Help - Search - Members - Calendar
Full Version: These ads are driving me crazy
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
anhishere
Sep 22 2006, 09:01 PM
Theres a lot of stuff on my sister's computer that I can't get rid of, and I think she has a virus called Virtumonde too. Here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 4:00:11 PM, on 9/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\dfndrff_e10.exe
C:\kybrdff_e10.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Duce6.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\kybrdff_e11.exe
c:\dfndrff_e11.exe
C:\WINDOWS\sys01186595543-.exe
C:\WINDOWS\sys0286595543-1.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\jlwbv.exe
F2 - REG:system.ini: UserInit=userinit.exe,uhefhbp.exe
O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\System32\awtqn.dll
O2 - BHO: (no name) - {F76B8E3F-72AB-4E96-87FC-778B469BC334} - C:\WINDOWS\System32\awtqnkh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [xload] "C:\WINDOWS\s.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e11.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e11.exe
O4 - HKLM\..\Run: [qbv76fee] RUNDLL32.EXE w185cd5e.dll,n 00476fea00000003185cd5e
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [sys0286595543-1] C:\WINDOWS\sys0286595543-1.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [sys01186595543-] C:\WINDOWS\sys01186595543-.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.freeemotes.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.app...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://seasonalife.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awtqn - C:\WINDOWS\System32\awtqn.dll
O20 - Winlogon Notify: awtqnkh - C:\WINDOWS\SYSTEM32\awtqnkh.dll
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\irnul5591.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VHUgQW5oIEhh\command.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Winlogin messenger - Unknown owner - C:\WINDOWS\system\svchost.exe
LS CalamityJane
Sep 28 2006, 10:08 PM
Hi ,

Apologies for the late reply, we've been quite swamped in here as you can probably see.

Are you still needing help?

I'm now subscribed to this topic so I will receive a notice from the board as soon as you reply, so I can be here much more quickly than it has taken to get to your new topic.

If you still need help we need two things:

1. Your Adaware Scan log with the latest reference file update.

Please make sure that you are using
Ad-aware SE Build 106r1
Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.

[if not Uninstall your old Ad-aware first then install SE]
Then use the WebUpDate
to get the latest Definition file
SE1R124 19.09.2006
To do this Open Ad-aware
Click the WebUpDate
button at the top right hand side of the Ad-aware screen (The world globe).
Click "Connect"
Ad-aware will then download the latest Definition file for you.
To make sure it is updated , look at the main
Ad-aware screen, and look under "Initialization Status"
It should say the Latest Definition file.
then scan doing a "Full Scan"
and then post your logfile here by using the Add-Reply Feature .
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
...............
2. A fresh HijackThis log for review to see where you are now.
anhishere
Oct 14 2006, 07:47 AM
Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, October 14, 2006 2:27:26 AM
Using definitions file:SE1R126 12.10.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.CasClient(TAC index:5):1 total references
Adware.DollarRevenue(TAC index:10):53 total references
Adware.Look2Me(TAC index:7):11 total references
Adware.ToolbarDeepDive(TAC index:8):1 total references
IEHijacker.ZestyFind(TAC index:6):3 total references
MRU List(TAC index:0):15 total references
Other(TAC index:5):1 total references
Tracking Cookie(TAC index:3):35 total references
WebHancer(TAC index:9):10 total references
Win32.Trojan.Downloader(TAC index:10):14 total references
WinAntiVirusPro(TAC index:10):1 total references
Windows(TAC index:3):3 total references
WinFixer(TAC index:10):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


10-14-2006 2:27:26 AM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 924
ThreadCreationTime : 10-14-2006 6:12:56 AM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1364
ThreadCreationTime : 10-14-2006 6:13:04 AM
BasePriority : High


Adware.Look2Me Object Recognized!
Type : Process
Data : lvls0937e.dll
TAC Rating : 7
Category : Adware
Comment : iieshare.dll.dmp
Object : C:\WINDOWS\system32\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\lvls0937e.dll)


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1408
ThreadCreationTime : 10-14-2006 6:13:05 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1420
ThreadCreationTime : 10-14-2006 6:13:05 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1600
ThreadCreationTime : 10-14-2006 6:13:05 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1884
ThreadCreationTime : 10-14-2006 6:13:05 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 2032
ThreadCreationTime : 10-14-2006 6:13:11 AM
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:8 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 128
ThreadCreationTime : 10-14-2006 6:13:12 AM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:9 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 184
ThreadCreationTime : 10-14-2006 6:13:13 AM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:10 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 212
ThreadCreationTime : 10-14-2006 6:13:13 AM
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 512
ThreadCreationTime : 10-14-2006 6:13:15 AM
BasePriority : Normal
FileVersion : 5.1.2600.1699 (xpsp2.050610-1533)
ProductVersion : 5.1.2600.1699
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 740
ThreadCreationTime : 10-14-2006 6:13:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

Adware.Look2Me Object Recognized!
Type : Process
Data : nhrsfr.dll
TAC Rating : 7
Category : Adware
Comment : iieshare.dll.dmp
Object : C:\WINDOWS\system32\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\nhrsfr.dll)


#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1052
ThreadCreationTime : 10-14-2006 6:13:32 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

Adware.Look2Me Object Recognized!
Type : Process
Data : nhrsfr.dll
TAC Rating : 7
Category : Adware
Comment : iieshare.dll.dmp
Object : C:\WINDOWS\system32\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\nhrsfr.dll)


#:14 [viewmgr.exe]
FilePath : C:\Program Files\Viewpoint\Viewpoint Manager\
ProcessID : 1720
ThreadCreationTime : 10-14-2006 6:13:38 AM
BasePriority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager

#:15 [pdvdserv.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 1736
ThreadCreationTime : 10-14-2006 6:13:38 AM
BasePriority : Normal
FileVersion : 5.00.0000
ProductVersion : 5.00.0000
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2002
OriginalFilename : PDVDSERV.EXE

#:16 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1756
ThreadCreationTime : 10-14-2006 6:13:40 AM
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:17 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\
ProcessID : 1828
ThreadCreationTime : 10-14-2006 6:13:41 AM
BasePriority : Normal
FileVersion : 1, 0, 720, 3640
ProductVersion : 1, 0, 720, 3640
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe

#:18 [smsystemanalyzer.exe]
FilePath : C:\Program Files\iolo\System Mechanic Professional 6\
ProcessID : 1544
ThreadCreationTime : 10-14-2006 6:13:41 AM
BasePriority : Normal


#:19 [ir.exe]
FilePath : C:\Program Files\WinTV\
ProcessID : 1816
ThreadCreationTime : 10-14-2006 6:13:43 AM
BasePriority : Normal
FileVersion : 2.45.22350
ProductVersion : 2.45.22350
ProductName : Hauppauge Computer Works IR
CompanyName : Hauppauge Computer Works
FileDescription : IR
InternalName : IR32
LegalCopyright : Copyright © 1999-2004 Hauppauge Computer Works
OriginalFilename : IR.exe

#:20 [cvpnd.exe]
FilePath : C:\Program Files\Cisco Systems\VPN Client\
ProcessID : 2188
ThreadCreationTime : 10-14-2006 6:14:21 AM
BasePriority : Normal
FileVersion : 4.6.03.0021
ProductVersion : 4.6.03.0021
ProductName : Cisco Systems VPN Client
CompanyName : Cisco Systems, Inc.
FileDescription : Cisco Systems VPN Client
InternalName : cvpnd
LegalCopyright : Copyright © 1998-2005 Cisco Systems, Inc.
OriginalFilename : CVPND.EXE

#:21 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 2380
ThreadCreationTime : 10-14-2006 6:14:27 AM
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:22 [npfmntor.exe]
FilePath : C:\Program Files\Norton AntiVirus\IWP\
ProcessID : 2504
ThreadCreationTime : 10-14-2006 6:14:29 AM
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE

#:23 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2780
ThreadCreationTime : 10-14-2006 6:14:31 AM
BasePriority : Normal
FileVersion : 6.13.10.2841
ProductVersion : 6.13.10.2841
ProductName : NVIDIA Driver Helper Service, Version 28.41
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 28.41
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:24 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3092
ThreadCreationTime : 10-14-2006 6:14:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:25 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 3276
ThreadCreationTime : 10-14-2006 6:14:41 AM
BasePriority : Normal
FileVersion : 1, 8, 54, 419
ProductVersion : 1, 8, 54, 419
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:26 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 288
ThreadCreationTime : 10-14-2006 6:16:01 AM
BasePriority : Normal


#:27 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2216
ThreadCreationTime : 10-14-2006 6:26:23 AM
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:28 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 3816
ThreadCreationTime : 10-14-2006 6:27:07 AM
BasePriority : Normal
FileVersion : 6.2.0.238
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.DollarRevenue Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}

Adware.DollarRevenue Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}

Adware.DollarRevenue Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a8b28872-3324-4cd2-8aa3-7d555c872d96}

Adware.DollarRevenue Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d7cc80d4-376c-4586-b023-4f35c2ceb28e}

Adware.DollarRevenue Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d8c2d4b4-eeaf-4ec4-b1f8-9b6ed15d5a38}

Adware.DollarRevenue Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8f15b157-40d9-4b20-8d3b-b1f8b475b58d}

Adware.DollarRevenue Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a0881aa1-68be-41ac-9c0d-4c8a69c6c72c}

Adware.DollarRevenue Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e827ffd9-95d1-4b49-beb3-5d49e688c108}

Adware.DollarRevenue Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{a4c8f181-6cdb-4dcc-9fc9-bb9933c81e1f}

WebHancer Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : whiehelperobj.whiehelperobj

WebHancer Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : whiehelperobj.whiehelperobj.1

WebHancer Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c900b400-cdfe-11d3-976a-00e02913a9e0}

WebHancer Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\webhancer

Windows Object Recognized!
Type : RegData
Data : notepad.exe %1
TAC Rating : 3
Category : Vulnerability
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : regfile\shell\open\command
Value :
Data : notepad.exe %1

Windows Object Recognized!
Type : RegData
Data : notepad.exe %1
TAC Rating : 3
Category : Vulnerability
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : scrfile\shell\open\command
Value :
Data : notepad.exe %1

Windows Object Recognized!
Type : RegData
Data : explorer.exe, c:\windows\system32\jlwbv.exe
TAC Rating : 3
Category : Vulnerability
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, c:\windows\system32\jlwbv.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 16
Objects found so far: 19


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.DollarRevenue Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment : ({D7CC80D4-376C-4586-B023-4F35C2CEB28E})
Rootkey : HKEY_CLASSES_ROOT
Object : DBTB00001.DBTB00001

Adware.DollarRevenue Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment : ({D7CC80D4-376C-4586-B023-4F35C2CEB28E})
Rootkey : HKEY_CLASSES_ROOT
Object : DBTB00001.DBTB00001.1

Adware.DollarRevenue Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment : ({D7CC80D4-376C-4586-B023-4F35C2CEB28E})
Rootkey : HKEY_CLASSES_ROOT
Object : DBTB00001.DeskBar

Adware.DollarRevenue Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment : ({D7CC80D4-376C-4586-B023-4F35C2CEB28E})
Rootkey : HKEY_CLASSES_ROOT
Object : DBTB00001.DeskBar.1

Adware.DollarRevenue Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment : ({A8B28872-3324-4CD2-8AA3-7D555C872D96})
Rootkey : HKEY_CLASSES_ROOT
Object : DBTB00001.deskbarBHO

Adware.DollarRevenue Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment : ({A8B28872-3324-4CD2-8AA3-7D555C872D96})
Rootkey : HKEY_CLASSES_ROOT
Object : DBTB00001.deskbarBHO.1

Adware.DollarRevenue Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment : ({D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38})
Rootkey : HKEY_CLASSES_ROOT
Object : DBTB00001.DeskbarEnabler

Adware.DollarRevenue Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment : ({D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38})
Rootkey : HKEY_CLASSES_ROOT
Object : DBTB00001.DeskbarEnabler.1

WebHancer Object Recognized!
Type : LSP
Data : C:\Program Files\webHancer\Programs\webhdll.dll
TAC Rating : 9
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: webHancer MSAFD Tcpip [TCP/IP]

WebHancer Object Recognized!
Type : File
Data : webhdll.dll
TAC Rating : 9
Category : Data Miner
Comment : Layered Service Provider
Object : C:\Program Files\webHancer\Programs\
FileVersion : 3.9.2
ProductVersion : 3.9.2
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
LegalCopyright : Copyright © 1999-2006 webHancer Corporation
OriginalFilename : webhdll.dll


WebHancer Object Recognized!
Type : LSP
Data : C:\Program Files\webHancer\Programs\webhdll.dll
TAC Rating : 9
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: webHancer MSAFD Tcpip [UDP/IP]

WebHancer Object Recognized!
Type : LSP
Data : C:\Program Files\webHancer\Programs\webhdll.dll
TAC Rating : 9
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: webHancer

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 11
Objects found so far: 31

MRU List Object Recognized!
Location: : C:\Documents and Settings\Tu Anh\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1614895754-746137067-839522115-1004\software\adobe\photoshop\7.0\visiteddirs
Description : adobe photoshop 7 recent work folders


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1614895754-746137067-839522115-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1614895754-746137067-839522115-1004\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-1614895754-746137067-839522115-1004\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1614895754-746137067-839522115-1004\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1614895754-746137067-839522115-1004\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1614895754-746137067-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1614895754-746137067-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1614895754-746137067-839522115-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1614895754-746137067-839522115-1004\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1614895754-746137067-839522115-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@maxserving[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:tu anh@maxserving.com/
Expires : 10/10/2016 9:55:18 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@adrevolver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:tu anh@media.adrevolver.com/adrevolver/
Expires : 7/9/2009 5:45:48 PM
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@apmebf[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:tu anh@apmebf.com/
Expires : 10/12/2011 9:46:22 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:tu anh@statcounter.com/
Expires : 10/9/2011 11:10:04 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:186
Value : Cookie:tu anh@advertising.com/
Expires : 7/25/2048 11:51:08 PM
LastSync : Hits:186
UseCount : 0
Hits : 186

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@qksrv[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:tu anh@qksrv.net/
Expires : 10/12/2011 9:46:22 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:33
Value : Cookie:tu anh@realmedia.com/
Expires : 12/31/2020 8:00:00 PM
LastSync : Hits:33
UseCount : 0
Hits : 33

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@fortunecity[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:tu anh@fortunecity.com/
Expires : 12/31/2020 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@reduxads.valuead[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:tu anh@reduxads.valuead.com/
Expires : 12/31/2020 8:00:00 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@ads.pointroll[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:tu anh@ads.pointroll.com/
Expires : 12/31/2009 8:00:00 PM
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:53
Value : Cookie:tu anh@zedo.com/
Expires : 10/4/2016 3:12:34 PM
LastSync : Hits:53
UseCount : 0
Hits : 53

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:tu anh@hitbox.com/
Expires : 10/14/2007 1:15:06 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@trafficmp[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:179
Value : Cookie:tu anh@trafficmp.com/
Expires : 10/13/2007 10:13:50 PM
LastSync : Hits:179
UseCount : 0
Hits : 179

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:103
Value : Cookie:tu anh@fastclick.net/
Expires : 10/13/2008 1:18:56 AM
LastSync : Hits:103
UseCount : 0
Hits : 103

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@findwhat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:tu anh@findwhat.com/
Expires : 12/31/2019 8:00:02 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:tu anh@ads.revsci.net/adserver
Expires : 10/6/2038 1:14:42 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@edge.ru4[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:tu anh@edge.ru4.com/
Expires : 9/29/2036 1:11:42 AM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:34
Value : Cookie:tu anh@atdmt.com/
Expires : 10/5/2011 8:00:00 PM
LastSync : Hits:34
UseCount : 0
Hits : 34

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:20
Value : Cookie:tu anh@questionmarket.com/
Expires : 11/24/2006 5:24:26 PM
LastSync : Hits:20
UseCount : 0
Hits : 20

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:54
Value : Cookie:tu anh@statse.webtrendslive.com/
Expires : 10/10/2016 10:08:04 PM
LastSync : Hits:54
UseCount : 0
Hits : 54

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:21
Value : Cookie:tu anh@doubleclick.net/
Expires : 10/6/2009 12:57:10 AM
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:tu anh@live365.com/
Expires : 10/13/2011 8:03:18 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@overture[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:tu anh@overture.com/
Expires : 10/4/2016 1:23:06 AM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@adrevolver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:20
Value : Cookie:tu anh@adrevolver.com/
Expires : 10/13/2007 6:15:48 PM
LastSync : Hits:20
UseCount : 0
Hits : 20

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@ehg-pcsecurityshield.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:tu anh@ehg-pcsecurityshield.hitbox.com/
Expires : 10/13/2007 6:09:34 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
anhishere
Oct 14 2006, 07:48 AM
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@ads.addynamix[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:tu anh@ads.addynamix.com/
Expires : 10/9/2006 8:54:10 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@www.globaladvertisingservices[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:71
Value : Cookie:tu anh@www.globaladvertisingservices.info/
Expires : 10/21/2006 3:07:50 PM
LastSync : Hits:71
UseCount : 0
Hits : 71

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:tu anh@2o7.net/
Expires : 10/12/2011 9:50:36 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@as-us.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:192
Value : Cookie:tu anh@as-us.falkag.net/
Expires : 10/13/2007 6:09:20 PM
LastSync : Hits:192
UseCount : 0
Hits : 192

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@server.iad.liveperson[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:tu anh@server.iad.liveperson.net/
Expires : 10/8/2007 11:08:54 AM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:tu anh@tribalfusion.com/
Expires : 12/31/2037 8:00:00 PM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@pmads.valuead[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:tu anh@pmads.valuead.com/
Expires : 12/31/2020 8:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@ehg-lowermybills.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:tu anh@ehg-lowermybills.hitbox.com/
Expires : 10/14/2007 1:15:06 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:tu anh@mediaplex.com/
Expires : 6/21/2009 8:00:00 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tu anh@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:tu anh@perf.overture.com/
Expires : 10/6/2010 6:15:40 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 35
Objects found so far: 81



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.DollarRevenue Object Recognized!
Type : File
Data : deskbar.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\



Adware.DollarRevenue Object Recognized!
Type : File
Data : deskbar.dll
TAC Rating : 10
Category : Adware
Comment :
Object : C:\Program Files\Deskbar\
FileVersion : 1, 0, 0, 272
ProductVersion : 1, 0, 0, 1
ProductName : Deskbar
CompanyName : Deskbar
FileDescription : Deskbar
InternalName : Deskbar
LegalCopyright : Copyright 2001-2003. All rights reserved.
OriginalFilename : deskbar.dll


Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0050807.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP218\
FileVersion : 1.00.0022
ProductVersion : 1.00.0022
ProductName : tapeG22
InternalName : tapeG22
OriginalFilename : tapeG22.exe


Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0050808.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP218\
FileVersion : 1.00.0022
ProductVersion : 1.00.0022
ProductName : tapeG22
InternalName : tapeG22
OriginalFilename : tapeG22.exe


Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0050813.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP218\
FileVersion : 1.00.0022
ProductVersion : 1.00.0022
ProductName : tapeG22
InternalName : tapeG22
OriginalFilename : tapeG22.exe


Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0050872.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP218\
FileVersion : 1.00.0008
ProductVersion : 1.00.0008
ProductName : Luiz08
InternalName : Luiz08
OriginalFilename : Luiz08.exe


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0050911.dll
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP218\
FileVersion : 1, 0, 0, 272
ProductVersion : 1, 0, 0, 1
ProductName : Deskbar
CompanyName : Deskbar
FileDescription : Deskbar
InternalName : Deskbar
LegalCopyright : Copyright 2001-2003. All rights reserved.
OriginalFilename : deskbar.dll


Adware.ToolbarDeepDive Object Recognized!
Type : File
Data : A0050914.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP218\



Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0051917.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP219\
FileVersion : 1.00.0008
ProductVersion : 1.00.0008
ProductName : Luiz08
InternalName : Luiz08
OriginalFilename : Luiz08.exe


Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0051973.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP220\
FileVersion : 1.00.0008
ProductVersion : 1.00.0008
ProductName : Luiz08
InternalName : Luiz08
OriginalFilename : Luiz08.exe


Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0052029.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP221\
FileVersion : 1.00.0008
ProductVersion : 1.00.0008
ProductName : Luiz08
InternalName : Luiz08
OriginalFilename : Luiz08.exe


Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0052083.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP221\
FileVersion : 1.00.0008
ProductVersion : 1.00.0008
ProductName : Luiz08
InternalName : Luiz08
OriginalFilename : Luiz08.exe


Adware.CasClient Object Recognized!
Type : File
Data : A0052124.exe
TAC Rating : 5
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP221\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0052180.dll
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP222\
FileVersion : 1, 0, 0, 272
ProductVersion : 1, 0, 0, 1
ProductName : Deskbar
CompanyName : Deskbar
FileDescription : Deskbar
InternalName : Deskbar
LegalCopyright : Copyright 2001-2003. All rights reserved.
OriginalFilename : deskbar.dll


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0052245.dll
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP224\
FileVersion : 1, 0, 0, 272
ProductVersion : 1, 0, 0, 1
ProductName : Deskbar
CompanyName : Deskbar
FileDescription : Deskbar
InternalName : Deskbar
LegalCopyright : Copyright 2001-2003. All rights reserved.
OriginalFilename : deskbar.dll


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0052303.dll
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP226\
FileVersion : 1, 0, 0, 272
ProductVersion : 1, 0, 0, 1
ProductName : Deskbar
CompanyName : Deskbar
FileDescription : Deskbar
InternalName : Deskbar
LegalCopyright : Copyright 2001-2003. All rights reserved.
OriginalFilename : deskbar.dll


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0059585.dll
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP226\
FileVersion : 1, 0, 0, 272
ProductVersion : 1, 0, 0, 1
ProductName : Deskbar
CompanyName : Deskbar
FileDescription : Deskbar
InternalName : Deskbar
LegalCopyright : Copyright 2001-2003. All rights reserved.
OriginalFilename : deskbar.dll


Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0060657.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP226\
FileVersion : 1.00.0008
ProductVersion : 1.00.0008
ProductName : Luiz08
InternalName : Luiz08
OriginalFilename : Luiz08.exe


WinFixer Object Recognized!
Type : File
Data : A0060729.dll
TAC Rating : 10
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP226\
FileVersion : 0.1.4.0
ProductVersion : 0.1.4.0
ProductName : CRXML
CompanyName : WinSofware
FileDescription : CRXML component
InternalName : CryptoXML.dll
LegalCopyright : © 2005 WinSofware. All rights reserved.
OriginalFilename : CryptoXML.dll


WinFixer Object Recognized!
Type : File
Data : A0060730.exe
TAC Rating : 10
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP226\
FileVersion : 1.0.1.0
ProductVersion : 1.0.1.0


WinAntiVirusPro Object Recognized!
Type : File
Data : A0060733.sys
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP226\
FileVersion : 1.0.2.0
ProductVersion : 1.0.2.0
CompanyName : WinSoftware Ltd
FileDescription : File Creation Filter Driver
LegalCopyright : Copyright © WinSoftware Ltd 2005
OriginalFilename : wff.sys


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0060815.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP226\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0060816.dll
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP226\
FileVersion : 1, 0, 0, 272
ProductVersion : 1, 0, 0, 1
ProductName : Deskbar
CompanyName : Deskbar
FileDescription : Deskbar
InternalName : Deskbar
LegalCopyright : Copyright 2001-2003. All rights reserved.
OriginalFilename : deskbar.dll


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0060853.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP227\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0060854.dll
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP227\
FileVersion : 1, 0, 0, 272
ProductVersion : 1, 0, 0, 1
ProductName : Deskbar
CompanyName : Deskbar
FileDescription : Deskbar
InternalName : Deskbar
LegalCopyright : Copyright 2001-2003. All rights reserved.
OriginalFilename : deskbar.dll


Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0060861.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP228\
FileVersion : 1.00.0029
ProductVersion : 1.00.0029
ProductName : Ggees29
InternalName : Ggees29
OriginalFilename : Ggees29.exe


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0060869.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP228\



Adware.Look2Me Object Recognized!
Type : File
Data : A0060888.dll
TAC Rating : 7
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP229\



Adware.Look2Me Object Recognized!
Type : File
Data : A0060893.dll
TAC Rating : 7
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP229\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0060899.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP229\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0061026.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP230\



Adware.Look2Me Object Recognized!
Type : File
Data : A0061049.dll
TAC Rating : 7
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP231\



Adware.Look2Me Object Recognized!
Type : File
Data : A0061050.dll
TAC Rating : 7
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP231\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0061057.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP231\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0062056.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP231\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0062076.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP232\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0062118.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP234\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0062119.dll
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP234\
FileVersion : 1, 0, 0, 272
ProductVersion : 1, 0, 0, 1
ProductName : Deskbar
CompanyName : Deskbar
FileDescription : Deskbar
InternalName : Deskbar
LegalCopyright : Copyright 2001-2003. All rights reserved.
OriginalFilename : deskbar.dll


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0062143.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP235\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0062144.dll
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP235\
FileVersion : 1, 0, 0, 272
ProductVersion : 1, 0, 0, 1
ProductName : Deskbar
CompanyName : Deskbar
FileDescription : Deskbar
InternalName : Deskbar
LegalCopyright : Copyright 2001-2003. All rights reserved.
OriginalFilename : deskbar.dll


Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0062159.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP235\
FileVersion : 1.00.0008
ProductVersion : 1.00.0008
ProductName : Luiz08
InternalName : Luiz08
OriginalFilename : Luiz08.exe


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0062168.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP235\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0062169.dll
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP235\
FileVersion : 1, 0, 0, 272
ProductVersion : 1, 0, 0, 1
ProductName : Deskbar
CompanyName : Deskbar
FileDescription : Deskbar
InternalName : Deskbar
LegalCopyright : Copyright 2001-2003. All rights reserved.
OriginalFilename : deskbar.dll


Adware.Look2Me Object Recognized!
Type : File
Data : A0062176.exe
TAC Rating : 7
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP235\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0062179.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP236\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0062197.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP236\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0063229.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP236\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0063270.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP236\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0064292.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP236\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0064355.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP237\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0064356.dll
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP237\
FileVersion : 1, 0, 0, 272
ProductVersion : 1, 0, 0, 1
ProductName : Deskbar
CompanyName : Deskbar
FileDescription : Deskbar
InternalName : Deskbar
LegalCopyright : Copyright 2001-2003. All rights reserved.
OriginalFilename : deskbar.dll


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0065373.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP238\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0065374.dll
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP238\
FileVersion : 1, 0, 0, 272
ProductVersion : 1, 0, 0, 1
ProductName : Deskbar
CompanyName : Deskbar
FileDescription : Deskbar
InternalName : Deskbar
LegalCopyright : Copyright 2001-2003. All rights reserved.
OriginalFilename : deskbar.dll


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0065388.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP238\
FileVersion : 1.00.0253
ProductVersion : 1.00.0253
ProductName : Project1
CompanyName : de5
InternalName : Project1
OriginalFilename : Project1.exe


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0065394.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP238\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0065401.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP238\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0065436.exe
TAC Rating : 10
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{490DF1D0-950A-4279-B26B-1FC6A2A5A243}\RP238\
FileVersion : 1.00.0183
ProductVersion : 1.00.0183
ProductName : Project1
CompanyName : fdslj reditf8eru8turdtreduj54tr8u548
InternalName : kybrdff_18_a
OriginalFilename : kybrdff_18_a.exe


Adware.Look2Me Object Recognized!
Type : File
Data : icont.exe
TAC Rating : 7
Category : Adware
Comment :
Object : C:\WINDOWS\



IEHijacker.ZestyFind Object Recognized!
Type : File
Data : iconu.exe
TAC Rating : 6
Category : Malware
Comment :
Object : C:\WINDOWS\



Adware.Look2Me Object Recognized!
Type : File
Data : AppWrap[1].exe
TAC Rating : 7
Category : Adware
Comment :
Object : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8167WTYR\



IEHijacker.ZestyFind Object Recognized!
Type : File
Data : AppWrap[2].exe
TAC Rating : 6
Category : Malware
Comment :
Object : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CLU3GX6V\



Adware.Look2Me Object Recognized!
Type : File
Data : n28olcl31fq.dll
TAC Rating : 7
Category : Adware
Comment :
Object : C:\WINDOWS\system32\



IEHijacker.ZestyFind Object Recognized!
Type : File
Data : bw2.com
TAC Rating : 6
Category : Malware
Comment :
Object : C:\WINDOWS\Temp\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 144

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 144




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WebHancer Object Recognized!
Type : Folder
TAC Rating : 9
Category : Data Miner
Comment : WebHancer
Object : C:\Program Files\webHancer

WebHancer Object Recognized!
Type : File
Data : webhdll.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\Program Files\webhancer\programs\
FileVersion : 3.9.2
ProductVersion : 3.9.2
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
LegalCopyright : Copyright © 1999-2006 webHancer Corporation
OriginalFilename : webhdll.dll


Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\system

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\system\sysuid

Win32.Trojan.Downloader Object Recognized!
Type : File
Data : guard.tmp
TAC Rating : 10
Category : Malware
Comment :
Object : c:\windows\system32\



WinFixer Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_df_kmd

WinFixer Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\enum\root\legacy_df_kmd

Other Object Recognized!
Type : File
Data : DESKBAR.EXE-38CDF805.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 152

2:44:06 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:40.172
Objects scanned:130343
Objects identified:135
Objects ignored:0
New critical objects:135






........
And here's the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 2:46:45 AM, on 10/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\jlwbv.exe
F2 - REG:system.ini: UserInit=userinit.exe,uhefhbp.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [xload] "C:\WINDOWS\s.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [qbv76fee] RUNDLL32.EXE w185cd5e.dll,n 00476fea00000003185cd5e
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [sys0286595543-1] C:\WINDOWS\sys0286595543-1.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: BlackBerry Desktop Redirector.lnk = C:\Program Files\Research In Motion\BlackBerry\Redirector.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.freeemotes.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.app...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://seasonalife.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
LS CalamityJane
Oct 14 2006, 05:00 PM
Some things you (your sister) need to know

This computer has been compromised by a backdoor remote access trojan

What is a backdoor or remote access trojan?
Read this article.
Danger: Remote Access Trojans
http://www.microsoft.com/technet/security/...o/virusrat.mspx

When should I re-format? How should I reinstall?
http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

The trojan was most likely a variant of this nasty Tilebot worm (aka SDbot)
Description to give you an idea of what it does:
Name W32/Tilebot-AK
http://www.sophos.com/virusinfo/analyses/w32tilebotak.html

Type * Worm

How it spreads
* Network shares
* Chat programs


Side effects

* Allows others to access the computer
* Installs itself in the Registry
* Exploits system or software vulnerabilities

Aliases

* Backdoor.Win32.SdBot.xd
* W32/Sdbot.worm.gen.h


QUOTE
W32/Tilebot-AK is a worm and IRC backdoor for the Windows platform.

W32/Tilebot-AK spreads to other network computers via network shares, and by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (CAN-2003-0812), PNP (MS05-039) and ASN.1 (MS04-007). It may also spread via chat programs.

W32/Tilebot-AK runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.

When first run W32/Tilebot-AK copies itself to <Windows folder>\lsass.exe.

The file lsass.exe is registered as a new system driver service named "lsass", with a display name of "Local Security Authority Subsystem Service" and a startup type of automatic, so that it is started automatically during system startup.


And, it has downloaded a whole boatload of some of the worst, hardest to remove adware/spyware/trojans and likely made changes to the system to lower overall security to make future infections quite easy. Since we don't know the extent of what may have been done to the system I can help you try to clean off the infected files but the changes made to lower security or allow future access by an attacker I cannot guarantee a remedy for any damage already done, hence the recommendation to reformat/reinstall if this is a viable option for you. That's probably the only way to be sure of the intergrity of the machine in the future.

Let me know if you wish to proceed with trying to clean off the infected files because I cannot guarantee a complete remedy for her situation here.
anhishere
Oct 16 2006, 07:32 AM
Thanks a lot for your help.

My sister has decided to just back up her files and reformat since this has been going on for a very long time, so the whole system is probably compromised.

Until the next disaster, see you.
LS CalamityJane
Oct 16 2006, 06:55 PM
You're welcome. Hopefully there won't be a next disaster.

Some prevention recomendations follow

Ad-Aware Plus has realtime protection to prevent infections before they have a chance to a get stronghold on your PC
http://www.lavasoft.com/

Also, I can't stress enough the importance of having your Windows critical Security Updates. Most malware today uses exploits on unpatched systems to creep onto your system without your even doing anything but visiting an infected webpage!!

Watch what you download, be careful where you surf, and don't trust attachments or even links in email and Instant messages. Even if they come from a buddy, that buddy could be the one infected and it is the virus sending that link from his account. You click on it thinking he is trusted, and *boom* you're infected.
Many "Phishing" attempts are made by cleverly crafted email to look like it is coming from an "official" source (like Microsoft, or your bank, or some other provider). Don't click on links in those. Go directly to the site instead and navigate the menus - don't trust email you think came from a "safe source" unless you are expecting it! There is more in the link I will provide below, but those are the choice avenues of infection these days.
Stay far AWAY from cracks and warez sites - you're sure to get infected files there, and the same can be said for files downloaded from p2p (more than half are usually infected and probably not detectable by your current security software - the newest nasties are always released in those venues).

A word about shared computers and networks.
Share Your PC
http://www.microsoft.com/windowsxp/using/s...hare/intro.mspx
Not all users need to have Admin Accounts. It is much safer to have most of your users on a shared system running as Limited User accounts. That way, if there is "an accident", it will only affect one user's account and not the entire system.


Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help smile.gif.
How do I prevent Browser Hijacks and Spyware?
http://www.dslreports.com/faq/13620

She needs to get SP2 installed. That will address numerous security issues in your Operating System and IE
Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
Windows Update
http://update.microsoft.com/microsoftupdate/

And see this link for instructions on how to configure the enhanced security features in SP2:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.

MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/...s/mbsahome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.

Also visit this Free Online Scanner from Microsoft for PC Health and Safety
http://safety.live.com/site/en-US/default.htm
and Microsoft Security At Home
http://www.microsoft.com/athome/security/default.mspx
for tips to Protect your Pc, Protect yourself and Protect your Family.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.