Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Update From Saturdays Post


  • Please log in to reply
12 replies to this topic

#1 Sunshine6604

Sunshine6604

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 21 November 2005 - 08:57 AM

we did a system recovery and it found trojan.win32 ftp attack. don't know if this is the main virus or just one of many. here's the knew hijack this log since we did the recovery program system is still freezing up and a window pops up now saying windows is shutting down. also mcaffee doesn't work for some reason. adware scans still finding malware files too. wandering if any of you can tell by the hijack this log what is going on with our pc. please help!
Logfile of HijackThis v1.99.1
Scan saved at 8:50:01 AM, on 11/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\gearsec.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

sorry about being impatient in the earlier post we do really appreciate what you guys are doing!!!!
thanks again!!!

Edited by Sunshine6604, 21 November 2005 - 09:29 AM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:21 AM

Posted 21 November 2005 - 09:39 AM

When giving us updates...please do it to your original topic. If I had not known about a previous topic, you would have gone back further in line because of the newer date of this post. Ill try to fix you up now while im here.


I do not see anythign starting that is bad. What program is reporting a malware and what exactly is it saying? What files does it say are bad?

#3 Sunshine6604

Sunshine6604
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 21 November 2005 - 10:56 AM

we have run spy bot search and destroy, adaware, norton, macaffee, and A squared, and keep finding the same 14 to 18 malware files depending on the scanner. they clean them and the files come up again on the next scan. here's the analysis that Asquared came up with. it shows several worms

Path: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 3
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: hpsysdrv
Path: C:\WINDOWS\system\hpsysdrv.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Name: HP Component Manager
Path: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 0
View Details
Name: HPHUPD05
Path: C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: HPHmon05
Path: C:\WINDOWS\System32\hphmon05.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: KBD
Path: C:\HP\KBD\KBD.EXE
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Name: TkBellExe
Path: C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 5 - Bad: 3
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: iTunesHelper
Path: C:\Program Files\iTunes\iTunesHelper.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 0
View Details
Name: Recguard
Path: C:\WINDOWS\SMINST\RECGUARD.EXE
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Name: VTTimer
Path: VTTimer.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Name: AGRSMMSG
Path: AGRSMMSG.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Name: PS2
Path: C:\WINDOWS\System32\ps2.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Name: AlcxMonitor
Path: ALCXMNTR.EXE
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 0 - Bad: 1
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: MCUpdateExe
Path: c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: MCAgentExe
Path: C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 4
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: AIM
Path: C:\Program Files\AIM\aim.exe -cnetwait.odl
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 1
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: MSMSGS
Path: C:\Program Files\Messenger\msmsgs.exe /background
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 9
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Tricky and Other Autoruns: Result ToDo
Name: load
Path:
Location: win.ini
Not checked Unknown Item
Search at Google
Name: run
Path:
Location: win.ini
Not checked Unknown Item
Search at Google
Name: shell
Path: Explorer.exe
Location: win.ini
Not checked Unknown Item
Search at Google
Name: scrnsave.exe
Path: C:\WINDOWS\System32\logon.scr
Location: win.ini
Not checked Unknown Item
Search at Google
Name: The Learning Company
Path: The Learning Company
Location: win.ini
Not checked Unknown Item
Search at Google
Name: IMStart
Path:
Location: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Not checked Unknown Item
Search at Google
Name: HP Digital Imaging Monitor
Path:
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Not checked Unknown Item
Search at Google
Name: Quicken Scheduled Updates
Path:
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Not checked Unknown Item
Search at Google
Name: Updates from HP
Path:
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Not checked Unknown Item
Search at Google
Name: Easy Internet Sign-up
Path:
Location: C:\WINDOWS\tasks\
Not checked Unknown Item
Search at Google
Name: Symantec NetDetect
Path:
Location: C:\WINDOWS\tasks\
Not checked Unknown Item
Search at Google
Name: Shell
Path: Explorer.exe
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
Not checked Unknown Item
Search at Google
Name: {22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Path: C:\WINDOWS\inf\unregmp2.exe /ShowWMP
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {26923b43-4d38-484f-9b9e-de460746276c}
Path: C:\WINDOWS\System32\system32\shmgrate.exe OCInstallUserConfigIE
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {881dd1c5-3dcf-431b-b061-f3f88e8be88a}
Path: C:\WINDOWS\System32\system32\shmgrate.exe OCInstallUserConfigOE
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
Path: C:\WINDOWS\System32\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\System32\system32\themeui.dll
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {306D6C21-C1B6-4629-986C-E59E1875B8AF}
Path: C:\WINDOWS\System32\rundll32.exe C:\Program Files\Messenger\msgsc.dll,ShowIconsUser
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: C:\Program Files\Outlook Express\setup50.exe /APP:OE /CALLER:WINNT /user /install
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {44BBA842-CC51-11CF-AAFA-00AA00B6015B}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {5945c046-1e7d-11d1-bc44-00c04fd912be}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: C:\Program Files\Outlook Express\setup50.exe /APP:WAB /CALLER:WINNT /user /install
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {89820200-ECBD-11cf-8B85-00AA005B4340}
Path: regsvr32.exe /s /n /i:U shell32.dll
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {89820200-ECBD-11cf-8B85-00AA005B4383}
Path: C:\WINDOWS\System32\system32\ie4uinit.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {89B4C1CD-B018-4511-B0A1-5476DBF70820}
Path: C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {8b15971b-5355-4c82-8c07-7e181ea07608}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: VBScript Script File
Path: C:\WINDOWS\System32\System32\WScript.exe %1 %*
Location: HKEY_CLASSES_ROOT\vbsfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: VBScript Encoded Script File
Path: C:\WINDOWS\System32\System32\WScript.exe %1 %*
Location: HKEY_CLASSES_ROOT\vbefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: JScript Script File
Path: C:\WINDOWS\System32\System32\WScript.exe %1 %*
Location: HKEY_CLASSES_ROOT\jsfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: JScript Encoded Script File
Path: C:\WINDOWS\System32\System32\WScript.exe %1 %*
Location: HKEY_CLASSES_ROOT\jsefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Windows Script Host Settings File
Path: C:\WINDOWS\System32\System32\WScript.exe %1 %*
Location: HKEY_CLASSES_ROOT\wshfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Windows Script File
Path: C:\WINDOWS\System32\System32\WScript.exe %1 %*
Location: HKEY_CLASSES_ROOT\wsffile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Application
Path: %1 %*
Location: HKEY_CLASSES_ROOT\exefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: MS-DOS Application
Path: %1 %*
Location: HKEY_CLASSES_ROOT\comfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: MS-DOS Batch File
Path: %1 %*
Location: HKEY_CLASSES_ROOT\batfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Screen Saver
Path: %1 /S
Location: HKEY_CLASSES_ROOT\scrfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Shortcut to MS-DOS Program
Path: %1 %*
Location: HKEY_CLASSES_ROOT\piffile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: SCRNSAVE.EXE
Path: C:\WINDOWS\System32\logon.scr
Location: HKCU\Control Panel\Desktop\
Not checked Unknown Item
Search at Google
Name: BootExecute
Path: autocheck autochk *
Location: HKLM\System\CurrentControlSet\Control\Session Manager\
Not checked Unknown Item
Search at Google
Name: PostBootReminder
Path: C:\WINDOWS\System32\system32\SHELL32.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Name: CDBurn
Path: C:\WINDOWS\System32\system32\SHELL32.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Name: WebCheck
Path: C:\WINDOWS\System32\System32\webcheck.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Name: SysTray
Path: C:\WINDOWS\System32\stobject.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Layered Service Providers (LSP): Result ToDo
Name: mclsp.dll
Path: C:\WINDOWS\System32\
Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: mswsock.dll
Path: C:\WINDOWS\System32\system32\
Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
Good: 1 - Bad: 0
View Details
Name: rsvpsp.dll
Path: C:\WINDOWS\System32\system32\
Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
Good: 1 - Bad: 0
View Details
Explorer And Browser Addons: Result ToDo
Name: AcroIEHlprObj Class
Path: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
ClsID: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Good: 1 - Bad: 0
View Details
Name: Comcast Toolbar
Path: C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
ClsID: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name:
Path: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
ClsID: {53707962-6F74-2D53-2644-206D7942484F}
Good: 1 - Bad: 0
View Details
Name: URL Exec Hook
Path: shell32.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
ClsID: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: Radio
Path: C:\WINDOWS\System32\msdxm.ocx
Location: HKLM\Software\Microsoft\Internet Explorer\Toolbar\
ClsID: {8E718888-423F-11D2-876E-00A0C9082467}
Good: 1 - Bad: 0
View Details
Name: HP view
Path: C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
Location: HKLM\Software\Microsoft\Internet Explorer\Toolbar\
ClsID: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name:
Path:
Location: HKLM\Software\Microsoft\Internet Explorer\Toolbar\
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: Comcast Toolbar
Path: C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
Location: HKLM\Software\Microsoft\Internet Explorer\Toolbar\
ClsID: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Local Open Ports: Result ToDo
Port: 135 TCP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 760)
Good: 1 - Bad: 0
View Details
Port: 139 TCP
Path: ? (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 445 TCP
Path: ? (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 1025 TCP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 824)
Good: 1 - Bad: 1
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Port: 1035 TCP
Path: ? (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 1220 TCP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 824)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1220 TCP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 824)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1267 TCP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 1032)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1267 TCP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 1032)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 5000 TCP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 1032)
Good: 1 - Bad: 1
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Port: 5180 TCP
Path: C:\Program Files\AIM\aim.exe (Process ID: 460)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 10784 TCP
Path: C:\Program Files\Messenger\msmsgs.exe (Process ID: 468)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 44063 TCP
Path: ? (Process ID: 0)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 123 UDP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 824)
Good: 1 - Bad: 0
View Details
Port: 123 UDP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 824)
Good: 1 - Bad: 0
View Details
Port: 137 UDP
Path: ? (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 138 UDP
Path: ? (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 445 UDP
Path: ? (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 1029 UDP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 824)
Good: 1 - Bad: 1
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Port: 1037 UDP
Path: C:\Program Files\Messenger\msmsgs.exe (Process ID: 468)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1040 UDP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 952)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1043 UDP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 952)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1236 UDP
Path: C:\Program Files\Internet Explorer\iexplore.exe (Process ID: 3744)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1900 UDP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 1032)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1900 UDP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 1032)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 10736 UDP
Path: C:\Program Files\Messenger\msmsgs.exe (Process ID: 468)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 17889 UDP
Path: C:\Program Files\Messenger\msmsgs.exe (Process ID: 468)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Running Processes: Result ToDo
Name: [System Process]
Process ID: 0
Path:
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: System
Process ID: 4
Path:
Info: Threads: 50 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: hpsysdrv.exe
Process ID: 136
Path: C:\WINDOWS\system\
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: hpcmpmgr.exe
Process ID: 160
Path: C:\Program Files\HP\hpcoretech\
Info: Threads: 4 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: KBD.EXE
Process ID: 168
Path: C:\HP\KBD\
Info: Threads: 13 - Priority: High - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: hphmon05.exe
Process ID: 180
Path: C:\WINDOWS\System32\
Info: Threads: 3 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: iTunesHelper.exe
Process ID: 208
Path: C:\Program Files\iTunes\
Info: Threads: 4 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: VTTimer.exe
Process ID: 224
Path: C:\WINDOWS\System32\
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: AGRSMMSG.exe
Process ID: 336
Path: C:\WINDOWS\
Info: Threads: 2 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: iPodService.exe
Process ID: 372
Path: C:\Program Files\iPod\bin\
Info: Threads: 6 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: ALCXMNTR.EXE
Process ID: 408
Path: C:\WINDOWS\
Info: Threads: 3 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: smss.exe
Process ID: 444
Path: C:\WINDOWS\System32\
Info: Threads: 3 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: aim.exe
Process ID: 460
Path: C:\Program Files\AIM\
Info: Threads: 7 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: msmsgs.exe
Process ID: 468
Path: C:\Program Files\Messenger\
Info: Threads: 16 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: csrss.exe
Process ID: 508
Path: C:\WINDOWS\System32\
Info: Threads: 10 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: winlogon.exe
Process ID: 532
Path: C:\WINDOWS\System32\
Info: Threads: 16 - Priority: High - Visible: No
Good: 1 - Bad: 0
View Details
Name: services.exe
Process ID: 576
Path: C:\WINDOWS\System32\
Info: Threads: 16 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: lsass.exe
Process ID: 588
Path: C:\WINDOWS\System32\
Info: Threads: 17 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: hpqtra08.exe
Process ID: 704
Path: C:\Program Files\HP\Digital Imaging\bin\
Info: Threads: 4 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: svchost.exe
Process ID: 760
Path: C:\WINDOWS\System32\
Info: Threads: 13 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: svchost.exe
Process ID: 824
Path: C:\WINDOWS\System32\
Info: Threads: 73 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: a2guard.exe
Process ID: 836
Path: C:\Program Files\a-squared\
Info: Threads: 10 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: svchost.exe
Process ID: 952
Path: C:\WINDOWS\System32\
Info: Threads: 8 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: svchost.exe
Process ID: 1032
Path: C:\WINDOWS\System32\
Info: Threads: 18 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: Explorer.EXE
Process ID: 1204
Path: C:\WINDOWS\
Info: Threads: 12 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: spoolsv.exe
Process ID: 1360
Path: C:\WINDOWS\System32\
Info: Threads: 11 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: gearsec.exe
Process ID: 1480
Path: C:\WINDOWS\System32\
Info: Threads: 2 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: MpfService.exe
Process ID: 1516
Path: C:\Program Files\McAfee.com\Personal Firewall\
Info: Threads: 9 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: hptskmgr.exe
Process ID: 1528
Path: C:\Program Files\HP\hpcoretech\comp\
Info: Threads: 4 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: svchost.exe
Process ID: 1592
Path: C:\WINDOWS\System32\
Info: Threads: 9 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: a2start.exe
Process ID: 1896
Path: C:\Program Files\a-squared\
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: jusched.exe
Process ID: 2040
Path: C:\Program Files\Java\j2re1.4.2_03\bin\
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 2 - Bad: 0
View Details
Name: a2sys.exe (a-squared HiJackFree)
Process ID: 3284
Path: C:\Program Files\a-squared\
Info: Threads: 1 - Priority: Normal - Visible: Yes
Good: 1 - Bad: 0
View Details
Name: iexplore.exe (BleepingComputer.com - Replying in Update From Saturdays Post - Microsoft Internet Explorer)
Process ID: 3744
Path: C:\Program Files\Internet Explorer\
Info: Threads: 13 - Priority: Normal - Visible: Yes
Good: 1 - Bad: 0
View Details
This analysis is saved and available for at least 7 days at this website address.

Analysis generated on 11/21/2005 4:47:56 PM
N jusched jusched.exe Checks with Sun's Java updates site to see if newer Java versions are available. Visit http://java.sun.com or just run the Java Plug-In Control Panel
N SunJavaUpdateSched jusched.exe Checks with Sun's Java updates site to see if newer Java versions are available. Visit http://java.sun.com or just run the Java Plug-In Control Panel
X SunJavaUpdateSched scvhost.exe Added by the SDBOT-AVX WORM!
X SunJavaUpdateSched javamx.exe Added by the SDBOT-WI WORM!
X wmon jusched.exe Added by the AGOBOT-OW WORM!

all the files marked bad are showing worms

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:21 AM

Posted 21 November 2005 - 11:03 AM

What program is giving these results? They are filled with confusing information that makes you think something is wrong, when it is not. Only rely on the output from adaware or spybot. Are those two programs reporting anything wrong?

#5 Sunshine6604

Sunshine6604
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 21 November 2005 - 11:11 AM

yes, adaware and spy bot are both coming up with the same number of malware files no matter how many times I scan and clean the system

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:21 AM

Posted 21 November 2005 - 11:12 AM

What are the ones that ad-aware and spybot are reporting? Dont give me the results from the A2 program? Was the A2 program hijackfree or something?

#7 Sunshine6604

Sunshine6604
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 21 November 2005 - 11:17 AM

I'm rerunning spybot now and I'll tell you once it's done I do know something called backweblite came up alot

Edited by Sunshine6604, 21 November 2005 - 11:19 AM.


#8 Sunshine6604

Sunshine6604
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 21 November 2005 - 11:24 AM

here's what adaware found
Ad-Aware SE Build 1.05
Logfile Created on:Monday, November 21, 2005 11:13:44 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R75 15.11.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):11 total references
MRU List(TAC index:0):15 total references
Tracking Cookie(TAC index:3):12 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


11-21-2005 11:13:44 AM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 444
ThreadCreationTime : 11-21-2005 5:17:49 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 508
ThreadCreationTime : 11-21-2005 5:17:52 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 532
ThreadCreationTime : 11-21-2005 5:17:52 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 576
ThreadCreationTime : 11-21-2005 5:17:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 588
ThreadCreationTime : 11-21-2005 5:17:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 760
ThreadCreationTime : 11-21-2005 5:17:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 824
ThreadCreationTime : 11-21-2005 5:17:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 952
ThreadCreationTime : 11-21-2005 5:17:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1032
ThreadCreationTime : 11-21-2005 5:17:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1204
ThreadCreationTime : 11-21-2005 5:17:53 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1360
ThreadCreationTime : 11-21-2005 5:17:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [gearsec.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1480
ThreadCreationTime : 11-21-2005 5:17:54 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001-2003 GEAR Software
OriginalFilename : gearsec.exe

#:13 [mpfservice.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 1516
ThreadCreationTime : 11-21-2005 5:17:54 PM
BasePriority : Normal
FileVersion : 7.1.0.113
ProductVersion : 7.1.0.113
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:14 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1592
ThreadCreationTime : 11-21-2005 5:17:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:15 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_03\bin\
ProcessID : 2040
ThreadCreationTime : 11-21-2005 5:17:59 PM
BasePriority : Normal


#:16 [hpsysdrv.exe]
FilePath : C:\windows\system\
ProcessID : 136
ThreadCreationTime : 11-21-2005 5:17:59 PM
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe

#:17 [hpcmpmgr.exe]
FilePath : C:\Program Files\HP\hpcoretech\
ProcessID : 160
ThreadCreationTime : 11-21-2005 5:17:59 PM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe

#:18 [hphmon05.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 180
ThreadCreationTime : 11-21-2005 5:17:59 PM
BasePriority : Normal
FileVersion : 5,1,7
ProductVersion : 5,1,7
ProductName : HP Photosmart
CompanyName : Hewlett-Packard
FileDescription : HPHmon05
InternalName : HPHmon05
LegalCopyright : Copyright © 2003
OriginalFilename : HPHmon05.exe

#:19 [kbd.exe]
FilePath : C:\HP\KBD\
ProcessID : 168
ThreadCreationTime : 11-21-2005 5:17:59 PM
BasePriority : High


#:20 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 208
ThreadCreationTime : 11-21-2005 5:18:00 PM
BasePriority : Normal
FileVersion : 4.2.0.74
ProductVersion : 4.2.0.74
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © Apple Computer, Inc. 2003
OriginalFilename : iTunesHelper.exe

#:21 [vttimer.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 224
ThreadCreationTime : 11-21-2005 5:18:00 PM
BasePriority : Normal
FileVersion : 1.100.2004.0115
ProductVersion : 1.100.2004.0115
ProductName : S3 Graphics, Inc. Utilities
CompanyName : S3 Graphics, Inc.
InternalName : S3Timer
LegalCopyright : Copyright © 2001-2004 S3 Graphics, Inc.
LegalTrademarks : S3 is a registered trademark of S3 Incorporated

#:22 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 336
ThreadCreationTime : 11-21-2005 5:18:00 PM
BasePriority : Normal
FileVersion : 2.1.37 2.1.37 01/16/2004 12:34:37
ProductVersion : 2.1.37 2.1.37 01/16/2004 12:34:37
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:23 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 372
ThreadCreationTime : 11-21-2005 5:18:00 PM
BasePriority : Normal
FileVersion : 4.2.0.74
ProductVersion : 4.2.0.74
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © Apple Computer, Inc. 2003
OriginalFilename : iPodService.exe

#:24 [alcxmntr.exe]
FilePath : C:\WINDOWS\
ProcessID : 408
ThreadCreationTime : 11-21-2005 5:18:00 PM
BasePriority : Normal
FileVersion : 1.2
ProductVersion : 1.2
ProductName : Realtek AC97 Audio - Event Monitor
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek AC97 Audio - Event Monitor
InternalName : Alcxmntr
LegalCopyright : Copyright © 2003 Realtek Semiconductor Corp.
OriginalFilename : Alcxmntr.exe

#:25 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 460
ThreadCreationTime : 11-21-2005 5:18:00 PM
BasePriority : Normal
FileVersion : 5.9.3861
ProductVersion : 5.9.3861
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2005 America Online, Inc.
OriginalFilename : AIM.EXE

#:26 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 468
ThreadCreationTime : 11-21-2005 5:18:00 PM
BasePriority : Normal
FileVersion : 4.7.0041
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:27 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 704
ThreadCreationTime : 11-21-2005 5:18:01 PM
BasePriority : Normal
FileVersion : 5.35.0.035
ProductVersion : 005.035.000.035
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:28 [hptskmgr.exe]
FilePath : C:\Program Files\HP\hpcoretech\comp\
ProcessID : 1528
ThreadCreationTime : 11-21-2005 5:18:03 PM
BasePriority : Normal
FileVersion : 2.1.4
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Task Management Component
InternalName : HP Task Management Component
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HPTskMgr.exe

#:29 [a2guard.exe]
FilePath : C:\Program Files\a-squared\
ProcessID : 836
ThreadCreationTime : 11-21-2005 5:56:55 PM
BasePriority : Normal


#:30 [a2start.exe]
FilePath : C:\Program Files\a-squared\
ProcessID : 1896
ThreadCreationTime : 11-21-2005 6:46:59 PM
BasePriority : Normal


#:31 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3556
ThreadCreationTime : 11-21-2005 6:49:22 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:32 [spybotsd.exe]
FilePath : C:\Program Files\Spybot - Search & Destroy\
ProcessID : 2344
ThreadCreationTime : 11-21-2005 7:13:01 PM
BasePriority : Normal
FileVersion : 1.4.0.3
ProductVersion : 1, 4, 0, 3
ProductName : SpyBot-S&D
CompanyName : Safer Networking Limited
FileDescription : Spybot - Search & Destroy
InternalName : SpybotSD
LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : SpyBotSD.exe
Comments : Software zum Entfernen von Spyware und ähnlichen Bedrohungen.

#:33 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3844
ThreadCreationTime : 11-21-2005 7:13:35 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-4017100597-3500850018-3318599102-1003\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 11
Objects found so far: 11


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@questionmarket[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@questionmarket.com/
Expires : 1-11-2007 6:18:28 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@realmedia[1].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:owner@realmedia.com/
Expires : 12-31-2020 4:00:00 PM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@adserver[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:owner@ads.revsci.net/adserver
Expires : 12-21-2005 6:43:42 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:owner@tribalfusion.com/
Expires : 12-31-2037 4:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@statcounter[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@statcounter.com/
Expires : 11-19-2010 4:35:40 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@2o7[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:owner@2o7.net/
Expires : 11-19-2010 6:56:08 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@apmebf[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@apmebf.com/
Expires : 11-19-2010 4:16:24 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@adrevolver[1].txt
Category : Data Miner
Comment : Hits:12
Value : Cookie:owner@media.adrevolver.com/adrevolver/
Expires : 8-13-2008 4:25:20 PM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@adrevolver[3].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:owner@adrevolver.com/
Expires : 11-20-2006 10:45:34 AM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@ads.pointroll[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:owner@ads.pointroll.com/
Expires : 12-31-2009 4:00:00 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@casalemedia[2].txt
Category : Data Miner
Comment : Hits:36
Value : Cookie:owner@casalemedia.com/
Expires : 11-11-2006 1:52:48 PM
LastSync : Hits:36
UseCount : 0
Hits : 36

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@tradedoubler[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@tradedoubler.com/
Expires : 11-15-2025 6:44:06 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 12
Objects found so far: 23



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23

Disk Scan Result for C:\WINDOWS\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23

Disk Scan Result for C:\DOCUME~1\Owner\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 23



MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-4017100597-3500850018-3318599102-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-4017100597-3500850018-3318599102-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-4017100597-3500850018-3318599102-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-4017100597-3500850018-3318599102-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-4017100597-3500850018-3318599102-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-4017100597-3500850018-3318599102-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-4017100597-3500850018-3318599102-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-4017100597-3500850018-3318599102-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-4017100597-3500850018-3318599102-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38

11:18:40 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:56.0
Objects scanned:73583
Objects identified:23
Objects ignored:0
New critical objects:23

#9 Sunshine6604

Sunshine6604
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 21 November 2005 - 11:25 AM

spybot found nothing

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:21 AM

Posted 21 November 2005 - 11:37 AM

The MRU listings are fine and can be ignored. When we tell people to scan, we actually have them disable that option due to its confusing output.


The alexa stuff is actually built into IE.

To remove it you can do this:

Download the attached reg file and close IE.

Double-click on the reg file and merge the data. Then run ad-aware and see if the alexa stuff is gone.

Attached Files



#11 Sunshine6604

Sunshine6604
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 21 November 2005 - 11:51 AM

I reran adware and it came up clean, however, I think alexa is in quarantine should I open the quarantine list and delete the 60 files in it or leave it alone, also should I remove the alexa reg file from my desktop now that I'm done with it?

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:21 AM

Posted 21 November 2005 - 12:24 PM

Yes you can remove teh alexa.reg and empty the quarantine now.

Now that your clean:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

#13 Sunshine6604

Sunshine6604
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 21 November 2005 - 12:42 PM

Hey, thanks a bunch! Everything seems to be working fine now and hopefully a certain teenager won't be using this PC for a while. Not until he reads that link you sent me first anyway. Thanks again!!!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users