Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ALCAN WORM WORM GAOBOT.DF

Started by imallslo , Feb 05 2007 10:32 PM

  • Please log in to reply

#1
imallslo
Posted 05 February 2007 - 10:32 PM

imallslo

    New Member

  • Member
  • Pip
  • 7 posts
Hello everyone. Just thought I may swing by for some help in the removal of the Alcan Worm. It showed up on a trend Micro scan as WORM GAOBOT.DF. I have already ran the script of the Brute Force Unistaller and was directed to post a Hijack log here after. So here it is. Any further assistance or direction on where to go from here would be greatly appreciated.


Logfile of HijackThis v1.99.1
Scan saved at 8:23:41 PM, on 2/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Chrisprograms\RFA\rfagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
C:\WINDOWS\system32\SKS~1\wowexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [rfagent] C:\Program Files\Chrisprograms\RFA\rfagent.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{34DEC74A-0AF0-1033-0126-050916200001}] "C:\Program Files\Common Files\{34DEC74A-0AF0-1033-0126-050916200001}\Update.exe" mc-110-12-0000137
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Srro] "C:\WINDOWS\system32\SKS~1\wowexec.exe" -vt yazb
O4 - Startup: AbsoluteShield Internet Eraser.lnk = C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda....AX/RraainAX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162182568609
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements

#2
Noviciate
Posted 06 February 2007 - 02:18 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Download Combofix by sUBs from here and save it to your Desktop.
  • Double click combo.exe to run it and follow the prompts.
  • When the tool has finished, it will produce a log C:\ComboFix.txt - copy and paste it into your next reply.
  • Post a fresh HJT log as well.
  • Let me know how the PC is behaving.
Please Note:
  • Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash.
  • Disable Script Blocking if you have NAV installed as it will interfere with the normal working of this tool.
  • Trojan Hunter has been reported to detect this tool as Worm.Qiv.100 - please ignore this, it's a false-positive.
Also, run HJT and click on Open the Misc Tools section.
  • Click Open Uninstall Manager...
  • Click Save list... and save it to your Desktop.
  • Copy and paste the file uninstall_list.txt into your next reply.

  • 0

#3
imallslo
Posted 06 February 2007 - 07:47 PM

imallslo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for the reply. I will post a back here when im finished
  • 0

#4
imallslo
Posted 06 February 2007 - 08:31 PM

imallslo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Combo fix txt.

"Compaq_Owner" - 07-02-06 17:58:06 Service Pack 2
ComboFix 07-02-07 - Running from: "C:\Documents and Settings\Compaq_Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\tool4.exe
C:\Program Files\Common Files\Yazzle1396OinAdmin.exe
C:\Program Files\Common Files\Yazzle1396OinUninstaller.exe
C:\WINDOWS\system32\run.exe
C:\WINDOWS\system32\setup.exe.tmp
C:\WINDOWS\system32\unsvchosts.lzma
C:\INSTALL.LOG
C:\Program Files\Common Files\{34DEC~1
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\WINDOWS\system32\SKS~1
C:\qoobox\purity\WINDOWS\system32\SKS~1\wowexec.exe
C:\qoobox\purity\WINDOWS\system32\SKS~1\ç?sks


((((((((((((((((((((((((((((((( Files Created from 2007-01-06 to 2007-02-06 ))))))))))))))))))))))))))))))))))


2007-02-05 20:23 <DIR> d-------- C:\Program Files\Hijackthis
2007-02-05 20:22 488,144 --a------ C:\Program Files\HJTsetup.exe
2007-02-05 20:11 <DIR> d-------- C:\bintheredunthat
2007-02-05 20:06 <DIR> d-------- C:\BFU
2007-02-02 21:17 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\Application Data\Viewpoint
2007-01-18 17:37 <DIR> d--hs---- C:\DOCUME~1\COMPAQ~1\Complete
2007-01-17 20:52 <DIR> d-------- C:\Program Files\Hyperformance Paintball LLC
2007-01-16 07:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-16 07:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-01-16 07:52 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-16 03:00 <DIR> d-------- C:\WINDOWS\ie7updates


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-17 20:52 -------- d---s---- C:\DOCUME~1\COMPAQ~1\Application Data\microsoft
2007-01-17 20:50 -------- d-------- C:\Program Files\chrisprograms
2007-01-08 18:28 -------- d-------- C:\Program Files\quicktime
2007-01-05 20:14 152 --a------ C:\DOCUME~1\COMPAQ~1\Application Data\wklnhst.dat
2007-01-05 20:14 -------- d-------- C:\DOCUME~1\COMPAQ~1\Application Data\template
2006-12-24 12:52 -------- d-------- C:\Program Files\america online 9.0a
2006-12-18 19:10 -------- d-------- C:\DOCUME~1\COMPAQ~1\Application Data\lavasoft
2006-12-18 19:09 -------- d-------- C:\Program Files\lavasoft
2006-12-09 16:27 -------- d-------- C:\DOCUME~1\COMPAQ~1\Application Data\myspace
2006-12-09 16:26 -------- d-------- C:\Program Files\myspace
2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"Srro"="\"C:\\WINDOWS\\system32\\SKS~1\\wowexec.exe\" -vt yazb"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"IS CfgWiz"="c:\\Program Files\\Norton Internet Security\\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE \"REBOOT\""
"SSC_UserPrompt"="c:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"mmtask"="\"C:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe\""
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"rfagent"="C:\\Program Files\\Chrisprograms\\RFA\\rfagent.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"{34DEC74A-0AF0-1033-0126-050916200001}"="\"C:\\Program Files\\Common Files\\{34DEC74A-0AF0-1033-0126-050916200001}\\Update.exe\" mc-110-12-0000137"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"="SpySubtract Shell Extension"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000
"NoCDBurning"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
Shell\AutoRun\command D:\setup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Compaq_Owner.job
C:\WINDOWS\tasks\Symantec NetDetect.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-06 18:13:44


HJT unistall list

AbsoluteShield File Shredder
AbsoluteShield Internet Eraser Lite
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
AOL Connectivity Services
Blackhawk Striker 2 from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Blasterball 2 Remix from Compaq (remove only)
Bounce Symphony from Compaq (remove only)
Canon CanoScan Toolbox 4.0
CanoScan LiDE20,30 Manual
CC_ccProxyExt
ccCommon
ccPxyCore
Compaq Connections
Compaq Organize
Crystal Maze from Compaq (remove only)
Help and Support Additions
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
ImageMixer VCD2
Intel® Extreme Graphics Driver
InterVideo WinDVD Player
iPod for Windows 2005-09-23
iPod for Windows 2006-01-10
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
K@zoo USB Setup
Kazoo USB
KBD
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MSN Music Assistant
MSRedist
MSXML 4.0 SP2 (KB927978)
MySpaceIM
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
Norton WMI Update
Orbital from Compaq (remove only)
Outerinfo
Overball from Compaq (remove only)
Paintball Field Builder
PC-Doctor for Windows
Picture Package
Polar Bowler from Compaq (remove only)
Polar Golfer from Compaq (remove only)
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RealPlayer
Road Ready Streetwise from Compaq (remove only)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB926255)
Shrek 2 Ogre Bowler from Compaq (remove only)
Sonic Express Labeler
Sonic RecordNow!
Sony USB Driver
SPBBC
SpySubtract
Super Granny from Compaq (remove only)
SymNet
Tradewinds from Compaq (remove only)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Media Player
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781


Computer seems to be running ok. Alot faster after the Brute Force Unistaller. I now have my Ctl-Alt-Delete function back. I did do a Ad-Aware scan last night and it caught Worm Gaobot.DF and also troj Dloader .Gqu. I thought id just tackle them one at a time.

I appreciate the help and info so far.
  • 0

#5
Noviciate
Posted 07 February 2007 - 01:21 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts

  • Double click combo.exe to run it and follow the prompts.
  • When the tool has finished, it will produce a log C:\ComboFix.txt - copy and paste it into your next reply.
  • Post a fresh HJT log as well.

I'd still like to see a fresh HJT log.
I'd also like to see the log for the Ad-Aware scan that you ran. You can find all the logs in the C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs folder - each has the date attached to the filename.
Please check the post once you have made it to ensure that the log doesn't get cut off if it is very long.
  • 0

#6
imallslo
Posted 07 February 2007 - 06:22 PM

imallslo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Fresh HJT log

Logfile of HijackThis v1.99.1
Scan saved at 3:45:15 PM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Chrisprograms\RFA\rfagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{34DEC74A-0AF0-1033-0126-050916200001}] "C:\Program Files\Common Files\{34DEC74A-0AF0-1033-0126-050916200001}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKCU\..\Run: ["C:\QooBox\Purity\WINDOWS\system32\SKS~1\wowexec.exe" -vt yazb] "C:\WINDOWS\system32\SKS~1\wowexec.exe" -vt yazb
O4 - Startup: AbsoluteShield Internet Eraser.lnk = C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda....AX/RraainAX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162182568609
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8539BD0C-CC17-4668-A261-5292639D69FF}: NameServer = 205.188.146.145
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Fresh ad-aware log followed by the older one


Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, February 07, 2007 3:46:22 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R149 05.02.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):13 total references
Tracking Cookie(TAC index:3):30 total references
Win32.P2P-Worm.Alcan.a(TAC index:8):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


2-7-2007 3:46:22 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Compaq_Owner\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Compaq_Owner\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 460
ThreadCreationTime : 2-7-2007 6:50:04 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 516
ThreadCreationTime : 2-7-2007 6:50:07 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 540
ThreadCreationTime : 2-7-2007 6:50:07 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 584
ThreadCreationTime : 2-7-2007 6:50:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 596
ThreadCreationTime : 2-7-2007 6:50:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 744
ThreadCreationTime : 2-7-2007 6:50:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 804
ThreadCreationTime : 2-7-2007 6:50:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [msmpeng.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 868
ThreadCreationTime : 2-7-2007 6:50:08 PM
BasePriority : Normal
FileVersion : 1.1.1592.0
ProductVersion : 1.1.1592.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Service Executable
InternalName : MsMpEng.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MsMpEng.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 912
ThreadCreationTime : 2-7-2007 6:50:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 964
ThreadCreationTime : 2-7-2007 6:50:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1052
ThreadCreationTime : 2-7-2007 6:50:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [ccproxy.exe]
FilePath : c:\Program Files\Common Files\Symantec Shared\
ProcessID : 1244
ThreadCreationTime : 2-7-2007 6:50:10 PM
BasePriority : Normal
FileVersion : 103.0.2.10
ProductVersion : 103.0.2.10
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:13 [ccsetmgr.exe]
FilePath : c:\Program Files\Common Files\Symantec Shared\
ProcessID : 1312
ThreadCreationTime : 2-7-2007 6:50:10 PM
BasePriority : Normal
FileVersion : 103.0.2.10
ProductVersion : 103.0.2.10
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:14 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1320
ThreadCreationTime : 2-7-2007 6:50:10 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:15 [navapsvc.exe]
FilePath : c:\Program Files\Norton Internet Security\Norton AntiVirus\
ProcessID : 1332
ThreadCreationTime : 2-7-2007 6:50:10 PM
BasePriority : Normal
FileVersion : 11.0.2.4
ProductVersion : 11.0.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:16 [ccevtmgr.exe]
FilePath : c:\Program Files\Common Files\Symantec Shared\
ProcessID : 1424
ThreadCreationTime : 2-7-2007 6:50:11 PM
BasePriority : Normal
FileVersion : 103.0.2.10
ProductVersion : 103.0.2.10
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:17 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1876
ThreadCreationTime : 2-7-2007 6:50:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:18 [aolacsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 192
ThreadCreationTime : 2-7-2007 6:50:19 PM
BasePriority : Normal


#:19 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 220
ThreadCreationTime : 2-7-2007 6:50:19 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:20 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 336
ThreadCreationTime : 2-7-2007 6:50:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:21 [symwsc.exe]
FilePath : c:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 856
ThreadCreationTime : 2-7-2007 6:50:22 PM
BasePriority : Normal
FileVersion : 2005.1.00.111
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:22 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_03\bin\
ProcessID : 2264
ThreadCreationTime : 2-7-2007 6:50:32 PM
BasePriority : Normal


#:23 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 2376
ThreadCreationTime : 2-7-2007 6:50:39 PM
BasePriority : Normal
FileVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35
ProductVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:24 [alcxmntr.exe]
FilePath : C:\WINDOWS\
ProcessID : 2436
ThreadCreationTime : 2-7-2007 6:50:42 PM
BasePriority : Normal
FileVersion : 1.5
ProductVersion : 1.5
ProductName : Realtek Audio - Event Monitor
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Audio - Event Monitor
InternalName : Alcxmntr
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : Alcxmntr.exe

#:25 [rfagent.exe]
FilePath : C:\Program Files\Chrisprograms\RFA\
ProcessID : 2548
ThreadCreationTime : 2-7-2007 6:50:45 PM
BasePriority : Normal
FileVersion : 3.4.0.515
ProductVersion : 3.4.0.515
ProductName : Registry First Aid
CompanyName : KsL Software
FileDescription : Registry First Aid, the easy powerful registry cleanup program
InternalName : reg1aid
LegalCopyright : Copyright © KsL Software, 2001-2004
OriginalFilename : reg1aid.exe

#:26 [msascui.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 2596
ThreadCreationTime : 2-7-2007 6:50:46 PM
BasePriority : Normal
FileVersion : 1.1.1592.0
ProductVersion : 1.1.1592.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Windows Defender User Interface
InternalName : MSASCUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSASCUI.exe

#:27 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2648
ThreadCreationTime : 2-7-2007 6:50:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:28 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2664
ThreadCreationTime : 2-7-2007 6:50:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:29 [cseraser.exe]
FilePath : C:\Program Files\SysShield Tools\Internet Eraser\
ProcessID : 3136
ThreadCreationTime : 2-7-2007 6:51:02 PM
BasePriority : Normal
FileVersion : 2, 6, 1, 0
ProductVersion : 2, 6, 1, 0
ProductName : AbsoluteShield Internet Eraser Lite
CompanyName : SysShield Consulting, Inc.
FileDescription : AbsoluteShield Internet Eraser Lite
InternalName : Internet Eraser
LegalCopyright : Copyright © 2001-2006
OriginalFilename : cseraser.exe

#:30 [tmasy.exe]
FilePath : C:\Program Files\Trend Micro\Tmasy\
ProcessID : 3224
ThreadCreationTime : 2-7-2007 6:51:06 PM
BasePriority : Normal
FileVersion : 3,5,0,1041
ProductVersion : 3.50
ProductName : Trend Micro Anti-Spyware
CompanyName : Trend Micro Incorporated
FileDescription : Anti-Spyware Main Module
InternalName : Tmasy.exe
LegalCopyright : Copyright © 2003-2006 Trend Micro Incorporated. All rights reserved.
OriginalFilename : Tmasy.exe

#:31 [wisptis.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1396
ThreadCreationTime : 2-7-2007 6:58:25 PM
BasePriority : High
FileVersion : 1.0.2201.0 (xpsp1.020820-1800)
ProductVersion : 1.0.2201.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft Tablet PC Platform Component
InternalName : WISPTIS.EXE
LegalCopyright : Copyright © 1998-2002 Microsoft Corporation.
OriginalFilename : WISPTIS.EXE

#:32 [waol.exe]
FilePath : C:\Program Files\America Online 9.0a\
ProcessID : 15200
ThreadCreationTime : 2-7-2007 11:36:10 PM
BasePriority : Normal


#:33 [shellmon.exe]
FilePath : C:\Program Files\America Online 9.0a\
ProcessID : 15348
ThreadCreationTime : 2-7-2007 11:36:20 PM
BasePriority : Normal


#:34 [aoltpspd.exe]
FilePath : C:\Program Files\Common Files\Aol\
ProcessID : 15456
ThreadCreationTime : 2-7-2007 11:36:23 PM
BasePriority : Normal
FileVersion : 1, 1, 1, 0
ProductVersion : [v1_r1.1-2] On Mon 11/29/2004 19:54:26.07
ProductName : AOL TopSpeed™
CompanyName : America Online Inc
FileDescription : AOL TopSpeed™
InternalName : AOL TopSpeed™
LegalCopyright : Copyright © America Online 2003
LegalTrademarks : AOL TopSpeed™
OriginalFilename : aoltpspd.exe

#:35 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2576
ThreadCreationTime : 2-7-2007 11:42:44 PM
BasePriority : Normal
FileVersion : 7.00.5730.11 (winmain(wmbla).061017-1135)
ProductVersion : 7.00.5730.11
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:36 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 7512
ThreadCreationTime : 2-7-2007 11:46:09 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@statcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 2-6-2012 12:53:22 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:[email protected]/
Expires : 12-31-2037 2:00:00 PM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:31
Value : Cookie:[email protected]/
Expires : 2-6-2009 12:03:46 PM
LastSync : Hits:31
UseCount : 0
Hits : 31

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@trafficmp[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:154
Value : Cookie:[email protected]/
Expires : 2-6-2008 6:58:32 AM
LastSync : Hits:154
UseCount : 0
Hits : 154

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:34
Value : Cookie:[email protected]/
Expires : 2-6-2012 3:37:54 PM
LastSync : Hits:34
UseCount : 0
Hits : 34

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@adrevolver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:[email protected]/
Expires : 2-7-2008 7:22:20 AM
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:[email protected]/adrevolver/
Expires : 11-2-2009 11:52:20 PM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:978
Value : Cookie:[email protected]/
Expires : 8-13-2017 4:00:00 PM
LastSync : Hits:978
UseCount : 0
Hits : 978

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@tribalfusion[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:107
Value : Cookie:[email protected]/
Expires : 2-7-2008 3:39:34 PM
LastSync : Hits:107
UseCount : 0
Hits : 107

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@revsci[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 2-2-2027 9:27:56 AM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:80
Value : Cookie:[email protected]/
Expires : 1-29-2008 10:35:40 AM
LastSync : Hits:80
UseCount : 0
Hits : 80

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:[email protected]/
Expires : 2-4-2012 4:00:00 PM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:31
Value : Cookie:[email protected]/
Expires : 12-31-2020 4:00:00 PM
LastSync : Hits:31
UseCount : 0
Hits : 31

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 2-4-2017 7:14:44 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 2-3-2017 5:50:12 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 12-31-2009 4:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 2-10-2012 9:18:30 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 2-2-2027 12:14:34 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 2-5-2012 5:49:02 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 12-31-2037 2:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:[email protected]/
Expires : 2-5-2010 6:37:08 AM
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@mediaplex[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/
Expires : 6-21-2009 4:00:00 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:[email protected]/
Expires : 2-3-2017 6:47:22 AM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:[email protected]/
Expires : 2-5-2012 6:36:28 AM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 2-7-2008 3:44:12 PM
LastSync : Hits:5
UseCount : 0
Hits : 5


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:[email protected]/
Expires : 2-7-2008 3:44:12 PM
LastSync : Hits:10
UseCount : 0
Hits : 10


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : compaq_owner@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:318
Value : Cookie:[email protected]/
Expires : 2-6-2012 3:38:44 PM
LastSync : Hits:318
UseCount : 0
Hits : 318

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 30
Objects found so far: 43



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : A0025294.dll
TAC Rating : 8
Category : Worm
Comment :
Object : C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP441\
FileVersion : 3.0.2.0
ProductVersion : 3.02
ProductName : BigSpeed Zip DLL
CompanyName : BigSpeedSoft
InternalName : bszip.dll
LegalCopyright : © BigSpeedSoft
LegalTrademarks : BigSpeed is a trademark of BigSpeedSoft
OriginalFilename : bszip.dll


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 44


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 44


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 44




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 44

4:11:39 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:25:16.937
Objects scanned:259540
Objects identified:31
Objects ignored:0
New critical objects:31

Old logfile from two days ago



ArchiveData(auto-quarantine- 2007-02-05 21-13-26.bckp)
Referencefile : SE1R149 05.02.2007
======================================================

MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\Application Data\microsoft\office\recent\2006-Calendar.LNK
obj[1]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\05 thanksgiving.lnk
obj[2]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles\c1
obj[3]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles\c2
obj[4]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles\c3
obj[5]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\1204.lnk
obj[6]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\direct3d\mostrecentapplication name
obj[7]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[8]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\direct3d\mostrecentapplication name
obj[9]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[10]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[11]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\internet explorer download directory
obj[12]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\internet explorer\typedurls
obj[13]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\mediaplayer\medialibraryui mllastselectednode
obj[14]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\mediaplayer\player\recentfilelist
obj[15]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\mediaplayer\preferences lastplaylistindex
obj[16]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\mediaplayer\preferences lastplaylist
obj[17]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\mediaplayer\preferences searchpath
obj[18]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru value
obj[19]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\office\10.0\excel\recent files
obj[20]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\office\10.0\excel\recent templates
obj[21]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\search assistant\acmru\5603
obj[22]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\search assistant\acmru\5604
obj[23]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\office\11.0\word\recent templates
obj[24]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[25]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\.art
obj[26]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\.bmp
obj[27]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\.cda
obj[28]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\.gif
obj[29]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\.jpg
obj[30]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\.log
obj[31]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\.mpg
obj[32]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\.pdf
obj[33]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\.wps
obj[34]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\.zip
obj[35]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
obj[36]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\html
obj[37]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows media\wmsdk\general computername
obj[38]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\JPE
obj[39]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\JPEG
obj[40]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\JPG
obj[41]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\log
obj[42]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\mdi
obj[43]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\mp3
obj[44]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\mpeg
obj[45]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\mpg
obj[46]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\msi
obj[47]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\pdf
obj[48]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\pps
obj[49]=MR
  • 0

#7
imallslo
Posted 07 February 2007 - 06:25 PM

imallslo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
added cut off files


obj[48]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\pps
obj[49]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\txt
obj[50]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\VOB
obj[51]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\wmv
obj[52]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\wps
obj[53]=MRU RegReference : S-1-5-21-3812160077-3481948644-4226600560-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\zip
obj[54]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\P0000918.lnk
obj[55]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\paintballfieldbuilder_v1.2.1.lnk
obj[56]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\Photo Gallery View_files.lnk
obj[57]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\ql7p1951.lnk
obj[58]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\redbox2.lnk
obj[59]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\scopingirl.lnk
obj[60]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\shocker2.lnk
obj[61]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\SNOWBOARDING.lnk
obj[62]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\team H&S.lnk
obj[63]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\teamhs04.lnk
obj[64]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\thankgs03.lnk
obj[65]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\theview.lnk
obj[66]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\Touch It.lnk
obj[67]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\whittier field.lnk
obj[68]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\whittier field2.lnk
obj[69]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\Xmas CC Face (3).lnk
obj[70]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\Xmas CC Face.lnk
obj[71]=MRU FileReference : C:\Documents and Settings\Compaq_Owner\recent\yoshrungun.lnk

WIN32.TROJANDOWNLOADER.AGENT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[27]=Regkey : software\microsoft\windows\currentversion\uninstall\bar888
obj[28]=RegValue : software\microsoft\windows\currentversion\uninstall\bar888 "UninstallString"
obj[29]=Regkey : software\microsoft\tracing\fwcfg
obj[30]=RegValue : software\microsoft\tracing\fwcfg "EnableConsoleTracing"
obj[31]=RegValue : software\microsoft\tracing\fwcfg "FileTracingMask"
obj[32]=RegValue : software\microsoft\tracing\fwcfg "ConsoleTracingMask"
obj[33]=RegValue : software\microsoft\tracing\fwcfg "MaxFileSize"
obj[34]=RegValue : software\microsoft\tracing\fwcfg "FileDirectory"
obj[36]=File : C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP441\A0025186.exe

WIN32.P2P-WORM.ALCAN.A
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[35]=Regkey : software\microsoft\downloadmanager
obj[37]=File : C:\WINDOWS\system32\bszip.dll

The troj_dloader was not recognized w/ todays scan but the Alcan did show up
Once again I thank you for your help w/ this one

Edited by imallslo, 07 February 2007 - 06:26 PM.

  • 0

#8
Noviciate
Posted 08 February 2007 - 01:45 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts

Ad-Aware has detected the usual MRUs, some tracking cookies and an entry located here - C:\System Volume Information. This is the location that your OS uses to store Restore Points created using System Restore. It poses no threat to your PC unless you use this particular point when running System Restore.
It can be left until the end when System Restore will be flushed, once the PC is back to it's normal irritating self.

You will need to make a copy of these instructions because you have to disconnect from the internet to complete the fix. Either print them out or copy and paste them into Notepad.

Preparation

1) Download the trial version of AVG Anti-Spyware from here and save it to your Desktop.
If you already have this program installed, skip to Updating AVG Anti-Spyware: below.

* Please note that this program was formerly known as Ewido anti-spyware 4.0.
Taken from the Ewido website -

ewido anti-spyware 4.0 will now continue under the new product name AVG Anti-Spyware 7.5. AVG Anti-Spyware 7.5 contains the same ewido technology, but with some further enhanced features:

Highly improved cleaning
Lower resource usage
Additional languages supported

All current licenses for ewido anti-spyware 4.0 will continue to be valid, and users can change over to the new AVG Anti-Spyware 7.5 for free.

Double click the avg-setup file to begin installation and follow the prompts.
When the program has been installed, and you click the Finish button, AVG A-S will open.
  • Updating AVG Anti-Spyware:

    By default AVG A-S is configured to update automatically so, if you have an active internet connection, it should do so following installation. If you are unsure whether or not it has done so, do the following:
  • Click the Update icon at the top and under "Manual Update" - click the Start update button.
  • Either AVG A-S will update or inform you that no update was available.
  • If you cannot access the internet with the infected PC, or you are having problems updating, you can download the signatures file from here.
    Once you have installed AVG A-S, double click avgas-signatures-current.exe to update it.

    Disabling the Resident Shield:
  • By default the Resident Shield is active but as it may interfere with the process of cleaning your PC, it will need to be disabled.
    (When the PC has been cleaned you can activate the shield again, if you wish.)
  • Click the Shield icon at the top and under "Resident shield is..." - click active.
  • This should now change to inactive.

    Changing Recommended Actions
  • Click the Scanner icon at the top and then click the Settings Tab.
  • Under "How to act?" click Recommended actions and select "Quarantine" from the menu.
You can now close AVG A-S.

AVG A-S is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.
Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG A-S will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.
Should you wish to benefit from the real-time protection, you will need to upgrade the program. To do this, simply open it and click on the Buy now button.

2) You will need to set Windows to show All Hidden Files and Folders.
Instructions can be found here.
** These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after fixing your computer. **

3) Log off from the internet and disconnect your modem cable for the duration of the fix.

Removal

1) Run HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O20 - AppInit_DLLs:

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

2) Boot into Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
3) Navigate to the C:\Windows\Temp folder and delete all the files that you find there.
Do this for all Usernames.

4) Navigate to C:\Documents and Settings\Username\Local Settings\Temp and delete all the files that you find there.
Do this for all Usernames.

5) Go to Start > Control Panel > Internet Options.

For I.E. 6 - under Temporary Internet files, click on Delete Files...
Check the box to the left of 'Delete all offline content' and then click on OK.

For I.E. 7 - under Browsing History, click delete...
Under Temporary Internet Files, click Delete files...

6) Ensure that ALL open Windows / Programs / Folders are closed and then run AVG A-S.
  • If it is not already selected, click the Scanner icon at the top and then select the Scan Tab.
  • Click "Complete System Scan"
  • While the scan is in progress the PC should be left otherwise idle - so if you fancy a cuppa, now's the time to put the kettle on!
  • When the scan has completed, any threats that AVG A-S has detected will be displayed.
  • Click the Apply all actions button at the bottom.
  • When AVG A-S has finished, it will display the message "All actions have been applied".

    Saving a report:
  • Click the Save Report button at the bottom left and the "Reports" window will open.
  • The content of the scan report will be displayed in the right hand pane and a copy will be automatically saved as Report-Scan-date-time.txt into the C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports folder.
  • You will need to post a copy of this report into your next reply, so if it is more convenient, you can save another copy of this report elsewhere:
    Click the Save report as button and select a destination by clicking the down arrow to the right of the Save in: text box and then click Save.
Close AVG Anti-Spyware.

7) Boot into Normal Mode.

Post a new HJT log (run in Normal Mode), the AVG A-S log AND a description of how your PC is running.


I've had to use the "quotes" tags as there is a little forum bug that affects some of my posts. You shouldn't need to do this, so just ignore it.
  • 0

#9
imallslo
Posted 08 February 2007 - 09:05 PM

imallslo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
This one looks like it may take a while. I will complete it this weekend and post back by Monday with results and log. Thank you for the info
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP