool/HVLScan No disinfected H:\Ebooks\complete_set_hacking_tools+manuals\hacking_tools\hvlscan.zip[HVLScan.exe]
Virus:VBS/Soraci.A Disinfected H:\Ebooks\complete_set_hacking_tools+manuals\Maximum Security - a Hackers Guide to Protection\ch01\ch01.htm
Virus:VBS/Soraci.A Disinfected H:\Ebooks\complete_set_hacking_tools+manuals\Maximum Security - a Hackers Guide to Protection\copy.htm
Virus:VBS/Soraci.A Disinfected H:\Ebooks\complete_set_hacking_tools+manuals\Maximum Security - a Hackers Guide to Protection\index.htm
Virus:VBS/Soraci.A Disinfected H:\Ebooks\complete_set_hacking_tools+manuals\BONUS!!!.htm
Virus:VBS/Soraci.A Disinfected H:\Ebooks\C in 21 Days\ebookblock.html
Virus:VBS/Soraci.A Disinfected H:\Ebooks\C in 21 Days\copy.htm
Virus:VBS/Soraci.A Disinfected H:\Ebooks\C in 21 Days\index.htm
Virus:VBS/Soraci.A Disinfected H:\Ebooks\Asp Stuff\An ASP ADO Tutorial in Displaying Database Information on a Website with IIS - Part 4 ASP Pages.htm
Virus:VBS/Soraci.A Disinfected H:\Ebooks\mastering-network-security\index.html
Virus:VBS/Soraci.A Disinfected H:\Ebooks\mastering-network-security\ewtoc.html
Virus:VBS/Soraci.A Disinfected H:\Ebooks\mastering-network-security\appendix-a.html
Virus:VBS/Soraci.A Disinfected H:\Ebooks\mastering-network-security\appendix-b.html
Virus:VBS/Soraci.A Disinfected H:\Ebooks\mastering-network-security\book-index.html
Virus:VBS/Soraci.A Disinfected H:\Program Files\GetRight\GRBrowse.htm
Virus:VBS/Soraci.A Disinfected H:\Program Files\GetRight\GRDownload.htm
Virus:VBS/Soraci.A Disinfected I:\My Docs Orignal\Misc\Was The Apollo Moon Landing Fake.htm
Virus:VBS/Soraci.A Disinfected I:\Bs Player\doc\ini_files.html


ANTI SPYWARE LOG

Started Scanning
Internet Cookies
Found 'atdmt.com' in 'Internet Explorer Cache'
Found 'z1.adserver.com' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'doubleclick.net' in 'Internet Explorer Cache'
Found 'hitbox.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Morpheus'
Found '' in 'Software\KaZaA\CloudLoad'
Found '' in 'Software\KaZaA\ConnectionInfo'
Found '' in 'Software\KaZaA\LocalContent'
Found '' in 'Software\SpeedBit\Download Accelerator'
Found '' in 'Software\SpeedBit\Download Accelerator\ADS'
Found '' in 'Software\SpeedBit\Download Accelerator\ADS\Default'
Found '' in 'Software\SpeedBit\Download Accelerator\NoTrigger'
Found '' in 'Software\SpeedBit\Download Accelerator\NoTrigger\Always'
Found '' in 'Software\SpeedBit\Download Accelerator\NoTrigger\WhenFound'
Found '' in 'Software\SpeedBit\Download Accelerator\NoTrigger\WhenNotFound'
Found '' in 'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}'
Found '' in 'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}'
Found '' in 'SOFTWARE\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{8110AEA1-AD5B-4B90-883F-04A9A33B106E}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{9738B9E6-8AFA-11D2-959E-444553540002}'
Found '' in 'SOFTWARE\Classes\CLSID\{9738B9E6-8AFA-11D2-959E-444553540002}\InProcServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{9738B9E6-8AFA-11D2-959E-444553540002}\ProgID'
Found '' in 'SOFTWARE\Classes\DAPIE.Catcher.1\CLSID'
Found '' in 'SOFTWARE\Classes\DAPIE.Catcher\CLSID'
Found '' in 'SOFTWARE\Classes\DAPIE.DownloadAcceleratorIE.1'
Found '' in 'SOFTWARE\Classes\DAPIE.DownloadAcceleratorIE.1\CLSID'
Found '' in 'SOFTWARE\Classes\DAPIE.DownloadAcceleratorIE\CLSID'
Found '' in 'SOFTWARE\Classes\DAPIE.DownloadAcceleratorIE\CurVer'
Found '' in 'SOFTWARE\Classes\DAPNS.Protocol.1'
Found '' in 'SOFTWARE\Classes\DAPNS.Protocol.1\CLSID'
Found '' in 'SOFTWARE\Classes\Interface\{5BFA1DAE-5EDC-11D2-959E-00C00C02DA5E}'
Found '' in 'SOFTWARE\Classes\Interface\{5BFA1DAE-5EDC-11D2-959E-00C00C02DA5E}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{5BFA1DAE-5EDC-11D2-959E-00C00C02DA5E}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{5BFA1DAE-5EDC-11D2-959E-00C00C02DA5E}\TypeLib'
Found '' in 'SOFTWARE\Classes\TypeLib\{5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}\1.0\HELPDIR'
Found '' in 'SOFTWARE\SpeedBit\Download Accelerator\Updates'
Found '' in 'Software\Kazaa'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found '' in 'SOFTWARE\Classes\Interface\{7138714C-9819-4AB1-9A86-E7C413C9A99E}'
Found '' in 'SOFTWARE\Classes\Interface\{7138714C-9819-4AB1-9A86-E7C413C9A99E}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{7138714C-9819-4AB1-9A86-E7C413C9A99E}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}'
Found '' in 'SOFTWARE\Classes\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\Wallpaper.WallpaperManager'
Found '' in 'SOFTWARE\Classes\Wallpaper.WallpaperManager.1'
Found '' in 'SOFTWARE\Classes\Wallpaper.WallpaperManager.1\CLSID'
Found '' in 'SOFTWARE\Classes\Wallpaper.WallpaperManager\CLSID'
Found '' in 'SOFTWARE\Classes\Wallpaper.WallpaperManager\CurVer'
Found '' in 'SOFTWARE\Classes\Xmlmimefilter.XMLMimeFilterPP'
Found '' in 'SOFTWARE\Classes\Xmlmimefilter.XMLMimeFilterPP\CurVer'
Found '' in 'SOFTWARE\Classes\AppID\{0507FDDE-F3B7-49F5-9E8F-C557E991F39B}'
Found '' in 'SOFTWARE\Classes\AppID\WeatherOnTray.EXE'
Found '' in 'SOFTWARE\Classes\Interface\{A1772E14-9291-454E-AEDE-02161FBC3E59}'
Found '' in 'SOFTWARE\Classes\Interface\{A1772E14-9291-454E-AEDE-02161FBC3E59}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{A1772E14-9291-454E-AEDE-02161FBC3E59}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000EF1-0786-4633-87C6-1AA7A44296DA}'
Found '' in 'SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000EF1-0786-4633-87C6-1AA7A44296DA}\DownloadInformation'
Found '' in 'SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000EF1-0786-4633-87C6-1AA7A44296DA}\InstalledVersion'
Found 'AppID' in 'SOFTWARE\Classes\AppID\WeatherOnTray.EXE'
Found 'ThreadingModel' in 'SOFTWARE\Classes\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}\InprocServer32'
Found 'b' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'DatabaseDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'DownloadDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'ListenPort' in 'SOFTWARE\Kazaa'
Found 'Tmp' in 'SOFTWARE\Kazaa'
Found 'time' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'ShareDir' in 'SOFTWARE\Kazaa\CloudLoad'
Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo'
Found '' in 'SOFTWARE\MyWay'
Found '' in 'SOFTWARE\Classes\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423}'
Found '' in 'SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324}'
Found '' in 'SOFTWARE\Classes\Interface\{3F04CBF7-CD62-4403-B090-B432DEDCB159}'
Found '' in 'SOFTWARE\Classes\Interface\{9DD19D39-2CDC-465B-BB21-1D433590BA3D}'
Found '{B195B3B3-8A05-11D3-97A4-0004ACA6948E}' in 'Software\Microsoft\Internet Explorer\Toolbar\WebBrowser'
Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Program Files\Common Files\updater'
Found '' in 'C:\Program Files\Common Files\WhenU'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Program Files\Common Files\updater' in shortcut areas.
Checking for 'C:\Program Files\Common Files\updater' in startup areas.
Cleaning 'C:\Program Files\Common Files\updater'
Checking for 'C:\Program Files\Common Files\WhenU' in shortcut areas.
Checking for 'C:\Program Files\Common Files\WhenU' in startup areas.
Cleaning 'C:\Program Files\Common Files\WhenU'
Finished Cleaning
Started Scanning
Internet Cookies
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
There's something wrong with the HJT log you just posted.

Logfile of HijackThis v1.99.1
Scan saved at 7:45:36 PM, on 11/9/2005

The previous log which you tried to post earlier is dated differently

Logfile of HijackThis v1.99.1
Scan saved at 1:14:23 AM, on 11/12/2005


Please post a fresh & current log
 

·
Registered
Joined
·
31 Posts
Discussion Starter · #9 ·
ur were right i sposted the result.txt file btw here is the new log file from HJT

Logfile of HijackThis v1.99.1
Scan saved at 6:20:25 PM, on 11/13/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [WinTask] C:\WINNT\WinTask.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GETRIGHT\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GETRIGHT\GRbrowse.htm
O9 - Extra button: Lyric Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Lyric Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131640419834
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AE31BFF-C76A-453A-87C2-0FBACF34166C}: NameServer = 192.168.0.1
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Download these files/programs & save to Desktop :

Right click on this & choose "Save As..." DelO15Domains.inf - DelO15Domains.inf
Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards.

Host.zip
Extract the file & overwrite the existing copy located at C:\WINNT\SYSTEM32\DRIVERS\ETC\host

SpywareBlaster 3.4
Install & update SpywareBlaster with the latest definitions.
After you have updated, click the button - enable protection for all unprotected items

IE-SpyAD - Extract the contents to a new folder
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list.
Then return to the main menu.
Select option #4 - Add the old porn sites domain

KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)

Launch KillBox.exe & select the following options:
  • delete on Reboot
Select all the filenames listed below & then right-click & select Copy
  • C:\PROGRAM FILES\Q330994.exe
    C:\WINNT\DOWNLOADED PROGRAM FILES\winsearchie32.exe
    C:\WINNT\DOWNLOADED PROGRAM FILES\ATPartners.inf
    C:\WINNT\SYSTEM32\in10b6s.dll
    C:\WINNT\SYSTEM32\rk.exe
    C:\WINNT\SYSTEM32\hlp.dll
    C:\WINNT\smdat32a.sys
    C:\WINNT\hh.htt
    C:\msdos.exe
    C:\WINNT\system32\rk.exe
    C:\WINNT\new.exe
    C:\WINNT\precontrol.exe
    C:\WINNT\OPTQK.exe
    C:\WINNT\AOTJJSRARRSEJ.exe
* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Afer you have rebooted, fix these with HJT:

O4 - HKLM\..\Run: [WinTask] C:\WINNT\WinTask.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm



* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
  • Tick - Show hidden files and folder
  • Untick - Hide file extensions for known types
  • Untick - Hide protected operating system files
Click Yes to confirm & then click OK

Locate and delete the following files/folders: (let me know if you fail to find/delete any)
  • C:\PROGRAM FILES\COMMON FILES\updater
    C:\PROGRAM FILES\COMMON FILES\WhenU
    C:\WINNT\SYSTEM32\P2P Networking

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
    [*]Delete Newsgroup Subscriptions
    [*]Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Perform an online scan with Internet Explorer with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
        • Standard
      • Scan Options:
        • Scan Archives
        • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information in your next post along with a new HJT log

* Turn off the real time scanner of any existing antivirus program while performing the online scan
 

·
Registered
Joined
·
31 Posts
Discussion Starter · #12 ·
for some reason whenever i click on Kapersky Online scanner after some process it gives me the error


"Please wait to update the virus definitions...
Update process FAILED. No further antivirus actions can be performed!

Attention, you must be online to activate Kaspersky On-line Scanner, since the latest Anti-Virus bases version must be uploaded prior to scan. Otherwise we cannot guarantee detection of latest viruses. Please go online to use Kaspersky On-line Scanner. "

otherwise i have done all the things u said in ur post
 

·
Registered
Joined
·
31 Posts
Discussion Starter · #14 ·
done the scan but i m feeling that my system is taking too much to load after all the above steps that i have performed btw here is my HJT log file

Logfile of HijackThis v1.99.1
Scan saved at 8:44:42 PM, on 11/17/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [WinTask] C:\WINNT\WinTask.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GETRIGHT\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GETRIGHT\GRbrowse.htm
O9 - Extra button: Lyric Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Lyric Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\System32\shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131640419834
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AE31BFF-C76A-453A-87C2-0FBACF34166C}: NameServer = 192.168.0.1
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Did Trend Micro not offer you a report?

Please fix this entry with HijackThis:

O4 - HKLM\..\Run: [WinTask] C:\WINNT\WinTask.exe



Delete this file, if found - C:\WINNT\WinTask.exe


Reboot & post a new HJT log. Also let me know if you still have any other issues.
 

·
Registered
Joined
·
31 Posts
Discussion Starter · #16 ·
i didnt find wintask.exe in c:\winnt folder and btw my computer is behaving so slow it is taking so much time to load and processing and running other apllications here is my log file

Logfile of HijackThis v1.99.1
Scan saved at 10:56:22 PM, on 11/20/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\WINNT\system32\mobsync.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GETRIGHT\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GETRIGHT\GRbrowse.htm
O9 - Extra button: Lyric Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Lyric Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINNT\System32\shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131640419834
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AE31BFF-C76A-453A-87C2-0FBACF34166C}: NameServer = 192.168.0.1
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
my computer is behaving so slow it is taking so much time to load and processing and running other apllications
Well, your system is clean but I'm puzzled why you say it's slow. Just how slow is it?

Please list down your system specifications & tell me how much free space is still available.

For the meanwhile, I suggest that you defrag your hard disks first
 
1 - 17 of 17 Posts
Status
Not open for further replies.
Top