Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:31 PM, on 5/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows SteadyState\SCTSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM..\Run: [Bubble] “%ProgramFiles%\Windows SteadyState\Bubble.exe”
O4 - HKLM..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM..\Run: [Windows Media Connect 2] “C:\Program Files\Windows Media Connect 2\WMCCFG.exe” /StartQuiet
O4 - HKLM..\Run: [eFax 4.3] “C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe” /R
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\MegaCool\SOMETH~1\ashDisp.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU..\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKUS\S-1-5-18..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18..\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18..\Run: [ccleaner] “C:\Program Files\CCleaner\CCleaner.exe” /AUTO (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User ‘Default user’)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\WEB2~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193516774250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193516760546
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\MegaCool\SomethingforU\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\MegaCool\SomethingforU\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\MegaCool\SomethingforU\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\MegaCool\SomethingforU\ashWebSv.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: IMSafer (ImSaferService) - Unknown owner - C:\Documents and Settings\Lockeruper22\Desktop\IMSafer\bin\imsc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
–
End of file - 10463 bytes
[b]O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\MegaCool\SomethingforU\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\MegaCool\SomethingforU\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\MegaCool\SomethingforU\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\MegaCool\SomethingforU\ashWebSv.exe (file missing)
O23 - Service: IMSafer (ImSaferService) - Unknown owner - C:\Documents and Settings\Lockeruper22\Desktop\IMSafer\bin\imsc.exe (file missing)[/b]
Should I delete those entrys?
[b]O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab[/b]
Why is that there? ???
Because you (or someone who used your computer) played some game from Disney ?
:o
Umm… Is it ok if I delete it?
I am not sure if will effect the Disney games’ playability or not.
I would leave it alone.
What do I do about the malware in the processes like Win32: Banker?
Did a scan with Spybot. Here is the results:
CouponBar: [SBI $EFE6495E] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
CouponBar: [SBI $CB95FB49] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
CouponBar: [SBI $51FE8B2E] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1
CouponBar: [SBI $51FE8B2E] Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
CouponBar: [SBI $7A5ACBCB] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}
CouponBar: [SBI $7B15781E] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface{A138BE8B-F051-4802-9A3F-A750A6D862D4}
CouponBar: [SBI $E3788A7B] Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib{87255C51-CD7D-4506-B9AD-97606DAF53F3}
Right Media: Tracking cookie (Internet Explorer: Donovan) (Cookie, fixed)
DoubleClick: Tracking cookie (Flock: Donovan (default)) (Cookie, fixed)
— Spybot - Search & Destroy version: 1.6.2 (build: 20090126) —
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-04-19 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-03-25 Includes\Adware.sbi ()
2009-05-05 Includes\AdwareC.sbi ()
2009-01-22 Includes\Cookies.sbi ()
2009-03-31 Includes\Dialer.sbi ()
2009-05-05 Includes\DialerC.sbi ()
2009-01-22 Includes\HeavyDuty.sbi ()
2009-04-21 Includes\Hijackers.sbi ()
2009-05-05 Includes\HijackersC.sbi ()
2009-05-06 Includes\Keyloggers.sbi ()
2009-05-06 Includes\KeyloggersC.sbi ()
2004-11-29 Includes\LSP.sbi ()
2009-05-05 Includes\Malware.sbi ()
2009-05-05 Includes\MalwareC.sbi ()
2009-03-25 Includes\PUPS.sbi ()
2009-05-05 Includes\PUPSC.sbi ()
2009-01-22 Includes\Revision.sbi ()
2009-01-13 Includes\Security.sbi ()
2009-05-05 Includes\SecurityC.sbi ()
2008-06-03 Includes\Spybots.sbi ()
2008-06-03 Includes\SpybotsC.sbi ()
2009-04-07 Includes\Spyware.sbi ()
2009-05-05 Includes\SpywareC.sbi ()
2009-04-07 Includes\Tracks.uti
2009-04-29 Includes\Trojans.sbi ()
2009-05-06 Includes\TrojansC.sbi ()
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
a-squared Free - Version 4.0
Last update: 5/8/2009 6:29:13 PM
Scan settings:
Objects: Memory, Traces, Cookies, C:, D:, G:
Scan archives: On
Heuristics: Off
ADS Scan: On
Scan start: 5/8/2009 6:30:49 PM
c:\program files\the weather channel fw detected: Trace.Directory.Desktop Weather!A2
c:\program files\the weather channel fw\desktop weather detected: Trace.Directory.Desktop Weather!A2
c:\program files\the weather channel fw\framework detected: Trace.Directory.Desktop Weather!A2
c:\program files\the weather channel fw\desktop weather\eula.html detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\desktop weather\install.log detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\desktop weather\theweatherchannelcustomuninstall.exe detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\install.log detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelne.exe detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelqc.exe detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelqx.exe detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelsetup.exe detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelslnchr.exe detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelupdate.exe detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\wiseinstallutility.dll detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\wxfw.cpl detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\wxfw.dll detected: Trace.File.Desktop Weather!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Weather Channel Desktop → DisplayName detected: Trace.Registry.Desktop Weather!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Weather Channel Desktop → UninstallString detected: Trace.Registry.Desktop Weather!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Freeze.com\Installer → id detected: Trace.Registry.EZ Game Cheats!A2
Key: HKEY_USERS\S-1-5-21-484763869-963894560-682003330-1085\software\kazaa detected: Trace.Registry.KaZaA!A2
C:\Documents and Settings\Donovan\Cookies\donovan@247realmedia[2].txt detected: Trace.TrackingCookie.247realmedia!A2
C:\Documents and Settings\Donovan\Cookies\donovan@2o7[2].txt detected: Trace.TrackingCookie.2o7!A2
C:\Documents and Settings\Donovan\Cookies\donovan@bs.serving-sys[1].txt detected: Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Donovan\Cookies\donovan@com[2].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Donovan\Cookies\donovan@questionmarket[2].txt detected: Trace.TrackingCookie.questionmarket!A2
C:\Documents and Settings\Donovan\Cookies\donovan@realmedia[2].txt detected: Trace.TrackingCookie.realmedia!A2
C:\Documents and Settings\Donovan\Cookies\donovan@rubiconproject[1].txt detected: Trace.TrackingCookie.rub!A2
C:\Documents and Settings\Donovan\Cookies\donovan@server.iad.liveperson[2].txt detected: Trace.TrackingCookie.server.iad.livepers!A2
C:\Documents and Settings\Donovan\Cookies\donovan@server.iad.liveperson[3].txt detected: Trace.TrackingCookie.server.iad.livepers!A2
C:\Documents and Settings\Donovan\Cookies\donovan@serving-sys[2].txt detected: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Donovan\Cookies\donovan@smartadserver[2].txt detected: Trace.TrackingCookie.smartadserver!A2
C:\Documents and Settings\Donovan\Cookies\donovan@specificclick[2].txt detected: Trace.TrackingCookie.specificclick!A2
C:\Documents and Settings\Donovan\Cookies\donovan@trafficmp[1].txt detected: Trace.TrackingCookie.trafficmp!A2
C:\Documents and Settings\Donovan\Cookies\donovan@tribalfusion[2].txt detected: Trace.TrackingCookie.tribalfusion!A2
C:\Documents and Settings\Donovan\Application Data\Mozilla\Firefox\Profiles\fkcmylez.default\cookies.sqlite:1241658346046875 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\DCE REVOLG.DELL.000\Desktop\Make Your Own Rom\Pokemon ROM\BaseEdit.exe detected: Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\Desktop\Make Your Own Rom\Pokemon ROM\Bewildered.exe detected: Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\Desktop\Make Your Own Rom\Pokemon ROM\Spread.exe detected: Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\My Documents\EliteMap\BaseEdit.exe detected: Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\My Documents\EliteMap\Bewildered.exe detected: Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\My Documents\EliteMap\Spread.exe detected: Trojan-Spy.Win32.VB.bs!IK
C:\WINDOWS\CouponPrinter.ocx detected: Riskware.AdWare.Win32.BHO!IK
C:_OTMoveIt\MovedFiles\04162009_162802\Program Files\MSN Messenger\msimg32.dll detected: Riskware.AdWare.Mywebsearch!IK
D:\Pajama Sam\Catalog\demos\backyard\bb2demo.u32 detected: Trojan-Dropper.Agent!IK
D:\ReaderRabbitReading\Donovan\Catalog\demos\backyard\bb2demo.u32 detected: Trojan-Dropper.Agent!IK
G:\Program-Files\SRB2\SRB2Riders Launcher.exe detected: Hoax.Win32.BadJoke.Formatter.d!A2
Scanned
Files: 254201
Traces: 792086
Cookies: 350
Processes: 38
Found
Files: 11
Traces: 20
Cookies: 15
Processes: 0
Registry keys: 0
Scan end: 5/8/2009 10:39:05 PM
Scan time: 4:08:16
G:\Program-Files\SRB2\SRB2Riders Launcher.exe Quarantined Hoax.Win32.BadJoke.Formatter.d!A2
D:\Pajama Sam\Catalog\demos\backyard\bb2demo.u32 Quarantined Trojan-Dropper.Agent!IK
D:\ReaderRabbitReading\Donovan\Catalog\demos\backyard\bb2demo.u32 Quarantined Trojan-Dropper.Agent!IK
C:_OTMoveIt\MovedFiles\04162009_162802\Program Files\MSN Messenger\msimg32.dll Quarantined Riskware.AdWare.Mywebsearch!IK
C:\WINDOWS\CouponPrinter.ocx Quarantined Riskware.AdWare.Win32.BHO!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\Desktop\Make Your Own Rom\Pokemon ROM\BaseEdit.exe Quarantined Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\Desktop\Make Your Own Rom\Pokemon ROM\Bewildered.exe Quarantined Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\Desktop\Make Your Own Rom\Pokemon ROM\Spread.exe Quarantined Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\My Documents\EliteMap\BaseEdit.exe Quarantined Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\My Documents\EliteMap\Bewildered.exe Quarantined Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\My Documents\EliteMap\Spread.exe Quarantined Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\Donovan\Application Data\Mozilla\Firefox\Profiles\fkcmylez.default\cookies.sqlite:1241658346046875 Quarantined Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Donovan\Cookies\donovan@tribalfusion[2].txt Quarantined Trace.TrackingCookie.tribalfusion!A2
C:\Documents and Settings\Donovan\Cookies\donovan@trafficmp[1].txt Quarantined Trace.TrackingCookie.trafficmp!A2
C:\Documents and Settings\Donovan\Cookies\donovan@specificclick[2].txt Quarantined Trace.TrackingCookie.specificclick!A2
C:\Documents and Settings\Donovan\Cookies\donovan@smartadserver[2].txt Quarantined Trace.TrackingCookie.smartadserver!A2
C:\Documents and Settings\Donovan\Cookies\donovan@serving-sys[2].txt Quarantined Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Donovan\Cookies\donovan@server.iad.liveperson[2].txt Quarantined Trace.TrackingCookie.server.iad.livepers!A2
C:\Documents and Settings\Donovan\Cookies\donovan@server.iad.liveperson[3].txt Quarantined Trace.TrackingCookie.server.iad.livepers!A2
C:\Documents and Settings\Donovan\Cookies\donovan@rubiconproject[1].txt Quarantined Trace.TrackingCookie.rub!A2
C:\Documents and Settings\Donovan\Cookies\donovan@realmedia[2].txt Quarantined Trace.TrackingCookie.realmedia!A2
C:\Documents and Settings\Donovan\Cookies\donovan@questionmarket[2].txt Quarantined Trace.TrackingCookie.questionmarket!A2
C:\Documents and Settings\Donovan\Cookies\donovan@com[2].txt Quarantined Trace.TrackingCookie.com!A2
C:\Documents and Settings\Donovan\Cookies\donovan@bs.serving-sys[1].txt Quarantined Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Donovan\Cookies\donovan@2o7[2].txt Quarantined Trace.TrackingCookie.2o7!A2
C:\Documents and Settings\Donovan\Cookies\donovan@247realmedia[2].txt Quarantined Trace.TrackingCookie.247realmedia!A2
Key: HKEY_USERS\S-1-5-21-484763869-963894560-682003330-1085\software\kazaa Quarantined Trace.Registry.KaZaA!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Freeze.com\Installer → id Quarantined Trace.Registry.EZ Game Cheats!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Weather Channel Desktop → DisplayName Quarantined Trace.Registry.Desktop Weather!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Weather Channel Desktop → UninstallString Quarantined Trace.Registry.Desktop Weather!A2
c:\program files\the weather channel fw\desktop weather\eula.html Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\desktop weather\install.log Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\desktop weather\theweatherchannelcustomuninstall.exe Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\install.log Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelne.exe Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelqc.exe Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelqx.exe Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelsetup.exe Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelslnchr.exe Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelupdate.exe Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\wiseinstallutility.dll Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\wxfw.cpl Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\wxfw.dll Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw Quarantined Trace.Directory.Desktop Weather!A2
c:\program files\the weather channel fw\desktop weather Quarantined Trace.Directory.Desktop Weather!A2
c:\program files\the weather channel fw\framework Quarantined Trace.Directory.Desktop Weather!A2
Quarantined
Files: 11
Traces: 20
Cookies: 15
So, after running Spybot & a-squared, is your computer better now?
If you feel no secure you can try SAS/MBAM for check and a Avast! boot time scan.
I opened outlook express 2007 today and got this message:
Hello,
many thanks for the delivered file.
***** false-positive *****
This file is a so called false-positive according to our analysis.
That means this file was detected in wrong.
Please do not delete this file! The next signature update will fix the detection and the scanner should not alert this file anymore.
If you need additional help please contact the malware experts in our
forum: http://forum.emsisoft.com
Have a nice (malware-free) day!
Your Emsi Software Analysis Team
I’m still waiting for all the other emails…
This email, if not fake, came from a-squared team, maybe you should look at their forum.
a-squared gave me a lot of headaches in the past due to false positives…