Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Need help with getting rid of trojan horses![RESOLVED]

Started by Kristy , Mar 11 2005 11:20 AM

Page 6 of 10
4
5
6
7
8

This topic is locked

#76
Kristy

Posted 20 March 2005 - 05:25 PM

Visiting Consultant

Topic Starter
Member
1,099 posts

I just copied the complete Microworlds Antivirus log to microsoft word, and it is 4,628 pages. Would you like me to just copy down the virus log information, and just post that part here?

#77
Kristy

Posted 20 March 2005 - 05:34 PM

Visiting Consultant

Topic Starter
Member
1,099 posts

Here's the virus log information

File C:\WINDOWS\woinstall.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\kristy\LOCALS~1\TEMPOR~1\Content.IE5\8ZIJ25QR\AppWrap[1].exe infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\kristy\LOCALS~1\TEMPOR~1\Content.IE5\8ZIJ25QR\AppWrap[3].exe infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\kristy\LOCALS~1\TEMPOR~1\Content.IE5\CT6J0PEN\AppWrap[1].exe infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\kristy\LOCALS~1\TEMPOR~1\Content.IE5\CT6J0PEN\eZinstall[1].exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\kristy\LOCALS~1\TEMPOR~1\Content.IE5\CT6J0PEN\Installer[1].exe infected by "not-a-virus:AdWare.Look2Me.r" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\kristy\LOCALS~1\TEMPOR~1\Content.IE5\CT6J0PEN\webrebates_usa[1].exe infected by "not-a-virus:AdWare.WebRebates.g" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\kristy\LOCALS~1\TEMPOR~1\Content.IE5\STAV05AF\AppWrap[2].exe infected by "not-a-virus:AdWare.Zestyfind" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\kristy\LOCALS~1\TEMPOR~1\Content.IE5\STAV05AF\AppWrap[4].exe infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\kristy\LOCALS~1\TEMPOR~1\Content.IE5\STAV05AF\upd201[1].exe infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\kristy\LOCALS~1\TEMPOR~1\Content.IE5\STAV05AF\upd202[1].exe infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\kristy\LOCALS~1\TEMPOR~1\Content.IE5\STAV05AF\ysb[1].dll infected by "not-a-virus:AdWare.ToolBar.YourSiteBar.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\kristy\LOCALS~1\TEMPOR~1\Content.IE5\WDU7W9YJ\AppWrap[2].exe infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\kristy\LOCALS~1\TEMPOR~1\Content.IE5\WDU7W9YJ\AppWrap[5].exe infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\kristy\LOCALS~1\TEMPOR~1\Content.IE5\WDU7W9YJ\TargetSoftSetup[1].exe infected by "not-a-virus:AdWare.VirtualBouncer.d" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\kristy\LOCALS~1\TEMPOR~1\Content.IE5\WDU7W9YJ\woinstall[1].exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\kristy\Desktop\l2mfix\backup.zip infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\kristy\Desktop\l2mfix\Process.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\Documents and Settings\kristy\Desktop\l2mfix.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\Documents and Settings\kristy\Desktop\Unused Desktop Shortcuts\Install_AIM.exe infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\kristy\l2mfix\Process.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\Documents and Settings\kristy\Local Settings\Temporary Internet Files\Content.IE5\8ZIJ25QR\AppWrap[1].exe infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\kristy\Local Settings\Temporary Internet Files\Content.IE5\8ZIJ25QR\AppWrap[3].exe infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\kristy\Local Settings\Temporary Internet Files\Content.IE5\CT6J0PEN\AppWrap[1].exe infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\kristy\Local Settings\Temporary Internet Files\Content.IE5\CT6J0PEN\eZinstall[1].exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\kristy\Local Settings\Temporary Internet Files\Content.IE5\CT6J0PEN\Installer[1].exe infected by "not-a-virus:AdWare.Look2Me.r" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\kristy\Local Settings\Temporary Internet Files\Content.IE5\CT6J0PEN\webrebates_usa[1].exe infected by "not-a-virus:AdWare.WebRebates.g" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\kristy\Local Settings\Temporary Internet Files\Content.IE5\STAV05AF\AppWrap[2].exe infected by "not-a-virus:AdWare.Zestyfind" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\kristy\Local Settings\Temporary Internet Files\Content.IE5\STAV05AF\AppWrap[4].exe infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken.

#78
Kristy

Posted 20 March 2005 - 05:43 PM

Visiting Consultant

Topic Starter
Member
1,099 posts

virus information log continued

File C:\Documents and Settings\kristy\Local Settings\Temporary Internet Files\Content.IE5\STAV05AF\upd201[1].exe infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\kristy\Local Settings\Temporary Internet Files\Content.IE5\STAV05AF\upd202[1].exe infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\kristy\Local Settings\Temporary Internet Files\Content.IE5\STAV05AF\ysb[1].dll infected by "not-a-virus:AdWare.ToolBar.YourSiteBar.c" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\kristy\Local Settings\Temporary Internet Files\Content.IE5\WDU7W9YJ\AppWrap[2].exe infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\kristy\Local Settings\Temporary Internet Files\Content.IE5\WDU7W9YJ\AppWrap[5].exe infected by "not-a-virus:AdWare.AdURL.c" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\kristy\Local Settings\Temporary Internet Files\Content.IE5\WDU7W9YJ\TargetSoftSetup[1].exe infected by "not-a-virus:AdWare.VirtualBouncer.d" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\kristy\Local Settings\Temporary Internet Files\Content.IE5\WDU7W9YJ\woinstall[1].exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\Program Files\AdStatus Service\AdStatComm.dll infected by "not-a-virus:AdWare.WinAD.u" Virus. Action Taken: No Action Taken.
File C:\Program Files\AIM\Sysfiles\WxBug.EXE infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File C:\Program Files\ProcManager.exe tagged as not-a-virus:RiskWare.Tool.PsKill.a. No Action Taken.
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\FYQISK3M\woinstall[1].exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\upd201.exe infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\upd202.exe infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\woinstall.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File G:\windows\options\cabs\ols\aol\aol40hk.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File G:\windows\options\cabs\ols\at&t\attkit.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File G:\windows\All Users\Application Data\pcsvc\patchme.exe infected by "not-a-virus:AdWare.DelphinMediaViewer.c" Virus. Action Taken: No Action Taken.
File G:\windows\Profiles\comp\Application Data\Wildtangent\Cdacache\00\00\0F.dat infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File G:\windows\TSAd.dll infected by "not-a-virus:AdWare.TimeSink.c" Virus. Action Taken: No Action Taken.
File G:\windows\2020install.exe infected by "not-a-virus:AdWare.ShopNav.a" Virus. Action Taken: No Action Taken.
File G:\windows\wt\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File G:\windows\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File G:\windows\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File G:\windows\wt\wtupdates\webd\4.1.1\files\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File G:\windows\Lycos\ss_IGN1_setup.exe infected by "not-a-virus:AdWare.Sidesearch.d" Virus. Action Taken: No Action Taken.
File G:\_restore\archive\fs3507.cab infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File G:\_restore\archive\fs3512.cab infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File G:\_restore\archive\fs2996.cab infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File G:\Program Files\Common Files\midaddle\uninst.exe infected by "not-a-virus:AdWare.Midadle.f" Virus. Action Taken: No Action Taken.
File G:\Program Files\Common Files\midaddle\clicks.dll infected by "not-a-virus:AdWare.Midadle.f" Virus. Action Taken: No Action Taken.
File G:\Program Files\Netscape\Communicator\Program\Plugins\npwthost.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File G:\Program Files\aim\Sysfiles\WxBug.EXE infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File G:\Program Files\Srng\file.zip infected by "not-a-virus:AdWare.ShopNav.a" Virus. Action Taken: No Action Taken.

Still one more post to come for the rest of this.

#79
Kristy

Posted 20 March 2005 - 05:44 PM

Visiting Consultant

Topic Starter
Member
1,099 posts

File G:\Program Files\Srng\SrngUtil.exe infected by "not-a-virus:AdWare.ShopNav.a" Virus. Action Taken: No Action Taken.
File G:\Program Files\Srng\SNHelper.dll infected by "not-a-virus:AdWare.ShopNav.a" Virus. Action Taken: No Action Taken.
File G:\AOL Instant Messenger\AIM95.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\woinstall.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.

#80
Wizard

Posted 20 March 2005 - 07:42 PM

Retired Staff

Retired Staff
5,661 posts

Now I am beginning to understand why these fixes arent working completly!!

Is this PC a Dual Booting PC or does it have Multiple User Accounts?

Usually a PC that Dual Boots or Has Multiple Hardrives and User Accounts,proves quite the Bugger to DisInfect!!

OK,Here we Go!!

Download Pocket KillBox from here:
Pocket KillBox

There is a Direct Download and a description of what the Program does inside this link.
Download,UnZip,Extract All Files and Have it ready to Use!

Download the Hoster from here.
The Hoster

Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original deleted Hosts file.

Download CleanUp!:
CleanUp!
Once Downloaded and Opened,Select Standard File Delete and Click The CleanUp Tab!
It will Prompt a Restart,Do So!!

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
Safe Mode

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!
Here is a link to help with that:
Hidden Files
Make sure to follow the Directions for XP!

Now Open KillBox,Make sure there is a Check By Standard File Kill!

Copy&Paste the Text Below into the Text Box labeled Full Path of File to Delete

C:\WINDOWS\woinstall

Now Click the Red Circle with the White X in the Middle to Delete!

Follow the same process for all of these:

C:\WINDOWS\Temp\upd201.exe<<< May allready be gone Via CleanUp!

C:\WINDOWS\Temp\upd202.exe<<< May allready be gone Via CleanUp!

C:\Program Files\AIM\Sysfiles\WxBug.EXE

C:\Program Files\AdStatus Service

G:\windows\All Users\Application Data\pcsvc

G:\windows\Profiles\comp\Application Data\Wildtangent

G:\windows\wt

G:\windows\Lycos

G:\Program Files\Common Files\midaddle

G:\Program Files\Srng

G:\windows\TSAd.dll

G:\windows\2020install.exe

G:\Program Files\Netscape\Communicator\Program\Plugins\npwthost.dll

G:\Program Files\aim\Sysfiles\WxBug.EXE

If any of thiese cant be deleted or dont seem to exist,I will need you to locate and delete them manually!!

Once the Files are gone,please Run the CleanUp Program Again before restarting in normal mode!

Once back in Normal Mode,Scan with HijackThis and Post those results!

#81
Kristy

Posted 20 March 2005 - 08:42 PM

Visiting Consultant

Topic Starter
Member
1,099 posts

In an answer to your question, yes my PC is dual booting(WindowsMe and XP) AND it has multiple user accounts.

I was able to delete everything that was listed, half with killbox, the others i ended up having to do manually.

Here is my new hjt log.

Logfile of HijackThis v1.99.1
Scan saved at 6:38:35 PM, on 3/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Documents and Settings\kristy\Desktop\HijackThis.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimt.../aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - Default URLSearchHook is missing
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

#82
Wizard

Posted 20 March 2005 - 09:26 PM

Retired Staff

Retired Staff
5,661 posts

Ahhhh.....The Riddle is answered!!!

That would make sense,it wasnt until I noticed the G Drive in the 2 Scans that I Picked up on it,Some Helper I am!!

The Log is Clean,You will want to Hang onto Kaspersky for the full 30 Days,but Please use HijackThis and Remove its O4 entry and Then go to Msconfig and Disable it at StartUp!

I Suggest,giving it a Day,Run an Online Scan sometime tomorrow,see how it looks!

Use that PC just as you Normally would!

But first,stop by here:
JavaCool

Get Spyware Blaster and Spyware Guard Installed on that Machine ASAP please!

If you want to continue using Internet Explorer,also get IE SPYAD

This Link will get you to the Download and Provide Instructions on How to Install it:
IE Spyad

Post back sometime tomorrow and I will check in after I return from Work!

#83
Kristy

Posted 21 March 2005 - 05:32 PM

Visiting Consultant

Topic Starter
Member
1,099 posts

My computer seems to be working much better now. However, on mozilla firefox, at the top right hand corner where it has a list of the search engines, isearch is still listed there. I ran Panda Activescan, and it only find 3 infected files. Here is the log.

Incident Status Location

Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/ISearch No disinfected C:\WINDOWS\deskbar.ini
Adware:Adware/WUpd No disinfected Windows Registry

#84
Kristy

Posted 21 March 2005 - 05:34 PM

Visiting Consultant

Topic Starter
Member
1,099 posts

I guess the above explains why isearch is still there.

#85
Kristy

Posted 21 March 2005 - 05:42 PM

Visiting Consultant

Topic Starter
Member
1,099 posts

By the way, if I need to go into the Windows Registry to delete those things, I will need you to tell me how to get to there. Thank You.

#86
Kristy

Posted 21 March 2005 - 11:34 PM

Visiting Consultant

Topic Starter
Member
1,099 posts

I got rid of two of the things there. Here is my new panda activescan log. ISearch is still listed in the list of search engines.

Incident Status Location

Adware:Adware/eZula No disinfected Windows Registry

#87
Wizard

Posted 22 March 2005 - 04:33 PM

Retired Staff

Retired Staff
5,661 posts

Here is a Nice Program for cleaning the Registry Up:
RegScrub!

Using this Guide:
RegScrub Guide

Before Running it,I suggest Running Ad Aware and SpyBot,if you dont have either of these,just post back and we will fix that!!!

Edited by Cretemonster, 22 March 2005 - 04:34 PM.

#88
Kristy

Posted 22 March 2005 - 06:59 PM

Visiting Consultant

Topic Starter
Member
1,099 posts

Ok, I ran Ad-Aware, here is the log if you need it.

Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, March 22, 2005 3:44:43 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R33 16.03.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):28 total references
Tracking Cookie(TAC index:3):5 total references
WindUpdates(TAC index:8):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R33 16.03.2005
Internal build : 38
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 431409 Bytes
Total size : 1357573 Bytes
Signature data size : 1327668 Bytes
Reference data size : 29393 Bytes
Signatures total : 37814
Fingerprints total : 720
Fingerprints size : 26761 Bytes
Target categories : 15
Target families : 641

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:39 %
Total physical memory:260656 kb
Available physical memory:99544 kb
Total page file size:639648 kb
Available on page file:460828 kb
Total virtual memory:2097024 kb
Available virtual memory:2048516 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

3-22-2005 3:44:43 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : S-1-5-21-842925246-789336058-1202660629-1004\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant

MRU List Object Recognized!
Location: : S-1-5-21-842925246-789336058-1202660629-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-842925246-789336058-1202660629-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-842925246-789336058-1202660629-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-842925246-789336058-1202660629-1004\software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-842925246-789336058-1202660629-1004\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-842925246-789336058-1202660629-1004\software\microsoft\office\11.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-842925246-789336058-1202660629-1004\software\microsoft\office\11.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-842925246-789336058-1202660629-1004\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-842925246-789336058-1202660629-1004\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-842925246-789336058-1202660629-1004\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-842925246-789336058-1202660629-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : S-1-5-21-842925246-789336058-1202660629-1004\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-842925246-789336058-1202660629-1004\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-842925246-789336058-1202660629-1004\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-842925246-789336058-1202660629-1004\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-842925246-789336058-1202660629-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : C:\Documents and Settings\kristy\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office

MRU List Object Recognized!
Location: : C:\Documents and Settings\kristy\recent
Description : list of recently opened documents

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 468
ThreadCreationTime : 3-22-2005 11:36:45 PM
BasePriority : Normal

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 536
ThreadCreationTime : 3-22-2005 11:36:52 PM
BasePriority : Normal

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 716
ThreadCreationTime : 3-22-2005 11:36:54 PM
BasePriority : High

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 764
ThreadCreationTime : 3-22-2005 11:36:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 776
ThreadCreationTime : 3-22-2005 11:36:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 924
ThreadCreationTime : 3-22-2005 11:36:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 972
ThreadCreationTime : 3-22-2005 11:36:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1008
ThreadCreationTime : 3-22-2005 11:36:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1056
ThreadCreationTime : 3-22-2005 11:36:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1108
ThreadCreationTime : 3-22-2005 11:36:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1400
ThreadCreationTime : 3-22-2005 11:37:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1520
ThreadCreationTime : 3-22-2005 11:37:04 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:13 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 1536
ThreadCreationTime : 3-22-2005 11:37:04 PM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:14 [pctspk.exe]
ModuleName : C:\WINDOWS\system32\pctspk.exe
Command Line : C:\WINDOWS\system32\pctspk.exe
ProcessID : 1616
ThreadCreationTime : 3-22-2005 11:37:04 PM
BasePriority : Normal
FileVersion : 4.00
ProductVersion : 4.00
ProductName : PCTSPK.EXE
CompanyName : PCtel, Inc.
FileDescription : PCTSPK.EXE
InternalName : PCTSPK.EXE
LegalCopyright : Copyright ©PCtel,Inc. 1999-2000
OriginalFilename : PCTSPK.EXE

#:15 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1736
ThreadCreationTime : 3-22-2005 11:37:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:16 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1796
ThreadCreationTime : 3-22-2005 11:37:06 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:17 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2044
ThreadCreationTime : 3-22-2005 11:37:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:18 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 524
ThreadCreationTime : 3-22-2005 11:37:20 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:19 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 616
ThreadCreationTime : 3-22-2005 11:37:22 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:20 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
ProcessID : 648
ThreadCreationTime : 3-22-2005 11:37:23 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:21 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 660
ThreadCreationTime : 3-22-2005 11:37:24 PM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe

#:22 [hpztsb10.exe]
ModuleName : C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
Command Line : "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe"
ProcessID : 668
ThreadCreationTime : 3-22-2005 11:37:24 PM
BasePriority : Normal
FileVersion : 2.323.0.0
ProductVersion : 2.323.0.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2004

#:23 [hpwuschd2.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
ProcessID : 680
ThreadCreationTime : 3-22-2005 11:37:24 PM
BasePriority : Normal
FileVersion : 3, 0, 38, 1
ProductVersion : 3, 0, 38, 1
ProductName : HP Software Update Application
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe

#:24 [viewmgr.exe]
ModuleName : C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Command Line : "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
ProcessID : 688
ThreadCreationTime : 3-22-2005 11:37:25 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager

#:25 [aim.exe]
ModuleName : C:\Program Files\AIM\aim.exe
Command Line : "C:\Program Files\AIM\aim.exe" -cnetwait.odl
ProcessID : 696
ThreadCreationTime : 3-22-2005 11:37:25 PM
BasePriority : Normal
FileVersion : 5.9.3702
ProductVersion : 5.9.3702
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:26 [sgmain.exe]
ModuleName : C:\Program Files\SpywareGuard\sgmain.exe
Command Line : "C:\Program Files\SpywareGuard\sgmain.exe"
ProcessID : 1088
ThreadCreationTime : 3-22-2005 11:37:27 PM
BasePriority : Normal
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
ProductName : SpywareGuard
FileDescription : SpywareGuard
InternalName : sgmain
LegalCopyright : Copyright © 2002-2003 Javacool Software LLC
OriginalFilename : sgmain.exe
Comments : SpywareGuard

#:27 [sgbhp.exe]
ModuleName : C:\Program Files\SpywareGuard\sgbhp.exe
Command Line : "C:\Program Files\SpywareGuard\sgbhp.exe"
ProcessID : 1236
ThreadCreationTime : 3-22-2005 11:37:30 PM
BasePriority : Normal
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
ProductName : SG Browser Hijacking Protection
FileDescription : SG Browser Hijacking Protection
InternalName : sgbhp
LegalCopyright : Copyright © 2002-2003 Javacool Software LLC.
OriginalFilename : sgbhp.exe
Comments : SG Browser Hijacking Protection

#:28 [firefox.exe]
ModuleName : C:\Program Files\Mozilla Firefox\firefox.exe
Command Line : "C:\Program Files\Mozilla Firefox\firefox.exe"
ProcessID : 2016
ThreadCreationTime : 3-22-2005 11:37:34 PM
BasePriority : Normal

#:29 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2004
ThreadCreationTime : 3-22-2005 11:44:10 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:19
Value : Cookie:[email protected]/
Expires : 4-20-2005 9:40:54 PM
LastSync : Hits:19
UseCount : 0
Hits : 19

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kristy@advertising[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 3-20-2010 7:51:36 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kristy@atdmt[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 3-20-2010 4:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kristy@doubleclick[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 3-20-2008 7:51:06 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kristy@2o7[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 3-21-2010 3:45:26 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 33

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : File
Data : ide21201.vxd
Category : Malware
Comment :
Object : C:\WINDOWS\system32\

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34

Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34

Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34

Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 34

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34

4:08:37 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:23:54.132
Objects scanned:159918
Objects identified:6
Objects ignored:0
New critical objects:6

Should I quarantine what it found?

I also ran RegScrubXP. I'm not sure exactly what to delete on there.

#89
Kristy

Posted 23 March 2005 - 10:56 PM

Visiting Consultant

Topic Starter
Member
1,099 posts

bump

#90
Wizard

Posted 24 March 2005 - 03:21 PM

Retired Staff

Retired Staff
5,661 posts

Scan with Ad Aware again and delete all it finds,if you quarantined anything,delete the Quaritine file!

Have you tried SpyBot yet?

Hang on to RegScrub,I gotta get to my other machine and Refresh my memory!

Both Ad Aware and SpyBot are nice tools to hang onto and use regulary to help ensure a clean Machine!

Post back with a Fresh Ad Aware Log and a HijackThis log!

I will search up the RegScrub Question!!