Trojan Horse Help Please

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

chachi45

Thread Starter
Joined
Sep 8, 2003
Messages
8
Ok, my computer is f%^$ed and would really really really appreciate some help. I know it has a Trojan Horse and I know it has something to do with SVCHOST. That's about all I know. I tried to install that hacker help thing or whatever but I have many problems. First problem, most links won;t open so when I try to download software by clicking links it doesn't work. Second of all I am not able to install any software. The ******* using my machine has made it so I can't install anything. ZOnealarm, mcAffee virus, nothing. What am I to do. Any help would so be appreciated.

Thanks.
~Rob
 
Joined
May 28, 2003
Messages
2,366
Sounds like you might be a tad unhappy. I don't blame you. So if you can't d/l anything, try am online virus scan at TrendoMicro's Housecall. It is free and might help. You may end up going to a software vendor and getting a hard copy of an antivirus program. But, try the online scan first.
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
You can try downloading
the Stinger tool which should clean the virus off of your machine. Then get the Microsoft updates and update your own virus program files.
 

chachi45

Thread Starter
Joined
Sep 8, 2003
Messages
8
Thanks guys I will try this stuff, I hope it works. Is Vius the same thing as Trojan Horse as far as the cleaning process?

~Rob
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Trojan Horse, worms, macro... all are considered to be a virus. So I guess the answer to your question regarding the cleaning process is yes, although each virus will have it's own clean up method.
 

chachi45

Thread Starter
Joined
Sep 8, 2003
Messages
8
Will those online sites listed above help even if I am not able to actually install anything on my computer? Even clicking on links to download stuff half the time won't work.

~Rob
 
Joined
Sep 20, 2003
Messages
20
Hello... I am a college student and I really need help on fixing my computer... nothing seems to be running oddly but on September 19th my computer caught a virus... I checked for it and it is called trojan horse and the filename is A0249929.CPY and A0249924.CPY... I have run the scan over and over but it sayd it cannot clean it or remove it... i even tried to do this in safe mode but that did not work either... maybe i am doing something wrong... i would be forever grateful if someone could please help me out... this is my hijack log

Logfile of HijackThis v1.96.4
Scan saved at 10:58:41 AM, on 9/20/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\WINDOWS\SYSTEM\CMPDPSRV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPC32.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allegheny.edu/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://allecat2.alleg.edu:8080/proxy.pac
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\czm26k6c.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CpqBootPerfDb] C:\Cpqs\Scom\CpqBootPerfDb.exe
O4 - HKLM\..\Run: [PDPServer] CMpdpsrv.exe
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\SYSTEM\CMPDPSRV.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\vptray.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [winmain] winmain.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\defwatch.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://nortonres.allegheny.edu/webinst/WebInst.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://infoeagle.bc.edu/bc_org/avp/...er/tdserver.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...7872.8595486111
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
 
Joined
Jul 26, 2002
Messages
46,349
socce98

Tujrn off System Restore.

Run Hijack This again and put a check by these. Close all browser windows and "Fix checked"

O4 - HKLM\..\Run: [winmain] winmain.exe

O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

Restart to Safe Mode: press f8 on startup and select Safe Mode from the boot menu.

In Safe Mode Go to Start > Search and under "More advanced search options" make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

In the "All or part of the file name" search field Type in and click "Search" for the following files and find and delete them.

A0249929.CPY
A0249924.CPY
winmain.exe

Boot back to normal.

Go here http://housecall.trendmicro.com/ and do an online virus scan.

Go here http://www.lavasoftusa.com/software/adaware/ and download Adaware 6

Install the program and launch it.

I strongly recommend that you read the help file to familiarize yourself with the program.

Before running the scan look at the top of the main window and you will see a Gear Icon. This is where you configure the settings. Click on that and then in the next window that pops up click on the "Scanning" tab on the left side. Under "Drives and Folders" put a check by "Scan within archives" and below that under "Memory and Registry" put a check by all the options there.
The click on the "Tweak" tab and under "Scanning engine" put a check by "Unload recognized processes during scanning" ...........then......under "Cleaning engine" put a ckeck by "Automatically try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot" then click "Proceed"

Next in the main window look in the bottom right corner and click on "Check for updates now" and get the latest referencefiles.
After getting the latest referencefiles you are ready to scan.

Click "Start" and in the next window make sure "Active in depth scanning" is checked then click "Next" and the scan will begin.

When it is finished let it fix everything it finds.

Restart your computer.

Then go here http://spybot.eon.net.au/index.php?lang=en&page=download and download Spybot.

Install the program and launch it.

Before scanning press "Online" and "Search for Updates" .

Put a check mark at and install all updates.

Click "Check for Problems" and when the scan is finished let Spybot fix/remove all it finds.

Restart your computer.

Be sure and take advantage of the "Immunize" feature in Spybot.

Finally go here http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?;act=ST;f=38;t=3051 for info on how this happens and how to help prevent future attacks.
On this page you will find a link to Javacool's SpywareBlaster and Spyware Guard. Get them both and check for updates frequently.
The Immunize feature in Spybot used in conjunction with SpywareBlaster and SpywareGuard and weekly scans with Spybot and Adaware will go a long way toward keeping you spyware free.

Important!: ALWAYS check for updated detections and referencefiles before scanning with Spybot and Adaware. And be sure to check for updates to SpywareBlaster and SpywareGuard on a weekly basis.

Verify that all is well and turn system restore back on and create a restore point.
 
Joined
Sep 20, 2003
Messages
20
FLRMAN1, THANK YOU SOOO MUCH for your help!

I have one question though... I am to the point where i downloaded adware and it did the scan... the scan shows that there are 4 registry keys identified, 2 registry values identified, 79 files identified, and 3 folders identified... when i hit "next" to fix it, there is nothing marked, which files should i actually fix?? PLEASE HELP!

the logfile is as follows....

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [kernel32.dll]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4279228497
Threads : 4
Priority : High
FileSize : 524 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright (C) Microsoft Corp. 1991-2000
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
OriginalFilename : KERNEL32.DLL
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 6/8/2000 9:00:00 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:2 [msgsrv32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294942385
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright (C) Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
OriginalFilename : MSGSRV32.EXE
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 6/8/2000 9:00:00 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:3 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294868669
Threads : 1
Priority : Normal
FileSize : 1 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
OriginalFilename : mmtask.tsk
ProductName : Microsoft Windows
Created on : 6/8/2000 9:00:00 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:4 [mprexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294866049
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright (C) Microsoft Corp. 1993-2000
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
OriginalFilename : MPREXE.EXE
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 6/8/2000 9:00:00 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:5 [mstask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294845713
Threads : 2
Priority : Normal
FileSize : 124 KB
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
Copyright : Copyright (C) Microsoft Corp. 2000
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft
Created on : 6/8/2000 9:00:00 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:6 [ssdpsrv.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294849489
Threads : 4
Priority : Normal
FileSize : 55 KB
FileVersion : 4.90.3003.0
ProductVersion : 4.90.3003.0
Copyright : Copyright (C) Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : SSDP Service on Windows Millennium
InternalName : ssdpsrv.exe
OriginalFilename : ssdpsrv.exe
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 9/9/2003 5:45:09 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 12/13/2001 9:38:12 PM

#:7 [stimon.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294879301
Threads : 5
Priority : Normal
FileSize : 27 KB
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
Copyright : Copyright (C) Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
OriginalFilename : STIMON.EXE
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 6/8/2000 9:00:00 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:8 [rtvscn95.exe]
FilePath : C:\PROGRAM FILES\NORTON ANTIVIRUS\
ProcessID : 4294877813
Threads : 31
Priority : Normal
FileSize : 420 KB
FileVersion : 7.60.00.926
ProductVersion : 7.60.00.926
Copyright : Copyright (C) Symantec Corporation 1991-2000
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
ProductName : Norton AntiVirus
Created on : 9/24/2001 11:59:00 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/24/2001 11:59:00 AM

#:9 [defwatch.exe]
FilePath : C:\PROGRAM FILES\NORTON ANTIVIRUS\
ProcessID : 4294774913
Threads : 2
Priority : Normal
FileSize : 32 KB
FileVersion : 7.60.00.926
ProductVersion : 7.60.00.926
Copyright : Copyright
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
OriginalFilename : DefWatch.exe
ProductName : Norton AntiVirus
Created on : 9/24/2001 11:59:00 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/24/2001 11:59:00 AM

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294783413
Threads : 29
Priority : Normal
FileSize : 220 KB
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
Copyright : Copyright (C) Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 6/8/2000 9:00:00 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:11 [stmgr.exe]
FilePath : C:\WINDOWS\SYSTEM\RESTORE\
ProcessID : 4294759137
Threads : 4
Priority : Normal
FileSize : 60 KB
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
Copyright : Copyright (C) Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : Microsoft (R) PC State Manager
InternalName : StateMgr.exe
OriginalFilename : StateMgr.exe
ProductName : Microsoft (r) PCHealth
Created on : 6/8/2000 9:00:00 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:12 [ati2evxx.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294650673
Threads : 1
Priority : Normal
FileSize : 60 KB
Copyright : 33

Created on : 4/3/2001 10:04:49 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 3/7/2000 6:44:04 PM

#:13 [ati2cwxx.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294692573
Threads : 1
Priority : Normal
FileSize : 20 KB
FileVersion : 4.12.1006
ProductVersion : 4.12.1006
Copyright : Copyright
CompanyName : ATI Technologies Inc.
FileDescription : ATI Common Windows Display Driver Extension
InternalName : ATI2CWXX
OriginalFilename : ATI2CWXX.EXE
ProductName : ATI CWDDE 32-Bit Callback
Created on : 4/3/2001 10:04:49 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 2/21/2000 9:43:22 PM

#:14 [cmpdpsrv.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294701309
Threads : 4
Priority : Normal
FileSize : 40 KB
FileVersion : 1.0.0.137
ProductVersion : 1.0.0.137
Copyright : Copyright
CompanyName : Conexant Systems, Inc.
FileDescription : PDP RPC Server
InternalName : PDPserver
OriginalFilename : PDPserve.dll
ProductName : Printer Driver Plus
Created on : 12/1/2002 7:51:57 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 5/7/2001 8:35:58 PM

#:15 [spool32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294673193
Threads : 2
Priority : Normal
FileSize : 44 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright (C) Microsoft Corp. 1994 - 1998
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
OriginalFilename : spool32.exe
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 6/8/2000 9:00:00 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:16 [vptray.exe]
FilePath : C:\PROGRAM FILES\NORTON ANTIVIRUS\
ProcessID : 4294684337
Threads : 2
Priority : Normal
FileSize : 72 KB
FileVersion : 7.60.00.926
ProductVersion : 7.60.00.926
Copyright : Copyright (C) Symantec Corporation 1991-2000
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
ProductName : Norton AntiVirus
Created on : 9/24/2001 11:59:00 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/24/2001 11:59:00 AM

#:17 [systray.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294685157
Threads : 2
Priority : Normal
FileSize : 36 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright (C) Microsoft Corp. 1993-2000
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
OriginalFilename : SYSTRAY.EXE
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 6/8/2000 9:00:00 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:18 [realplay.exe]
FilePath : C:\PROGRAM FILES\REAL\REALPLAYER\
ProcessID : 4294641441
Threads : 8
Priority : Normal
FileSize : 25 KB
FileVersion : 6.0.9.380
ProductVersion : 6.0.9.380
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
OriginalFilename : REALPLAY.EXE
ProductName : RealPlayer (32-bit)
Created on : 12/19/2002 3:33:00 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 12/19/2002 3:33:02 AM

#:19 [winampa.exe]
FilePath : C:\PROGRAM FILES\WINAMP\
ProcessID : 4294606161
Threads : 1
Priority : Normal
FileSize : 12 KB
Created on : 4/26/2002 5:53:36 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 4/26/2002 5:53:38 PM

#:20 [qttask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294578853
Threads : 2
Priority : Normal
FileSize : 76 KB
FileVersion : 6.0.2
ProductVersion : QuickTime 6.0.2
CompanyName : Apple Computer, Inc.
FileDescription : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 9/11/2003 12:07:07 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/11/2003 12:07:08 AM

#:21 [weather.exe]
FilePath : C:\PROGRAM FILES\AWS\WEATHERBUG\
ProcessID : 4294637133
Threads : 5
Priority : Normal
FileSize : 816 KB
FileVersion : 5, 0, 0, 4
ProductVersion : 5, 0, 0, 4
Copyright : Copyright
CompanyName : AWS Convergence Technologies, Inc.
FileDescription : WeatherBug
InternalName : Desktop Weather
OriginalFilename : WeatherBug.exe
ProductName : AWS, Inc.WeatherBug
Created on : 3/24/2003 2:30:21 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 1/22/2003 3:10:36 PM

#:22 [netscp.exe]
FilePath : C:\PROGRAM FILES\NETSCAPE\NETSCAPE\
ProcessID : 4294527005
Threads : 5
Priority : Normal
FileSize : 554 KB
FileVersion : 7.1
ProductVersion : 7.1
Copyright : License: MPL 1.1/GPL 2.0/LGPL 2.1
CompanyName : Mozilla, Netscape
FileDescription : Netscape
InternalName : apprunner
OriginalFilename : Netscp.exe
ProductName : Mozilla
Created on : 9/9/2003 7:51:53 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 6/24/2003 4:09:00 PM

#:23 [wmiexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294535857
Threads : 3
Priority : Normal
FileSize : 16 KB
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
OriginalFilename : wmiexe.exe
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 6/8/2000 9:00:00 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:24 [ddhelp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294521877
Threads : 6
Priority : Realtime
FileSize : 32 KB
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
OriginalFilename : DDHelp.exe
ProductName : Microsoft
Created on : 9/9/2003 5:28:05 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 12/12/2002 4:14:32 AM

#:25 [rpcss.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294451257
Threads : 5
Priority : Normal
FileSize : 20 KB
FileVersion : 4.71.3328
ProductVersion : 4.71.3328
Copyright : Copyright (C) Microsoft Corp. 1981-1998
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
OriginalFilename : rpcss.exe
ProductName : Microsoft(R) Windows NT(TM) Operating System
Created on : 6/8/2000 9:00:00 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 6/8/2000 9:00:00 PM

#:26 [aim.exe]
FilePath : C:\SCANSOFT DOCUMENTS\PROGRAM FILES\AIM95\
ProcessID : 4294281773
Threads : 7
Priority : Normal
FileSize : 60 KB
FileVersion : 5.1.3036
ProductVersion : 5.1.3036
Copyright : Copyright
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
OriginalFilename : AIM.EXE
ProductName : AOL Instant Messenger
Created on : 12/1/2002 8:23:32 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 11/13/2002 11:50:20 PM

#:27 [ad-aware.exe]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
ProcessID : 4294739657
Threads : 3
Priority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 9/20/2003 10:35:37 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 7/13/2003 2:00:20 AM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

ClearSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\CLRSCH


istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc


Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 2
Objects found so far: 2


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

istbar Object recognized!
Type : RegKey
Data : c:\windows\downloaded program files\istactivex.dll
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{8C752C5E-3C10-4076-AF0A-FFC69FA20D1B}


istbar Object recognized!
Type : File
Data : istactivex.dll
Object : c:\windows\downloaded program files\
FileSize : 32 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2003
FileDescription : ISTactivex Module
InternalName : ISTactivex
OriginalFilename : ISTactivex.DLL
ProductName : ISTactivex Module
Created on : 5/8/2003 3:12:24 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 5/8/2003 3:12:24 AM



istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll


istbar Object recognized!
Type : RegValue
Data : c:\windows\downloaded program files\istactivex.dll
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\Downloaded Program Files\ISTactivex.dll


Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 3
Objects found so far: 6


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\

Created on : 9/20/2003 5:34:46 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/20/2003 5:34:48 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]rver[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 9/20/2003 1:59:20 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/20/2003 1:59:22 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]getrack[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 12/2/2002 1:48:45 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 12/2/2002 1:48:46 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\WINDOWS\Cookies\

Created on : 4/5/2003 5:48:46 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 4/5/2003 5:48:48 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\
FileSize : 1 KB
Created on : 4/3/2003 11:35:37 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 4/3/2003 11:35:38 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\

Created on : 12/6/2002 12:15:53 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 12/6/2002 12:15:54 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\

Created on : 2/14/2003 4:01:50 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 2/14/2003 4:01:52 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]opup[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 2/16/2003 7:39:37 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 2/16/2003 7:39:38 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\WINDOWS\Cookies\

Created on : 12/4/2002 1:17:41 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 12/4/2002 1:17:42 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][3].txt
Object : C:\WINDOWS\Cookies\

Created on : 9/20/2003 5:34:33 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/20/2003 5:34:34 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\WINDOWS\Cookies\

Created on : 3/13/2003 6:14:45 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 3/13/2003 6:14:46 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\

Created on : 12/15/2002 11:18:23 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 12/15/2002 11:18:24 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\

Created on : 9/20/2003 3:14:06 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/20/2003 3:14:08 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]ury-sex[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 12/7/2002 1:47:11 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 12/7/2002 1:47:12 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]www.sex-in-www[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 12/7/2002 1:47:52 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 12/7/2002 1:47:54 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\WINDOWS\Cookies\

Created on : 9/20/2003 4:43:16 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/20/2003 4:43:18 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]rver[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 4/4/2003 2:21:05 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 4/4/2003 2:21:06 PM



Other Object recognized!
Type : File
Data : [email protected][3].txt
Object : C:\WINDOWS\Cookies\

Created on : 12/7/2002 2:56:37 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 12/7/2002 2:56:38 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\

Created on : 3/28/2003 10:58:51 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 3/28/2003 10:58:52 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\

Created on : 4/6/2003 1:43:35 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 4/6/2003 1:43:36 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]ead[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 12/10/2002 6:15:43 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 12/10/2002 6:15:44 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\

Created on : 4/6/2003 1:26:32 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 4/6/2003 1:26:34 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]rail[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 12/14/2002 8:00:04 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 12/14/2002 8:00:06 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\

Created on : 12/15/2002 11:04:38 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 12/15/2002 11:04:40 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\

Created on : 9/20/2003 10:28:28 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/20/2003 10:28:30 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\WINDOWS\Cookies\

Created on : 12/15/2002 11:20:23 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 12/15/2002 11:20:24 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\WINDOWS\Cookies\

Created on : 2/26/2003 4:10:38 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 2/26/2003 4:10:40 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]www.angelfire[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 4/1/2003 7:19:45 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 4/1/2003 7:19:46 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\WINDOWS\Cookies\

Created on : 2/13/2003 10:40:18 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 2/13/2003 10:40:20 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]nclick[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 1/14/2003 4:40:36 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 1/14/2003 4:40:38 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\WINDOWS\Cookies\

Created on : 1/27/2003 7:45:27 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 1/27/2003 7:45:28 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\

Created on : 1/30/2003 2:35:04 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 1/30/2003 2:35:06 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\

Created on : 9/20/2003 3:54:54 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/20/2003 3:54:56 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\WINDOWS\Cookies\
FileSize : 3 KB
Created on : 2/1/2003 5:30:02 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 2/1/2003 5:30:04 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]rnetfuel[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 1/31/2003 2:58:35 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 1/31/2003 2:58:36 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\WINDOWS\Cookies\

Created on : 9/16/2003 1:51:01 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/16/2003 1:51:02 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\

Created on : 1/27/2003 7:46:03 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 1/27/2003 7:46:04 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\WINDOWS\Cookies\

Created on : 9/19/2003 7:48:50 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/19/2003 7:48:52 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\

Created on : 4/5/2003 3:48:33 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 4/5/2003 3:48:34 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\WINDOWS\Cookies\

Created on : 2/5/2003 12:18:40 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 2/5/2003 12:18:42 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]rnetfuel[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 1/30/2003 1:28:49 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 1/30/2003 1:28:50 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]opup[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 2/1/2003 2:33:14 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 2/1/2003 2:33:16 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\WINDOWS\Cookies\

Created on : 3/9/2003 11:21:06 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 3/9/2003 11:21:08 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\

Created on : 3/9/2003 11:19:40 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 3/9/2003 11:19:42 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]-logics[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 2/13/2003 10:40:16 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 2/13/2003 10:40:18 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]www.eyeblaster-bs[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 3/30/2003 10:27:56 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 3/30/2003 10:27:58 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]ead[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 4/4/2003 12:36:28 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 4/4/2003 12:36:30 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\WINDOWS\Cookies\

Created on : 2/16/2003 7:39:37 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 2/16/2003 7:39:38 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]g[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 3/3/2003 2:04:23 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 3/3/2003 2:04:24 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\

Created on : 2/27/2003 6:13:27 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 2/27/2003 6:13:28 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\

Created on : 3/8/2003 12:37:28 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 3/8/2003 12:37:30 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]psponsor[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 4/3/2003 10:12:14 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 4/3/2003 10:12:16 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]g[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 9/16/2003 5:21:30 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/16/2003 5:21:32 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\

Created on : 3/12/2003 5:24:38 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 3/12/2003 5:24:40 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]ox[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 9/20/2003 5:34:33 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/20/2003 5:34:34 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\

Created on : 3/29/2003 10:48:55 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 3/29/2003 10:48:56 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\WINDOWS\Cookies\

Created on : 4/3/2003 10:12:14 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 4/3/2003 10:12:16 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\WINDOWS\Cookies\

Created on : 3/24/2003 12:26:04 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 3/24/2003 12:26:06 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]tracker[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 4/4/2003 5:14:43 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 4/4/2003 5:14:44 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\WINDOWS\Cookies\

Created on : 9/17/2003 1:19:27 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/17/2003 1:19:28 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]www.maximumcash[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 4/4/2003 5:17:43 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 4/4/2003 5:17:44 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]ificpop[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 4/5/2003 3:18:23 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 4/5/2003 3:18:24 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\WINDOWS\Cookies\

Created on : 9/20/2003 5:17:52 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/20/2003 5:17:54 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]ificpop[3].txt
Object : C:\WINDOWS\Cookies\

Created on : 9/18/2003 4:36:50 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/18/2003 4:36:52 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\WINDOWS\Cookies\

Created on : 9/20/2003 5:35:33 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/20/2003 5:35:34 AM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][3].txt
Object : C:\WINDOWS\Cookies\

Created on : 9/20/2003 3:14:27 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/20/2003 3:14:28 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected]rtising[1].txt
Object : C:\WINDOWS\Cookies\
FileSize : 1 KB
Created on : 9/20/2003 6:52:45 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/20/2003 6:52:46 PM



Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\WINDOWS\Cookies\

Created on : 9/20/2003 10:28:28 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/20/2003 10:28:30 PM


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

BrilliantDigital Object recognized!
Type : File
Data : bdesac24.dll
Object : C:\WINDOWS\SYSTEM\
FileSize : 164 KB
FileVersion : 3, 1, 2, 0
ProductVersion : 3, 1, 2, 0
Copyright : Copyright
CompanyName : Brilliant Digital Entertainment
FileDescription : BDESac24
InternalName : BDESac24
OriginalFilename : BDESac24.dll
ProductName : BDESound
Created on : 12/9/2002 3:52:06 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 8/31/2001 12:47:38 AM



BrilliantDigital Object recognized!
Type : File
Data : bdesac10.dll
Object : C:\WINDOWS\SYSTEM\
FileSize : 168 KB
FileVersion : 3, 1, 2, 0
ProductVersion : 3, 1, 2, 0
Copyright : Copyright
CompanyName : Brilliant Digital Entertainment
FileDescription : BDESac10
InternalName : BDESac10
OriginalFilename : BDESac10.dll
ProductName : BDESound
Created on : 12/9/2002 3:52:08 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 8/31/2001 12:47:38 AM



BrilliantDigital Object recognized!
Type : File
Data : bderastdx3.dll
Object : C:\WINDOWS\SYSTEM\
FileSize : 68 KB
FileVersion : 3, 5, 6, 7
ProductVersion : 3, 5, 6, 7
Copyright : Copyright
CompanyName : Brilliant Digital
FileDescription : DirectX Rasterizer
InternalName : bderastdx
OriginalFilename : bderastdx.dll
ProductName : bderastdx
Created on : 12/9/2002 3:52:15 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/8/2002 6:13:54 PM



WurldMedia Object recognized!
Type : File
Data : uninstall.exe
Object : C:\WINDOWS\SYSTEM\
FileSize : 312 KB
Created on : 1/31/2003 2:09:10 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 1/28/2003 8:24:28 PM




Scanning Hosts file(C:\WINDOWS\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
0 entries scanned.
New objects :0
Objects found so far: 78



Possible Browser Hijack attempt Object recognized!
Type : File
Data : welcome to allegheny college.url
Object : C:\WINDOWS\Favorites\Links\

Created on : 4/10/2003 10:44:58 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 4/10/2003 10:45:00 PM




Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

ClearSearch Object recognized!
Type : Folder
Object : c:\program files\ClearSearch


ClearSearch Object recognized!
Type : Folder
Object : c:\windows\temp\ClrSch


ClearSearch Object recognized!
Type : File
Data : clrschieplugin.dll
Object : c:\program files\clearsearch\
FileSize : 312 KB
FileVersion : 1, 0, 0, 18
ProductVersion : 1, 0, 0, 18
Copyright : Copyright
CompanyName : Clear Search
FileDescription : ClrSchIEplugin
InternalName : ClrSchIEplugin
OriginalFilename : ClrSchIEplugin.dll
ProductName : ClrSchIEplugin
Created on : 9/9/2003 4:57:56 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/10/2003 8:00:08 PM



ClearSearch Object recognized!
Type : File
Data : control.dat
Object : c:\program files\clearsearch\

Created on : 9/10/2003 8:00:17 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/10/2003 8:00:18 PM



istbar Object recognized!
Type : Folder
Object : c:\program files\ISTsvc


istbar Object recognized!
Type : File
Data : nsreg.dat
Object : c:\windows\
FileSize : 23 KB
Created on : 1/9/1999 2:09:35 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/9/2003 7:53:52 AM



istbar Object recognized!
Type : File
Data : istactivex.inf
Object : c:\windows\downloaded program files\

Created on : 5/8/2003 3:14:46 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 5/8/2003 3:14:46 AM



istbar Object recognized!
Type : File
Data : tinybar.exe
Object : c:\windows\
FileSize : 11 KB
Created on : 9/9/2003 4:57:45 AM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 9/9/2003 6:09:34 AM



BrilliantDigital Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : .s3d


Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 9
Objects found so far: 88


6:54:57 PM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:04:43:200
Objects scanned :29372
Objects identified :88
Objects ignored :0
New objects :88


there are 88 items... which ones should i check off? or should i check off all of them????

if you could let me know, i would really appreciate it... thank you in advance!
 
Joined
Jul 26, 2002
Messages
46,349
Check them all and have Adaware fix them.

The only one I see you may choose to leave would be this one:

Possible Browser Hijack attempt Object recognized!
Type : File
Data : welcome to allegheny college.url
Object : C:\WINDOWS\Favorites\Links\

Created on : 4/10/2003 10:44:58 PM
Last accessed : 9/20/2003 4:00:00 AM
Last modified : 4/10/2003 10:45:00 PM

I'm assuming this is your school's page.
 
Joined
Sep 20, 2003
Messages
20
Flrman1, thank you VERY much for all of your help... as far as i know the virus is completely gone because my norton antivirus does not detect any viruses... i downloaded all of your suggestions... thank you so much for such detailed instructions!!!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Top