Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't Get On The Internet With Son's Puter [CLOSED]


  • This topic is locked This topic is locked

#1
rosejo

rosejo

    Member

  • Member
  • PipPip
  • 72 posts
Help!!! Bananafanafo helped me get my son's puter fixed up and he managed to really get it messed up in a few days. He frequents a site called miniclips.com and downloads and follows game links like a hound. I ran Ewido and SpyBot Search & Destroy and they found 23 infected files as well as a lot of spyware that SpyBot got rid of. Here is the Hijackthis log along with the Ewido and AdAware SE logs:

Logfile of HijackThis v1.99.1
Scan saved at 6:54:50 PM, on 6/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....ro64_loader.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F47A0A85-F879-41CF-8F08-80D19F5E30F5}: NameServer = 10.0.0.4
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\System32\ZoneLabs\vsmon.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:26:01 PM, 6/2/2005
+ Report-Checksum: B63273CB

+ Date of database: 6/1/2005
+ Version of scan engine: v3.0

+ Duration: 29 min
+ Scanned Files: 62506
+ Speed: 35.89 Files/Second
+ Infected files: 23
+ Removed files: 23
+ Files put in quarantine: 23
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: No

+ Scanned items:
C:\
D:\

+ Scan result:
C:\WINDOWS\SYSTEM32\zippy.dll -> Spyware.HotSearchBar -> Cleaned with backup
C:\WINDOWS\SYSTEM32\AWM226.exe -> Dialer.Generic -> Cleaned with backup
C:\Documents and Settings\Ray Osejo\Cookies\ray osejo@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Osejo\Cookies\ray osejo@zedo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Osejo\Cookies\ray osejo@adultrevenueservice[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\System Volume Information\_restore{D20F5F79-C18C-426E-9C76-F74141E5DBB8}\RP2\A0001833.exe -> Spyware.NewDotNet.C -> Cleaned with backup
C:\System Volume Information\_restore{D20F5F79-C18C-426E-9C76-F74141E5DBB8}\RP9\A0002169.dll -> Spyware.MaidBar -> Cleaned with backup
C:\System Volume Information\_restore{D20F5F79-C18C-426E-9C76-F74141E5DBB8}\RP11\A0002299.dll -> TrojanProxy.Small.bo -> Cleaned with backup
C:\System Volume Information\_restore{D20F5F79-C18C-426E-9C76-F74141E5DBB8}\RP11\A0002303.exe -> Dialer.Generic -> Cleaned with backup
C:\System Volume Information\_restore{D20F5F79-C18C-426E-9C76-F74141E5DBB8}\RP11\A0002458.dll -> Spyware.HotSearchBar -> Cleaned with backup
C:\System Volume Information\_restore{D20F5F79-C18C-426E-9C76-F74141E5DBB8}\RP12\A0002544.dll -> TrojanProxy.Small.bo -> Cleaned with backup
C:\System Volume Information\_restore{D20F5F79-C18C-426E-9C76-F74141E5DBB8}\RP12\A0002548.exe -> Dialer.Generic -> Cleaned with backup
C:\System Volume Information\_restore{D20F5F79-C18C-426E-9C76-F74141E5DBB8}\RP12\A0002703.dll -> Spyware.HotSearchBar -> Cleaned with backup
C:\System Volume Information\_restore{D20F5F79-C18C-426E-9C76-F74141E5DBB8}\RP13\A0002789.dll -> TrojanProxy.Small.bo -> Cleaned with backup
C:\System Volume Information\_restore{D20F5F79-C18C-426E-9C76-F74141E5DBB8}\RP13\A0002793.exe -> Dialer.Generic -> Cleaned with backup
C:\System Volume Information\_restore{D20F5F79-C18C-426E-9C76-F74141E5DBB8}\RP13\A0002948.dll -> Spyware.HotSearchBar -> Cleaned with backup
C:\System Volume Information\_restore{D20F5F79-C18C-426E-9C76-F74141E5DBB8}\RP14\A0003034.dll -> TrojanProxy.Small.bo -> Cleaned with backup
C:\System Volume Information\_restore{D20F5F79-C18C-426E-9C76-F74141E5DBB8}\RP14\A0003038.exe -> Dialer.Generic -> Cleaned with backup
C:\System Volume Information\_restore{D20F5F79-C18C-426E-9C76-F74141E5DBB8}\RP14\A0003193.dll -> Spyware.HotSearchBar -> Cleaned with backup
C:\System Volume Information\_restore{D20F5F79-C18C-426E-9C76-F74141E5DBB8}\RP14\A0003477.exe -> Spyware.MarketScore -> Cleaned with backup
C:\System Volume Information\_restore{D20F5F79-C18C-426E-9C76-F74141E5DBB8}\RP14\A0003478.exe -> Trojan.Favadd.y -> Cleaned with backup
C:\System Volume Information\_restore{D20F5F79-C18C-426E-9C76-F74141E5DBB8}\RP14\A0003481.exe -> Spyware.MyWebSearch -> Cleaned with backup
C:\System Volume Information\_restore{D20F5F79-C18C-426E-9C76-F74141E5DBB8}\RP15\A0003658.dll -> TrojanProxy.Small.bo -> Cleaned with backup


::Report End


Ad-Aware SE Build 1.05
Logfile Created on:Thursday, June 02, 2005 8:12:49 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R46 17.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):74 total references
Tracking Cookie(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R46 17.05.2005
Internal build : 54
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 474775 Bytes
Total size : 1435210 Bytes
Signature data size : 1404100 Bytes
Reference data size : 30598 Bytes
Signatures total : 40060
Fingerprints total : 883
Fingerprints size : 30250 Bytes
Target categories : 15
Target families : 674


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:56 %
Total physical memory:523760 kb
Available physical memory:292448 kb
Total page file size:1278516 kb
Available on page file:1092648 kb
Total virtual memory:2097024 kb
Available virtual memory:2046440 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


6-2-2005 8:12:49 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 488
ThreadCreationTime : 6-2-2005 11:54:04 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 536
ThreadCreationTime : 6-2-2005 11:54:06 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 560
ThreadCreationTime : 6-2-2005 11:54:07 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 604
ThreadCreationTime : 6-2-2005 11:54:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 616
ThreadCreationTime : 6-2-2005 11:54:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 764
ThreadCreationTime : 6-2-2005 11:54:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 808
ThreadCreationTime : 6-2-2005 11:54:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 872
ThreadCreationTime : 6-2-2005 11:54:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 936
ThreadCreationTime : 6-2-2005 11:54:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1076
ThreadCreationTime : 6-2-2005 11:54:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [brsvc01a.exe]
ModuleName : C:\WINDOWS\System32\brsvc01a.exe
Command Line : C:\WINDOWS\System32\brsvc01a.exe
ProcessID : 1280
ThreadCreationTime : 6-2-2005 11:54:11 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : brother Industries Ltd brsvc01a
CompanyName : brother Industries Ltd
FileDescription : brsvc01a
InternalName : brsvc01a
LegalCopyright : Copyright © Brother Industries, Ltd 2001
OriginalFilename : brsvc01a.exe

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1304
ThreadCreationTime : 6-2-2005 11:54:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [brss01a.exe]
ModuleName : C:\WINDOWS\System32\brss01a.exe
Command Line : brss01a.exe
ProcessID : 1316
ThreadCreationTime : 6-2-2005 11:54:11 PM
BasePriority : Normal
FileVersion : 1.004
ProductVersion : 1, 0, 0, 4
ProductName : brother Industries Ltd brss01a.exe
CompanyName : brother Industries Ltd
FileDescription : brss01a.exe
InternalName : brss01a.exe
LegalCopyright : Copyright ? 2001
OriginalFilename : brss01a.exe
Comments : Brsplproc XP wrapper

#:14 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1912
ThreadCreationTime : 6-2-2005 11:54:23 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:15 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 2008
ThreadCreationTime : 6-2-2005 11:54:26 PM
BasePriority : Normal
FileVersion : 0.1.0.3249
ProductVersion : 0.1.0.3249
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:16 [pdvdserv.exe]
ModuleName : C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
Command Line : "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
ProcessID : 2024
ThreadCreationTime : 6-2-2005 11:54:26 PM
BasePriority : Normal
FileVersion : 5.00.0000
ProductVersion : 5.00.0000
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2002
OriginalFilename : PDVDSERV.EXE

#:17 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
ProcessID : 200
ThreadCreationTime : 6-2-2005 11:54:26 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:18 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 216
ThreadCreationTime : 6-2-2005 11:54:27 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:19 [agrsmmsg.exe]
ModuleName : C:\WINDOWS\AGRSMMSG.exe
Command Line : "C:\WINDOWS\AGRSMMSG.exe"
ProcessID : 236
ThreadCreationTime : 6-2-2005 11:54:27 PM
BasePriority : Normal
FileVersion : 2.1.51 2.1.51 03/04/2005 12:01:54
ProductVersion : 2.1.51 2.1.51 03/04/2005 12:01:54
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:20 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 244
ThreadCreationTime : 6-2-2005 11:54:27 PM
BasePriority : Normal
FileVersion : 4.8.0.31
ProductVersion : 4.8.0.31
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:21 [zlclient.exe]
ModuleName : C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Command Line : "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
ProcessID : 316
ThreadCreationTime : 6-2-2005 11:54:27 PM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:22 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 328
ThreadCreationTime : 6-2-2005 11:54:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:23 [dwheartbeatmonitor.exe]
ModuleName : C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
Command Line : "C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe"
ProcessID : 348
ThreadCreationTime : 6-2-2005 11:54:27 PM
BasePriority : Normal
FileVersion : 1, 0, 1, 1
ProductVersion : 1, 0, 1, 1
ProductName : weather.com DWHeartbeatMonitor
CompanyName : weather.com
FileDescription : DWHeartbeatMonitor
InternalName : DWHeartbeatMonitor
LegalCopyright : Copyright © 1995-2004 The Weather Channel Interactive, Inc.
OriginalFilename : DWHeartbeatMonitor.exe

#:24 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 904
ThreadCreationTime : 6-2-2005 11:55:18 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:25 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 992
ThreadCreationTime : 6-2-2005 11:55:18 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:26 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
ProcessID : 1068
ThreadCreationTime : 6-2-2005 11:55:18 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:27 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1192
ThreadCreationTime : 6-2-2005 11:55:18 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:28 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1364
ThreadCreationTime : 6-2-2005 11:55:18 PM
BasePriority : Normal
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
ProductName : NVIDIA Driver Helper Service, Version 52.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:29 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1608
ThreadCreationTime : 6-2-2005 11:55:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:30 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1632
ThreadCreationTime : 6-2-2005 11:55:22 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:31 [vsmon.exe]
ModuleName : C:\WINDOWS\System32\ZoneLabs\vsmon.exe
Command Line : n/a
ProcessID : 1672
ThreadCreationTime : 6-2-2005 11:55:22 PM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:32 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 2352
ThreadCreationTime : 6-2-2005 11:55:34 PM
BasePriority : Normal
FileVersion : 4.8.0.31
ProductVersion : 4.8.0.31
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:33 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2688
ThreadCreationTime : 6-2-2005 11:55:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:34 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2620
ThreadCreationTime : 6-3-2005 12:11:36 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : C:\Documents and Settings\Ray Osejo\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Ray Osejo\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\ahead\cover designer\recent file list
Description : list of recently used files in ahead cover designer


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : .DEFAULT\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions


MRU List Object Recognized!
Location: : S-1-5-18\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions


MRU List Object Recognized!
Location: : S-1-5-19\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions


MRU List Object Recognized!
Location: : S-1-5-20\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions


MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-18\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-19\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-20\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-18\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-19\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-20\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : S-1-5-18\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : S-1-5-19\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : S-1-5-20\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-220523388-412668190-725345543-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ray osejo@live365[1].txt
Category : Data Miner
Comment : Hits:15
Value : Cookie:ray osejo@live365.com/
Expires : 5-23-2010 1:52:40 AM
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ray osejo@zedo[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:ray osejo@zedo.com/
Expires : 5-20-2005 1:00:00 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 76



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : daniel osejo@live365[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Daniel Osejo\Cookies\daniel osejo@live365[1].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 77


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 77


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 77




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 77

8:19:53 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:03.875
Objects scanned:135703
Objects identified:3
Objects ignored:0
New critical objects:3


Once I get a reply from someone to help me
  • 0

Advertisements


#2
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Please download this program to your computer, then transfer it to the computer without internet access.

http://www.geekstogo...n=download&id=7

Double-click Winsockfix.exe to run it. Click yes. Reboot and let me know if you can get back online now. :tazz:
  • 0

#3
rosejo

rosejo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Hi, this is Daniel, fat Dad's son who sopposedly messed up my computer, that he had fixed. Dad already tried using WinfixXP.exe running it from a floppy disk. It did not work and I still cant get on internet after rebooting.

What do i do next? Lazy bum dad is making me do it. You probably think I am disrespectful but I am just playing because he called me a geek.
  • 0

#4
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Hello Daniel ;)

Do you have dial-up or broadband? And were you given IP addresses to enter in order to connect to the Internet or are they obtained automatically? Ask your Dad if you don't know :tazz:
  • 0

#5
rosejo

rosejo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
i don't know because old geezer dad says he will tell me even though he just now told me. We have broadband with IP addresses obtained automatically.We all are on a ZoneAlarm trusted network and use a router on a comcast cable modem. Everyone else can get to the internet.
  • 0

#6
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Have you made sure that your connection is still set for IPs to be obtain automatically by going into your default connection properties?
  • 0

#7
rosejo

rosejo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Yes we checked internet options and the LAN settings and checked "automatically detect settings" and also checked network connections TCP/IP properties and it has "Obtain and IP adress automatically" checked.
  • 0

#8
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Unfortunately this is not something I'm going to be able to help you with.

Ewido technically only found 2 files and deleted them (the rest that were in System Restore aren't doing anything to your system)

And there were just a couple of tracking cookies found by Ad-Aware (the MRU List is not malicious).

So, I'm going to have a moderator move this topic to another forum so that someone can assist you :tazz:
  • 0

#9
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Before I move the thread to the appropriate forum, please try this for me:

Download and run on that computer CWShredder from:
http://www.intermute...r_download.html
Use the Fix button.

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL

O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\The Weather Channel.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

Then delete the entire folder called:
C:\Program Files\PartyPoker

Then in ZoneAlarn rightclick the icon near your PC’s system clock and select Restore ZoneAlarm Control Center.
From the menu, select Program Control.
Select Advanced, under the Do you want ZoneAlarm to preconfigure access permissions heading.
Under the Programs list look which programs are blocked and let us know.

Regards,
  • 0

#10
rosejo

rosejo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Did all you had requested. Found only COM Surrogate and gain_trickler3202.exe blocked from Access; however, a few other programs were blocked from acting as a server.

Please continue.

Thanks,

Daniel's Dad
  • 0

Advertisements


#11
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Can you give me a list of those as well?

I will give you some that need to have server authorisation for your internet to work properly:

lsass
Internet Explorer

And the IP range of your home network should be in the trusted zone because the router and the modem are in there.

Maybe you can have a look at some of the other computers' settings where internet does work.

Regards,
  • 0

#12
rosejo

rosejo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
I allowed Internet Explorer to act as a server, as you suggested. The other program is not listed in my the Zone Alarm program listing.

Daniel's computer has a "New Network" in Zone Alarm's Firewall listing, in addition to our Family network, which cannot be removed from Zone Alarm. "New Network" is an Internet zone network, not a Trusted zone network like our Family network is. I have all four computers' IP addresses correct in all four computers, but Daniel's is the only one with this Internet network with IP address: 169.254.0.0

Our Family network has IP addresses: 192.168.0.xxx. The default gatway for the Network is 192.168.0.1. The subnet mask is 255.255.255.0.

This is all I can give you for now. Hope you can come up with someway to get rid of the "New Network" and get Daniel back online.

Daniel's Dad
  • 0

#13
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
I think Zone Alarm is not the right place to remove it.

See if you can find it in the Coonnections Panel or in IE under Tools > Internet Options > Connections Tab
If so remove it there. In IE also set your Home Network as Default.

Regards,
  • 0

#14
rosejo

rosejo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
No help....still have the limited connectivity problem and no packets sent.....
  • 0

#15
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Download and run:
http://grc.com/files/DCOMbob.exe

After that you can allow COM Surrogate access to the internet.

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP