What is supposed to be in Win Xp Home

these were in my log but when I copied and pasted it disappered.

O12 - Plugin for .bcf: D:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O15 - Trusted Zone: http://free.aol.com


I have no idea what free.aol.com is

 

Sorry I am trying to do all of this and get the kids settled down and the phone keeps ringing Yes this computer is on a home network. But I cannot see the network on my computer at all.

 

Now for shields up

Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.


Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.


Solicited TCP Packets: RECEIVED (FAILED) â€" As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.



Unsolicited Packets: PASSED â€" No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober ", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)



Ping Echo: PASSED â€" Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests) from our server.




Port
Service
Status Security Implications

0
<nil>
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

21
FTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

22
SSH
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

23
Telnet
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

25
SMTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

79
Finger
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

80
HTTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

110
POP3
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

113
IDENT
Closed Your computer has responded that this port exists but is currently closed to connections.

119
NNTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

135
RPC
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

139
Net
BIOS
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

143
IMAP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

389
LDAP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

443
HTTPS
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

445
MSFT
DS
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1002
ms-ils
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1024
DCOM
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1025
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1026
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1027
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1028
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1029
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1030
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1720
H.323
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

5000
UPnP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!



It tells me that ports were open but I don't see what they were

 

HijackThis log looks good to me.

 

Get rid of it. It's in IE options\security tab>trusted sites. You will have to access Internet options from the control panel.

 

GRC Port Authority Report created on UTC: 2004-06-15 at 02:17:05

Results from scan of ports: 0-1055

0 Ports Open
1 Ports Closed
1055 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be OPEN.

The port found to be CLOSED was: 113

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.




Tried to spam myself and I got nothing




Your Browser's Request for THIS Page:
Here is the entire contents of your browser's request for this page:




Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-us
Connection: Keep-Alive
Host: grc.com
Referer: http://grc.com/x/ne.dll?rh1dkyd2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Content-Length: 31
Content-Type: application/x-www-form-urlencoded
XXXXXXXXXXXXXXX: XXXXXXXXXXXXX
Cache-Control: no-cache
Secure: https://grc.com
Nonsecure: http://www.grc.com


Sucure

Your Browser's Request for THIS Page:
Here is the entire contents of your browser's request for this page:




Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-us
Connection: Keep-Alive
Host: grc.com
Referer: http://grc.com/x/ne.dll?rh1dkyd2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Content-Length: 30
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Cache-Control: no-cache
Secure: https://grc.com
Nonsecure: http://www.grc.com

 

It says port 113 responded with a 'closed' status, rather than stealthed. Very common and not a problem on that particular port.

 

Adaware log I have tried to get rid of a DOS exploit for weeks and suddenly it is gone all by itself LMBO


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Monday, June 14, 2004 10:09:32 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R316 11.06.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R316 11.06.2004
Internal build : 248
File location : D:\PROGRA~1\LAVASOFT\AD-AWA~1\reflist.ref
Total size : 1233266 Bytes
Signature data size : 1213039 Bytes
Reference data size : 20163 Bytes
Signatures total : 27012
Target categories : 10
Target families : 494

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:52 %
Total physical memory:523276 kb
Available physical memory:267492 kb
Total page file size:1280700 kb
Available on page file:1010448 kb
Total virtual memory:2097024 kb
Available virtual memory:2052884 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Remember window positions
Set : Snap windows to desktop border
Set : Always back up reference file, before updating
Set : Create and save WebUpdate logfile
Set : Play sound if scan produced a result


6-14-2004 10:09:32 PM - Scan started. (Custom mode)

Listing running processes
¯Â¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 6-14-2004 7:37:44 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\D:\WINDOWS\system32\
ThreadCreationTime : 6-14-2004 7:37:46 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\D:\WINDOWS\system32\
ThreadCreationTime : 6-14-2004 7:37:47 PM
BasePriority : High


#:4 [services.exe]
FilePath : D:\WINDOWS\system32\
ThreadCreationTime : 6-14-2004 7:37:47 PM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 9/3/2002 8:59:11 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 9/3/2002 8:59:12 PM

#:5 [lsass.exe]
FilePath : D:\WINDOWS\system32\
ThreadCreationTime : 6-14-2004 7:37:47 PM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 9/3/2002 8:39:51 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 9/3/2002 8:39:52 PM

#:6 [svchost.exe]
FilePath : D:\WINDOWS\system32\
ThreadCreationTime : 6-14-2004 7:37:47 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 9/3/2002 9:05:32 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 9/3/2002 9:05:32 PM

#:7 [svchost.exe]
FilePath : D:\WINDOWS\System32\
ThreadCreationTime : 6-14-2004 7:37:48 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 9/3/2002 9:05:32 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 9/3/2002 9:05:32 PM

#:8 [svchost.exe]
FilePath : D:\WINDOWS\System32\
ThreadCreationTime : 6-14-2004 7:37:48 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 9/3/2002 9:05:32 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 9/3/2002 9:05:32 PM

#:9 [svchost.exe]
FilePath : D:\WINDOWS\System32\
ThreadCreationTime : 6-14-2004 7:37:49 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 9/3/2002 9:05:32 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 9/3/2002 9:05:32 PM

#:10 [spoolsv.exe]
FilePath : D:\WINDOWS\system32\
ThreadCreationTime : 6-14-2004 7:37:49 PM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 9/3/2002 9:04:18 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 9/3/2002 9:04:18 PM

#:11 [netdde.exe]
FilePath : D:\WINDOWS\system32\
ThreadCreationTime : 6-14-2004 7:37:50 PM
BasePriority : Normal
FileSize : 103 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : Network DDE - DDE Communication
InternalName : NETDDE.EXE
OriginalFilename : NETDDE.EXE
ProductName : Microsoft
Created on : 9/3/2002 8:47:51 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 9/3/2002 8:47:52 PM

#:12 [mwagent.exe]
FilePath : D:\Program Files\MonitorWare\Agent\
ThreadCreationTime : 6-14-2004 7:37:50 PM
BasePriority : Normal
FileSize : 644 KB
FileVersion : 2, 1, 0, 224
ProductVersion : 2, 1, 0, 224
Copyright : Copyright
CompanyName : Adiscon GmbH, Germany (info@adiscon.com, http://www.adiscon.com)
FileDescription : MonitorWare Agent
InternalName : MWAgent
OriginalFilename : mwagent.exe
ProductName : Adiscon MonitorWare Agent
Created on : 6/9/2004 6:24:54 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 6/9/2004 6:24:54 PM

#:13 [alg.exe]
FilePath : D:\WINDOWS\System32\
ThreadCreationTime : 6-14-2004 7:37:51 PM
BasePriority : Normal
FileSize : 41 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
OriginalFilename : ALG.exe
ProductName : Microsoft
Created on : 9/3/2002 8:27:15 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 9/3/2002 8:27:16 PM

#:14 [isafe.exe]
FilePath : D:\WINDOWS\System32\ZoneLabs\
ThreadCreationTime : 6-14-2004 7:37:51 PM
BasePriority : Normal
FileSize : 180 KB
FileVersion : Version 10.63.0.1
ProductVersion : Version 10.63.0.1
CompanyName : Computer Associates International, Inc.
FileDescription : ISafe Service
InternalName : ISafe
OriginalFilename : ISafe.exe
ProductName : ISafe
Created on : 6/9/2004 9:55:04 AM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 4/20/2004 9:04:22 PM

 

#:15 [clipsrv.exe]
FilePath : D:\WINDOWS\system32\
ThreadCreationTime : 6-14-2004 7:37:51 PM
BasePriority : Normal
FileSize : 30 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Windows NT DDE Server
InternalName : CLIPSRV.EXE
OriginalFilename : CLIPSRV.EXE
ProductName : Microsoft
Created on : 9/3/2002 8:28:58 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 9/3/2002 8:28:58 PM

#:16 [nvsvc32.exe]
FilePath : D:\WINDOWS\System32\
ThreadCreationTime : 6-14-2004 7:37:51 PM
BasePriority : Normal
FileSize : 80 KB
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
Copyright : (C) NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 52.16
Created on : 10/6/2003 6:16:00 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 10/6/2003 6:16:00 PM

#:17 [vsmon.exe]
FilePath : D:\WINDOWS\system32\ZONELABS\
ThreadCreationTime : 6-14-2004 7:37:51 PM
BasePriority : Normal
FileSize : 893 KB
FileVersion : 5.0.590.015
ProductVersion : 5.0.590.015
Copyright : Copyright
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
OriginalFilename : vsmon.exe
ProductName : TrueVector Service
Created on : 6/9/2004 9:55:01 AM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 5/17/2004 8:55:26 AM

#:18 [wmiapsrv.exe]
FilePath : D:\WINDOWS\System32\wbem\
ThreadCreationTime : 6-14-2004 7:37:53 PM
BasePriority : Normal
FileSize : 114 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : WMI Performance Adapter Service
InternalName : WmiApSrv.exe
OriginalFilename : WmiApSrv.exe
ProductName : Microsoft
Created on : 6/9/2004 7:22:11 AM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 9/3/2002 5:13:10 PM

#:19 [explorer.exe]
FilePath : D:\WINDOWS\
ThreadCreationTime : 6-14-2004 7:37:59 PM
BasePriority : Normal
FileSize : 973 KB
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 5/12/2003 1:12:10 AM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 5/12/2003 1:12:10 AM

#:20 [zlclient.exe]
FilePath : D:\Program Files\Zone Labs\ZoneAlarm\
ThreadCreationTime : 6-14-2004 7:38:01 PM
BasePriority : Normal
FileSize : 681 KB
FileVersion : 5.0.590.015
ProductVersion : 5.0.590.015
Copyright : Copyright
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs Client
InternalName : zlclient
OriginalFilename : zlclient.exe
ProductName : Zone Labs Client
Created on : 6/9/2004 9:55:03 AM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 5/17/2004 8:56:14 AM

#:21 [realsched.exe]
FilePath : D:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 6-14-2004 7:38:02 PM
BasePriority : Normal
FileSize : 176 KB
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealPlayer (32-bit)
Created on : 6/10/2004 12:33:32 AM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 6/10/2004 12:33:34 AM

#:22 [newadmin.exe]
FilePath : D:\Program Files\Security Administrator\
ThreadCreationTime : 6-14-2004 7:38:17 PM
BasePriority : Normal
FileSize : 1322 KB
Created on : 2/10/2004 8:12:41 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 2/10/2004 8:12:42 PM

#:23 [ltmsg.exe]
FilePath : D:\WINDOWS\System32\
ThreadCreationTime : 6-14-2004 7:38:17 PM
BasePriority : Normal
FileSize : 38 KB
FileVersion : 3, 0, 0, 2
ProductVersion : 3, 0, 0, 2
Copyright : Copyright
CompanyName : LUCENT TECHNOLOGIES
FileDescription : ltmsg
InternalName : ltmsg
OriginalFilename : ltmsg.exe
ProductName : LUCENT TECHNOLOGIES ltmsg
Created on : 4/3/2001 2:38:30 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 4/3/2001 2:38:30 PM

#:24 [ypager.exe]
FilePath : D:\Program Files\Yahoo!\Messenger\
ThreadCreationTime : 6-14-2004 7:38:18 PM
BasePriority : Normal
FileSize : 2440 KB
Created on : 6/9/2004 10:39:25 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 5/21/2004 4:49:52 PM

#:25 [teatimer.exe]
FilePath : D:\Program Files\Spybot - Search & Destroy\
ThreadCreationTime : 6-14-2004 7:38:18 PM
BasePriority : Idle
FileSize : 1014 KB
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
OriginalFilename : TeaTimer.exe
ProductName : Spybot - Search & Destroy
Created on : 5/12/2004 5:03:00 AM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 5/12/2004 5:03:00 AM

#:26 [turbosearcher.exe]
FilePath : D:\Program Files\Turbo Searcher\
ThreadCreationTime : 6-14-2004 7:38:18 PM
BasePriority : Normal
FileSize : 305 KB
FileVersion : 1, 2, 0, 0
ProductVersion : 1, 2, 0, 0
Copyright : Copyright (C) 2003-2004, Knownsoft
CompanyName : Knownsoft,http://www.knownsoft.com
FileDescription : TurboSearcher Application
InternalName : TurboSearcher
OriginalFilename : TurboSearcher.EXE
ProductName : TurboSearcher Application
Created on : 6/10/2004 3:16:30 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 6/10/2004 3:16:30 PM

#:27 [rundll32.exe]
FilePath : D:\WINDOWS\System32\
ThreadCreationTime : 6-14-2004 7:38:19 PM
BasePriority : Normal
FileSize : 31 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft
Created on : 9/3/2002 8:56:58 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 9/3/2002 8:56:58 PM

#:28 [sgmain.exe]
FilePath : D:\Program Files\SpywareGuard\
ThreadCreationTime : 6-14-2004 7:38:20 PM
BasePriority : Normal
FileSize : 352 KB
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
Copyright : Copyright (C) 2002-2003 Javacool Software LLC
FileDescription : SpywareGuard
InternalName : sgmain
OriginalFilename : sgmain.exe
ProductName : SpywareGuard
Created on : 8/29/2003 11:05:35 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 8/29/2003 11:05:36 PM

#:29 [devldr32.exe]
FilePath : D:\WINDOWS\System32\
ThreadCreationTime : 6-14-2004 7:38:21 PM
BasePriority : Normal
FileSize : 23 KB
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
Copyright : Copyright (C) Creative Technology Ltd. 1998-2001
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
OriginalFilename : DevLdr32.exe
ProductName : Creative Ring3 NT Inteface
Created on : 9/13/2002 6:08:50 AM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 8/18/2001 2:36:42 AM

#:30 [sgbhp.exe]
FilePath : D:\Program Files\SpywareGuard\
ThreadCreationTime : 6-14-2004 7:38:24 PM
BasePriority : Normal
FileSize : 228 KB
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
Copyright : Copyright (C) 2002-2003 Javacool Software LLC.
FileDescription : SG Browser Hijacking Protection
InternalName : sgbhp
OriginalFilename : sgbhp.exe
ProductName : SG Browser Hijacking Protection
Created on : 8/29/2003 3:14:56 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 8/29/2003 3:14:58 PM

 

#:31 [wuauclt.exe]
FilePath : D:\WINDOWS\System32\
ThreadCreationTime : 6-14-2004 7:39:09 PM
BasePriority : Normal
FileSize : 136 KB
FileVersion : 5.4.3630.1106 (xpsp1.020828-1920)
ProductVersion : 5.4.3630.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Update AutoUpdate Client
InternalName : wuauclt.exe
OriginalFilename : wuauclt.exe
ProductName : Microsoft
Created on : 6/9/2004 7:22:04 AM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 9/3/2002 5:14:52 PM

#:32 [rhapsody.exe]
FilePath : D:\Program Files\RealRhapsody\
ThreadCreationTime : 6-15-2004 1:22:38 AM
BasePriority : Normal
FileSize : 2358 KB
FileVersion : 2, 1, 0, 227
ProductVersion : 2, 1, 0, 227
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Rhapsody
InternalName : Rhapsody
OriginalFilename : Rhapsody.exe
ProductName : RealNetworks Rhapsody Music Subscription Service
Created on : 6/10/2004 12:27:02 AM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 3/10/2004 2:43:06 PM

#:33 [iexplore.exe]
FilePath : D:\Program Files\Internet Explorer\
ThreadCreationTime : 6-15-2004 1:59:56 AM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 6/9/2004 7:23:30 AM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 9/3/2002 4:35:04 PM

#:34 [ad-aware.exe]
FilePath : D:\PROGRA~1\LAVASOFT\AD-AWA~1\
ThreadCreationTime : 6-15-2004 2:06:21 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 6/11/2004 6:02:55 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 7/13/2003 1:00:20 AM

Memory scan result :
¯Â¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯
New objects : 0
Objects found so far: 0


Started registry scan
¯Â¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯

Registry scan result :
¯Â¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯
New objects : 0
Objects found so far: 0


Started deep registry scan
¯Â¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯

Deep registry scan result :
¯Â¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯
New objects : 0
Objects found so far: 0


Deep scanning and examining files (D
¯Â¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯

Tracking Cookie Object recognized!
Type : File
Data : melissa@server.iad.liveperson[2].txt
Category : Data Miner
Comment :
Object : D:\Documents and Settings\Melissa\Cookies\

Created on : 6/11/2004 8:03:14 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 6/11/2004 8:03:26 PM



Tracking Cookie Object recognized!
Type : File
Data : melissa@zedo[2].txt
Category : Data Miner
Comment :
Object : D:\Documents and Settings\Melissa\Cookies\

Created on : 6/14/2004 1:16:52 AM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 6/14/2004 1:16:54 AM



Tracking Cookie Object recognized!
Type : File
Data : melissa@tripod[1].txt
Category : Data Miner
Comment :
Object : D:\Documents and Settings\Melissa\Cookies\

Created on : 6/14/2004 5:30:14 AM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 6/14/2004 6:00:06 AM



Tracking Cookie Object recognized!
Type : File
Data : melissa@ttarget.adbureau[1].txt
Category : Data Miner
Comment :
Object : D:\Documents and Settings\Melissa\Cookies\

Created on : 6/14/2004 5:45:47 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 6/14/2004 5:45:48 PM



Tracking Cookie Object recognized!
Type : File
Data : melissa@bravenet[2].txt
Category : Data Miner
Comment :
Object : D:\Documents and Settings\Melissa\Cookies\

Created on : 6/14/2004 12:20:35 AM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 6/14/2004 9:30:02 PM



Tracking Cookie Object recognized!
Type : File
Data : melissa@realmedia[1].txt
Category : Data Miner
Comment :
Object : D:\Documents and Settings\Melissa\Cookies\

Created on : 6/14/2004 10:27:50 PM
Last accessed : 6/14/2004 4:00:00 AM
Last modified : 6/14/2004 10:27:52 PM



Disk scan result for D:\
¯Â¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯
New objects : 0
Objects found so far: 6


Scanning Hosts file(D:\WINDOWS\System32\drivers\etc\hosts)
¯Â¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯

Hosts file scan result:
¯Â¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯
1 entries scanned.
New objects :0
Objects found so far: 6




Performing conditional scans..
¯Â¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯

Conditional scan result:
¯Â¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯
New objects : 0
Objects found so far: 6


10:18:06 PM Scan complete

Summary of this scan
¯Â¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯Ã‚¯
Total scanning time :00:08:33:672
Objects scanned :82581
Objects identified :6
Objects ignored :0
New objects :6

 

Okies I am gonna go try to fire up my other computer. I just got it back from the good repair guy. I am not gonna put it online yet though.

Hopefully tomorrow with Joes help I will know what is up with this one.

Thanks everyone!!!!

 

I think noah's onto something there. Looking at the description for that thing, it looks like it does exactly what we started with on this thread. It sets local policies to lock down the box. I'll bet when we whack that, we are back in buisiness.
http://www.softheap.com/newadmin.html

 

Ok I will get rid of that. I sometimes cannot use things I download to try. I was going to try and use that to get my admin back.

I read once that you cannot change the icons of things that you download. Like if you were to download zonealarm you can change the names of the files but you cannot change the icon for the software.

The icon for that software the mans face with a hat that looks sort of detective like, has been in my computer since I can remember. Only it says that it is agentsvr.exe. This is a microsoft exe according to my searching.

 

My computer is running very slow this morning. Not just the internet (put I keep losing that too) my add and remove is going extremely slow.


Good Morning to everyone

 

please dont mess with anything yet.

 

OK, so i had a look at her machine. She is in pretty good shape after all the cleanup we ran her through.

I explained a few of the event messages she's getting, and and checked around for various vectors for viruses, backdoors, etc, etc.. Nothing I saw was out of place. As far as permissions goes, she has full admin control of the machine, we were not able to cause any access denieds. She did have the WMI service disabled, which was causing some errant DCOM errors.

The newadmin thing was a red herring, it was added post-phenomenon as an attempt to resolve the problems. The policy entries are just some extra auditing one of the many many security programs she has enabled. The only thing out of place was some of the usual 'power' tools were missing (a few MMC snapins), but i beleive it to be a result of using a DELL OEM xp cd for reinstall, rather than any malicious activity.

We talked about some of the regular and prevenative maintaince proceedures (running zone alarm, adaware, etc).

I think we can close the books on this one as resolved.

 

Glad to hear it. My head hurts.

 

Thanks for the update, Joe. Essentially a mountain was made from a molehill?

Dave, the only sure fire cure for headaches that I know of, is establishing a child-free zone, and then remaining in it, until the pain passes. Actually, the pain usually goes away immediately along with the child, but it's important to have several hours of "treatment" for the prevention of future headaches.

Johanna
good luck to you MissMissy!

 

Thanks everyone. I had alot of problems about a year ago with keyloggers and someone hacked a website I owned. I ended up closing that site. I guess I just went nuts on trying to figure out everything that was in my computer. Since I have never really looked at anything before that point everything seemed suspicious to me.

This is a great site for information and I will make sure I ask first instead of trying to do things myself.

Thanks so much Joe!!!!!