Options
Please Help
Hi!
I need an advise
could anyone help me
how can i get rid of adwr_434
i tried by myself but nothing
i still getting some adwr_434
i cant remove it
these are my spyware doctor logs, and btw does anyone know if its good software or not?
I need an advise
could anyone help me
how can i get rid of adwr_434
i tried by myself but nothing
i still getting some adwr_434
i cant remove it
these are my spyware doctor logs, and btw does anyone know if its good software or not?
0
Comments
Logfile of HijackThis v1.99.0
Scan saved at 2:28:36 AM, on 2/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Documents and Settings\brvendetta\Desktop\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Thanks!
and this is "spyware doctor" log:
Scans (basic information only):
Scan Results:
scan start: 2/14/2005 2:43:03 AM
scan stop: 2/14/2005 2:45:25 AM
scanned items: 42315
found items: 88
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner
Infection Name Location Risk
Cydoor multiple Medium
FlashGet flashget.exe (C:\Program Files\FlashGet\flashget.exe) Elevated
FlashGet HKCR\.jcd Elevated
FlashGet HKCR\FlashGet.Document Elevated
FlashGet HKCR\FlashGet.Document\DefaultIcon Elevated
FlashGet HKCR\FlashGet.Document\shell Elevated
FlashGet HKCR\FlashGet.Document\shell\open Elevated
FlashGet HKCR\FlashGet.Document\shell\open\command Elevated
FlashGet HKCU\Software\JetCar Elevated
FlashGet HKCU\Software\JetCar\JetCar Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_1 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_1\Seqn_5176 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_1\Seqn_5251 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_1\Seqn_6128 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_1\Seqn_6130 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_1\Seqn_6141 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_1\Seqn_6262 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_1\Seqn_6280 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_1\Seqn_6516 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_1\Seqn_6559 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_1\Seqn_6560 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_1\Seqn_6562 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_1\Seqn_6563 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_1\Seqn_6565 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_2 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_2\Seqn_6642 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_2\Seqn_6644 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_3 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_3\Seqn_5791 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_3\Seqn_5793 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_0\Level_3\Seqn_5802 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_1 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_1\Level_1 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_1\Level_1\Seqn_5997 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_1\Level_4 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_1\Level_4\Seqn_5248 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_1\Level_4\Seqn_5271 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_1\Level_4\Seqn_5285 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_1\Level_4\Seqn_6047 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_2 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_2\Level_1 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_2\Level_1\Seqn_5514 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_2\Level_1\Seqn_5529 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_2\Level_1\Seqn_5536 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_2\Level_1\Seqn_5541 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_2\Level_1\Seqn_6121 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_2\Level_1\Seqn_6272 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_2\Level_1\Seqn_6511 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_2\Level_1\Seqn_6640 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_2\Level_2 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_2\Level_2\Seqn_6177 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_2\Level_2\Seqn_6614 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Services Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Services\Queue Elevated
FlashGet HKCU\Software\JetCar\JetCar\Color Elevated
FlashGet HKCU\Software\JetCar\JetCar\Connection Elevated
FlashGet HKCU\Software\JetCar\JetCar\Detail Status Elevated
FlashGet HKCU\Software\JetCar\JetCar\DialUp Elevated
FlashGet HKCU\Software\JetCar\JetCar\Download default Elevated
FlashGet HKCU\Software\JetCar\JetCar\DropZone Elevated
FlashGet HKCU\Software\JetCar\JetCar\General Elevated
FlashGet HKCU\Software\JetCar\JetCar\Main Frame Elevated
FlashGet HKCU\Software\JetCar\JetCar\Main Menu Elevated
FlashGet HKCU\Software\JetCar\JetCar\Mirrors Elevated
FlashGet HKCU\Software\JetCar\JetCar\MLStatus Elevated
FlashGet HKCU\Software\JetCar\JetCar\Procotol Elevated
FlashGet HKCU\Software\JetCar\JetCar\Proxy Elevated
FlashGet HKCU\Software\JetCar\JetCar\Proxy\Proxy1 Elevated
FlashGet HKCU\Software\JetCar\JetCar\Recent File List Elevated
FlashGet HKCU\Software\JetCar\JetCar\Rules Elevated
FlashGet HKCU\Software\JetCar\JetCar\Settings Elevated
FlashGet HKCU\Software\JetCar\JetCar\Site Explore Elevated
FlashGet HKCU\Software\JetCar\JetCar\Sites Elevated
FlashGet HKCU\Software\JetCar\JetCar\Sounds Elevated
FlashGet HKCU\Software\JetCar\JetCar\Toolbar Elevated
FlashGet HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download All by FlashGet Elevated
FlashGet HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download using FlashGet Elevated
FlashGet HKCU\Software\Stilesoft Elevated
FlashGet HKCU\Software\Stilesoft\NetCaptor Elevated
FlashGet HKCU\Software\Stilesoft\NetCaptor\CurrentVersion Elevated
FlashGet HKCU\Software\Stilesoft\NetCaptor\CurrentVersion\Browser Helper Objects Elevated
FlashGet HKCU\Software\Stilesoft\NetCaptor\CurrentVersion\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B} Elevated
FlashGet HKCU\Software\Netscape\Netscape Navigator\Automation Protocols##ftp##JetCar.Netscape Elevated
FlashGet HKCU\Software\Netscape\Netscape Navigator\Automation Protocols##http##JetCar.Netscape Elevated
FlashGet HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B} Elevated
Scan Results:
scan start: 2/14/2005 2:54:00 AM
scan stop: 2/14/2005 2:55:44 AM
scanned items: 42365
found items: 26
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner
Infection Name Location Risk
Cydoor multiple Medium
FlashGet flashget.exe (C:\Program Files\FlashGet\flashget.exe) Elevated
FlashGet HKCR\.jcd Elevated
FlashGet HKCR\FlashGet.Document Elevated
FlashGet HKCR\FlashGet.Document\DefaultIcon Elevated
FlashGet HKCR\FlashGet.Document\shell Elevated
FlashGet HKCR\FlashGet.Document\shell\open Elevated
FlashGet HKCR\FlashGet.Document\shell\open\command Elevated
FlashGet HKCU\Software\JetCar Elevated
FlashGet HKCU\Software\JetCar\JetCar Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_2 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Services Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Services\Queue Elevated
FlashGet HKCU\Software\JetCar\JetCar\General Elevated
FlashGet HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download All by FlashGet Elevated
FlashGet HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download using FlashGet Elevated
FlashGet HKCU\Software\Stilesoft Elevated
FlashGet HKCU\Software\Stilesoft\NetCaptor Elevated
FlashGet HKCU\Software\Stilesoft\NetCaptor\CurrentVersion Elevated
FlashGet HKCU\Software\Stilesoft\NetCaptor\CurrentVersion\Browser Helper Objects Elevated
FlashGet HKCU\Software\Stilesoft\NetCaptor\CurrentVersion\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B} Elevated
FlashGet HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B} Elevated
FlashGet HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5366673-E8CA-11D3-9CD9-0090271D075B} Elevated
FlashGet HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5366673-E8CA-11D3-9CD9-0090271D075B}\iexplore Elevated
Scan Results:
scan start: 2/14/2005 3:10:23 AM
scan stop: 2/14/2005 3:12:08 AM
scanned items: 42366
found items: 10
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner
Infection Name Location Risk
Cydoor multiple Medium
FlashGet flashget.exe (C:\Program Files\FlashGet\flashget.exe) Elevated
FlashGet HKCU\Software\JetCar Elevated
FlashGet HKCU\Software\JetCar\JetCar Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_2 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Services Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Services\Queue Elevated
FlashGet HKCU\Software\JetCar\JetCar\General Elevated
Scan Results:
scan start: 2/14/2005 3:14:35 AM
scan stop: 2/14/2005 3:16:22 AM
scanned items: 42340
found items: 8
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner
Infection Name Location Risk
Cydoor multiple Medium
FlashGet flashget.exe (C:\Program Files\FlashGet\flashget.exe) Elevated
FlashGet HKCU\Software\JetCar Elevated
FlashGet HKCU\Software\JetCar\JetCar Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_2 Elevated
FlashGet HKCU\Software\JetCar\JetCar\General Elevated
Scan Results:
scan start: 2/14/2005 3:17:35 AM
scan stop: 2/14/2005 3:19:25 AM
scanned items: 42340
found items: 8
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner
Infection Name Location Risk
Cydoor multiple Medium
FlashGet flashget.exe (C:\Program Files\FlashGet\flashget.exe) Elevated
FlashGet HKCU\Software\JetCar Elevated
FlashGet HKCU\Software\JetCar\JetCar Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_2 Elevated
FlashGet HKCU\Software\JetCar\JetCar\General Elevated
Scan Results:
scan start: 2/14/2005 3:20:40 AM
scan stop: 2/14/2005 3:22:29 AM
scanned items: 42320
found items: 7
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner
Infection Name Location Risk
FlashGet flashget.exe (C:\Program Files\FlashGet\flashget.exe) Elevated
FlashGet HKCU\Software\JetCar Elevated
FlashGet HKCU\Software\JetCar\JetCar Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_2 Elevated
FlashGet HKCU\Software\JetCar\JetCar\General Elevated
Scan Results:
scan start: 2/14/2005 3:35:41 AM
scan stop: 2/14/2005 3:37:35 AM
scanned items: 42393
found items: 9
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner
Infection Name Location Risk
FlashGet flashget.exe (C:\Program Files\FlashGet\flashget.exe) Elevated
FlashGet HKCU\Software\JetCar Elevated
FlashGet HKCU\Software\JetCar\JetCar Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_2 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Services Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Services\Queue Elevated
FlashGet HKCU\Software\JetCar\JetCar\General Elevated
Scan Results:
scan start: 2/14/2005 3:37:56 AM
scan stop: 2/14/2005 3:38:23 AM
scanned items: 42394
found items: 9
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner
Infection Name Location Risk
FlashGet flashget.exe (C:\Program Files\FlashGet\flashget.exe) Elevated
FlashGet HKCU\Software\JetCar Elevated
FlashGet HKCU\Software\JetCar\JetCar Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Loct_2 Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Services Elevated
FlashGet HKCU\Software\JetCar\JetCar\ads\Adwr_434\Services\Queue Elevated
FlashGet HKCU\Software\JetCar\JetCar\General Elevated