Inactive video shutting down

[Inactive] video shutting down

hi guys,
this is in responce to my other thread in the xp section (same title)
i have been asked to post my (daughters) superantispyware and malware scan here, well here they are, there were multiple things found and i selected to delete all in both scans. what surprises me is the number of things the malware scan found after the SAS scan
thanks


(i set this to scan when i left for work this morning)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/22/2009 at 09:06 AM

Application Version : 4.25.1012

Core Rules Database Version : 3721
Trace Rules Database Version: 1695

Scan type : Complete Scan
Total Scan Time : 00:25:47

Memory items scanned : 431
Memory threats detected : 0
Registry items scanned : 5444
Registry threats detected : 0
File items scanned : 24104
File threats detected : 26

Adware.Tracking Cookie
C:\Documents and Settings\Sheala\Cookies\sheala@www.burstnet[1].txt
C:\Documents and Settings\Sheala\Cookies\sheala@kontera[1].txt
C:\Documents and Settings\Sheala\Cookies\sheala@media6degrees[2].txt
C:\Documents and Settings\Sheala\Cookies\sheala@mediaplex[2].txt
C:\Documents and Settings\Sheala\Cookies\sheala@tribalfusion[1].txt
C:\Documents and Settings\Sheala\Cookies\sheala@atdmt[2].txt
C:\Documents and Settings\Sheala\Cookies\sheala@casalemedia[2].txt
C:\Documents and Settings\Sheala\Cookies\sheala@advertising[1].txt
C:\Documents and Settings\Sheala\Cookies\sheala@doubleclick[1].txt
C:\Documents and Settings\Sheala\Cookies\sheala@content.yieldmanager[1].txt
C:\Documents and Settings\Sheala\Cookies\sheala@ehg-zoomerang.hitbox[1].txt
C:\Documents and Settings\Sheala\Cookies\sheala@hitbox[2].txt
C:\Documents and Settings\Sheala\Cookies\sheala@content.yieldmanager.edgesuite[1].txt
C:\Documents and Settings\Sheala\Cookies\sheala@ad.yieldmanager[2].txt
C:\Documents and Settings\Sheala\Cookies\sheala@chitika[2].txt
C:\Documents and Settings\Sheala\Cookies\sheala@azjmp[1].txt
C:\Documents and Settings\Sheala\Cookies\sheala@ehg-cineplex.hitbox[1].txt
C:\Documents and Settings\Sheala\Cookies\sheala@zedo[1].txt
C:\Documents and Settings\Sheala\Cookies\sheala@socialmedia[1].txt
C:\Documents and Settings\Sheala\Cookies\sheala@content.yieldmanager[3].txt
C:\Documents and Settings\Sheala\Cookies\sheala@revsci[1].txt
C:\Documents and Settings\Sheala\Cookies\sheala@ad3.clickhype[2].txt
C:\Documents and Settings\Sheala\Cookies\sheala@statse.webtrendslive[2].txt

Adware.180solutions/Seekmo/Zango
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4AABE7AE-B45A-4702-8B89-C409AF97E36A}\RP295\A0068699.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4AABE7AE-B45A-4702-8B89-C409AF97E36A}\RP295\A0068700.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4AABE7AE-B45A-4702-8B89-C409AF97E36A}\RP295\A0068705.EXE


Malwarebytes' Anti-Malware 1.33
Database version: 1682
Windows 5.1.2600 Service Pack 3

22/01/2009 7:25:59 PM
mbam-log-2009-01-22 (19-25-59).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 129946
Time elapsed: 40 minute(s), 34 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 12

Memory Processes Infected:
C:\WINDOWS\system\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.75.0 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows service control (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sheala\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Files Infected:
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sheala\Local Settings\Temp\tem7C6.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Adware.PlayMp3z) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PlayMp3z) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sheala\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\WINDOWS\system\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

 

Hi Keith,

Lets get an online scan too. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

 

thank you for replying. its a little to late to do a scan now my daughter is sleeping and its in her room, i am leaving on the road for work (Monday) morning and wont be back till Thursday or Friday so i will get this done and post back next weekend, figured I'd let you know instead of ignoring this message till next week,
thanks again and talk to ya next week
Keith

 

Thanks for letting me know. Travel safely.