help! mytob and other fake pop-ups - Footslog's Web Boards

For information on how to deal with, and protect your computer, please go down to the bottom of the help desk to the archive section (main page). From there select how to combat Spyware, in this archive there are many tools, which will help you combat this problem. Also included is a known list of computer viruses, this list will be updated as moderate to major viruses are known. In addition there is also a Phishing archive with the latest scams; this list is also updated as scams are made known. If you notice a particular process or DLL that is running on your machine and you do not know what it is, then you can go here http://www.processLibrary.com/ and look that process or DLL up to find out what it is.

Email This Page to Someone

Footslog's Web Boards

Cyber safety

help! mytob and other fake pop-ups

profile | register | preferences | faq | search

next newest topic | next oldest topic

Author	Topic: help! mytob and other fake pop-ups
Josh1 Administrator	posted May 23, 2006 01:16 PM Thanks for letting me know. ------------------ Powered by Intelligent Computing Solutions. ------------------------ www.footslog.com For every problem, there is a solution. Please give what you can to the Hurricane relief http://www.microsoft.com/mscorp/citizenship/giving/relief.asp IP: Logged
jonnyj Member	posted May 19, 2006 12:35 AM the pop-ups came in groups of at least 2. first a window would pop warning my of a potential mytob or __ virus. When I closed that window, then a pop-up would come advertising me to download win anti-virus/anti-spyware 2006 i can't see a way that the win 2006 pop-up could be non-spyware, because it came up on it's own, always immediately after closing the first pop-up. i don't have win 2006 and never have IP: Logged
Josh1 Administrator	posted May 17, 2006 09:15 PM These programs have ads in them? Win anti-virus/anti-spyware 2006, where did you download them at? Glad the pop ups have gone away let us know if you have any other problems ------------------ Powered by Intelligent Computing Solutions. ------------------------ www.footslog.com For every problem, there is a solution. Please give what you can to the Hurricane relief http://www.microsoft.com/mscorp/citizenship/giving/relief.asp IP: Logged
jonnyj Member	posted May 17, 2006 08:57 PM after running vundofix, i haven't had any pop-ups or bug problems again ) it's been a few days, so it seems safe that the pop-ups are gone. Win anti-virus/anti-spyware 2006 is sure a questionable program since it was the advertisement at the end of the pop-ups.. IP: Logged
Josh1 Administrator	posted May 16, 2006 01:50 PM Have a look at these http://www.footslog.com/board/Archives/Archive-000001/HTML/20050601-18-000521.html http://www.footslog.com/board/Archives/Archive-000001/HTML/20050329-18-000480.html http://www.footslog.com/board/Forum18/HTML/000336.html ------------------ Powered by Intelligent Computing Solutions. ------------------------ www.footslog.com For every problem, there is a solution. Please give what you can to the Hurricane relief http://www.microsoft.com/mscorp/citizenship/giving/relief.asp IP: Logged
Josh1 Administrator	posted May 16, 2006 01:47 PM Are you stil having problems with the pop up or anything else? ------------------ Powered by Intelligent Computing Solutions. ------------------------ www.footslog.com For every problem, there is a solution. Please give what you can to the Hurricane relief http://www.microsoft.com/mscorp/citizenship/giving/relief.asp IP: Logged
jonnyj Member	posted May 15, 2006 05:33 PM i saw a forum say VundoFix could cure the win anti-virus/anti-spyware pop-ups i ran VundoFix and it found 5 or 6 vundo files. At least one looked similar to the one found on my system "sstqo.dll" i should write down the names and not be in such a rush (note to self) i'll report back if the pop-up comes back or not IP: Logged
jonnyj Member	posted May 13, 2006 11:52 PM a bug is still present a pop-up just appeared as a warning for bloodhound virus, the same style as the mytob warning. when i closed that pop-up, then the same exact winanti-viruspro and winanti-spyware pop-up appeared it's amazingly persistent when i used the Panda scanner, it gave some error and didn't complete. i forget the error, but thought it may be helpful information [This message has been edited by jonnyj (edited May 15, 2006).] IP: Logged
jonnyj Member	posted May 13, 2006 10:38 PM Okay, I ran the full security process from MajorGeeks. since then i've had no pop-ups or visible bugs. I do have at least 2 files i want uninstalled, and another appears to be some bug... here's the logs... i ran HJT after running all the other scanners... HJT... Logfile of HijackThis v1.99.1 Scan saved at 10:38:38 PM, on 5/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Crazy Browser\Crazy Browser.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.438\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {58CC178E-2E32-49EF-9046-DC6A92DF61AB} - C:\WINDOWS\system32\sstqo.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137372735687 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: owntrade.dll, O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: sstqo - C:\WINDOWS\system32\sstqo.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) (((I already know i want to figure how to uninstall 20 owntrade.dll and 23 ipod.dll))) ------------------------------------ ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Friday, May 12, 2006 7:53:21 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 12/05/2006 Kaspersky Anti-Virus database records: 193402 ------------------------------------------------------------------------------- KASPERSKY.... Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ G:\ H:\ Scan Statistics: Total number of scanned objects: 104486 Number of viruses found: 1 Number of infected objects: 1 Number of suspicious objects: 0 Duration of the scan process: 01:29:04 Infected Object Name / Virus Name / Last Action C:\WINDOWS\system32\sstqo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped _________________________________ BDOSCAN <HTML> <HEAD> <TITLE>BitDefender Online Scanner -Scan Report</TITLE> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <meta name="generator" content="Namo WebEditor v5.0(Trial)"> </HEAD> <BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" > <table align="center" border="0" cellpadding="0" cellspacing="0" width="90%"> <tr> <td width="458"> <p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td colspan="3" width="912"> <p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated at: Fri, May 12, 2006 - 17:09:49</b></span></font></p> </td> </tr> <tr> <td width="458"> <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <p><font face="Arial"><span style="font-size:11pt;"><B>Scan path: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;G:\;H:\;</span></font></p> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%"> <tr> <td width="451" colspan="2" bgcolor="#CCCCCC"> <p><font face="Arial" size="2"><B>Statistics</b></font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Time</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">02:10:23</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Files</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">555609</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Folders</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">6479</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Boot Sectors</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">8</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Archives</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">48787</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Packed Files</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">31228</font></p> </td> </tr> </table> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%"> <tr> <td width="451" colspan="2" bgcolor="#CCCCCC"> <p><font face="Arial" size="2"><B>Results</b></font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Identified Viruses </font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">1</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Infected Files </font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">2</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Suspect Files </font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">0</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Warnings</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">0</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Disinfected</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">0</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Deleted Files</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">2</font></p> </td> </tr> </table> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%"> <tr> <td width="451" colspan="2" bgcolor="#CCCCCC"> <p><font face="Arial" size="2"><B>Engines Info</b></font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Virus Definitions</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">374539</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Engine build</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan plugins</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">13</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Archive plugins</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">40</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Unpack plugins</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">4</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">E-mail plugins</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">6</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">System plugins</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">1</font></p> </td> </tr> </table> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%"> <tr> <td width="451" colspan="2" bgcolor="#CCCCCC"> <p><font face="Arial" size="2"><B>Scan Settings</b></font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">First Action</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Disinfect</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Second Action</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Delete</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Heuristics</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Enable Warnings</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scanned Extensions</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">*;</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Exclude Extensions</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2"> </font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan Emails</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan Archives</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan Packed</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan Files</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan Boot</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> </table> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td colspan=2> <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%"> <tr> <td width="252" bgcolor="#CCCCCC"> <p><font face="Arial" size="2"><B>Scanned File</b></font></p> </td> <td width="195" bgcolor="#CCCCCC" align="right"> <p align="left"><b><font size="2" face="Arial"> Status</font></b></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">D:\programs\Local Disk (C)\Program Files\Program Filess\ZZ exe files for programs\Install_AIM.exe=>wise0041=>wise0008</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Detected with: Adware.Wheaterbug.A</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">D:\programs\Local Disk (C)\Program Files\Program Filess\ZZ exe files for programs\Install_AIM.exe=>wise0041=>wise0008</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Disinfection failed</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">D:\programs\Local Disk (C)\Program Files\Program Filess\ZZ exe files for programs\Install_AIM.exe=>wise0041=>wise0008</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">D:\programs\Local Disk (C)\Program Files\Program Filess\ZZ exe files for programs\Install_AIM.exe=>wise0041</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Update failed</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">D:\System Volume Information\_restore{D378240B-F271-4B22-B1D9-911AE2D94044}\RP271\A0042763.exe=>wise0041=>wise0008</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Detected with: Adware.Wheaterbug.A</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">D:\System Volume Information\_restore{D378240B-F271-4B22-B1D9-911AE2D94044}\RP271\A0042763.exe=>wise0041=>wise0008</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Disinfection failed</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">D:\System Volume Information\_restore{D378240B-F271-4B22-B1D9-911AE2D94044}\RP271\A0042763.exe=>wise0041=>wise0008</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">D:\System Volume Information\_restore{D378240B-F271-4B22-B1D9-911AE2D94044}\RP271\A0042763.exe=>wise0041</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Update failed</font></p> </td> </tr> </table> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> </table> <p> </p> </body> </html> Scan process completed. ------------------------------------------- Ad-Aware SE Build 1.06r1 Logfile Created on:Friday, May 12, 2006 2:21:11 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R107 09.05.2006 �� References detected during the scan: �� Tracking Cookie(TAC index:3):2 total references �� Ad-Aware SE Settings =========================== Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 5-12-2006 2:21:11 AM - Scan started. (Full System Scan) Listing running processes �� #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 128 ThreadCreationTime : 5-12-2006 6:17:14 AM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 180 ThreadCreationTime : 5-12-2006 6:17:28 AM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 204 ThreadCreationTime : 5-12-2006 6:17:30 AM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 248 ThreadCreationTime : 5-12-2006 6:17:35 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft� Windows� Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : � Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 260 ThreadCreationTime : 5-12-2006 6:17:35 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft� Windows� Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : � Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 408 ThreadCreationTime : 5-12-2006 6:17:39 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft� Windows� Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : � Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 468 ThreadCreationTime : 5-12-2006 6:17:40 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft� Windows� Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : � Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [msmpeng.exe] FilePath : C:\Program Files\Windows Defender\ ProcessID : 528 ThreadCreationTime : 5-12-2006 6:17:43 AM BasePriority : Normal FileVersion : 1.1.1347.0 ProductVersion : 1.1.1347.0 ProductName : Windows Defender CompanyName : Microsoft Corporation FileDescription : Service Executable InternalName : MsMpEng.exe LegalCopyright : � Microsoft Corporation. All rights reserved. OriginalFilename : MsMpEng.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 616 ThreadCreationTime : 5-12-2006 6:17:52 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft� Windows� Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : � Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 860 ThreadCreationTime : 5-12-2006 6:18:19 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft� Windows� Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : � Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:11 [wordpad.exe] FilePath : C:\Program Files\Windows NT\Accessories\ ProcessID : 992 ThreadCreationTime : 5-12-2006 6:18:38 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft� Windows� Operating System CompanyName : Microsoft Corporation FileDescription : WordPad MFC Application InternalName : wordpad LegalCopyright : � Microsoft Corporation. All rights reserved. OriginalFilename : wordpad #:12 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1032 ThreadCreationTime : 5-12-2006 6:18:41 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft� Windows� Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : � Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:13 [windows-kb890830-v1.16.exe] FilePath : C:\Documents and Settings\Owner\Desktop\security scans\z download files exe\ ProcessID : 1244 ThreadCreationTime : 5-12-2006 6:19:51 AM BasePriority : Normal FileVersion : 6.1.0022.4 (SRV03_QFE.031113-0918) ProductVersion : 6.1.0022.4 ProductName : Microsoft� Windows� Operating System CompanyName : Microsoft Corporation FileDescription : Self-Extracting Cabinet InternalName : SFXCAB.EXE LegalCopyright : � Microsoft Corporation. All rights reserved. OriginalFilename : SFXCAB.EXE #:14 [mrtstub.exe] FilePath : g:\ce2178516011b320416ffd20475796\ ProcessID : 1256 ThreadCreationTime : 5-12-2006 6:19:53 AM BasePriority : Normal FileVersion : 1.16.1418.0 ProductVersion : 1.16.1418.0 ProductName : Malicious Software Removal Tool Update Stub CompanyName : Microsoft Corporation FileDescription : Malicious Software Removal Tool Update Stub InternalName : MRTStub LegalCopyright : � Microsoft Corporation. All rights reserved. OriginalFilename : MRTStub.exe #:15 [mrt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1268 ThreadCreationTime : 5-12-2006 6:19:56 AM BasePriority : Normal FileVersion : 1.16.1418.0 ProductVersion : 1.16.1418.0 ProductName : Microsoft Windows Malicious Software Removal Tool CompanyName : Microsoft Corporation FileDescription : Microsoft Windows Malicious Software Removal Tool InternalName : mrt.exe LegalCopyright : � Microsoft Corporation. All rights reserved. OriginalFilename : mrt.exe #:16 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1316 ThreadCreationTime : 5-12-2006 6:20:39 AM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright � Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: �� New critical objects: 0 Objects found so far: 0 Started registry scan �� Registry Scan result: �� New critical objects: 0 Objects found so far: 0 Started deep registry scan �� Deep registry scan result: �� New critical objects: 0 Objects found so far: 0 Started Tracking Cookie scan �� Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@tribalfusion[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie wner@tribalfusion.com/ Expires : 12-31-2037 8:00:00 PM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking cookie scan result: �� New critical objects: 1 Objects found so far: 1 Deep scanning and examining files (C �� Tracking Cookie Object Recognized! Type : IECache Entry Data : owner@tribalfusion[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tribalfusion[1].txt Disk Scan Result for C:\ �� New critical objects: 0 Objects found so far: 2 Deep scanning and examining files (D �� Disk Scan Result for D:\ �� New critical objects: 0 Objects found so far: 2 Deep scanning and examining files (G �� Disk Scan Result for G:\ �� New critical objects: 0 Objects found so far: 2 Deep scanning and examining files (H �� Disk Scan Result for H:\ �� New critical objects: 0 Objects found so far: 2 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". �� Hosts file scan result: �� 1 entries scanned. New critical objects:0 Objects found so far: 2 Performing conditional scans... �� Conditional scan result: �� New critical objects: 0 Objects found so far: 2 2:51:44 AM Scan Complete Summary Of This Scan �� Total scanning time:00:30:33.547 Objects scanned:171916 Objects identified:2 Objects ignored:0 New critical objects:2 IP: Logged
Josh1 Administrator	posted May 11, 2006 06:51 PM Run a Hijack this log and then post the results. ------------------ Powered by Intelligent Computing Solutions. ------------------------ www.footslog.com For every problem, there is a solution. Please give what you can to the Hurricane relief http://www.microsoft.com/mscorp/citizenship/giving/relief.asp IP: Logged
jonnyj Member	posted May 11, 2006 05:57 PM the BHO seeking approval keeps repeatedly trying. i block it, and then it asks for approval again within another few seconds.. IP: Logged
jonnyj Member	posted May 11, 2006 05:55 PM one of the pop-ups is for "Win Anti-Virus Pro 2006" IP: Logged
jonnyj Member	posted May 11, 2006 04:25 PM a Browser Helper Object keeps trying to get approval. it may be related to the spyware i've been running avast, spybot, adaware, counterspy, AVG, and ewido, and the pop-ups keep happening anyway IP: Logged
jonnyj Member	posted May 11, 2006 03:26 PM hi Josh, wow, my computer has been getting hit hard lately by some fake pop-ups offering to help remove viruses the one i get is a pop-up warning me about a "mytob" infection, and when i close that, it opens a window for "miscrosoft anti-virus" some name like that the other one that repeatedly comes up is "spy..." i forget the exact name like spyblaster spyscan, spysearch, some similar type of name. This pop up requires many closings before it stops popping up new windows these just started a few days ago. what can i do to stop them? talk about inconvenience thanks... Jon IP: Logged

All times are CT (US)	next newest topic \| next oldest topic
Administrative Options: Close Topic \| Archive/Move \| Delete Topic
	Hop to:

Contact Us | Footslog Home

The information presented on FootsloG.com is copyrighted as a collective work. FootsloG.com is free for personal use (non-commercial). Any other use FootsloG.com, including copying or reproducing any portion of this web site is strictly prohibited without the express written consent of FootsloG.com. If you have any questions about the usage term please contact us via email: webmaster@footslog.com.

Problems, Knowledge, and Power, powered by intelligent Computing Solutions