Here is my HJ log [RESOLVED]
Started by
yongkwan
, Aug 20 2005 09:06 PM
#16
Posted 21 August 2005 - 03:35 AM
#17
Posted 21 August 2005 - 04:58 AM
ok i did a restart after my post and did the scans here are the reports
Ad-Aware SE Build 1.05
Logfile Created on:Sunday, August 21, 2005 6:42:55 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R62 17.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):31 total references
Tracking Cookie(TAC index:3):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
8-21-2005 6:42:55 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : G:\Documents and Settings\NG\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\ahead\nero wave editor\recent file list
Description : list of recently used files in nero wave editor
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\creative tech\creative wavestudio\settings
Description : list of recently used directories in creative wavestudio
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\office\11.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\office\11.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\office\11.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 596
ThreadCreationTime : 8-21-2005 9:37:00 AM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\G:\WINDOWS\system32\
ProcessID : 660
ThreadCreationTime : 8-21-2005 9:37:01 AM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\G:\WINDOWS\system32\
ProcessID : 684
ThreadCreationTime : 8-21-2005 9:37:03 AM
BasePriority : High
#:4 [services.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 728
ThreadCreationTime : 8-21-2005 9:37:03 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 740
ThreadCreationTime : 8-21-2005 9:37:03 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 904
ThreadCreationTime : 8-21-2005 9:37:04 AM
BasePriority : Normal
FileVersion : 6.14.10.4113
ProductVersion : 6.14.10.4113
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:7 [svchost.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 916
ThreadCreationTime : 8-21-2005 9:37:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 996
ThreadCreationTime : 8-21-2005 9:37:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : G:\WINDOWS\System32\
ProcessID : 1088
ThreadCreationTime : 8-21-2005 9:37:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 1144
ThreadCreationTime : 8-21-2005 9:37:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 1200
ThreadCreationTime : 8-21-2005 9:37:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [spoolsv.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 1568
ThreadCreationTime : 8-21-2005 9:37:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [ati2evxx.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 1592
ThreadCreationTime : 8-21-2005 9:37:06 AM
BasePriority : Normal
FileVersion : 6.14.10.4113
ProductVersion : 6.14.10.4113
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:14 [explorer.exe]
FilePath : G:\WINDOWS\
ProcessID : 1684
ThreadCreationTime : 8-21-2005 9:37:06 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:15 [soundman.exe]
FilePath : G:\WINDOWS\
ProcessID : 1896
ThreadCreationTime : 8-21-2005 9:37:09 AM
BasePriority : Normal
FileVersion : 5.1.0.29
ProductVersion : 5.1.0.29
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager
#:16 [cli.exe]
FilePath : G:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 1916
ThreadCreationTime : 8-21-2005 9:37:09 AM
BasePriority : Normal
#:17 [avgcc.exe]
FilePath : G:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1928
ThreadCreationTime : 8-21-2005 9:37:10 AM
BasePriority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:18 [avgemc.exe]
FilePath : G:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1948
ThreadCreationTime : 8-21-2005 9:37:10 AM
BasePriority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:19 [jusched.exe]
FilePath : G:\Program Files\Java\j2re1.4.2_02\bin\
ProcessID : 1972
ThreadCreationTime : 8-21-2005 9:37:10 AM
BasePriority : Normal
#:20 [lvcomsx.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 1980
ThreadCreationTime : 8-21-2005 9:37:11 AM
BasePriority : Normal
FileVersion : 8.4.1.1092
ProductVersion : 8.4.1.1092
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : LVComS.exe
#:21 [logitray.exe]
FilePath : G:\Program Files\Logitech\Video\
ProcessID : 2004
ThreadCreationTime : 8-21-2005 9:37:11 AM
BasePriority : Normal
FileVersion : 8.4.6.1012
ProductVersion : 8.4.6.1012
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : © 1996-2005 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe
#:22 [realsched.exe]
FilePath : G:\Program Files\Common Files\Real\Update_OB\
ProcessID : 188
ThreadCreationTime : 8-21-2005 9:37:12 AM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:23 [uguru.exe]
FilePath : G:\Program Files\ABIT\ABIT uGuru\
ProcessID : 244
ThreadCreationTime : 8-21-2005 9:37:12 AM
BasePriority : Normal
FileVersion : 2, 0, 0, 4
ProductVersion : 2, 0, 0, 4
ProductName : uGuru Application
CompanyName : ABIT Computer Corporation
FileDescription : uGuru Launcher Application
InternalName : uGuru launcher
LegalCopyright : Copyright © 2003-2004 ABIT Computer Corporation, all rights reserved.
OriginalFilename : uGuru.EXE
Comments : Written by Daniel Chang
#:24 [ctfmon.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 252
ThreadCreationTime : 8-21-2005 9:37:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:25 [msmsgs.exe]
FilePath : G:\Program Files\Messenger\
ProcessID : 312
ThreadCreationTime : 8-21-2005 9:37:12 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:26 [uguru_event_receiver.exe]
FilePath : G:\Program Files\ABIT\ABIT uGuru\
ProcessID : 400
ThreadCreationTime : 8-21-2005 9:37:13 AM
BasePriority : Normal
FileVersion : 2, 0, 3, 804
ProductVersion : 2, 0, 3, 804
ProductName : uGuru_Event_Receiver
CompanyName : ABIT Computer Corp.
FileDescription : uGuru_Event_Receiver(2004-08-04)
InternalName : uGuru_Event_Receiver
LegalCopyright : Copyright © 2004
OriginalFilename : uGuru_Event_Receiver.EXE
Comments : Author: Winson Chiou
#:27 [cli.exe]
FilePath : G:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 512
ThreadCreationTime : 8-21-2005 9:37:14 AM
BasePriority : Normal
#:28 [avgamsvr.exe]
FilePath : G:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 664
ThreadCreationTime : 8-21-2005 9:37:15 AM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:29 [avgupsvc.exe]
FilePath : G:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1044
ThreadCreationTime : 8-21-2005 9:37:17 AM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:30 [ewidoctrl.exe]
FilePath : G:\Program Files\ewido\security suite\
ProcessID : 1084
ThreadCreationTime : 8-21-2005 9:37:17 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:31 [mdm.exe]
FilePath : G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1160
ThreadCreationTime : 8-21-2005 9:37:18 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:32 [svchost.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 1548
ThreadCreationTime : 8-21-2005 9:37:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:33 [fxsvr2.exe]
FilePath : G:\Program Files\Logitech\Video\
ProcessID : 1344
ThreadCreationTime : 8-21-2005 9:37:19 AM
BasePriority : Normal
FileVersion : 8.4.6.1012
ProductVersion : 8.4.6.1012
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : QuickCam Framework Server
InternalName : FxSvr.EXE
LegalCopyright : © 1996-2005 Logitech. All rights reserved.
OriginalFilename : FxSvr.EXE
#:34 [wdfmgr.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 1336
ThreadCreationTime : 8-21-2005 9:37:22 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:35 [alg.exe]
FilePath : G:\WINDOWS\System32\
ProcessID : 2668
ThreadCreationTime : 8-21-2005 9:37:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:36 [iexplore.exe]
FilePath : G:\Program Files\Internet Explorer\
ProcessID : 2692
ThreadCreationTime : 8-21-2005 10:04:17 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:37 [mirc.exe]
FilePath : G:\Program Files\mIRC\
ProcessID : 2656
ThreadCreationTime : 8-21-2005 10:05:19 AM
BasePriority : Normal
FileVersion : 6.16
ProductVersion : 6.16
ProductName : mIRC
CompanyName : mIRC Co. Ltd.
FileDescription : mIRC
InternalName : mIRC
LegalCopyright : Copyright © 1995-2004 mIRC Co. Ltd.
LegalTrademarks : mIRC® is a Registered Trademark of mIRC Co. Ltd.
OriginalFilename : mirc.exe
#:38 [msnmsgr.exe]
FilePath : G:\Program Files\MSN Messenger\
ProcessID : 3748
ThreadCreationTime : 8-21-2005 10:14:49 AM
BasePriority : Normal
FileVersion : 7.0.0816
ProductVersion : 7.0.0816
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:39 [ad-aware.exe]
FilePath : G:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3720
ThreadCreationTime : 8-21-2005 10:42:34 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ng@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/cgi-bin
Expires : 8-19-2015 11:05:32 AM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ng@serving-sys[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 1-1-2038 4:00:00 PM
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ng@live365[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 8-25-2010 6:08:46 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ng@centrport[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 1-1-2030 8:00:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ng@real[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 8-14-2035 6:13:22 AM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ng@realmedia[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 8-21-2006 5:01:10 AM
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ng@adrevolver[2].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/adrevolver/
Expires : 8-21-2006 2:40:12 PM
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 1-1-2038 4:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ng@revenue[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 6-10-2022 1:05:42 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 40
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
Deep scanning and examining files (H:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for H:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
Deep scanning and examining files (I:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for I:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
Scanning Hosts file......
Hosts file location:"G:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 40
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
6:54:34 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:38.938
Objects scanned:208319
Objects identified:9
Objects ignored:0
New critical objects:9
SpyBot
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-21-1275210071-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
--- Spybot - Search && Destroy version: 1.3 ---
2005-04-26 Includes\Cookies.sbi
2005-08-19 Includes\Dialer.sbi
2005-08-19 Includes\Hijackers.sbi
2005-08-16 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-08-19 Includes\Malware.sbi
2005-08-12 Includes\PUPS.sbi
2005-04-27 Includes\Revision.sbi
2005-08-19 Includes\Security.sbi
2005-08-16 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-08-19 Includes\Trojans.sbi
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 6:04:05 PM, 8/21/2005
+ Report-Checksum: 4F0D30CE
+ Scan result:
G:\Documents and Settings\NG\Cookies\ng@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
G:\Documents and Settings\NG\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
G:\Documents and Settings\NG\Cookies\ng@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
G:\Documents and Settings\NG\Cookies\ng@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
G:\Documents and Settings\NG\Cookies\ng@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
::Report End
AVG reported no viruses.
New HJ log
Logfile of HijackThis v1.99.1
Scan saved at 6:58:30 PM, on 8/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\SOUNDMAN.EXE
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
G:\WINDOWS\system32\LVCOMSX.EXE
G:\Program Files\Logitech\Video\LogiTray.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\ABIT\ABIT uGuru\uGuru.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\Program Files\ewido\security suite\ewidoctrl.exe
G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Logitech\Video\FxSvr2.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\mIRC\mirc.exe
G:\Program Files\MSN Messenger\msnmsgr.exe
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AudioHQ] G:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] G:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] G:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] G:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "G:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ABIT uGuru] G:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "G:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Yahoo! Search - file:///G:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///G:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///G:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - G:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - G:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A865D3C-06A7-4773-9C50-F6A90D142DFB}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - G:\Program Files\ewido\security suite\ewidoctrl.exe
Ad-Aware SE Build 1.05
Logfile Created on:Sunday, August 21, 2005 6:42:55 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R62 17.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):31 total references
Tracking Cookie(TAC index:3):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
8-21-2005 6:42:55 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : G:\Documents and Settings\NG\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\ahead\nero wave editor\recent file list
Description : list of recently used files in nero wave editor
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\creative tech\creative wavestudio\settings
Description : list of recently used directories in creative wavestudio
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\office\11.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\office\11.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\office\11.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-1275210071-1383384898-682003330-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 596
ThreadCreationTime : 8-21-2005 9:37:00 AM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\G:\WINDOWS\system32\
ProcessID : 660
ThreadCreationTime : 8-21-2005 9:37:01 AM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\G:\WINDOWS\system32\
ProcessID : 684
ThreadCreationTime : 8-21-2005 9:37:03 AM
BasePriority : High
#:4 [services.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 728
ThreadCreationTime : 8-21-2005 9:37:03 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 740
ThreadCreationTime : 8-21-2005 9:37:03 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 904
ThreadCreationTime : 8-21-2005 9:37:04 AM
BasePriority : Normal
FileVersion : 6.14.10.4113
ProductVersion : 6.14.10.4113
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:7 [svchost.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 916
ThreadCreationTime : 8-21-2005 9:37:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 996
ThreadCreationTime : 8-21-2005 9:37:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : G:\WINDOWS\System32\
ProcessID : 1088
ThreadCreationTime : 8-21-2005 9:37:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 1144
ThreadCreationTime : 8-21-2005 9:37:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 1200
ThreadCreationTime : 8-21-2005 9:37:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [spoolsv.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 1568
ThreadCreationTime : 8-21-2005 9:37:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [ati2evxx.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 1592
ThreadCreationTime : 8-21-2005 9:37:06 AM
BasePriority : Normal
FileVersion : 6.14.10.4113
ProductVersion : 6.14.10.4113
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:14 [explorer.exe]
FilePath : G:\WINDOWS\
ProcessID : 1684
ThreadCreationTime : 8-21-2005 9:37:06 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:15 [soundman.exe]
FilePath : G:\WINDOWS\
ProcessID : 1896
ThreadCreationTime : 8-21-2005 9:37:09 AM
BasePriority : Normal
FileVersion : 5.1.0.29
ProductVersion : 5.1.0.29
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager
#:16 [cli.exe]
FilePath : G:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 1916
ThreadCreationTime : 8-21-2005 9:37:09 AM
BasePriority : Normal
#:17 [avgcc.exe]
FilePath : G:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1928
ThreadCreationTime : 8-21-2005 9:37:10 AM
BasePriority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:18 [avgemc.exe]
FilePath : G:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1948
ThreadCreationTime : 8-21-2005 9:37:10 AM
BasePriority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:19 [jusched.exe]
FilePath : G:\Program Files\Java\j2re1.4.2_02\bin\
ProcessID : 1972
ThreadCreationTime : 8-21-2005 9:37:10 AM
BasePriority : Normal
#:20 [lvcomsx.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 1980
ThreadCreationTime : 8-21-2005 9:37:11 AM
BasePriority : Normal
FileVersion : 8.4.1.1092
ProductVersion : 8.4.1.1092
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : LVComS.exe
#:21 [logitray.exe]
FilePath : G:\Program Files\Logitech\Video\
ProcessID : 2004
ThreadCreationTime : 8-21-2005 9:37:11 AM
BasePriority : Normal
FileVersion : 8.4.6.1012
ProductVersion : 8.4.6.1012
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : © 1996-2005 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe
#:22 [realsched.exe]
FilePath : G:\Program Files\Common Files\Real\Update_OB\
ProcessID : 188
ThreadCreationTime : 8-21-2005 9:37:12 AM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:23 [uguru.exe]
FilePath : G:\Program Files\ABIT\ABIT uGuru\
ProcessID : 244
ThreadCreationTime : 8-21-2005 9:37:12 AM
BasePriority : Normal
FileVersion : 2, 0, 0, 4
ProductVersion : 2, 0, 0, 4
ProductName : uGuru Application
CompanyName : ABIT Computer Corporation
FileDescription : uGuru Launcher Application
InternalName : uGuru launcher
LegalCopyright : Copyright © 2003-2004 ABIT Computer Corporation, all rights reserved.
OriginalFilename : uGuru.EXE
Comments : Written by Daniel Chang
#:24 [ctfmon.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 252
ThreadCreationTime : 8-21-2005 9:37:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:25 [msmsgs.exe]
FilePath : G:\Program Files\Messenger\
ProcessID : 312
ThreadCreationTime : 8-21-2005 9:37:12 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:26 [uguru_event_receiver.exe]
FilePath : G:\Program Files\ABIT\ABIT uGuru\
ProcessID : 400
ThreadCreationTime : 8-21-2005 9:37:13 AM
BasePriority : Normal
FileVersion : 2, 0, 3, 804
ProductVersion : 2, 0, 3, 804
ProductName : uGuru_Event_Receiver
CompanyName : ABIT Computer Corp.
FileDescription : uGuru_Event_Receiver(2004-08-04)
InternalName : uGuru_Event_Receiver
LegalCopyright : Copyright © 2004
OriginalFilename : uGuru_Event_Receiver.EXE
Comments : Author: Winson Chiou
#:27 [cli.exe]
FilePath : G:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 512
ThreadCreationTime : 8-21-2005 9:37:14 AM
BasePriority : Normal
#:28 [avgamsvr.exe]
FilePath : G:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 664
ThreadCreationTime : 8-21-2005 9:37:15 AM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:29 [avgupsvc.exe]
FilePath : G:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1044
ThreadCreationTime : 8-21-2005 9:37:17 AM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:30 [ewidoctrl.exe]
FilePath : G:\Program Files\ewido\security suite\
ProcessID : 1084
ThreadCreationTime : 8-21-2005 9:37:17 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:31 [mdm.exe]
FilePath : G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1160
ThreadCreationTime : 8-21-2005 9:37:18 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:32 [svchost.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 1548
ThreadCreationTime : 8-21-2005 9:37:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:33 [fxsvr2.exe]
FilePath : G:\Program Files\Logitech\Video\
ProcessID : 1344
ThreadCreationTime : 8-21-2005 9:37:19 AM
BasePriority : Normal
FileVersion : 8.4.6.1012
ProductVersion : 8.4.6.1012
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : QuickCam Framework Server
InternalName : FxSvr.EXE
LegalCopyright : © 1996-2005 Logitech. All rights reserved.
OriginalFilename : FxSvr.EXE
#:34 [wdfmgr.exe]
FilePath : G:\WINDOWS\system32\
ProcessID : 1336
ThreadCreationTime : 8-21-2005 9:37:22 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:35 [alg.exe]
FilePath : G:\WINDOWS\System32\
ProcessID : 2668
ThreadCreationTime : 8-21-2005 9:37:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:36 [iexplore.exe]
FilePath : G:\Program Files\Internet Explorer\
ProcessID : 2692
ThreadCreationTime : 8-21-2005 10:04:17 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:37 [mirc.exe]
FilePath : G:\Program Files\mIRC\
ProcessID : 2656
ThreadCreationTime : 8-21-2005 10:05:19 AM
BasePriority : Normal
FileVersion : 6.16
ProductVersion : 6.16
ProductName : mIRC
CompanyName : mIRC Co. Ltd.
FileDescription : mIRC
InternalName : mIRC
LegalCopyright : Copyright © 1995-2004 mIRC Co. Ltd.
LegalTrademarks : mIRC® is a Registered Trademark of mIRC Co. Ltd.
OriginalFilename : mirc.exe
#:38 [msnmsgr.exe]
FilePath : G:\Program Files\MSN Messenger\
ProcessID : 3748
ThreadCreationTime : 8-21-2005 10:14:49 AM
BasePriority : Normal
FileVersion : 7.0.0816
ProductVersion : 7.0.0816
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:39 [ad-aware.exe]
FilePath : G:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3720
ThreadCreationTime : 8-21-2005 10:42:34 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ng@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/cgi-bin
Expires : 8-19-2015 11:05:32 AM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ng@serving-sys[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 1-1-2038 4:00:00 PM
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ng@live365[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 8-25-2010 6:08:46 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ng@centrport[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 1-1-2030 8:00:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ng@real[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 8-14-2035 6:13:22 AM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ng@realmedia[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 8-21-2006 5:01:10 AM
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ng@adrevolver[2].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/adrevolver/
Expires : 8-21-2006 2:40:12 PM
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 1-1-2038 4:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ng@revenue[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 6-10-2022 1:05:42 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 40
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
Deep scanning and examining files (H:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for H:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
Deep scanning and examining files (I:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for I:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
Scanning Hosts file......
Hosts file location:"G:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 40
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40
6:54:34 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:38.938
Objects scanned:208319
Objects identified:9
Objects ignored:0
New critical objects:9
SpyBot
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-21-1275210071-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
--- Spybot - Search && Destroy version: 1.3 ---
2005-04-26 Includes\Cookies.sbi
2005-08-19 Includes\Dialer.sbi
2005-08-19 Includes\Hijackers.sbi
2005-08-16 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-08-19 Includes\Malware.sbi
2005-08-12 Includes\PUPS.sbi
2005-04-27 Includes\Revision.sbi
2005-08-19 Includes\Security.sbi
2005-08-16 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-08-19 Includes\Trojans.sbi
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 6:04:05 PM, 8/21/2005
+ Report-Checksum: 4F0D30CE
+ Scan result:
G:\Documents and Settings\NG\Cookies\ng@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
G:\Documents and Settings\NG\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
G:\Documents and Settings\NG\Cookies\ng@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
G:\Documents and Settings\NG\Cookies\ng@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
G:\Documents and Settings\NG\Cookies\ng@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
::Report End
AVG reported no viruses.
New HJ log
Logfile of HijackThis v1.99.1
Scan saved at 6:58:30 PM, on 8/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\SOUNDMAN.EXE
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
G:\WINDOWS\system32\LVCOMSX.EXE
G:\Program Files\Logitech\Video\LogiTray.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\ABIT\ABIT uGuru\uGuru.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\Program Files\ewido\security suite\ewidoctrl.exe
G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Logitech\Video\FxSvr2.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\mIRC\mirc.exe
G:\Program Files\MSN Messenger\msnmsgr.exe
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AudioHQ] G:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] G:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] G:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] G:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "G:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ABIT uGuru] G:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "G:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Yahoo! Search - file:///G:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///G:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///G:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - G:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - G:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A865D3C-06A7-4773-9C50-F6A90D142DFB}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - G:\Program Files\ewido\security suite\ewidoctrl.exe
#18
Posted 21 August 2005 - 05:12 AM
The MRU detections are nothing to worry about. When you do your AAW scan uncheck the 'search for negligible risk entries'.
Go here:
http://www.analogx.c...work/cookie.htm
download and install Cookiewall - use that to control them in future.
Click here to download Spybot Search & Destroy v1.4 - install, update, scan and fix all RED items it finds. Reboot when done. I believe this resolves the DSO exploit issue.
Otherwise everything looks good.
Go here:
http://www.analogx.c...work/cookie.htm
download and install Cookiewall - use that to control them in future.
Click here to download Spybot Search & Destroy v1.4 - install, update, scan and fix all RED items it finds. Reboot when done. I believe this resolves the DSO exploit issue.
Otherwise everything looks good.
#19
Posted 21 August 2005 - 08:25 AM
ok dled the cookiewall thing and spybot 1.4
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-21-1275210071-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-08-21 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2005-08-19 Includes\Dialer.sbi (*)
2005-08-19 Includes\Hijackers.sbi (*)
2005-08-16 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-08-19 Includes\Malware.sbi (*)
2005-08-12 Includes\PUPS.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-08-19 Includes\Security.sbi (*)
2005-08-16 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-08-19 Includes\Trojans.sbi (*)
Logfile of HijackThis v1.99.1
Scan saved at 10:22:52 PM, on 8/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\SOUNDMAN.EXE
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
G:\WINDOWS\system32\LVCOMSX.EXE
G:\Program Files\Logitech\Video\LogiTray.exe
G:\Program Files\ABIT\ABIT uGuru\uGuru.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\Program Files\ewido\security suite\ewidoctrl.exe
G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Logitech\Video\FxSvr2.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\AnalogX\CookieWall\cookie.exe
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AudioHQ] G:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] G:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] G:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] G:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "G:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [ABIT uGuru] G:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "G:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Yahoo! Search - file:///G:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///G:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///G:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - G:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - G:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - G:\Program Files\ewido\security suite\ewidoctrl.exe
system seems fine except startup is not that fast like last time. I will defrag my hdisk later and see if it works. Give me 1 more day time to KIV my system
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-21-1275210071-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-08-21 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2005-08-19 Includes\Dialer.sbi (*)
2005-08-19 Includes\Hijackers.sbi (*)
2005-08-16 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-08-19 Includes\Malware.sbi (*)
2005-08-12 Includes\PUPS.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-08-19 Includes\Security.sbi (*)
2005-08-16 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-08-19 Includes\Trojans.sbi (*)
Logfile of HijackThis v1.99.1
Scan saved at 10:22:52 PM, on 8/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\SOUNDMAN.EXE
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
G:\WINDOWS\system32\LVCOMSX.EXE
G:\Program Files\Logitech\Video\LogiTray.exe
G:\Program Files\ABIT\ABIT uGuru\uGuru.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\Program Files\ewido\security suite\ewidoctrl.exe
G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Logitech\Video\FxSvr2.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\AnalogX\CookieWall\cookie.exe
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AudioHQ] G:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] G:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] G:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] G:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "G:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [ABIT uGuru] G:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "G:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = G:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Yahoo! Search - file:///G:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///G:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///G:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - G:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - G:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - G:\Program Files\ewido\security suite\ewidoctrl.exe
system seems fine except startup is not that fast like last time. I will defrag my hdisk later and see if it works. Give me 1 more day time to KIV my system
#20
Posted 21 August 2005 - 08:43 AM
OK. If the DSO Exploit is still showing next time you use Spybot then do this:
Open Spybot>Mode>Advanced>Settings>Ignore Products>Security.sbi and put a check in the box next to DSO Exploit
Let me know how it is tomorrow.
Open Spybot>Mode>Advanced>Settings>Ignore Products>Security.sbi and put a check in the box next to DSO Exploit
Let me know how it is tomorrow.
#21
Posted 21 August 2005 - 10:47 PM
Latest scan of spybot has no immediate threats and DSO exploit is no more there. I guess my system is clean now. Thanks for your help. This forum really is good and i might have the interest to join you guys to help the others after my finals which is in October. Until then thanks once more. =)
#22
Posted 22 August 2005 - 01:22 AM
You're welcome - glad to help
To help keep you clean follow the recommendations in Tony's article here:
So how did I get infected in the first place?
As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
To help keep you clean follow the recommendations in Tony's article here:
So how did I get infected in the first place?
As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users