Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Help in Removal of Spyware/Trojan Alert

Started by pvsvk , Nov 21 2006 12:11 AM

  • Please log in to reply
58 replies to this topic

#46 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 30 November 2006 - 10:21 PM

Download and run - ATF Cleaner instructions here.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

    Advertisements

Register to Remove

#47 pvsvk

pvsvk

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 01 December 2006 - 05:29 AM

Dear Little Eagle,

It has freed some space...Here is the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 6:14:09 AM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Lotus7\notes\ntmulti.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tcs.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.micr...ookWelcomeMail3
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\ThinkVantage Fingerprint Software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus7\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe

+++++++++++++++++++++++++++++
Also attached is the Spyware Doctor log
+++++++++++++++++++++++++++++
Scan Results:
scan start: 11/30/2006 8:06:27 PM
scan stop: 11/30/2006 8:15:34 PM
scanned items: 100246
found items: 17
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



Infection Name Location Risk
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\4FZ3M4X9\10285205-42[1].gif High
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\4FZ3M4X9\10397306-17[1].gif High
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\5JZTNXZK\13702_10000002[1].gif High
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\5JZTNXZK\show[1].gif High
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\67A7U9Q3\show[1].gif High
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\8FAN0PWL\10379812-29[1].gif High
Advertising C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\8FAN0PWL\imgcr_E13_C19237-1[1].gif Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\AHCPKXYH\1335_10000270[1].gif High
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\88000000000029307[1].gif High
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\O1QF4TI1\10306368-14[1].jpg High
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\O1QF4TI1\2202737-44[1].gif High
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\REHVX9GE\10399221-2[1].gif High
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\TBBOI4L3\show[1].gif High
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\UF89UTY9\1335_10001355[1].gif High
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\UF89UTY9\9785835-24[1].gif High
Advertising C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\UF89UTY9\imgcr_E13_C19237-2[1].gif Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\UF89UTY9\show[1].gif High

Scan Results:
scan start: 11/30/2006 9:37:24 PM
scan stop: 11/30/2006 9:46:02 PM
scanned items: 94875
found items: 17
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



Infection Name Location Risk
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\4FZ3M4X9\10285205-42[1].gif Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\4FZ3M4X9\10397306-17[1].gif Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\5JZTNXZK\13702_10000002[1].gif Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\5JZTNXZK\show[1].gif Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\67A7U9Q3\show[1].gif Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\8FAN0PWL\10379812-29[1].gif Low
Advertising C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\8FAN0PWL\imgcr_E13_C19237-1[1].gif Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\AHCPKXYH\1335_10000270[1].gif Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\88000000000029307[1].gif Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\O1QF4TI1\10306368-14[1].jpg Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\O1QF4TI1\2202737-44[1].gif Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\REHVX9GE\10399221-2[1].gif Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\TBBOI4L3\show[1].gif Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\UF89UTY9\1335_10001355[1].gif Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\UF89UTY9\9785835-24[1].gif Low
Advertising C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\UF89UTY9\imgcr_E13_C19237-2[1].gif Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\UF89UTY9\show[1].gif Low

Scan Results:
scan start: 12/1/2006 6:15:12 AM
scan stop: 12/1/2006 6:15:13 AM
scanned items: 1
found items: 0
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



Infection Name Location Risk

Scan Results:
scan start: 12/1/2006 6:15:40 AM
scan stop: 12/1/2006 6:23:39 AM
scanned items: 92987
found items: 0
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



Infection Name Location Risk

Please help.

#48 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 01 December 2006 - 10:01 AM

Reboot in safe mode, instructions here.
Some of these files my have hidden atributes.
Click Here Should you need instructions for Showing hidden files and folders in Windows.
Once in safe mode, Click start / then my computer / local disk then follow the process tree.

C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\

Then delete everything in the folder.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#49 pvsvk

pvsvk

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 01 December 2006 - 05:38 PM

Dear Little Eagle, I tried but seems its still there..Here is the Spyware Doctor log. Pls help. Thanks Vinod =========================== Scan Results: scan start: 12/1/2006 6:16:01 PM scan stop: 12/1/2006 6:28:15 PM scanned items: 89905 found items: 2 found and ignored: 0 tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner Infection Name Location Risk Tracking Cookie(s) C:\Documents and Settings\TCS\Cookies\tcs@www.xe[1].txt Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\G4UZECST\newmoon11[1].png ===========================

#50 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 01 December 2006 - 07:00 PM

Try cleanup. You can download Cleanup! here.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#51 pvsvk

pvsvk

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 01 December 2006 - 10:03 PM

Dear Little Eagle,

Please find the log of Spyware Doctor :

Scan Results:
scan start: 12/1/2006 10:29:29 PM
scan stop: 12/1/2006 10:37:31 PM
scanned items: 92703
found items: 7
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner

Infection Name Location Risk
Tracking Cookie(s) C:\Documents and Settings\TCS\Cookies\tcs@www.xe[1].txt Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\13812_10000013[1].gif High
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\G4UZECST\2202737-44[1].gif High
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\G4UZECST\newmoon11[1].png High
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\REHVX9GE\10379804-31[1].gif High
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\TBBOI4L3\10306368-14[1].jpg High
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\TBBOI4L3\10399374-16[1].gif High

Scan Results:
scan start: 12/1/2006 10:47:18 PM
scan stop: 12/1/2006 10:55:53 PM
scanned items: 92810
found items: 7
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner

Infection Name Location Risk
Tracking Cookie(s) C:\Documents and Settings\TCS\Cookies\tcs@www.xe[1].txt Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\13812_10000013[1].gif Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\G4UZECST\2202737-44[1].gif Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\G4UZECST\newmoon11[1].png Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\REHVX9GE\10379804-31[1].gif Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\TBBOI4L3\10306368-14[1].jpg Low
Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\TBBOI4L3\10399374-16[1].gif Low

==================================================================

Logfile of HijackThis v1.99.1
Scan saved at 10:59:14 PM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Lotus7\notes\ntmulti.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tcs.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.micr...ookWelcomeMail3
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\ThinkVantage Fingerprint Software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus7\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe

==================================================================

Regards
Vinod

#52 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 01 December 2006 - 11:00 PM

Please find the log of Spyware Doctor :

Scan Results:
scan start: 12/1/2006 10:29:29 PM
scan stop: 12/1/2006 10:37:31 PM
scanned items: 92703
found items: 7
found and ignored: 0

Doesn't spyware doctor delete them :unsure:

There is nothing wrong there in the log.

Edited by little eagle, 01 December 2006 - 11:00 PM.

Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#53 pvsvk

pvsvk

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 02 December 2006 - 12:26 AM

Dear Little Eagle, Unfortunately, I didn't buy the Registered software from Spyware so not able to delete the files. Here is the fresh log..Pls advise..How to remove 'Known Bad Sites' ============================================================== Scan Results: scan start: 12/2/2006 1:11:27 AM scan stop: 12/2/2006 1:20:36 AM scanned items: 93759 found items: 6 found and ignored: 0 tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner Infection Name Location Risk Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\13812_10000013[1].gif High Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\G4UZECST\2202737-44[1].gif High Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\G4UZECST\newmoon11[1].png High Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\REHVX9GE\10379804-31[1].gif High Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\TBBOI4L3\10306368-14[1].jpg High Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\TBBOI4L3\10399374-16[1].gif High ============================================================== Rgds Vinod

#54 pvsvk

pvsvk

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 02 December 2006 - 08:12 AM

Dear Little Eagle, Pls find the log of Spyware Doctor attached. Though the risk is low but everytime I browse it comes up. =============================================================== Scan Results: scan start: 12/2/2006 1:11:27 AM scan stop: 12/2/2006 1:20:36 AM scanned items: 93759 found items: 6 found and ignored: 0 tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner Infection Name Location Risk Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\13812_10000013[1].gif High Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\G4UZECST\2202737-44[1].gif High Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\G4UZECST\newmoon11[1].png High Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\REHVX9GE\10379804-31[1].gif High Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\TBBOI4L3\10306368-14[1].jpg High Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\TBBOI4L3\10399374-16[1].gif High Scan Results: scan start: 12/2/2006 1:27:39 AM scan stop: 12/2/2006 1:37:14 AM scanned items: 94280 found items: 8 found and ignored: 0 tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner Infection Name Location Risk Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\13812_10000013[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\logo1[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\movie1[1].htm Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\G4UZECST\2202737-44[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\G4UZECST\newmoon11[1].png Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\REHVX9GE\10379804-31[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\TBBOI4L3\10306368-14[1].jpg Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\TBBOI4L3\10399374-16[1].gif Low Scan Results: scan start: 12/2/2006 1:40:16 AM scan stop: 12/2/2006 1:49:24 AM scanned items: 94905 found items: 12 found and ignored: 0 tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner Infection Name Location Risk Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\8FAN0PWL\10376988-4[1].htm Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\8FAN0PWL\movie1[1].htm Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\A9F4LWB6\logop1[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\13812_10000013[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\logo1[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\movie1[1].htm Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\G4UZECST\2202737-44[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\G4UZECST\newmoon11[1].png Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\O1QF4TI1\logop2[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\REHVX9GE\10379804-31[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\TBBOI4L3\10306368-14[1].jpg Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\TBBOI4L3\10399374-16[1].gif Low Scan Results: scan start: 12/2/2006 8:34:52 AM scan stop: 12/2/2006 8:44:33 AM scanned items: 97895 found items: 20 found and ignored: 0 tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner Infection Name Location Risk Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\8FAN0PWL\10376988-4[1].htm Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\8FAN0PWL\movie1[1].htm Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\A9F4LWB6\1335_10000270[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\A9F4LWB6\logop1[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\1335_10001477[1].jpg Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\13812_10000013[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\logo1[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\movie1[1].htm Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\show[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\G4UZECST\2202737-44[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\G4UZECST\newmoon11[1].png Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\O1QF4TI1\10300835-12[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\O1QF4TI1\8784186-32[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\O1QF4TI1\88000000000030084[1].jpg Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\O1QF4TI1\logop2[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\REHVX9GE\10379804-31[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\TBBOI4L3\10306368-14[1].jpg Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\TBBOI4L3\10392978-37[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\TBBOI4L3\10399374-16[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\UF89UTY9\9785835-24[1].gif Low Scan Results: scan start: 12/2/2006 8:56:59 AM scan stop: 12/2/2006 9:07:05 AM scanned items: 98296 found items: 21 found and ignored: 0 tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner Infection Name Location Risk Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\8FAN0PWL\10376988-4[1].htm Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\8FAN0PWL\movie1[1].htm Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\A9F4LWB6\1335_10000270[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\A9F4LWB6\logop1[1].gif Low Fast Video Player Dialer C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\AHCPKXYH\vendor_redir[1].htm High Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\1335_10001477[1].jpg Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\13812_10000013[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\logo1[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\movie1[1].htm Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\FRH3BTWW\show[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\G4UZECST\2202737-44[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\G4UZECST\newmoon11[1].png Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\O1QF4TI1\10300835-12[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\O1QF4TI1\8784186-32[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\O1QF4TI1\88000000000030084[1].jpg Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\O1QF4TI1\logop2[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\REHVX9GE\10379804-31[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\TBBOI4L3\10306368-14[1].jpg Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\TBBOI4L3\10392978-37[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\TBBOI4L3\10399374-16[1].gif Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\UF89UTY9\9785835-24[1].gif Low =================================================================== Rgds Vinod

#55 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 02 December 2006 - 10:19 AM

Remove Spyware Doctor in add and remove programs.

Use Avg
http://forums.securi...read.php?t=3165

And spybot http://www.security-...o...4&Itemid=26


And dont worry ;)

Edited by little eagle, 02 December 2006 - 10:19 AM.

Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

    Advertisements

Register to Remove

#56 pvsvk

pvsvk

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 03 December 2006 - 08:49 AM

Dear Little Eagle,

I guess there is a background Spyware i guess...'Known Bad Sites'

++++++++++++++++++++++++++++++++++++++++++++++++++++

Logfile of HijackThis v1.99.1
Scan saved at 9:41:20 AM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Lotus7\notes\ntmulti.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Lotus\Sametime Client\Connect.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tcs.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.micr...ookWelcomeMail3
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\ThinkVantage Fingerprint Software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus7\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe

++++++++++++++++++++++++++++++++++++++++++++++++++++

Regards
Vinod

#57 pvsvk

pvsvk

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 04 December 2006 - 01:21 AM

Dear Little Eagle,

There are some more virus in my machine..

Logfile of HijackThis v1.99.1
Scan saved at 2:15:27 AM, on 12/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Lotus7\notes\ntmulti.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tcs.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.micr...ookWelcomeMail3
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\ThinkVantage Fingerprint Software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus7\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe

Please help.

Thanks
Vinod

#58 pvsvk

pvsvk

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 05 December 2006 - 09:06 PM

Dear Little Eagle, I still have the Tracking Cookie(s),Advertising and Known Bad Sites. Though its error is Low would appreciate if you can help in this. Regards Vinod Scan Results: scan start: 12/5/2006 9:39:17 PM scan stop: 12/5/2006 9:46:24 PM scanned items: 90609 found items: 18 found and ignored: 0 tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner Infection Name Location Risk Tracking Cookie(s) C:\Documents and Settings\TCS\Cookies\tcs@2o7[2].txt Low Advertising C:\Documents and Settings\TCS\Cookies\tcs@ad.yieldmanager[1].txt Low Tracking Cookie(s) C:\Documents and Settings\TCS\Cookies\tcs@adrevolver[2].txt Low Tracking Cookie(s) C:\Documents and Settings\TCS\Cookies\tcs@adrevolver[3].txt Low Advertising C:\Documents and Settings\TCS\Cookies\tcs@ads.pointroll[2].txt Low Advertising C:\Documents and Settings\TCS\Cookies\tcs@advertising[1].txt Low Advertising C:\Documents and Settings\TCS\Cookies\tcs@casalemedia[1].txt Low Tracking Cookie(s) C:\Documents and Settings\TCS\Cookies\tcs@data.coremetrics[1].txt Low Advertising C:\Documents and Settings\TCS\Cookies\tcs@doubleclick[2].txt Low Tracking Cookie(s) C:\Documents and Settings\TCS\Cookies\tcs@edge.ru4[1].txt Low Advertising C:\Documents and Settings\TCS\Cookies\tcs@fastclick[2].txt Low Advertising C:\Documents and Settings\TCS\Cookies\tcs@mediaplex[1].txt Low Advertising C:\Documents and Settings\TCS\Cookies\tcs@overture[1].txt Low Tracking Cookie(s) C:\Documents and Settings\TCS\Cookies\tcs@questionmarket[1].txt Low Tracking Cookie(s) C:\Documents and Settings\TCS\Cookies\tcs@serving-sys[1].txt Low Advertising C:\Documents and Settings\TCS\Cookies\tcs@statcounter[2].txt Low Tracking Cookie(s) C:\Documents and Settings\TCS\Cookies\tcs@tribalfusion[1].txt Low Known Bad Sites C:\Documents and Settings\TCS\Local Settings\Temporary Internet Files\Content.IE5\A507ER45\6652[1].gif Low

#59 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 05 December 2006 - 10:28 PM

You will get these as long as you are on the internet.

There is nothing you can do about them :)

Download and run - ATF Cleaner instructions here.
How ever if you open IE you will get more when you go to a web site.

To help keep your PC clean follow the recommendations here by shelf life.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·