 |  |  |  |  |  |  |  |
Aurora/DrPmon/shopathomeselect..Please Help Me..
Thread Solved |
•
•
Join Date: Feb 2004
Posts: 10,127
Reputation: 
Solved Threads: 770
You are welcome 
.
This thread is now closed. If you need it reopened, please send a PM to one of our Mods.
Include the link to the thread and detail why you need it reopened.
If this is not your thread please start a New Topic.
.This thread is now closed. If you need it reopened, please send a PM to one of our Mods.
Include the link to the thread and detail why you need it reopened.
If this is not your thread please start a New Topic.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Happy 4th of July everybody, hope all is well..
It appears I am still having trouble with my machine. I run Microsoft antispyware and webroot Spy Sweeper and I still get messages telling me I have spyware and trojan horses. It doesnt matter how many times I remove them, something new appears the next time I run them. Here is my Microsoft system log followed by spy sweeper log:
Spyware Scan Details
Start Date: 7/4/2005 5:35:01 PM
End Date: 7/4/2005 5:43:58 PM
Total Time: 8 mins 57 secs
Detected Threats
ShopAtHome Spyware more information...
Details: ShopAtHome installs an agent in the Winsock layer of your computer. This redirects your Web browser to merchant sites affiliated with ShopAtHome rather than the Web sites you type in or click.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.
Infected files detected
c:\windows\rucb52o0.exe
Transponder.ABetterInternet Adware more information...
Details: ABetterInternet displays advertisements based on the Web sites you visit.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected folders detected
c:\documents and settings\Justin\Local Settings\Temp\DrTemp
Trojan.Downloader.KavSvc Trojan Downloader more information...
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected files detected
c:\windows\system32\cabqxbb.exe
c:\windows\system32\ekrcyrr.dll
c:\windows\system32\karulr.exe
c:\windows\system32\qupyg.dat
Look2Me Spyware more information...
Details: Look2Me monitors the Web sites you visit and sends the log to the remote server. Look2Me will also display pop-up windows.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected files detected
C:\WINDOWS\SYSTEM\UpdInst.exe
ICanNews Adware more information...
Details: ICanNews is an adware program that logs keywords typed in web searches and creates shortcuts and displays advertisements.
Status: Removed
Elevated threat - Elevated-risk items have some potential for harm. Users should review such programs and remove them if unwanted.
Infected files detected
c:\WINDOWS\Downloaded Program Files\ActiveX.ocx
Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{3BFADCE2-1141-4B81-8878-49AF625F0FDC}
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\ProgID ActiveXCtrl
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\ToolboxBitmap32 C:\WINDOWS\DOWNLO~1\ActiveX.ocx, 1
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\TypeLib {EE5AC3D6-6F43-4047-AF0A-D66FC2CF8F42}
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\Version 1.0
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} ActiveX Control
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\Contains\Files C:\WINDOWS\Downloaded Program Files\ActiveX.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\DownloadInformation CODEBASE http://www.icannnews.com/app/ST/ActiveX.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\InstalledVersion 1,0,0,1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\InstalledVersion LastModified Tue, 14 Jun 2005 15:48:18 GMT
HKEY_CLASSES_ROOT\clsid\{3BFADCE2-1141-4B81-8878-49AF625F0FDC}\InprocServer32 C:\WINDOWS\DOWNLO~1\ActiveX.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} SystemComponent 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} Installer MSICD
HKEY_CLASSES_ROOT\clsid\{3BFADCE2-1141-4B81-8878-49AF625F0FDC} ActiveX Property Page
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\Control
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\InprocServer32 C:\WINDOWS\DOWNLO~1\ActiveX.ocx
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\MiscStatus 0
Detected Spyware Cookies
No spyware cookies were found during this scan.
SPYSWEEPER LOG:
5:49 PM: |··· Start of Session, Monday, July 04, 2005 ···|
5:49 PM: Spy Sweeper started
5:49 PM: Sweep initiated using definitions version 500
5:49 PM: Starting Memory Sweep
5:54 PM: Memory Sweep Complete, Elapsed Time: 00:05:22
5:54 PM: Starting Registry Sweep
5:55 PM: Found Adware: clkoptimizer
5:55 PM: HKCR\folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\ (1 subtraces) (ID = 3990306)
5:55 PM: HKLM\software\classes\folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\ (1 subtraces) (ID = 3990401)
5:55 PM: Found Adware: delfin
5:55 PM: HKCR\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}\ (8 subtraces) (ID = 4009250)
5:55 PM: HKCR\interface\{41700749-a109-4254-af13-be54011e8783}\ (8 subtraces) (ID = 4009251)
5:55 PM: HKLM\software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}\ (8 subtraces) (ID = 4009254)
5:55 PM: HKLM\software\classes\interface\{41700749-a109-4254-af13-be54011e8783}\ (8 subtraces) (ID = 4009255)
5:55 PM: HKLM\software\classes\typelib\{2a7db8d1-43be-4ad3-a81e-9bb8c9d00073}\ (9 subtraces) (ID = 4009256)
5:55 PM: HKLM\software\microsoft\windows\currentversion\uninstall\displayutility\ (2 subtraces) (ID = 4009290)
5:55 PM: HKLM\software\motoin\ (2 subtraces) (ID = 4009294)
5:55 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\mvu\ (5 subtraces) (ID = 4009295)
5:55 PM: HKLM\software\mvu\ (6 subtraces) (ID = 4009296)
5:55 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\picsvr\ (1 subtraces) (ID = 4009301)
5:55 PM: HKLM\software\picsvr\ (1 subtraces) (ID = 4009302)
5:55 PM: HKLM\software\vidctrl\ (3 subtraces) (ID = 4009308)
5:55 PM: HKCR\typelib\{2a7db8d1-43be-4ad3-a81e-9bb8c9d00073}\ (9 subtraces) (ID = 4009310)
5:55 PM: Found Adware: roings search enhancment
5:55 PM: HKCR\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\ (25 subtraces) (ID = 4024644)
5:55 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\inprocserver32\ (2 subtraces) (ID = 4024694)
5:55 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\miscstatus\ (3 subtraces) (ID = 4024695)
5:55 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\progid\ (1 subtraces) (ID = 4024696)
5:55 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\toolboxbitmap32\ (1 subtraces) (ID = 4024697)
5:55 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\typelib\ (1 subtraces) (ID = 4024698)
5:55 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\version\ (1 subtraces) (ID = 4024699)
5:55 PM: HKLM\software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 4024745)
5:55 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/m67m.ocx\ (2 subtraces) (ID = 4024784)
5:55 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\m67m.ocx (ID = 4024813)
5:55 PM: HKCR\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 4024837)
5:56 PM: Found Adware: abetterinternet
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || au3n5a7tionscode (ID = 4030653)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || auc1o3d5eofsfinalad (ID = 4030655)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || auc3n5tfyl (ID = 4030656)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || auc3n5trmsgsdisp (ID = 4030657)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aud3s5tssend (ID = 4030659)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aui3d5ofsinst (ID = 4030661)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aui3n5progscab (ID = 4030663)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aui3n5progsex (ID = 4030664)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aui3n5progslstest (ID = 4030665)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aum3o5dessync (ID = 4030667)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aup3d5om (ID = 4030668)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aus3t5icky1s (ID = 4030670)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aus3t5icky2s (ID = 4030671)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aus3t5icky3s (ID = 4030672)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aus3t5icky4s (ID = 4030673)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aut3h5rshschecksin (ID = 4030675)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aut3h5rshsmots (ID = 4030676)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aut3i5m7eofsfinalad (ID = 4030678)
5:56 PM: Registry Sweep Complete, Elapsed Time:00:01:07
5:56 PM: Starting Cookie Sweep
5:56 PM: Found Cookie: 2o7.net cookie
5:56 PM: justin@2o7[2].txt (ID = 165345)
5:56 PM: Found Cookie: yieldmanager cookie
5:56 PM: justin@ad.yieldmanager[1].txt (ID = 167152)
5:56 PM: Found Cookie: adknowledge cookie
5:56 PM: justin@adknowledge[2].txt (ID = 165460)
5:56 PM: Found Cookie: specificclick.com cookie
5:56 PM: justin@adopt.specificclick[2].txt (ID = 166795)
5:56 PM: Found Cookie: adrevolver cookie
5:56 PM: justin@adrevolver[1].txt (ID = 165476)
5:56 PM: justin@adrevolver[2].txt (ID = 165476)
5:56 PM: Found Cookie: advertising cookie
5:56 PM: justin@advertising[2].txt (ID = 165563)
5:56 PM: Found Cookie: ask cookie
5:56 PM: justin@ask[1].txt (ID = 165633)
5:56 PM: Found Cookie: atlas dmt cookie
5:56 PM: justin@atdmt[2].txt (ID = 165643)
5:56 PM: Found Cookie: belnk cookie
5:56 PM: justin@ath.belnk[1].txt (ID = 165682)
5:56 PM: justin@belnk[2].txt (ID = 165682)
5:56 PM: Found Cookie: sextracker cookie
5:56 PM: justin@counter7.sextracker[2].txt (ID = 166757)
5:56 PM: justin@dist.belnk[2].txt (ID = 165682)
5:56 PM: Found Cookie: doubleclick cookie
5:56 PM: justin@doubleclick[1].txt (ID = 165927)
5:56 PM: Found Cookie: fastclick cookie
5:56 PM: justin@fastclick[2].txt (ID = 166043)
5:56 PM: Found Cookie: go.com cookie
5:56 PM: justin@go[2].txt (ID = 166120)
5:56 PM: Found Cookie: mediaplex cookie
5:56 PM: justin@mediaplex[1].txt (ID = 166366)
5:56 PM: Found Cookie: outster cookie
5:56 PM: justin@outster[1].txt (ID = 166499)
5:56 PM: Found Cookie: questionmarket cookie
5:56 PM: justin@questionmarket[1].txt (ID = 166611)
5:56 PM: Found Cookie: realmedia cookie
5:56 PM: justin@realmedia[2].txt (ID = 166629)
5:56 PM: Found Cookie: adjuggler cookie
5:56 PM: justin@rotator.adjuggler[1].txt (ID = 165458)
5:56 PM: Found Cookie: servedby advertising cookie
5:56 PM: justin@servedby.advertising[2].txt (ID = 166731)
5:56 PM: justin@sextracker[2].txt (ID = 166757)
5:56 PM: Found Cookie: tradedoubler cookie
5:56 PM: justin@tradedoubler[1].txt (ID = 166973)
5:56 PM: Found Cookie: trafficmp cookie
5:56 PM: justin@trafficmp[1].txt (ID = 166979)
5:56 PM: Found Cookie: valueclick cookie
5:56 PM: justin@valueclick[1].txt (ID = 167026)
5:56 PM: Found Cookie: myaffiliateprogram.com cookie
5:56 PM: justin@www.myaffiliateprogram[1].txt (ID = 166427)
5:56 PM: Found Cookie: xxxcounter cookie
5:56 PM: justin@xxxcounter[1].txt (ID = 167135)
5:56 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
5:56 PM: Starting File Sweep
5:56 PM: c:\documents and settings\all users\application data\nsv (1 subtraces) (ID = 3717838)
5:56 PM: c:\windows\system32\nsvsvc (2 subtraces) (ID = 3717855)
5:56 PM: c:\windows\system32\vidctrl (ID = 3717857)
5:56 PM: Found Trojan Horse: trojan-downloader-bookedspace
5:56 PM: c:\windows\cfgmgr52 (38 subtraces) (ID = 3742862)
5:56 PM: f10499890.exe (ID = 3712924)
5:56 PM: Found Adware: altnet
5:56 PM: 10835164.asw (ID = 3709027)
5:56 PM: unstall.exe (ID = 3736082)
5:57 PM: 10835175.asw (ID = 3709022)
5:57 PM: abiuninst.htm (ID = 3745832)
5:58 PM: 10835101.asw (ID = 3709038)
5:58 PM: 10835081.asw (ID = 3709070)
5:58 PM: Found Adware: downloadware
5:58 PM: webinstall.exe (ID = 3719439)
5:59 PM: 10835200.asw (ID = 3709015)
6:01 PM: Found Adware: 180search assistant
6:01 PM: 180sainstallernusac.exe (ID = 3731811)
6:01 PM: Found Adware: shopathomeselect
6:01 PM: 48473iei.dat (ID = 3737868)
6:01 PM: Found Adware: icondroppers
6:01 PM: hisistheurls.exe (ID = 3723251)
6:01 PM: nsvs.dll (ID = 3717739)
6:01 PM: File Sweep Complete, Elapsed Time: 00:05:18
6:01 PM: Full Sweep has completed. Elapsed time 00:12:00
6:01 PM: Traces Found: 256
6:02 PM: Removal process initiated
6:02 PM: Quarantining All Traces: clkoptimizer
6:02 PM: An error occurred during quarantine:
6:02 PM: List index out of bounds (0)
6:02 PM: Quarantining All Traces: delfin
6:02 PM: An error occurred during quarantine:
6:02 PM: List index out of bounds (0)
6:02 PM: Quarantining All Traces: roings search enhancment
6:02 PM: An error occurred during quarantine:
6:02 PM: List index out of bounds (0)
6:02 PM: Quarantining All Traces: 2o7.net cookie
6:02 PM: Quarantining All Traces: yieldmanager cookie
6:02 PM: Quarantining All Traces: adknowledge cookie
6:02 PM: Quarantining All Traces: specificclick.com cookie
6:02 PM: Quarantining All Traces: adrevolver cookie
6:02 PM: Quarantining All Traces: advertising cookie
6:02 PM: Quarantining All Traces: ask cookie
6:02 PM: Quarantining All Traces: atlas dmt cookie
6:02 PM: Quarantining All Traces: belnk cookie
6:02 PM: Quarantining All Traces: sextracker cookie
6:02 PM: Quarantining All Traces: doubleclick cookie
6:02 PM: Quarantining All Traces: fastclick cookie
6:02 PM: Quarantining All Traces: go.com cookie
6:02 PM: Quarantining All Traces: mediaplex cookie
6:02 PM: Quarantining All Traces: outster cookie
6:02 PM: Quarantining All Traces: questionmarket cookie
6:02 PM: Quarantining All Traces: realmedia cookie
6:02 PM: Quarantining All Traces: adjuggler cookie
6:02 PM: Quarantining All Traces: servedby advertising cookie
6:02 PM: Quarantining All Traces: tradedoubler cookie
6:02 PM: Quarantining All Traces: trafficmp cookie
6:02 PM: Quarantining All Traces: valueclick cookie
6:02 PM: Quarantining All Traces: myaffiliateprogram.com cookie
6:02 PM: Quarantining All Traces: xxxcounter cookie
6:02 PM: Quarantining All Traces: trojan-downloader-bookedspace
6:02 PM: Warning: List index out of bounds (0)
6:02 PM: Failed to quarantine trojan-downloader-bookedspace
6:02 PM: Failed to quarantine c:\windows\cfgmgr52
6:02 PM: Quarantining All Traces: altnet
6:02 PM: An error occurred during quarantine:
6:02 PM: List index out of bounds (0)
6:02 PM: Quarantining All Traces: downloadware
6:02 PM: An error occurred during quarantine:
6:02 PM: List index out of bounds (0)
6:02 PM: Quarantining All Traces: 180search assistant
6:02 PM: An error occurred during quarantine:
6:02 PM: List index out of bounds (0)
6:02 PM: Quarantining All Traces: shopathomeselect
6:02 PM: An error occurred during quarantine:
6:02 PM: List index out of bounds (0)
6:02 PM: Quarantining All Traces: icondroppers
6:02 PM: An error occurred during quarantine:
6:02 PM: List index out of bounds (0)
6:02 PM: Quarantining All Traces: abetterinternet
6:02 PM: An error occurred during quarantine:
6:02 PM: List index out of bounds (0)
6:02 PM: Removal process completed. Elapsed time 00:00:17
Any help is appreciated. Thanks...
It appears I am still having trouble with my machine. I run Microsoft antispyware and webroot Spy Sweeper and I still get messages telling me I have spyware and trojan horses. It doesnt matter how many times I remove them, something new appears the next time I run them. Here is my Microsoft system log followed by spy sweeper log:
Spyware Scan Details
Start Date: 7/4/2005 5:35:01 PM
End Date: 7/4/2005 5:43:58 PM
Total Time: 8 mins 57 secs
Detected Threats
ShopAtHome Spyware more information...
Details: ShopAtHome installs an agent in the Winsock layer of your computer. This redirects your Web browser to merchant sites affiliated with ShopAtHome rather than the Web sites you type in or click.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.
Infected files detected
c:\windows\rucb52o0.exe
Transponder.ABetterInternet Adware more information...
Details: ABetterInternet displays advertisements based on the Web sites you visit.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected folders detected
c:\documents and settings\Justin\Local Settings\Temp\DrTemp
Trojan.Downloader.KavSvc Trojan Downloader more information...
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected files detected
c:\windows\system32\cabqxbb.exe
c:\windows\system32\ekrcyrr.dll
c:\windows\system32\karulr.exe
c:\windows\system32\qupyg.dat
Look2Me Spyware more information...
Details: Look2Me monitors the Web sites you visit and sends the log to the remote server. Look2Me will also display pop-up windows.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected files detected
C:\WINDOWS\SYSTEM\UpdInst.exe
ICanNews Adware more information...
Details: ICanNews is an adware program that logs keywords typed in web searches and creates shortcuts and displays advertisements.
Status: Removed
Elevated threat - Elevated-risk items have some potential for harm. Users should review such programs and remove them if unwanted.
Infected files detected
c:\WINDOWS\Downloaded Program Files\ActiveX.ocx
Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{3BFADCE2-1141-4B81-8878-49AF625F0FDC}
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\ProgID ActiveXCtrl
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\ToolboxBitmap32 C:\WINDOWS\DOWNLO~1\ActiveX.ocx, 1
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\TypeLib {EE5AC3D6-6F43-4047-AF0A-D66FC2CF8F42}
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\Version 1.0
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} ActiveX Control
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\Contains\Files C:\WINDOWS\Downloaded Program Files\ActiveX.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\DownloadInformation CODEBASE http://www.icannnews.com/app/ST/ActiveX.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\InstalledVersion 1,0,0,1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\InstalledVersion LastModified Tue, 14 Jun 2005 15:48:18 GMT
HKEY_CLASSES_ROOT\clsid\{3BFADCE2-1141-4B81-8878-49AF625F0FDC}\InprocServer32 C:\WINDOWS\DOWNLO~1\ActiveX.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} SystemComponent 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} Installer MSICD
HKEY_CLASSES_ROOT\clsid\{3BFADCE2-1141-4B81-8878-49AF625F0FDC} ActiveX Property Page
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\Control
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\InprocServer32 C:\WINDOWS\DOWNLO~1\ActiveX.ocx
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\clsid\{4208FB4D-4E53-4F5A-BF7A-3E047DDB5281}\MiscStatus 0
Detected Spyware Cookies
No spyware cookies were found during this scan.
SPYSWEEPER LOG:
5:49 PM: |··· Start of Session, Monday, July 04, 2005 ···|
5:49 PM: Spy Sweeper started
5:49 PM: Sweep initiated using definitions version 500
5:49 PM: Starting Memory Sweep
5:54 PM: Memory Sweep Complete, Elapsed Time: 00:05:22
5:54 PM: Starting Registry Sweep
5:55 PM: Found Adware: clkoptimizer
5:55 PM: HKCR\folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\ (1 subtraces) (ID = 3990306)
5:55 PM: HKLM\software\classes\folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\ (1 subtraces) (ID = 3990401)
5:55 PM: Found Adware: delfin
5:55 PM: HKCR\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}\ (8 subtraces) (ID = 4009250)
5:55 PM: HKCR\interface\{41700749-a109-4254-af13-be54011e8783}\ (8 subtraces) (ID = 4009251)
5:55 PM: HKLM\software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}\ (8 subtraces) (ID = 4009254)
5:55 PM: HKLM\software\classes\interface\{41700749-a109-4254-af13-be54011e8783}\ (8 subtraces) (ID = 4009255)
5:55 PM: HKLM\software\classes\typelib\{2a7db8d1-43be-4ad3-a81e-9bb8c9d00073}\ (9 subtraces) (ID = 4009256)
5:55 PM: HKLM\software\microsoft\windows\currentversion\uninstall\displayutility\ (2 subtraces) (ID = 4009290)
5:55 PM: HKLM\software\motoin\ (2 subtraces) (ID = 4009294)
5:55 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\mvu\ (5 subtraces) (ID = 4009295)
5:55 PM: HKLM\software\mvu\ (6 subtraces) (ID = 4009296)
5:55 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\picsvr\ (1 subtraces) (ID = 4009301)
5:55 PM: HKLM\software\picsvr\ (1 subtraces) (ID = 4009302)
5:55 PM: HKLM\software\vidctrl\ (3 subtraces) (ID = 4009308)
5:55 PM: HKCR\typelib\{2a7db8d1-43be-4ad3-a81e-9bb8c9d00073}\ (9 subtraces) (ID = 4009310)
5:55 PM: Found Adware: roings search enhancment
5:55 PM: HKCR\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\ (25 subtraces) (ID = 4024644)
5:55 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\inprocserver32\ (2 subtraces) (ID = 4024694)
5:55 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\miscstatus\ (3 subtraces) (ID = 4024695)
5:55 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\progid\ (1 subtraces) (ID = 4024696)
5:55 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\toolboxbitmap32\ (1 subtraces) (ID = 4024697)
5:55 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\typelib\ (1 subtraces) (ID = 4024698)
5:55 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\version\ (1 subtraces) (ID = 4024699)
5:55 PM: HKLM\software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 4024745)
5:55 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/m67m.ocx\ (2 subtraces) (ID = 4024784)
5:55 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\m67m.ocx (ID = 4024813)
5:55 PM: HKCR\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 4024837)
5:56 PM: Found Adware: abetterinternet
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || au3n5a7tionscode (ID = 4030653)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || auc1o3d5eofsfinalad (ID = 4030655)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || auc3n5tfyl (ID = 4030656)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || auc3n5trmsgsdisp (ID = 4030657)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aud3s5tssend (ID = 4030659)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aui3d5ofsinst (ID = 4030661)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aui3n5progscab (ID = 4030663)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aui3n5progsex (ID = 4030664)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aui3n5progslstest (ID = 4030665)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aum3o5dessync (ID = 4030667)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aup3d5om (ID = 4030668)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aus3t5icky1s (ID = 4030670)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aus3t5icky2s (ID = 4030671)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aus3t5icky3s (ID = 4030672)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aus3t5icky4s (ID = 4030673)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aut3h5rshschecksin (ID = 4030675)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aut3h5rshsmots (ID = 4030676)
5:56 PM: HKU\S-1-5-21-4103935507-4149289120-20391873-1006\software\aurora\ || aut3i5m7eofsfinalad (ID = 4030678)
5:56 PM: Registry Sweep Complete, Elapsed Time:00:01:07
5:56 PM: Starting Cookie Sweep
5:56 PM: Found Cookie: 2o7.net cookie
5:56 PM: justin@2o7[2].txt (ID = 165345)
5:56 PM: Found Cookie: yieldmanager cookie
5:56 PM: justin@ad.yieldmanager[1].txt (ID = 167152)
5:56 PM: Found Cookie: adknowledge cookie
5:56 PM: justin@adknowledge[2].txt (ID = 165460)
5:56 PM: Found Cookie: specificclick.com cookie
5:56 PM: justin@adopt.specificclick[2].txt (ID = 166795)
5:56 PM: Found Cookie: adrevolver cookie
5:56 PM: justin@adrevolver[1].txt (ID = 165476)
5:56 PM: justin@adrevolver[2].txt (ID = 165476)
5:56 PM: Found Cookie: advertising cookie
5:56 PM: justin@advertising[2].txt (ID = 165563)
5:56 PM: Found Cookie: ask cookie
5:56 PM: justin@ask[1].txt (ID = 165633)
5:56 PM: Found Cookie: atlas dmt cookie
5:56 PM: justin@atdmt[2].txt (ID = 165643)
5:56 PM: Found Cookie: belnk cookie
5:56 PM: justin@ath.belnk[1].txt (ID = 165682)
5:56 PM: justin@belnk[2].txt (ID = 165682)
5:56 PM: Found Cookie: sextracker cookie
5:56 PM: justin@counter7.sextracker[2].txt (ID = 166757)
5:56 PM: justin@dist.belnk[2].txt (ID = 165682)
5:56 PM: Found Cookie: doubleclick cookie
5:56 PM: justin@doubleclick[1].txt (ID = 165927)
5:56 PM: Found Cookie: fastclick cookie
5:56 PM: justin@fastclick[2].txt (ID = 166043)
5:56 PM: Found Cookie: go.com cookie
5:56 PM: justin@go[2].txt (ID = 166120)
5:56 PM: Found Cookie: mediaplex cookie
5:56 PM: justin@mediaplex[1].txt (ID = 166366)
5:56 PM: Found Cookie: outster cookie
5:56 PM: justin@outster[1].txt (ID = 166499)
5:56 PM: Found Cookie: questionmarket cookie
5:56 PM: justin@questionmarket[1].txt (ID = 166611)
5:56 PM: Found Cookie: realmedia cookie
5:56 PM: justin@realmedia[2].txt (ID = 166629)
5:56 PM: Found Cookie: adjuggler cookie
5:56 PM: justin@rotator.adjuggler[1].txt (ID = 165458)
5:56 PM: Found Cookie: servedby advertising cookie
5:56 PM: justin@servedby.advertising[2].txt (ID = 166731)
5:56 PM: justin@sextracker[2].txt (ID = 166757)
5:56 PM: Found Cookie: tradedoubler cookie
5:56 PM: justin@tradedoubler[1].txt (ID = 166973)
5:56 PM: Found Cookie: trafficmp cookie
5:56 PM: justin@trafficmp[1].txt (ID = 166979)
5:56 PM: Found Cookie: valueclick cookie
5:56 PM: justin@valueclick[1].txt (ID = 167026)
5:56 PM: Found Cookie: myaffiliateprogram.com cookie
5:56 PM: justin@www.myaffiliateprogram[1].txt (ID = 166427)
5:56 PM: Found Cookie: xxxcounter cookie
5:56 PM: justin@xxxcounter[1].txt (ID = 167135)
5:56 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
5:56 PM: Starting File Sweep
5:56 PM: c:\documents and settings\all users\application data\nsv (1 subtraces) (ID = 3717838)
5:56 PM: c:\windows\system32\nsvsvc (2 subtraces) (ID = 3717855)
5:56 PM: c:\windows\system32\vidctrl (ID = 3717857)
5:56 PM: Found Trojan Horse: trojan-downloader-bookedspace
5:56 PM: c:\windows\cfgmgr52 (38 subtraces) (ID = 3742862)
5:56 PM: f10499890.exe (ID = 3712924)
5:56 PM: Found Adware: altnet
5:56 PM: 10835164.asw (ID = 3709027)
5:56 PM: unstall.exe (ID = 3736082)
5:57 PM: 10835175.asw (ID = 3709022)
5:57 PM: abiuninst.htm (ID = 3745832)
5:58 PM: 10835101.asw (ID = 3709038)
5:58 PM: 10835081.asw (ID = 3709070)
5:58 PM: Found Adware: downloadware
5:58 PM: webinstall.exe (ID = 3719439)
5:59 PM: 10835200.asw (ID = 3709015)
6:01 PM: Found Adware: 180search assistant
6:01 PM: 180sainstallernusac.exe (ID = 3731811)
6:01 PM: Found Adware: shopathomeselect
6:01 PM: 48473iei.dat (ID = 3737868)
6:01 PM: Found Adware: icondroppers
6:01 PM: hisistheurls.exe (ID = 3723251)
6:01 PM: nsvs.dll (ID = 3717739)
6:01 PM: File Sweep Complete, Elapsed Time: 00:05:18
6:01 PM: Full Sweep has completed. Elapsed time 00:12:00
6:01 PM: Traces Found: 256
6:02 PM: Removal process initiated
6:02 PM: Quarantining All Traces: clkoptimizer
6:02 PM: An error occurred during quarantine:
6:02 PM: List index out of bounds (0)
6:02 PM: Quarantining All Traces: delfin
6:02 PM: An error occurred during quarantine:
6:02 PM: List index out of bounds (0)
6:02 PM: Quarantining All Traces: roings search enhancment
6:02 PM: An error occurred during quarantine:
6:02 PM: List index out of bounds (0)
6:02 PM: Quarantining All Traces: 2o7.net cookie
6:02 PM: Quarantining All Traces: yieldmanager cookie
6:02 PM: Quarantining All Traces: adknowledge cookie
6:02 PM: Quarantining All Traces: specificclick.com cookie
6:02 PM: Quarantining All Traces: adrevolver cookie
6:02 PM: Quarantining All Traces: advertising cookie
6:02 PM: Quarantining All Traces: ask cookie
6:02 PM: Quarantining All Traces: atlas dmt cookie
6:02 PM: Quarantining All Traces: belnk cookie
6:02 PM: Quarantining All Traces: sextracker cookie
6:02 PM: Quarantining All Traces: doubleclick cookie
6:02 PM: Quarantining All Traces: fastclick cookie
6:02 PM: Quarantining All Traces: go.com cookie
6:02 PM: Quarantining All Traces: mediaplex cookie
6:02 PM: Quarantining All Traces: outster cookie
6:02 PM: Quarantining All Traces: questionmarket cookie
6:02 PM: Quarantining All Traces: realmedia cookie
6:02 PM: Quarantining All Traces: adjuggler cookie
6:02 PM: Quarantining All Traces: servedby advertising cookie
6:02 PM: Quarantining All Traces: tradedoubler cookie
6:02 PM: Quarantining All Traces: trafficmp cookie
6:02 PM: Quarantining All Traces: valueclick cookie
6:02 PM: Quarantining All Traces: myaffiliateprogram.com cookie
6:02 PM: Quarantining All Traces: xxxcounter cookie
6:02 PM: Quarantining All Traces: trojan-downloader-bookedspace
6:02 PM: Warning: List index out of bounds (0)
6:02 PM: Failed to quarantine trojan-downloader-bookedspace
6:02 PM: Failed to quarantine c:\windows\cfgmgr52
6:02 PM: Quarantining All Traces: altnet
6:02 PM: An error occurred during quarantine:
6:02 PM: List index out of bounds (0)
6:02 PM: Quarantining All Traces: downloadware
6:02 PM: An error occurred during quarantine:
6:02 PM: List index out of bounds (0)
6:02 PM: Quarantining All Traces: 180search assistant
6:02 PM: An error occurred during quarantine:
6:02 PM: List index out of bounds (0)
6:02 PM: Quarantining All Traces: shopathomeselect
6:02 PM: An error occurred during quarantine:
6:02 PM: List index out of bounds (0)
6:02 PM: Quarantining All Traces: icondroppers
6:02 PM: An error occurred during quarantine:
6:02 PM: List index out of bounds (0)
6:02 PM: Quarantining All Traces: abetterinternet
6:02 PM: An error occurred during quarantine:
6:02 PM: List index out of bounds (0)
6:02 PM: Removal process completed. Elapsed time 00:00:17
Any help is appreciated. Thanks...
 |
Similar Threads
- Aurora, DrPmon, MHTMLRedir problems (Viruses, Spyware and other Nasties)
- verifying fix for Aurora and DrPMon (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Cannot find server or DNS Error after a few minutes
- Next Thread: cannot repair from hacktool rootkit,unable to delete msdirectx.sys
Views: 3583 | Replies: 12
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cybercrime cyberwarfare ddos education email europe exam exploit explorer fake fancheckvirus firefox gaming gtaiv halloween herss.exe hijack hosting ie8 internet iphone legal links malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile parents patch pc pdf phishing police policeprovirusmba-mblockedinternetaccess president pro redirect report research rogueantivirus rootkit samhain sans search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen threat translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista vulnerability war warning windows worm yahoo zero-day zeroday
