[TCS]BlackMamba Posted June 3, 2004 Share Posted June 3, 2004 One of my friends desktops has been changed when he was on a site to: I have diagnosed it as a spyware problem and I am currently trying to solve it with him useing adaware 6.181 etc but is my diagnosis correct? He cannot override the image useing any of the normal methods is there any other way of overriding it? Quote Link to comment Share on other sites More sharing options...
Kewl Posted June 3, 2004 Share Posted June 3, 2004 (edited) download Spybot - Search and destroy. http://www.safer-networking.org/index.php?page=download Edited June 3, 2004 by Kewl Quote Link to comment Share on other sites More sharing options...
[TCS]BlackMamba Posted June 3, 2004 Author Share Posted June 3, 2004 Currently im hoping adaware will do its stuff i was kinda hopeing some one else had had it and new a cure. Quote Link to comment Share on other sites More sharing options...
Recon Posted June 3, 2004 Share Posted June 3, 2004 Can you not click on "Removal Instructions"? Quote Link to comment Share on other sites More sharing options...
[TCS]BlackMamba Posted June 3, 2004 Author Share Posted June 3, 2004 Can you not click on "Removal Instructions"? Unfortunatly not. Quote Link to comment Share on other sites More sharing options...
[TCS]BlackMamba Posted June 3, 2004 Author Share Posted June 3, 2004 His logfile after a AdAware Scan: Lavasoft Ad-aware Personal Build 6.181 Logfile created on :03 June 2004 13:29:42 Created with Ad-aware Personal, free for private use. Using reference-file :01R314 02.06.2004 ______________________________________________________ Reffile status: ========================= Reference file loaded: Reference Number : 01R298 20.04.2004 Internal build : 229 File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref Total size : 1067557 Bytes Signature data size : 1049356 Bytes Reference data size : 18137 Bytes Signatures total : 23569 Target categories : 10 Target families : 455 03-06-2004 13:23:31 Performing Webupdate... Installing Update... Reference file loaded: Reference Number : 01R314 02.06.2004 Internal build : 246 File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref Total size : 1201492 Bytes Signature data size : 1181377 Bytes Reference data size : 20051 Bytes Signatures total : 26331 Target categories : 10 Target families : 491 03-06-2004 13:26:54 Success. Update successfully downlodaded and installed. Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:31 % Total physical memory:261616 kb Available physical memory:79216 kb Total page file size:633608 kb Available on page file:464408 kb Total virtual memory:2097024 kb Available virtual memory:2049796 kb OS: Ad-aware Settings ========================= Set : Activate in-depth scan (Recommended) Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file 03-06-2004 13:29:42 - Scan started. (Custom mode) Listing running processes ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ #:1 [smss.exe] FilePath : \SystemRoot\System32\ ThreadCreationTime : 03-06-2004 11:52:54 BasePriority : Normal #:2 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ThreadCreationTime : 03-06-2004 11:53:01 BasePriority : High #:3 [services.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 03-06-2004 11:53:02 BasePriority : Normal FileSize : 99 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe OriginalFilename : services.exe ProductName : Microsoft Created on : 01/01/1980 Last accessed : 03/06/2004 12:14:10 Last modified : 18/08/2001 12:00:00 #:4 [lsass.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 03-06-2004 11:53:02 BasePriority : Normal FileSize : 11 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe OriginalFilename : lsass.exe ProductName : Microsoft Created on : 01/01/1980 Last accessed : 03/06/2004 12:14:10 Last modified : 18/08/2001 12:00:00 #:5 [svchost.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 03-06-2004 11:53:03 BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 01/01/1980 Last accessed : 03/06/2004 12:14:10 Last modified : 18/08/2001 12:00:00 #:6 [svchost.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 03-06-2004 11:53:03 BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 01/01/1980 Last accessed : 03/06/2004 12:14:10 Last modified : 18/08/2001 12:00:00 #:7 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 03-06-2004 11:53:04 BasePriority : Normal FileSize : 50 KB FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe OriginalFilename : spoolsv.exe ProductName : Microsoft Created on : 01/01/1980 Last accessed : 03/06/2004 12:14:10 Last modified : 18/08/2001 12:00:00 #:8 [nhksrv.exe] FilePath : C:\Apps\ActivBoard\ ThreadCreationTime : 03-06-2004 11:53:05 BasePriority : Normal FileSize : 28 KB Created on : 01/11/2003 18:15:53 Last accessed : 03/06/2004 12:14:10 Last modified : 13/09/2000 16:18:26 #:9 [sagent2.exe] FilePath : C:\Program Files\Common Files\EPSON\EBAPI\ ThreadCreationTime : 03-06-2004 11:53:06 BasePriority : Normal FileSize : 112 KB FileVersion : 1, 2, 0, 0 ProductVersion : 1, 0, 0, 0 Copyright : Copyright © SEIKO EPSON CORP. 2000 CompanyName : SEIKO EPSON CORPORATION FileDescription : EPSON Printer Status Agent InternalName : SAgent2 OriginalFilename : SAgent2.exe ProductName : EPSON Bidirectional Printer Created on : 23/11/2003 19:30:24 Last accessed : 03/06/2004 12:14:10 Last modified : 17/11/2000 01:02:00 #:10 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 03-06-2004 11:53:06 BasePriority : Normal FileSize : 56 KB FileVersion : 5.13.01.1540 ProductVersion : 5.13.01.1540 Copyright : Copyright CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 15.40 InternalName : NVSVC OriginalFilename : nvsvc32.exe ProductName : NVIDIA Driver Helper Service, Version 15.40 Created on : 01/01/1980 Last accessed : 03/06/2004 12:14:10 Last modified : 07/09/2001 19:35:00 #:11 [slserv.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 03-06-2004 11:53:06 BasePriority : Normal FileSize : 44 KB FileVersion : 2.80.00(24Apr2000) ProductVersion : 2.80.00 Copyright : Copyright FileDescription : User-Level Modem Service InternalName : slserv OriginalFilename : slserv.exe ProductName : Modem Created on : 01/01/1980 Last accessed : 03/06/2004 12:29:42 Last modified : 30/09/2001 18:05:52 #:12 [svchost.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 03-06-2004 11:53:06 BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 01/01/1980 Last accessed : 03/06/2004 12:14:10 Last modified : 18/08/2001 12:00:00 #:13 [explorer.exe] FilePath : C:\WINDOWS\ ThreadCreationTime : 03-06-2004 11:53:21 BasePriority : Normal FileSize : 977 KB FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer OriginalFilename : EXPLORER.EXE ProductName : Microsoft Created on : 01/01/1980 Last accessed : 03/06/2004 11:53:24 Last modified : 18/08/2001 12:00:00 #:14 [em_exec.exe] FilePath : C:\PROGRA~1\MOUSEW~1\SYSTEM\ ThreadCreationTime : 03-06-2004 11:53:28 BasePriority : Normal FileSize : 34 KB FileVersion : 9.40.139 ProductVersion : 9.40 Copyright : Copyright CompanyName : Logitech Inc. FileDescription : Control Center InternalName : EM_EXEC OriginalFilename : EM_EXEC.CPP ProductName : MouseWare Created on : 01/11/2003 18:10:46 Last accessed : 03/06/2004 11:53:01 Last modified : 24/08/2001 09:40:00 #:15 [mmkeybd.exe] FilePath : C:\Apps\ActivBoard\ ThreadCreationTime : 03-06-2004 11:53:28 BasePriority : Normal FileSize : 156 KB FileVersion : 1.00 ProductVersion : 1.00 Copyright : Copyright © 2000-2001 Netropa Corp. CompanyName : Netropa Corp. FileDescription : Netropa® Hot Key InternalName : Netropa Hot Key OriginalFilename : nhk.exe ProductName : Netropa Hot Key Created on : 01/11/2003 18:15:53 Last accessed : 03/06/2004 11:53:01 Last modified : 03/05/2001 18:41:20 #:16 [p2p networking.exe] FilePath : C:\WINDOWS\System32\P2P Networking\ ThreadCreationTime : 03-06-2004 11:53:28 BasePriority : Normal FileSize : 469 KB FileVersion : 1, 24, 0, 70 ProductVersion : 1, 24, 0, 70 Copyright : Copyright CompanyName : Joltid Ltd. FileDescription : P2P Networking InternalName : P2P Networking OriginalFilename : P2P Networking.exe ProductName : P2P Networking Created on : 10/11/2003 11:56:57 Last accessed : 03/06/2004 11:53:01 Last modified : 10/11/2003 11:56:55 #:17 [points manager.exe] FilePath : C:\program files\altnet\points manager\ ThreadCreationTime : 03-06-2004 11:53:28 BasePriority : Normal FileSize : 329 KB FileVersion : 1, 0, 0, 102 ProductVersion : 1, 0, 0, 0 Copyright : Copyright Altnet Inc. © 2002,2003 FileDescription : Peer Points Manager InternalName : Peer Points Manager ProductName : Peer Points Manager Created on : 10/11/2003 13:39:45 Last accessed : 03/06/2004 11:53:01 Last modified : 24/06/2003 12:59:08 #:18 [mwsoemon.exe] FilePath : C:\PROGRA~1\MYWEBS~1\bar\1.bin\ ThreadCreationTime : 03-06-2004 11:53:28 BasePriority : Normal FileSize : 20 KB FileVersion : 1,0,0,7 ProductVersion : 1,0,0,7 Copyright : Copyright CompanyName : MyWebSearch.com FileDescription : My Web Search Email Plugin InternalName : My Web Search Email Plugin OriginalFilename : mwsoemon.exe ProductName : My Web Search Email Plugin Created on : 05/01/2004 18:38:24 Last accessed : 03/06/2004 11:53:01 Last modified : 05/01/2004 18:38:24 #:19 [msgplus.exe] FilePath : C:\Program Files\Messenger Plus! 3\ ThreadCreationTime : 03-06-2004 11:53:28 BasePriority : Normal FileSize : 156 KB FileVersion : 3, 0, 0, 92 ProductVersion : 3, 0, 0, 92 Copyright : Copyright © 2001-2004 CompanyName : Patchou FileDescription : Messenger Plus! InternalName : MsgPlus OriginalFilename : MsgPlus.exe ProductName : Messenger Plus! 3 Created on : 24/05/2004 12:08:42 Last accessed : 03/06/2004 11:53:28 Last modified : 24/05/2004 12:08:42 #:20 [ctfmon.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 03-06-2004 11:53:28 BasePriority : Normal FileSize : 13 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON OriginalFilename : CTFMON.EXE ProductName : Microsoft Created on : 01/01/1980 Last accessed : 03/06/2004 11:53:01 Last modified : 18/08/2001 12:00:00 #:21 [traymon.exe] FilePath : C:\Apps\ActivBoard\ ThreadCreationTime : 03-06-2004 11:53:32 BasePriority : Normal FileSize : 108 KB Created on : 01/11/2003 18:15:53 Last accessed : 03/06/2004 12:13:59 Last modified : 03/05/2001 18:50:48 #:22 [e_s10ic2.exe] FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ ThreadCreationTime : 03-06-2004 11:53:32 BasePriority : Normal FileSize : 67 KB FileVersion : 3.00 ProductVersion : 3.00 Copyright : Copyright © SEIKO EPSON CORP. 2001 CompanyName : SEIKO EPSON CORPORATION FileDescription : EPSON Status Monitor 3 InternalName : E_S10IC2 OriginalFilename : E_S10IC2.EXE ProductName : EPSON Status Monitor 3 Created on : 23/11/2003 19:30:21 Last accessed : 03/06/2004 12:29:43 Last modified : 18/01/2001 20:00:00 #:23 [asm.exe] FilePath : C:\PROGRA~1\Altnet\DOWNLO~1\ ThreadCreationTime : 03-06-2004 11:53:32 BasePriority : Normal FileSize : 318 KB FileVersion : 1, 0, 0, 53 ProductVersion : 1, 0, 0, 0 Copyright : Copyright 2003 FileDescription : Altnet Sharing Manager InternalName : ASM OriginalFilename : ASM.EXE ProductName : Altnet Sharing Manager Created on : 10/11/2003 12:00:06 Last accessed : 03/06/2004 12:29:43 Last modified : 04/11/2003 13:29:42 #:24 [osd.exe] FilePath : C:\Apps\ActivBoard\ ThreadCreationTime : 03-06-2004 11:53:32 BasePriority : Normal FileSize : 88 KB FileVersion : 2.02 ProductVersion : 2.02 Copyright : Copyright CompanyName : Netropa Corp. FileDescription : Netropa® Onscreen Display InternalName : OSD OriginalFilename : osd.exe ProductName : Onscreen Display Created on : 01/11/2003 18:15:53 Last accessed : 03/06/2004 12:29:43 Last modified : 18/04/2001 01:22:52 #:25 [msnmsgr.exe] FilePath : C:\Program Files\MSN Messenger\ ThreadCreationTime : 03-06-2004 11:53:35 BasePriority : Normal FileSize : 4572 KB FileVersion : 6.1.0211 ProductVersion : Version 6.1 Copyright : Copyright © Microsoft Corporation 1997-2003 CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msnmsgr OriginalFilename : msnmsgr.exe ProductName : Messenger Created on : 04/03/2004 14:01:00 Last accessed : 03/06/2004 12:14:10 Last modified : 04/03/2004 14:01:00 #:26 [sllights.exe] FilePath : C:\WINDOWS\ ThreadCreationTime : 03-06-2004 11:54:12 BasePriority : Normal FileSize : 416 KB FileVersion : 2, 0, 9, 9 ProductVersion : 2.09.9 (22 March 01) Copyright : Copyright FileDescription : SLLights InternalName : SLLights OriginalFilename : SLLIGHTS.EXE ProductName : SLLights Created on : 01/01/1980 Last accessed : 03/06/2004 12:13:59 Last modified : 30/09/2001 18:05:52 #:27 [wuauclt.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 03-06-2004 11:54:16 BasePriority : Normal FileSize : 145 KB FileVersion : 5.4.3790.20 built by: lab04_n ProductVersion : 5.4.3790.20 CompanyName : Microsoft Corporation FileDescription : Windows Update AutoUpdate Client InternalName : wuauclt.exe OriginalFilename : wuauclt.exe ProductName : Microsoft Created on : 01/11/2003 17:57:55 Last accessed : 03/06/2004 12:29:43 Last modified : 09/02/2004 20:09:02 #:28 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-aware 6\ ThreadCreationTime : 03-06-2004 12:22:05 BasePriority : Normal FileSize : 668 KB FileVersion : 6.0.1.181 ProductVersion : 6.0.0.0 Copyright : Copyright CompanyName : Lavasoft Sweden FileDescription : Ad-aware 6 core application InternalName : Ad-aware.exe OriginalFilename : Ad-aware.exe ProductName : Lavasoft Ad-aware Plus Created on : 03/06/2004 12:21:16 Last accessed : 03/06/2004 12:22:05 Last modified : 12/07/2003 20:00:20 #:29 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ThreadCreationTime : 03-06-2004 12:22:57 BasePriority : Normal FileSize : 89 KB FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore OriginalFilename : IEXPLORE.EXE ProductName : Microsoft Created on : 01/11/2003 17:59:21 Last accessed : 03/06/2004 12:22:57 Last modified : 18/08/2001 12:00:00 Memory scan result : ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 0 Objects found so far: 0 Started registry scan ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Alexa Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} BrilliantDigital Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : AppID\installman.EXE BrilliantDigital Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : AppID\{7DAB5F7A-8C49-4538-A1C2-78D81FDF3F9B} BrilliantDigital Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : BDEInstallMan3.BDEInstallMan3 BrilliantDigital Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : BDEInstallMan3.BDEInstallMan3.1 BrilliantDigital Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : BDESmartInstaller25.BDESmartInstaller25 BrilliantDigital Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : BDESmartInstaller25.BDESmartInstaller25.1 BrilliantDigital Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : bdesmartinstaller4.bdesmartinstaller4 BrilliantDigital Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : bdesmartinstaller4.bdesmartinstaller4.1 BrilliantDigital Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{3EEC42B5-FB94-40D3-A588-BB54B383A7CB} BrilliantDigital Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{8721F16D-CBF8-4CE5-B924-18D64E12E77E} BrilliantDigital Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{C6EE11C9-0FFE-4567-9EB3-BFD9ECBC561F} BrilliantDigital Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : Interface\{67925164-C4B6-11D2-B9C6-0000E84F59A6} BrilliantDigital Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : Interface\{817B054A-DE21-44E2-B2D5-B7BDD3F26A42} BrilliantDigital Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : Interface\{BAF2D92F-B610-4BA1-86D0-464D26DDCA69} BrilliantDigital Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : Interface\{F2AC7A7B-DFFE-4036-8561-54C88EFE544A} BrilliantDigital Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Brilliant Digital Entertainment BrilliantDigital Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : TypeLib\{5FBF618A-82CC-4E96-BC3D-C91C48E94B3E} BrilliantDigital Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : TypeLib\{74CDA0EC-917B-4330-9702-6D4796D2D5EF} BrilliantDigital Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : TypeLib\{82FC7881-AACC-11D2-B9C6-0000E842E40A} Cydoor Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\cydoor Cydoor Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : Software\Cydoor Cydoor Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\cydoor services Holystic-Dialer Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{03C543A1-C090-418F-A1D0-FB96380D601D} Holystic-Dialer Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : HOL_PRELOAD.FULL.1 Holystic-Dialer Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\holistyc Surfairy Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{b9f28c0a-58df-4158-a3b2-5e0f9c4c6ee8} Surfairy Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{e0b9b5fe-b66e-4fb0-a1d9-726f0e743cfd} Surfairy Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : Interface\{6CA75BDC-877A-4707-96DE-673F499BB92A} Surfairy Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : Interface\{E253EAB6-0E42-4C53-B74D-F1D3565BD611} Surfairy Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : Interface\{E442547B-7EE6-4163-AA52-5964755EC6B0} Surfairy Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\SURFAIRY Surfairy Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{2223664C-1942-4276-9A2D-E8D8F547C5D2} Surfairy Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0B9B5FE-B66E-4FB0-A1D9-726F0E743CFD} Surfairy Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surfairy Surfairy Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : Software\Surfairy Surfairy Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : surfairypp.surfairyfilter Surfairy Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : surfairypp.surfairyfilter.1 Surfairy Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : surfairypp.surfairyhlp Surfairy Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : surfairypp.surfairyhlp.1 Surfairy Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : TypeLib\{2D530003-1FB3-4A28-8251-779118473BFF} Registry scan result : ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 41 Objects found so far: 41 Started deep registry scan ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Deep registry scan result : ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 0 Objects found so far: 41 Deep scanning and examining files (C:) ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Tracking Cookie Object recognized! Type : File Data : chris@atdmt[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Chris\Cookies\ Created on : 03/06/2004 11:50:06 Last accessed : 03/06/2004 11:50:06 Last modified : 03/06/2004 11:50:06 Tracking Cookie Object recognized! Type : File Data : chris@promo.match[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Chris\Cookies\ Created on : 03/06/2004 11:56:32 Last accessed : 03/06/2004 11:56:32 Last modified : 03/06/2004 11:56:32 Tracking Cookie Object recognized! Type : File Data : chris@atdmt[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Chris\Local Settings\Temp\Cookies\ Created on : 17/03/2004 10:24:40 Last accessed : 03/06/2004 12:33:17 Last modified : 17/03/2004 10:24:40 Tracking Cookie Object recognized! Type : File Data : chris@promo.match[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Chris\Local Settings\Temp\Cookies\ Created on : 17/03/2004 10:24:15 Last accessed : 03/06/2004 12:33:17 Last modified : 17/03/2004 10:24:15 Win32.Small.Trojan Object recognized! Type : File Data : xwxload.exe Category : Malware Comment : Object : C:\Documents and Settings\Chris\Local Settings\Temp\ FileSize : 4 KB Created on : 03/06/2004 11:30:14 Last accessed : 03/06/2004 12:33:27 Last modified : 03/06/2004 11:30:14 BrilliantDigital Object recognized! Type : File Data : bdedownloader.dll Category : Data Miner Comment : Object : C:\Program Files\Altnet\Download Manager\ FileSize : 93 KB FileVersion : 3, 0, 39, 0 ProductVersion : 3, 0, 39, 0 Copyright : Copyright CompanyName : Brilliant Digital Entertainment Inc. FileDescription : BDEDownloader InternalName : BDEDownloader OriginalFilename : BDEDownloader.dll ProductName : Brilliant Digital Entertainment Inc. BDEDownloader Created on : 10/11/2003 13:39:39 Last accessed : 03/06/2004 12:35:39 Last modified : 24/06/2003 13:10:40 BrilliantDigital Object recognized! Type : File Data : bdefdi.dll Category : Data Miner Comment : Object : C:\Program Files\Altnet\Download Manager\ FileSize : 49 KB FileVersion : 1, 0, 0, 7 ProductVersion : 1, 0, 0, 1 Copyright : Copyright CompanyName : Brilliant Digital Entertainment Inc. FileDescription : BDEFdiTest InternalName : BDEFdiTest OriginalFilename : BDEFdiTest.exe ProductName : Brilliant Digital Entertainment Inc. BDEFdiTest Created on : 10/11/2003 13:39:39 Last accessed : 03/06/2004 12:35:39 Last modified : 24/06/2003 13:10:40 BrilliantDigital Object recognized! Type : File Data : dman4.exe Category : Data Miner Comment : Object : C:\Program Files\Altnet\Download Manager\ FileSize : 112 KB FileVersion : 4, 0, 0, 1 ProductVersion : 4, 0, 0, 1 Copyright : Copyright CompanyName : Brilliant Digital Entertainment FileDescription : BDE Install Manager InternalName : bdeinstallman OriginalFilename : bdeinstallman4.exe ProductName : BDE Install Manager Created on : 10/11/2003 13:39:39 Last accessed : 03/06/2004 12:31:07 Last modified : 13/03/2003 15:53:56 win32.blaster Object recognized! Type : File Data : a0013140.exe Category : Data Miner Comment : Object : C:\System Volume Information\_restore{69EF2E9C-1A7D-4521-B79E-2FEEEF65691E}\RP64\ FileSize : 6 KB Created on : 11/03/2004 17:20:04 Last accessed : 03/06/2004 12:40:27 Last modified : 11/03/2004 17:20:15 Cydoor Object recognized! Type : Folder Category : Data Miner Comment : Object : C:\WINDOWS\system32\AdCache Cydoor Object recognized! Type : File Data : cd_clint.dll Category : Data Miner Comment : Object : C:\WINDOWS\system32\ FileSize : 151 KB FileVersion : 3, 2, 1, 0 ProductVersion : 3, 2, 1, 0 Copyright : Copyright © Cydoor Technologies, Inc. 1999-2001 CompanyName : Cydoor Technologies, Inc. FileDescription : Cydoor Technologies ad-system InternalName : CD_Clint.dll OriginalFilename : CD_Clint.dll ProductName : Cydoor Technologies ad-system Created on : 10/11/2003 13:39:19 Last accessed : 03/06/2004 12:43:58 Last modified : 14/01/2002 13:57:00 Cydoor Object recognized! Type : File Data : cd_htm.dll Category : Data Miner Comment : Object : C:\WINDOWS\system32\ FileSize : 41 KB FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 Copyright : Copyright © Cydoor Technologies, Inc. 1999-2001 CompanyName : Cydoor Technologies, Inc. FileDescription : cd_htm module InternalName : cd_htm.dll OriginalFilename : cd_htm.DLL ProductName : cd_htm module Created on : 10/11/2003 13:39:20 Last accessed : 03/06/2004 12:43:59 Last modified : 22/08/2001 11:30:00 Holystic-Dialer Object recognized! Type : File Data : preload.ocx Category : Malware Comment : Object : C:\WINDOWS\system32\ FileSize : 13 KB FileVersion : 1.0.391102 ProductVersion : 1.0 CompanyName : Holistyc Limited FileDescription : preload plugin InternalName : preload OriginalFilename : preload.ocx ProductName : preload Created on : 04/08/2003 15:39:50 Last accessed : 03/06/2004 12:30:00 Last modified : 04/08/2003 15:39:50 BrilliantDigital Object recognized! Type : File Data : bdedownloader.dll Category : Data Miner Comment : Object : C:\WINDOWS\Temp\Altnet\ FileSize : 93 KB FileVersion : 3, 0, 39, 0 ProductVersion : 3, 0, 39, 0 Copyright : Copyright CompanyName : Brilliant Digital Entertainment Inc. FileDescription : BDEDownloader InternalName : BDEDownloader OriginalFilename : BDEDownloader.dll ProductName : Brilliant Digital Entertainment Inc. BDEDownloader Created on : 10/11/2003 13:39:15 Last accessed : 03/06/2004 12:44:58 Last modified : 24/06/2003 13:10:40 BrilliantDigital Object recognized! Type : File Data : bdefdi.dll Category : Data Miner Comment : Object : C:\WINDOWS\Temp\Altnet\ FileSize : 49 KB FileVersion : 1, 0, 0, 7 ProductVersion : 1, 0, 0, 1 Copyright : Copyright CompanyName : Brilliant Digital Entertainment Inc. FileDescription : BDEFdiTest InternalName : BDEFdiTest OriginalFilename : BDEFdiTest.exe ProductName : Brilliant Digital Entertainment Inc. BDEFdiTest Created on : 10/11/2003 13:39:15 Last accessed : 03/06/2004 12:44:58 Last modified : 24/06/2003 13:10:40 Disk scan result for C:\ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 0 Objects found so far: 56 Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts) ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Hosts file scan result: ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ 1 entries scanned. New objects :0 Objects found so far: 56 Performing conditional scans.. ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ BrilliantDigital Object recognized! Type : Folder Category : Data Miner Comment : Object : c:\docume~1\chris\locals~1\temp\BDECache Cydoor Object recognized! Type : File Data : b_329_0_1_500100.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 17 KB Created on : 10/11/2003 13:40:39 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:40:39 Cydoor Object recognized! Type : File Data : b_329_0_1_500200.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 12 KB Created on : 10/11/2003 13:40:44 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:40:44 Cydoor Object recognized! Type : File Data : b_329_0_1_503400.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 11 KB Created on : 10/11/2003 13:40:48 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:40:48 Cydoor Object recognized! Type : File Data : b_329_0_1_535200.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 12 KB Created on : 10/11/2003 13:40:55 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:40:55 Cydoor Object recognized! Type : File Data : b_329_0_1_535700.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 10 KB Created on : 10/11/2003 13:41:00 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:41:00 Cydoor Object recognized! Type : File Data : b_329_0_1_536700.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 13 KB Created on : 10/11/2003 13:41:07 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:41:07 Cydoor Object recognized! Type : File Data : b_329_0_1_536900.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 13 KB Created on : 10/11/2003 13:42:15 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:42:15 Cydoor Object recognized! Type : File Data : b_329_0_1_644900.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 11 KB Created on : 10/11/2003 13:42:46 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:42:46 Cydoor Object recognized! Type : File Data : b_329_0_1_664100.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 11 KB Created on : 10/11/2003 13:42:57 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:42:57 Cydoor Object recognized! Type : File Data : b_329_0_1_688900.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 15 KB Created on : 10/11/2003 13:43:09 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:43:09 Cydoor Object recognized! Type : File Data : b_329_0_1_725600.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 11 KB Created on : 10/11/2003 13:43:20 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:43:20 Cydoor Object recognized! Type : File Data : b_329_0_1_725700.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 11 KB Created on : 10/11/2003 13:43:49 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:43:49 Cydoor Object recognized! Type : File Data : b_329_0_1_727900.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 13 KB Created on : 10/11/2003 13:44:33 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:44:33 Cydoor Object recognized! Type : File Data : b_329_0_1_729700.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 5 KB Created on : 10/11/2003 13:44:36 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:44:36 Cydoor Object recognized! Type : File Data : b_329_0_1_747300.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 13 KB Created on : 10/11/2003 13:44:44 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:44:44 Cydoor Object recognized! Type : File Data : b_329_0_1_780400.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 6 KB Created on : 10/11/2003 13:43:59 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:43:59 Cydoor Object recognized! Type : File Data : b_329_0_1_785300.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 10 KB Created on : 10/11/2003 13:44:52 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:44:52 Cydoor Object recognized! Type : File Data : b_329_0_1_794500.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 8 KB Created on : 10/11/2003 13:44:08 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:44:08 Cydoor Object recognized! Type : File Data : b_329_0_1_799000.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 11 KB Created on : 10/11/2003 13:44:16 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:44:16 Cydoor Object recognized! Type : File Data : b_329_2_1_500100.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 17 KB Created on : 10/11/2003 13:44:16 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:44:16 Cydoor Object recognized! Type : File Data : b_329_2_1_500200.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 12 KB Created on : 10/11/2003 13:44:16 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:44:16 Cydoor Object recognized! Type : File Data : b_329_2_1_503400.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 11 KB Created on : 10/11/2003 13:44:17 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:44:17 Cydoor Object recognized! Type : File Data : b_329_2_1_535200.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 12 KB Created on : 10/11/2003 13:44:17 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:44:17 Cydoor Object recognized! Type : File Data : b_329_2_1_535700.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 10 KB Created on : 10/11/2003 13:44:17 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:44:17 Cydoor Object recognized! Type : File Data : b_329_2_1_536700.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 13 KB Created on : 10/11/2003 13:44:18 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:44:18 Cydoor Object recognized! Type : File Data : b_329_2_1_536900.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 13 KB Created on : 10/11/2003 13:44:18 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:44:18 Cydoor Object recognized! Type : File Data : b_329_2_1_644900.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 11 KB Created on : 10/11/2003 13:44:18 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:44:18 Cydoor Object recognized! Type : File Data : b_329_2_1_664100.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 11 KB Created on : 10/11/2003 13:44:19 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:44:19 Cydoor Object recognized! Type : File Data : b_329_2_1_688900.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 15 KB Created on : 10/11/2003 13:44:19 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:44:19 Cydoor Object recognized! Type : File Data : b_329_2_1_725600.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 11 KB Created on : 10/11/2003 13:44:19 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:44:19 Cydoor Object recognized! Type : File Data : b_329_2_1_725700.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 11 KB Created on : 10/11/2003 13:44:20 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:44:20 Cydoor Object recognized! Type : File Data : b_329_2_1_727900.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 13 KB Created on : 10/11/2003 13:45:02 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:45:02 Cydoor Object recognized! Type : File Data : b_329_2_1_729700.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 5 KB Created on : 10/11/2003 13:45:03 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:45:03 Cydoor Object recognized! Type : File Data : b_329_2_1_747300.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 13 KB Created on : 10/11/2003 13:45:04 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:45:04 Cydoor Object recognized! Type : File Data : b_329_2_1_780400.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 6 KB Created on : 10/11/2003 13:44:20 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:44:20 Cydoor Object recognized! Type : File Data : b_329_2_1_794500.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 8 KB Created on : 10/11/2003 13:44:21 Last accessed : 03/06/2004 12:45:04 Last modified : 10/11/2003 13:44:21 Cydoor Object recognized! Type : File Data : b_329_2_1_799000.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 11 KB Created on : 10/11/2003 13:44:21 Last accessed : 03/06/2004 12:45:05 Last modified : 10/11/2003 13:44:21 Cydoor Object recognized! Type : File Data : b_329_3_1_500100.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 17 KB Created on : 10/11/2003 13:44:21 Last accessed : 03/06/2004 12:45:05 Last modified : 10/11/2003 13:44:21 Cydoor Object recognized! Type : File Data : b_329_3_1_500200.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 12 KB Created on : 10/11/2003 13:44:22 Last accessed : 03/06/2004 12:45:05 Last modified : 10/11/2003 13:44:22 Cydoor Object recognized! Type : File Data : b_329_3_1_503400.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 11 KB Created on : 10/11/2003 13:44:22 Last accessed : 03/06/2004 12:45:05 Last modified : 10/11/2003 13:44:22 Cydoor Object recognized! Type : File Data : b_329_3_1_535200.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 12 KB Created on : 10/11/2003 13:4 Quote Link to comment Share on other sites More sharing options...
[TCS]BlackMamba Posted June 3, 2004 Author Share Posted June 3, 2004 and the rest: Comment : Object : c:\windows\system32\adcache\ FileSize : 11 KB Created on : 10/11/2003 13:44:25 Last accessed : 03/06/2004 12:45:05 Last modified : 10/11/2003 13:44:25 Cydoor Object recognized! Type : File Data : b_329_3_1_727900.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 13 KB Created on : 10/11/2003 13:44:53 Last accessed : 03/06/2004 12:45:05 Last modified : 10/11/2003 13:44:53 Cydoor Object recognized! Type : File Data : b_329_3_1_729700.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 5 KB Created on : 10/11/2003 13:44:53 Last accessed : 03/06/2004 12:45:05 Last modified : 10/11/2003 13:44:53 Cydoor Object recognized! Type : File Data : b_329_3_1_747300.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 13 KB Created on : 10/11/2003 13:45:00 Last accessed : 03/06/2004 12:45:05 Last modified : 10/11/2003 13:45:00 Cydoor Object recognized! Type : File Data : b_329_3_1_780400.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 6 KB Created on : 10/11/2003 13:44:25 Last accessed : 03/06/2004 12:45:05 Last modified : 10/11/2003 13:44:25 Cydoor Object recognized! Type : File Data : b_329_3_1_794500.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 8 KB Created on : 10/11/2003 13:44:25 Last accessed : 03/06/2004 12:45:05 Last modified : 10/11/2003 13:44:25 Cydoor Object recognized! Type : File Data : b_329_3_1_799000.gif Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 11 KB Created on : 10/11/2003 13:44:26 Last accessed : 03/06/2004 12:45:05 Last modified : 10/11/2003 13:44:26 Cydoor Object recognized! Type : File Data : b_561200.htm Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 2 KB Created on : 10/11/2003 13:40:33 Last accessed : 03/06/2004 12:45:05 Last modified : 10/11/2003 13:40:33 Cydoor Object recognized! Type : File Data : b_647100.htm Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 2 KB Created on : 10/11/2003 13:40:33 Last accessed : 03/06/2004 12:45:05 Last modified : 10/11/2003 13:40:33 Cydoor Object recognized! Type : File Data : b_648200.htm Category : Data Miner Comment : Object : c:\windows\system32\adcache\ Created on : 10/11/2003 13:40:32 Last accessed : 03/06/2004 12:45:05 Last modified : 10/11/2003 13:40:32 Cydoor Object recognized! Type : File Data : b_779100.htm Category : Data Miner Comment : Object : c:\windows\system32\adcache\ FileSize : 1 KB Created on : 10/11/2003 13:40:32 Last accessed : 03/06/2004 12:45:05 Last modified : 10/11/2003 13:40:32 Holystic-Dialer Object recognized! Type : Folder Category : Data Miner Comment : Object : c:\windows\Icons Holystic-Dialer Object recognized! Type : File Data : hol326.ico Category : Data Miner Comment : Object : c:\windows\icons\ FileSize : 3 KB Created on : 10/11/2003 11:40:18 Last accessed : 03/06/2004 12:45:05 Last modified : 10/11/2003 13:05:11 Holystic-Dialer Object recognized! Type : File Data : holmkt326.ico Category : Data Miner Comment : Object : c:\windows\icons\ FileSize : 3 KB Created on : 10/11/2003 11:40:18 Last accessed : 03/06/2004 12:45:05 Last modified : 10/11/2003 13:05:11 Surfairy Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Gentee Surfairy Object recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Extensions\CmdMapping Value : {2223664C-1942-4276-9A2D-E8D8F547C5D2} Surfairy Object recognized! Type : Folder Category : Data Miner Comment : Object : c:\program files\Surfairy Surfairy Object recognized! Type : File Data : readme.txt Category : Data Miner Comment : Object : c:\program files\surfairy\ FileSize : 2 KB Created on : 13/03/2001 15:41:39 Last accessed : 03/06/2004 12:45:05 Last modified : 13/03/2001 15:41:39 Surfairy Object recognized! Type : File Data : surfairyfinalsetupstep.html Category : Data Miner Comment : Object : c:\program files\surfairy\ Created on : 13/03/2001 11:18:32 Last accessed : 03/06/2004 12:45:05 Last modified : 13/03/2001 11:18:32 Surfairy Object recognized! Type : File Data : uninstall.exe Category : Data Miner Comment : Object : c:\program files\surfairy\ FileSize : 20 KB Created on : 30/08/2001 11:17:44 Last accessed : 03/06/2004 12:45:05 Last modified : 30/08/2001 11:17:44 Surfairy Object recognized! Type : File Data : uninstall.ini Category : Data Miner Comment : Object : c:\program files\surfairy\ FileSize : 5 KB Created on : 01/11/2003 18:37:00 Last accessed : 03/06/2004 12:37:20 Last modified : 01/11/2003 18:37:00 Surfairy Object recognized! Type : File Data : win32sf32.ico Category : Data Miner Comment : Object : c:\windows\system32\ FileSize : 4 KB Created on : 11/03/2001 14:12:56 Last accessed : 03/06/2004 12:45:05 Last modified : 11/03/2001 14:12:56 Surfairy Object recognized! Type : File Data : win32sfh.ico Category : Data Miner Comment : Object : c:\windows\system32\ FileSize : 2 KB Created on : 11/03/2001 14:12:57 Last accessed : 03/06/2004 12:45:05 Last modified : 11/03/2001 14:12:57 Win32.Small.Trojan Object recognized! Type : File Data : xwxload.exe Category : Malware Comment : Object : c:\docume~1\chris\locals~1\temp\ FileSize : 4 KB Created on : 03/06/2004 11:30:14 Last accessed : 03/06/2004 12:33:27 Last modified : 03/06/2004 11:30:14 Conditional scan result: ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 73 Objects found so far: 129 13:45:06 Scan complete Summary of this scan ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Total scanning time :00:15:23:110 Objects scanned :175200 Objects identified :129 Objects ignored :0 New objects :129 Quote Link to comment Share on other sites More sharing options...
Kewl Posted June 3, 2004 Share Posted June 3, 2004 I find adware is useful sometimes for removing spyware/adware but it doesnt seem to fix the problem like Spybot does. But i have a couple quick questions... #:17 [points manager.exe] FilePath : C:\program files\altnet\points manager\ ThreadCreationTime : 03-06-2004 11:53:28 BasePriority : Normal FileSize : 329 KB FileVersion : 1, 0, 0, 102 ProductVersion : 1, 0, 0, 0 Copyright : Copyright Altnet Inc. © 2002,2003 FileDescription : Peer Points Manager InternalName : Peer Points Manager ProductName : Peer Points Manager Created on : 10/11/2003 13:39:45 Last accessed : 03/06/2004 11:53:01 Last modified : 24/06/2003 12:59:08 ^^^is that from Kazaa? If so, get rid of it and if you want to use kazaa download Kazaa lite resurrection (no spyware in that version). #:18 [mwsoemon.exe] FilePath : C:\PROGRA~1\MYWEBS~1\bar\1.bin\ ThreadCreationTime : 03-06-2004 11:53:28 BasePriority : Normal FileSize : 20 KB FileVersion : 1,0,0,7 ProductVersion : 1,0,0,7 Copyright : Copyright CompanyName : MyWebSearch.com FileDescription : My Web Search Email Plugin InternalName : My Web Search Email Plugin OriginalFilename : mwsoemon.exe ProductName : My Web Search Email Plugin Created on : 05/01/2004 18:38:24 Last accessed : 03/06/2004 11:53:01 Last modified : 05/01/2004 18:38:24 ^^does he want that there or just tagged along with kazaa (my websearch tool bar is also adware i believe). You can remove it from the add/remove program. After reading the rest of the post i have to ask...when was the last time he ran a virus scanner that was updated? What virus scanner does he have? Also, go download "hi-jack this" and post your log (might also be worth while getting windows patrol (a program that tells you whats running on your system and prompts you to either accept or decline when new things try to add themselves to the start up)). AGain, get Spybot (it has an immunize button which will block a lot of annoying pop-ups and "plug some holes"). Quote Link to comment Share on other sites More sharing options...
chris99007 Posted June 3, 2004 Share Posted June 3, 2004 i have kazaa, so it probably did come with it, i have done what you said and removed it, i have norton anit-virus but its been a while since i have updated. i have downloaded spybot and immunized, and also run the scan or whatever it does i have done it. but it hasn't got rid of the problem, i have found wer the image was coming from and deleted the source but my desktop is now just left blank with the icons and will not let me change back to a normal desktop. where do you download "hi-jack this" from? and windows patrol? Quote Link to comment Share on other sites More sharing options...
Avey Posted June 3, 2004 Share Posted June 3, 2004 Hijackthis Quote Link to comment Share on other sites More sharing options...
chris99007 Posted June 3, 2004 Share Posted June 3, 2004 heres the hijack this log R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.blueyonder.co.uk/search/search.jsp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dial.blueyonder.co.uk R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SearchAt\1.bin\MWSSRCAS.DLL O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://dial.blueyonder.co.uk O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O17 - HKLM\System\CCS\Services\Tcpip\..\{77F17265-648B-4340-8ABD-9A519DA68D79}: NameServer = 193.38.113.3 194.117.157.4 Quote Link to comment Share on other sites More sharing options...
Avey Posted June 3, 2004 Share Posted June 3, 2004 If you dont get an answer here, try Spyware Info Forums Quote Link to comment Share on other sites More sharing options...
Kewl Posted June 3, 2004 Share Posted June 3, 2004 (edited) I'll try to find where you can download Win-Patrol. Firstly, update your norton and run it. I would also go to your add/remove programs (under control panel) and remove the search bar from internet explorer ( i think on your system its called MyWebSearch, it comes with kazaa lite) Completely uninstall Kazaa and go download kazaa lite resurrection if you still want kazaa (its the same program but "resurrection" (if you cant find it to download, pm me, i dont think the mods enjoy links to warez sites in posts) doesnt have any spyware or the altnet stuff, normal free kazaa lite wont work after you run a spyware/adware remover anyway). Dont forget to get rid of the stuff that came with kazaa, like the P2P networking and all the AltNet stuff. So you cant bring up the properties on your desktop and change it to a new image? (right click, properties, background, then select image and click ok?). Edited June 3, 2004 by Kewl Quote Link to comment Share on other sites More sharing options...
[TCS]BlackMamba Posted June 3, 2004 Author Share Posted June 3, 2004 Manged to get rid of old bckground however we now have this: Which we cant change either Quote Link to comment Share on other sites More sharing options...
Dannik Posted June 3, 2004 Share Posted June 3, 2004 Why don't you turn off active desktop? Seems like the problem is the desktop is set to view a webpage, but there isn't one to view, thus the blank. Display Properties -> Desktop -> Customize Desktop -> Web -> uncheck any checked web pages Quote Link to comment Share on other sites More sharing options...
chris99007 Posted June 3, 2004 Share Posted June 3, 2004 ok thats worked, fanx 4 ya help! made it all sound simple, i wouldn't have had a clue! Quote Link to comment Share on other sites More sharing options...
XavierOnasis Posted June 3, 2004 Share Posted June 3, 2004 Good thing you got that fixed. Don't want stray files to broke your life. Quote Link to comment Share on other sites More sharing options...
![[TCS]BlackMamba](data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%201024%201024%22%20style%3D%22background%3A%23627cc4%22%3E%3Cg%3E%3Ctext%20text-anchor%3D%22middle%22%20dy%3D%22.35em%22%20x%3D%22512%22%20y%3D%22512%22%20fill%3D%22%23ffffff%22%20font-size%3D%22700%22%20font-family%3D%22-apple-system%2C%20BlinkMacSystemFont%2C%20Roboto%2C%20Helvetica%2C%20Arial%2C%20sans-serif%22%3ET%3C%2Ftext%3E%3C%2Fg%3E%3C%2Fsvg%3E)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.