1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Infected with the "theguardservices" home page

Discussion in 'Windows - Virus and spyware problems' started by jerrold3, Apr 29, 2006.

  1. jerrold3

    jerrold3 Member

    Joined:
    Apr 29, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    My home page is stuck at theguardservices.com Please help. Not too computer savvy. Here my hijack this log:

    Logfile of HijackThis v1.99.1
    Scan saved at 3:27:38 AM, on 4/30/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dcomcfg.exe
    C:\WINDOWS\system32\atmclk.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Labtec\Mouse\2.1\moffice.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
    C:\WINDOWS\System32\d?xplore.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dcomcfg.exe
    C:\WINDOWS\system32\atmclk.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Labtec\Mouse\2.1\moffice.exe
    C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    c:\program files\mcafee.com\agent\mcupdate.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe
    O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpE38A.tmp
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.iicm.edu/hw_mm/data/vivo/vvweb.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.suscc.cc.al.us/CFIDE/classes/CFJava.cab
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144947407062
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
     
  2. tapiiri

    tapiiri Regular member

    Joined:
    Jun 11, 2005
    Messages:
    1,142
    Likes Received:
    0
    Trophy Points:
    46
    Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Unzip it (folder named SmitFraudFix) to your desktop:

    Boot your computer to SAFEMODE.

    Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd

    Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

    You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

    The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

    The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
    A textfile will appear after the cleaning process, copy this file and paste it to here.
    Tha log is saved to your local diskdrive, usually C:\rapport.txt.
     
  3. jerrold3

    jerrold3 Member

    Joined:
    Apr 29, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    I've downloaed the smitfraudfix; however, when I attempt to open it, a window opesn for a second tops and closes. I can not get this to open properly. Any help would be appreicated!
     
  4. tapiiri

    tapiiri Regular member

    Joined:
    Jun 11, 2005
    Messages:
    1,142
    Likes Received:
    0
    Trophy Points:
    46
  5. jerrold3

    jerrold3 Member

    Joined:
    Apr 29, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    File was properly unzipped.
     
  6. tapiiri

    tapiiri Regular member

    Joined:
    Jun 11, 2005
    Messages:
    1,142
    Likes Received:
    0
    Trophy Points:
    46
    Are you sure that you run right file.

    Try run option #1. and send rapport.txt

     
  7. jerrold3

    jerrold3 Member

    Joined:
    Apr 29, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    The file was unzipped with all content extracted; however when I double click on the file to open I get the standard popup message of "The publisher could not be verified. Are you sure you want to run this software? I choose Run, a command prompt type box opens for less than a second and closes. I never get the chance to choose any option at all.
     
  8. tapiiri

    tapiiri Regular member

    Joined:
    Jun 11, 2005
    Messages:
    1,142
    Likes Received:
    0
    Trophy Points:
    46
    Allright, let do it to hard way :)

    Please Download Smithrem : http://noahdfear.geekstogo.com/click counter/click.php?id=1
    Save it to desktop. Don't run yet.

    Please download Kllbox

    http://www.downloads.subratam.org/KillBox.zip
    Unzip it to desktop.
    Run it.

    Choise

    * Delete on Reboot
    * Click All Files option.


    # Copy and paste follow lines to clipboard:

    C:\WINDOWS\system32\dcomcfg.exe
    C:\WINDOWS\system32\atmclk.exe

    # return to Killbox, go to File , and choise Paste from Clipboard.

    # Clicka red-white Delete File . Click Yes "Delete on Reboot"
    Click OK every question PendingFileRenameOperations asks and let me know if those exist.

    Your computer should restart now. If not boot yourselves.

    If you get message :Component 'MsComCtl.ocx' or one of its dependencies not correctly registered
    Download this and run it. Try again
    http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe

    Start comp to safe mode.
    open smithrem folder and run "RunThis.bat " Follow instructions.

    Re start normally and send C:\smitfiles.txt and new hijack this log





     
  9. jerrold3

    jerrold3 Member

    Joined:
    Apr 29, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    Same problem. Downloaded killbox. Ran with no problems. Downloaded smithrem. Unzipped in safe mode. Attempted to run, and same as before a Command prompt style box appears for less than a second and disappers. I'm unable to do anything with this application. Are there any settings you could think of that I could change?
     
  10. tapiiri

    tapiiri Regular member

    Joined:
    Jun 11, 2005
    Messages:
    1,142
    Likes Received:
    0
    Trophy Points:
    46
    Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download/

    Boot your comp to safe mode, and scan with Ewido Complete system scan.
    Be sure that it scan "every file"
    Save the report.

    Boot normally and send fresh hijack log and ewidos report.

     
    Last edited: Apr 30, 2006
  11. jerrold3

    jerrold3 Member

    Joined:
    Apr 29, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 8:33:22 AM, 4/30/2006
    + Report-Checksum: C11B2AD

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{7676F3C7-AF22-0FBA-43EC-F6F7A2599104} -> Adware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : Cleaned with backup
    HKU\S-1-5-21-1559617991-2932391519-2664560373-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7676F3C7-AF22-0FBA-43EC-F6F7A2599104} -> Adware.CoolWebSearch : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@as.casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@com[1].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@www.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
    C:\Documents and Settings\Jerrold\Cookies\jerrold@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Jerrold\Cookies\jerrold@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Jerrold\Cookies\jerrold@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Jerrold\Cookies\jerrold@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Jerrold\Cookies\jerrold@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Jerrold\Cookies\jerrold@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Jerrold\Cookies\jerrold@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
    C:\Documents and Settings\Jerrold\Cookies\jerrold@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Jerrold\Cookies\jerrold@e-2dj6wgk4qmczefp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Cookies\jerrold@e-2dj6wjl4gncjcbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Cookies\jerrold@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Jerrold\Cookies\jerrold@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Jerrold\Cookies\jerrold@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Jerrold\Cookies\jerrold@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Jerrold\Cookies\jerrold@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Jerrold\Cookies\jerrold@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Jerrold\Cookies\jerrold@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Jerrold\Cookies\jerrold@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wfkighdpggo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wfkiwmc5wko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wfkougcjobq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wfliuhcpehq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjk4anc5ilp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjk4gkazsao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjk4wpazclo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjkoeicjego.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjkoqjdzmbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjkowmc5wap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjkyamcpklo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjkyeod5edq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjkyeodzcdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjkyogajkco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjkyomdzofp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjkysid5cap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjliukajklq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjloajc5ieo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjloeic5gco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjlyulcjgfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjlyupajmbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjlywiajwcq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjmiencpofo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjmysoc5ehp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjny-1ndpsa.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjny-1odjmf.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjnyalcpseq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjnyemc5mfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjnygmdzwep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjnygoajifo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjnyoldpcep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjnyomdpwdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjnyqjcpmep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@e-2dj6wjnyspajwgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\Cookies\jerrold@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\dllenpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\gelkcpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\jfjlcpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\lgbcpmmd.exe -> Trojan.Dialer.ay : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\mimapmmd.exe -> Trojan.Dialer.ay : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\nafgnpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\nbdjcpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\ngigeomd.exe -> Trojan.Dialer.ay : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\nmeaeomd.exe -> Trojan.Dialer.ay : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temp\pldgnpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
    C:\Documents and Settings\Jerrold\Local Settings\Temporary Internet Files\Content.IE5\OLY3416J\gdnUS2218[1].exe -> Downloader.Small.ayl : Cleaned with backup
    C:\Documents and Settings\Rocky\Cookies\rocky@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Rocky\Cookies\rocky@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\Rocky\Cookies\rocky@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Rocky\Local Settings\Temporary Internet Files\Content.IE5\4P2VWHE3\gdnUS2218[1].exe -> Downloader.Small.ayl : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\11EA1D99-9A7F-45EC-91D2-D11264\E08E4CEB-A23C-45DD-ACF7-895B52 -> Adware.RXBar : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\135F80EC-7C03-41F3-BD5D-01566D\577A316E-4C41-4F71-8FC5-72BC8B -> Downloader.Small.aul : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\2ECB4F36-E225-4FEB-BAD3-850FB6 -> Adware.Altnet : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\55C8AEAD-BA58-48D6-8613-2BC1C6 -> Adware.Altnet : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\587C057D-4CD2-4D07-8D2E-592211 -> Adware.Altnet : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\64082C88-92FC-4C47-B658-A3BD9E -> Adware.Altnet : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\67DB2A53-9050-4340-98F3-A6F37B -> Adware.Altnet : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\849FCBE0-D597-4D28-A035-0E2C93 -> Adware.Altnet : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\8E5D9478-6AFD-4A3A-837A-8003D7/Points Manager.exe -> Adware.Altnet : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\AA9F2DA2-2EA3-4517-8DF5-22E06D -> Adware.Altnet : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\AEC09C17-9659-4EB5-B95C-C7A81A/AltnetUninstall.exe -> Adware.Altnet : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\B98789DC-BCEB-4587-8DD2-F68E7D -> Adware.Altnet : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\F990C526-B388-4478-B77B-17A3C4 -> Adware.Altnet : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\3BC98F2A-9834-44FA-8C8E-1C4EE4\FDA2205E-57E1-4A51-A3B3-CE4811 -> Adware.Altnet : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\70BFB656-3B71-4C8A-BD55-7B0D7F\4F9AC596-CF2B-4235-8842-08FCE6 -> Adware.BargainBuddy : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\86A7E165-DF69-4DD0-AD1D-EE0184\881BECF2-5590-400A-A16A-E947BB -> Downloader.Small.aul : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\98D1ABFE-6AA0-4116-ACE1-A66050\F03EC6EA-5743-4674-9FA1-386210 -> Downloader.Small.aul : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP764\A0037576.exe -> Downloader.Agent.uj : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP764\A0037583.exe -> Trojan.Pakes : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP764\A0037607.exe -> Trojan.Small.gq : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP764\A0037609.exe -> Hijacker.Small.kg : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP905\A0055301.exe -> Adware.DealHelper : Cleaned with backup
    C:\WINDOWS\SYSTEM32\csajj.exe -> Downloader.Agent.uj : Cleaned with backup
    C:\WINDOWS\SYSTEM32\dеxplore.exe -> Adware.PurityScan : Cleaned with backup
    C:\WINDOWS\SYSTEM32\mscjjn.dll -> Adware.180Solutions : Cleaned with backup
    C:\WINDOWS\SYSTEM32\msddlc.dll -> Dropper.Siboco.d : Cleaned with backup
    C:\WINDOWS\SYSTEM32\msiaih.dll -> Adware.Ipend : Cleaned with backup
    C:\WINDOWS\SYSTEM32\mskplb.dll -> Adware.Ipend : Cleaned with backup
    C:\WINDOWS\SYSTEM32\twain32.dll -> Not-A-Virus.Hoax.Win32.Renos.cu : Cleaned with backup
    C:\WINDOWS\SYSTEM32\zinwaeg05.dll -> Downloader.Lastad.h : Cleaned with backup


    ::Report End


    Logfile of HijackThis v1.99.1
    Scan saved at 8:37:24 AM, on 4/30/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Labtec\Mouse\2.1\moffice.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe
    O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp924D.tmp
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.iicm.edu/hw_mm/data/vivo/vvweb.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.suscc.cc.al.us/CFIDE/classes/CFJava.cab
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144947407062
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe




     
  12. tapiiri

    tapiiri Regular member

    Joined:
    Jun 11, 2005
    Messages:
    1,142
    Likes Received:
    0
    Trophy Points:
    46
    Next step and propaply last:

    Go to safe mode.

    Scan hijackthis.

    F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe
    O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp924D.tmp
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
    O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.iicm.edu/hw_mm/data/vivo/vvweb.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab

    Close all windows and programs, exept hijackthis. Click Fix checked.

    Remove next:

    C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\ >>info32.exe
    C:\WINDOWS\system32\ >>hp924D.tmp

    Scan with Ewido, please goto settings and choose "all files" and complete system scan. Save raport.

    Boot normally and send fresh hijack log and ewido's raport.
     
  13. jerrold3

    jerrold3 Member

    Joined:
    Apr 29, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 8:07:16 PM, 4/30/2006
    + Report-Checksum: 2B3595BD

    + Scan result:

    C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Guest\Cookies\guest@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP907\A0055454.exe -> Downloader.Agent.uj : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP907\A0055455.exe -> Adware.PurityScan : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP907\A0055456.dll -> Adware.180Solutions : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP907\A0055457.dll -> Dropper.Siboco.d : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP907\A0055458.dll -> Adware.Ipend : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP907\A0055459.dll -> Adware.Ipend : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP907\A0055460.dll -> Not-A-Virus.Hoax.Win32.Renos.cu : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP907\A0055461.dll -> Downloader.Lastad.h : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2218.exe -> Downloader.Small.ayl : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\gdnUS2218.exe -> Downloader.Small.ayl : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\gdnUS2218.exe -> Downloader.Small.ayl : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.4\gdnUS2218.exe -> Downloader.Small.ayl : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.5\gdnUS2218.exe -> Downloader.Small.ayl : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.6\gdnUS2218.exe -> Downloader.Small.ayl : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.7\gdnUS2218.exe -> Downloader.Small.ayl : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\gdnUS2218.exe -> Downloader.Small.ayl : Cleaned with backup


    ::Report End



    Logfile of HijackThis v1.99.1
    Scan saved at 8:10:57 PM, on 4/30/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Labtec\Mouse\2.1\moffice.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.suscc.cc.al.us/CFIDE/classes/CFJava.cab
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144947407062
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

     
  14. jerrold3

    jerrold3 Member

    Joined:
    Apr 29, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    Also, something keeps changing my internet security settings to Low. Could this be spyware/malware related or would it be something else? The yellow blinking triangle with the exclamtion point has now returned. This time a message appears saying "System Alert: Adware and Spyware. Your computer performance slowed down. Your internet connection speed has decreased...." Looks like I got rid of theguardservices and have soemthing else. Please help!
     
    Last edited: Apr 30, 2006
  15. tapiiri

    tapiiri Regular member

    Joined:
    Jun 11, 2005
    Messages:
    1,142
    Likes Received:
    0
    Trophy Points:
    46
    Hi jerrold3,

    Please download prosess explorer
    http://www.sysinternals.com/files/procexpnt.zip

    Unzip it to own folder and run it.
    Choose ”View” and check that these lines are marked

    Show processes form all users.
    Show Lower Pane
    Lower Pane View DLL's

    Then click in that window Explorer.exe
    Then select ”File” > Save As > and save log.
    Send that log here please.
     
  16. jerrold3

    jerrold3 Member

    Joined:
    Apr 29, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    Process PID CPU Description Company Name
    System Idle Process 0 81.82
    Interrupts n/a 1.52 Hardware Interrupts
    DPCs n/a Deferred Procedure Calls
    System 4
    smss.exe 596 Windows NT Session Manager Microsoft Corporation
    csrss.exe 644 Client Server Runtime Process Microsoft Corporation
    winlogon.exe 668 Windows NT Logon Application Microsoft Corporation
    services.exe 712 1.52 Services and Controller app Microsoft Corporation
    svchost.exe 876 Generic Host Process for Win32 Services Microsoft Corporation
    svchost.exe 952 Generic Host Process for Win32 Services Microsoft Corporation
    svchost.exe 1044 Generic Host Process for Win32 Services Microsoft Corporation
    svchost.exe 1100 Generic Host Process for Win32 Services Microsoft Corporation
    svchost.exe 1204 Generic Host Process for Win32 Services Microsoft Corporation
    spoolsv.exe 1432 Spooler SubSystem App Microsoft Corporation
    cisvc.exe 1788 Content Index service Microsoft Corporation
    CIDAEMON.EXE 3952 Indexing Service filter daemon Microsoft Corporation
    ewidoctrl.exe 1812 ewido control ewido networks
    ewidoguard.exe 1828 guard ewido networks
    Mcdetect.exe 1864 McAfee WSC Integration Service McAfee, Inc
    McTskshd.exe 2016 McAfee Task Scheduler McAfee, Inc
    mcvsrte.exe 252 McAfee VirusScan Real-time Engine Networks Associates Technology, Inc
    nvsvc32.exe 308 NVIDIA Driver Helper Service, Version 52.16 NVIDIA Corporation
    sdhelp.exe 452 PC Tools Research Pty Ltd
    svchost.exe 856 Generic Host Process for Win32 Services Microsoft Corporation
    wdfmgr.exe 1012 Windows User Mode Driver Manager Microsoft Corporation
    McShield.exe 2152 12.12 NT On-Access Scanner service. Network Associates, Inc.
    alg.exe 2624 Application Layer Gateway Service Microsoft Corporation
    iPodService.exe 1532 iPodService Module Apple Computer, Inc.
    lsass.exe 724 LSA Shell (Export Version) Microsoft Corporation
    csrss.exe 3612 1.52 Client Server Runtime Process Microsoft Corporation
    winlogon.exe 1320 Windows NT Logon Application Microsoft Corporation
    mcvsftsn.exe 2980 McAfee VirusScan Instant Messenger Scan Module Networks Associates Technology, Inc
    msmsgs.exe 4040 Windows Messenger Microsoft Corporation
    explorer.exe 1676 Windows Explorer Microsoft Corporation
    DSentry.exe 168 DVDSentry Dell - Advanced Desktop Engineering
    mcvsshld.exe 152 McAfee VirusScan ActiveShield Resource Networks Associates Technology, Inc
    McVSEscn.exe 212 McAfee VirusScan E-mail Scan Module Networks Associates Technology, Inc
    mcagent.exe 204 McAfee SecurityCenter Agent McAfee, Inc
    jusched.exe 236 Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc.
    WkUFind.exe 320 Microsoft® Works Update Detection Microsoft® Corporation
    tgcmd.exe 492 Support.com Scheduler and Command Dispatcher Support.com, Inc.
    moffice.exe 552 MOffice MFC Application
    mouse32a.exe 1232
    qttask.exe 884 QuickTime Task Apple Computer, Inc.
    DSAgnt.exe 1124 Dell Support Gteko Ltd.
    iexplore.exe 3696 Internet Explorer Microsoft Corporation
    outpost.exe 1516 Outpost Firewall main module Agnitum Ltd.
    iexplore.exe 3728 Internet Explorer Microsoft Corporation
    procexp.exe 5116 1.52 Sysinternals Process Explorer Sysinternals
    atmclk.exe 3880
    explorer.exe 2292 Windows Explorer Microsoft Corporation
    atmclk.exe 3624
    DSentry.exe 1288 DVDSentry Dell - Advanced Desktop Engineering
    mcvsshld.exe 3408 McAfee VirusScan ActiveShield Resource Networks Associates Technology, Inc
    McVSEscn.exe 3000 McAfee VirusScan E-mail Scan Module Networks Associates Technology, Inc
    mcagent.exe 3488 McAfee SecurityCenter Agent McAfee, Inc
    jusched.exe 2700 Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc.
    WkUFind.exe 3712 Microsoft® Works Update Detection Microsoft® Corporation
    tgcmd.exe 2788 Support.com Scheduler and Command Dispatcher Support.com, Inc.
    moffice.exe 2556 MOffice MFC Application
    mouse32a.exe 3704
    qttask.exe 2760 QuickTime Task Apple Computer, Inc.
    DSAgnt.exe 868 Dell Support Gteko Ltd.
    msnmsgr.exe 4008 MSN Messenger Microsoft Corporation
    swdoctor.exe 2116 Spyware Doctor PC Tools Research Pty Ltd
    iexplore.exe 2968 Internet Explorer Microsoft Corporation
    aolsoftware.exe 1620 AOL America Online, Inc.
    aim6.exe 5828 AIM America Online, Inc.

    Process: System Pid: 4

    Name Description Company Name Version
    ACPI.sys ACPI Driver for NT Microsoft Corporation 5.01.2600.2180
    aeaudio.sys Andrea Audio Stub Driver Andrea Electronics Corporation 1.00.0000.0000
    afd.sys Ancillary Function Driver for WinSock Microsoft Corporation 5.01.2600.2180
    agp440.sys 440 NT AGP Filter Microsoft Corporation 5.01.2600.2180
    asyncmac.sys MS Remote Access serial network driver Microsoft Corporation 5.01.2600.2180
    atapi.sys IDE/ATAPI Port Driver Microsoft Corporation 5.01.2600.2180
    ATMFD.DLL Windows NT OpenType/Type 1 Font Driver Adobe Systems Incorporated 5.01.0002.0226
    audstub.sys AudStub Driver Microsoft Corporation 5.01.2600.0000
    BCMSM.sys Modem Device Driver Broadcom Corporation 3.05.0025.0000
    Beep.SYS BEEP Driver Microsoft Corporation 5.01.2600.0000
    BOOTVID.dll VGA Boot Driver Microsoft Corporation 5.01.2600.0000
    Cdfs.SYS CD-ROM File System Driver Microsoft Corporation 5.01.2600.2180
    Cdr4_xp.SYS CDR4_XP CDR Helper Roxio 5.02.0000.0091
    Cdralw2k.SYS CDRAL for Windows 2000 Kernel Driver Roxio 5.02.0000.0091
    cdrom.sys SCSI CD-ROM Driver Microsoft Corporation 5.01.2600.2180
    cdudf_xp.SYS CD-UDF NT Filesystem Driver Roxio 5.02.0000.0091
    CLASSPNP.SYS SCSI Class System Dll Microsoft Corporation 5.01.2600.2180
    DcCam.sys Kodak Digital Camera Driver Eastman Kodak Company 1.07.0614.0000
    dcfs2k.sys Kodak DC File System Driver (NT) Eastman Kodak Company 1.00.4100.0007
    disk.sys PnP Disk Driver Microsoft Corporation 5.01.2600.2180
    drmk.sys Microsoft Kernel DRM Descrambler Filter Microsoft Corporation 5.01.2600.2180
    dump_atapi.sys
    dump_WMILIB.SYS
    Dxapi.sys DirectX API Driver Microsoft Corporation 5.01.2600.0000
    dxg.sys DirectX Graphics Driver Microsoft Corporation 5.01.2600.2180
    dxgthk.sys DirectX Graphics Driver Thunk Microsoft Corporation 5.01.2600.0000
    e100b325.sys NDIS 5 driver Intel Corporation 6.01.0003.0010
    EXPORTIT.SYS Kodak DC File System driver Eastman Kodak Company 1.00.8900.0009
    Fastfat.SYS Fast FAT File System Driver Microsoft Corporation 5.01.2600.2180
    fdc.sys Floppy Disk Controller Driver Microsoft Corporation 5.01.2600.2180
    Fips.SYS FIPS Crypto Driver Microsoft Corporation 5.01.2600.0000
    flpydisk.sys Floppy Driver Microsoft Corporation 5.01.2600.2180
    fltmgr.sys Microsoft Filesystem Filter Manager Microsoft Corporation 5.01.2600.2180
    Fs_Rec.SYS File System Recognizer Driver Microsoft Corporation 5.01.2600.0000
    ftdisk.sys FT Disk Driver Microsoft Corporation 5.01.2600.0000
    GEARAspiWDM.sys CDRom Class Filter Driver GEAR Software Inc. 2.00.0004.0003
    guard.sys
    hal.dll Hardware Abstraction Layer DLL Microsoft Corporation 5.01.2600.2180
    HTTP.sys HTTP Protocol Stack Microsoft Corporation 5.01.2600.2525
    i2omgmt.SYS I2O Utility Filter Microsoft Corporation 5.01.2600.2180
    i8042prt.sys i8042 Port Driver Microsoft Corporation 5.01.2600.2180
    ikhfile.sys PCTools Research Pty Ltd. 3.06.0001.1007
    ikhlayer.sys PCTools Research Pty Ltd. 3.06.0001.1007
    imapi.sys IMAPI Kernel Driver Microsoft Corporation 5.01.2600.2180
    intelide.sys Intel PCI IDE Driver Microsoft Corporation 5.01.2600.2180
    intelppm.sys Processor Device Driver Microsoft Corporation 5.01.2600.2180
    ipnat.sys IP Network Address Translator Microsoft Corporation 5.01.2600.2524
    ipsec.sys IPSec Driver Microsoft Corporation 5.01.2600.2180
    isapnp.sys PNP ISA Bus Driver Microsoft Corporation 5.01.2600.0000
    kbdclass.sys Keyboard Class Driver Microsoft Corporation 5.01.2600.2180
    KDCOM.DLL Kernel Debugger HW Extension DLL Microsoft Corporation 5.01.2600.0000
    kmixer.sys Kernel Mode Audio Mixer Microsoft Corporation 5.01.2600.2180
    ks.sys Kernel CSA Library Microsoft Corporation 5.03.2600.2180
    KSecDD.sys Kernel Security Support Provider Interface Microsoft Corporation 5.01.2600.2180
    L8042Pr2.sys Logitech PS/2 Mouse Filter Driver. Logitech, Inc. 9.70.0209.0000
    LKbdFlt2.sys Logitech Filter Driver for Keyboard Class. Logitech, Inc. 9.70.0209.0000
    LMouFlt2.sys Logitech Filter Driver for Mouse Class. Logitech, Inc. 9.70.0209.0000
    mc24E.tmp
    mmc_2K.SYS CD-R/RW AddOn MMC Driver (W2K) Roxio 5.02.0000.0091
    mnmdd.SYS Frame buffer simulator Microsoft Corporation 5.01.2600.0000
    Modem.SYS Modem Device Driver Microsoft Corporation 5.01.2600.2180
    MODEMCSA.sys Unimodem CSA Filter Microsoft Corporation 5.01.2600.0000
    mouclass.sys Mouse Class Driver Microsoft Corporation 5.01.2600.2180
    MountMgr.sys Mount Manager Microsoft Corporation 5.01.2600.2180
    mrxdav.sys Windows NT WebDav Minirdr Microsoft Corporation 5.01.2600.2180
    mrxsmb.sys Windows NT SMB Minirdr Microsoft Corporation 5.01.2600.2598
    Msfs.SYS Mailslot driver Microsoft Corporation 5.01.2600.2180
    msgpc.sys MS General Packet Classifier Microsoft Corporation 5.01.2600.2180
    mssmbios.sys System Management BIOS Driver Microsoft Corporation 5.01.2600.2180
    Mup.sys Multiple UNC Provider driver Microsoft Corporation 5.01.2600.2180
    NaiFiltr.sys NaiFiltr Device Driver Network Associates, Inc. 6.00.0000.0100
    NDIS.sys NDIS 5.1 wrapper driver Microsoft Corporation 5.01.2600.2180
    ndistapi.sys NDIS 3.0 connection wrapper driver Microsoft Corporation 5.01.2600.0000
    ndisuio.sys NDIS User mode I/O Driver Microsoft Corporation 5.01.2600.2180
    ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft Corporation 5.01.2600.2180
    NDProxy.SYS NDIS Proxy Microsoft Corporation 5.01.2600.0000
    netbios.sys NetBIOS interface driver Microsoft Corporation 5.01.2600.2180
    netbt.sys MBT Transport driver Microsoft Corporation 5.01.2600.2180
    Npfs.SYS NPFS Driver Microsoft Corporation 5.01.2600.2180
    ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180
    Ntfs.sys NT File System Driver Microsoft Corporation 5.01.2600.2180
    ntoskrnl.exe NT Kernel & System Microsoft Corporation 5.01.2600.2622
    Null.SYS NULL Driver Microsoft Corporation 5.01.2600.0000
    nv4_disp.dll NVIDIA Compatible Windows 2000 Display driver, Version 52.16 NVIDIA Corporation 6.14.0010.5216
    nv4_mini.sys NVIDIA Compatible Windows 2000 Miniport Driver, Version 52.16 NVIDIA Corporation 6.14.0010.5216
    omci.sys OMCI Device Driver Dell Computer Corporation 7.00.0318.0000
    parport.sys Parallel Port Driver Microsoft Corporation 5.01.2600.2180
    PartMgr.sys Partition Manager Microsoft Corporation 5.01.2600.0000
    ParVdm.SYS VDM Parallel Driver Microsoft Corporation 5.01.2600.0000
    pci.sys NT Plug and Play PCI Enumerator Microsoft Corporation 5.01.2600.2180
    PCIIDEX.SYS PCI IDE Bus Driver Extension Microsoft Corporation 5.01.2600.2180
    portcls.sys Port Class (Class Driver for Port/Miniport Devices) Microsoft Corporation 5.01.2600.2180
    PROCEXP100.SYS
    psched.sys MS QoS Packet Scheduler Microsoft Corporation 5.01.2600.2180
    ptilink.sys Parallel Technologies DirectParallel IO Library Parallel Technologies, Inc. 1.01.0000.0000
    pwd_2k.SYS Win2000 Framework for Packet Write Driver Roxio 5.02.0000.0091
    PxHelp20.sys Px Engine Device Driver for Windows 2000/XP Sonic Solutions 2.03.0018.0000
    rasacd.sys RAS Automatic Connection Driver Microsoft Corporation 5.01.2600.0000
    rasl2tp.sys RAS L2TP mini-port/call-manager driver Microsoft Corporation 5.01.2600.2180
    raspppoe.sys RAS PPPoE mini-port/call-manager driver Microsoft Corporation 5.01.2600.2180
    raspptp.sys Peer-to-Peer Tunneling Protocol Microsoft Corporation 5.01.2600.2180
    raspti.sys PTI DirectParallel(R) mini-port/call-manager driver Microsoft Corporation 5.01.2600.0000
    rdbss.sys Redirected Drive Buffering SubSystem Driver Microsoft Corporation 5.01.2600.2541
    RDPCDD.sys RDP Miniport Microsoft Corporation 5.01.2600.0000
    redbook.sys Redbook Audio Filter Driver Microsoft Corporation 5.01.2600.2180
    serenum.sys Serial Port Enumerator Microsoft Corporation 5.01.2600.2180
    serial.sys Serial Device Driver Microsoft Corporation 5.01.2600.2180
    smwdm.sys SoundMAX Integrated Digital Audio Analog Devices, Inc. 5.12.0001.3515
    sr.sys System Restore Filesystem Filter Driver Microsoft Corporation 5.01.2600.2180
    srv.sys Server driver Microsoft Corporation 5.01.2600.2673
    swenum.sys Plug and Play Software Device Enumerator Microsoft Corporation 5.03.2600.2180
    sysaudio.sys System Audio WDM Filter Microsoft Corporation 5.01.2600.2180
    tcpip.sys TCP/IP Protocol Driver Microsoft Corporation 5.01.2600.2827
    TDI.SYS TDI Wrapper Microsoft Corporation 5.01.2600.2180
    termdd.sys Terminal Server Driver Microsoft Corporation 5.01.2600.2180
    TSDDD.dll Framebuffer Display Driver Microsoft Corporation 5.01.2600.2180
    UdfReadr_xp.SYS CD-UDF NT Filesystem Reader Driver Roxio 5.02.0000.0091
    update.sys Update Driver Microsoft Corporation 5.01.2600.2180
    USBD.SYS Universal Serial Bus Driver Microsoft Corporation 5.01.2600.0000
    usbehci.sys EHCI eUSB Miniport Driver Microsoft Corporation 5.01.2600.2180
    usbhub.sys Default Hub Driver for USB Microsoft Corporation 5.01.2600.2180
    USBPORT.SYS USB 1.1 & 2.0 Port Driver Microsoft Corporation 5.01.2600.2180
    usbuhci.sys UHCI USB Miniport Driver Microsoft Corporation 5.01.2600.2180
    vga.sys VGA/Super VGA Video Driver Microsoft Corporation 5.01.2600.2180
    VIDEOPRT.SYS Video Port Driver Microsoft Corporation 5.01.2600.2180
    VolSnap.sys Volume Shadow Copy Driver Microsoft Corporation 5.01.2600.2180
    wanarp.sys MS Remote Access and Routing ARP Driver Microsoft Corporation 5.01.2600.2180
    watchdog.sys Watchdog Driver Microsoft Corporation 5.01.2600.2180
    wdmaud.sys MMSYSTEM Wave/Midi API mapper Microsoft Corporation 5.01.2600.2180
    win32k.sys Multi-User Win32 Driver Microsoft Corporation 5.01.2600.2770
    WMILIB.SYS WMILIB WMI support library Dll Microsoft Corporation 5.01.2600.0000
    ws2ifsl.sys Winsock2 IFS Layer Microsoft Corporation 5.01.2600.0000
     
  17. tapiiri

    tapiiri Regular member

    Joined:
    Jun 11, 2005
    Messages:
    1,142
    Likes Received:
    0
    Trophy Points:
    46
    Hi jerrold3

    I found 2 propaply bad .Exe file

    But this file is't what I want

    We find those bad *.dll files and the bustard can be destroyed
     
  18. jerrold3

    jerrold3 Member

    Joined:
    Apr 29, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    This should hopefully be correct. My apologies as I'd never used that program before.


    Process PID CPU Description Company Name
    System Idle Process 0 82.61
    Interrupts n/a Hardware Interrupts
    DPCs n/a 1.45 Deferred Procedure Calls
    System 4
    smss.exe 596 Windows NT Session Manager Microsoft Corporation
    csrss.exe 644 1.45 Client Server Runtime Process Microsoft Corporation
    winlogon.exe 668 Windows NT Logon Application Microsoft Corporation
    services.exe 712 Services and Controller app Microsoft Corporation
    svchost.exe 876 Generic Host Process for Win32 Services Microsoft Corporation
    svchost.exe 952 Generic Host Process for Win32 Services Microsoft Corporation
    svchost.exe 1044 Generic Host Process for Win32 Services Microsoft Corporation
    svchost.exe 1100 Generic Host Process for Win32 Services Microsoft Corporation
    svchost.exe 1204 Generic Host Process for Win32 Services Microsoft Corporation
    spoolsv.exe 1432 Spooler SubSystem App Microsoft Corporation
    cisvc.exe 1788 Content Index service Microsoft Corporation
    CIDAEMON.EXE 3952 Indexing Service filter daemon Microsoft Corporation
    ewidoctrl.exe 1812 ewido control ewido networks
    ewidoguard.exe 1828 guard ewido networks
    Mcdetect.exe 1864 McAfee WSC Integration Service McAfee, Inc
    McTskshd.exe 2016 McAfee Task Scheduler McAfee, Inc
    mcvsrte.exe 252 McAfee VirusScan Real-time Engine Networks Associates Technology, Inc
    nvsvc32.exe 308 NVIDIA Driver Helper Service, Version 52.16 NVIDIA Corporation
    sdhelp.exe 452 PC Tools Research Pty Ltd
    svchost.exe 856 Generic Host Process for Win32 Services Microsoft Corporation
    wdfmgr.exe 1012 Windows User Mode Driver Manager Microsoft Corporation
    McShield.exe 2152 7.25 NT On-Access Scanner service. Network Associates, Inc.
    alg.exe 2624 Application Layer Gateway Service Microsoft Corporation
    iPodService.exe 1532 iPodService Module Apple Computer, Inc.
    lsass.exe 724 LSA Shell (Export Version) Microsoft Corporation
    csrss.exe 3612 Client Server Runtime Process Microsoft Corporation
    winlogon.exe 1320 Windows NT Logon Application Microsoft Corporation
    mcvsftsn.exe 2980 McAfee VirusScan Instant Messenger Scan Module Networks Associates Technology, Inc
    msmsgs.exe 4040 Windows Messenger Microsoft Corporation
    explorer.exe 1676 1.45 Windows Explorer Microsoft Corporation
    DSentry.exe 168 DVDSentry Dell - Advanced Desktop Engineering
    mcvsshld.exe 152 McAfee VirusScan ActiveShield Resource Networks Associates Technology, Inc
    McVSEscn.exe 212 McAfee VirusScan E-mail Scan Module Networks Associates Technology, Inc
    mcagent.exe 204 McAfee SecurityCenter Agent McAfee, Inc
    jusched.exe 236 Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc.
    WkUFind.exe 320 Microsoft® Works Update Detection Microsoft® Corporation
    tgcmd.exe 492 Support.com Scheduler and Command Dispatcher Support.com, Inc.
    moffice.exe 552 MOffice MFC Application
    mouse32a.exe 1232
    qttask.exe 884 QuickTime Task Apple Computer, Inc.
    DSAgnt.exe 1124 Dell Support Gteko Ltd.
    iexplore.exe 3728 Internet Explorer Microsoft Corporation
    iexplore.exe 5172 Internet Explorer Microsoft Corporation
    procexp.exe 5668 5.80 Sysinternals Process Explorer Sysinternals
    atmclk.exe 3880
    explorer.exe 2292 Windows Explorer Microsoft Corporation
    atmclk.exe 3624
    DSentry.exe 1288 DVDSentry Dell - Advanced Desktop Engineering
    mcvsshld.exe 3408 McAfee VirusScan ActiveShield Resource Networks Associates Technology, Inc
    McVSEscn.exe 3000 McAfee VirusScan E-mail Scan Module Networks Associates Technology, Inc
    mcagent.exe 3488 McAfee SecurityCenter Agent McAfee, Inc
    jusched.exe 2700 Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc.
    WkUFind.exe 3712 Microsoft® Works Update Detection Microsoft® Corporation
    tgcmd.exe 2788 Support.com Scheduler and Command Dispatcher Support.com, Inc.
    moffice.exe 2556 MOffice MFC Application
    mouse32a.exe 3704
    qttask.exe 2760 QuickTime Task Apple Computer, Inc.
    DSAgnt.exe 868 Dell Support Gteko Ltd.
    msnmsgr.exe 4008 MSN Messenger Microsoft Corporation
    swdoctor.exe 2116 Spyware Doctor PC Tools Research Pty Ltd
    iexplore.exe 1000 Internet Explorer Microsoft Corporation
    aolsoftware.exe 1620 AOL America Online, Inc.
    aim6.exe 5828 AIM America Online, Inc.

    Process: explorer.exe Pid: 1676

    Name Description Company Name Version
    acgenral.dll Windows Compatibility DLL Microsoft Corporation 5.01.2600.2180
    actxprxy.dll ActiveX Interface Marshaling Library Microsoft Corporation 6.00.2900.2180
    advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180
    apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.2180
    atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000
    batmeter.dll Battery Meter Helper DLL Microsoft Corporation 6.00.2900.2180
    browselc.dll Shell Browser UI Library Microsoft Corporation 6.00.2900.2180
    browseui.dll Shell Browser UI Library Microsoft Corporation 6.00.2900.2861
    clbcatq.dll Microsoft Corporation 2001.12.4414.0308
    comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2180
    comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.2180
    comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180
    comres.dll Microsoft Corporation 2001.12.4414.0258
    context.dll Context-Menu (Shell Extension) ewido networks 1.00.0000.0001
    credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.2180
    crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180
    cryptnet.dll Crypto Network Related API Microsoft Corporation 5.131.2600.2180
    cryptui.dll Microsoft Trust UI Provider Microsoft Corporation 5.131.2600.2180
    cscdll.dll Offline Network Agent Microsoft Corporation 5.01.2600.2180
    cscui.dll Client Side Caching UI Microsoft Corporation 5.01.2600.2180
    CTYPE.NLS
    davclnt.dll Web DAV Client DLL Microsoft Corporation 5.01.2600.2180
    drprov.dll Microsoft Terminal Server Network Provider Microsoft Corporation 5.01.2600.2180
    duser.dll Windows DirectUser Engine Microsoft Corporation 5.01.2600.2180
    eg.dat 3.06.0000.1003
    explorer.exe Windows Explorer Microsoft Corporation 6.00.2900.2180
    gdi32.dll GDI Client DLL Microsoft Corporation 5.01.2600.2818
    GdiPlus.dll Microsoft GDI+ Microsoft Corporation 5.01.3102.2180
    imagehlp.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.2180
    INDEX.DAT
    index.dat
    INDEX.DAT
    iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2180
    kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.2180
    klg.DAT Spyware Doctor PC Tools 3.06.0000.1039
    lang.dll lang privat 1.00.0000.0001
    linkinfo.dll Windows Volume Tracking Microsoft Corporation 5.01.2600.2751
    locale.nls
    mcvsshl.dll McAfee VirusScan Shell Extension Module Networks Associates Technology, Inc 8.00.0000.0015
    McVSSkt.Dll McAfee VirusScan Winsock Helper DLL Networks Associates Technology, Inc 8.00.0000.0030
    midimap.dll Microsoft MIDI Mapper Microsoft Corporation 5.01.2600.2180
    mlang.dll Multi Language Support DLL Microsoft Corporation 6.00.2900.2180
    mouDL32A.dll WIN32 Mouse Dynamic Link Library 3.00.0002.0000
    mpr.dll Multiple Provider Router DLL Microsoft Corporation 5.01.2600.2180
    msacm32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.01.2600.2180
    MSACM32.DRV Microsoft Sound Mapper Microsoft Corporation 5.01.2600.0000
    msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180
    msgina.dll Windows NT Logon GINA DLL Microsoft Corporation 5.01.2600.2180
    msi.dll Windows Installer Microsoft Corporation 3.01.4000.2435
    msimg32.dll GDIEXT Client DLL Microsoft Corporation 5.01.2600.2180
    msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation 5.01.2600.2180
    msvcp71.dll Microsoft® C++ Runtime Library Microsoft Corporation 7.10.4301.0000
    msvcr71.dll Microsoft® C Runtime Library Microsoft Corporation 7.10.6014.0004
    msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180
    netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2180
    netrap.dll Net Remote Admin Protocol DLL Microsoft Corporation 5.01.2600.2180
    netshell.dll Network Connections Shell Microsoft Corporation 5.01.2600.2180
    netui0.dll NT LM UI Common Code - GUI Classes Microsoft Corporation 5.01.2600.2180
    netui1.dll NT LM UI Common Code - Networking classes Microsoft Corporation 5.01.2600.2180
    ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180
    ntlanman.dll Microsoft® Lan Manager Microsoft Corporation 5.01.2600.2180
    ntshrui.dll Shell extensions for sharing Microsoft Corporation 5.01.2600.2180
    odbc32.dll Microsoft Data Access - ODBC Driver Manager Microsoft Corporation 3.525.1117.0000
    odbcint.dll Microsoft Data Access - ODBC Resources Microsoft Corporation 3.525.1117.0000
    ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726
    oleaut32.dll Microsoft Corporation 5.01.2600.2180
    op_shell.dll Outpost Shell Handler Agnitum Ltd. 3.51.0748.6419
    powrprof.dll Power Profile Helper DLL Microsoft Corporation 6.00.2900.2180
    rasapi32.dll Remote Access API Microsoft Corporation 5.01.2600.2180
    rasman.dll Remote Access Connection Manager Microsoft Corporation 5.01.2600.2180
    rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.2180
    rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.2161
    rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180
    samlib.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180
    sdchook.dll sdchook Support.com, Inc. 5.05.0623.0000
    sdcidle.dll Idle DLL SupportSoft 1.00.0000.0004
    secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180
    sensapi.dll SENS Connectivity API DLL Microsoft Corporation 5.01.2600.2180
    SERWVDRV.DLL Unimodem Serial Wave driver Microsoft Corporation 5.01.2600.0000
    setupapi.dll Windows Setup API Microsoft Corporation 5.01.2600.2180
    sfc_os.dll Windows File Protection Microsoft Corporation 5.01.2600.2180
    shdoclc.dll Shell Doc Object and Control Library Microsoft Corporation 6.00.2900.2180
    shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation 6.00.2900.2877
    shell32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.2869
    shellextension.dll Microsoft AntiSpyware Shell Extension Microsoft Corporation 1.00.0701.0010
    shellhook.dll 1.00.0000.0001
    shellstyle.dll Windows Shell Style Resource Dll Microsoft Corporation 5.01.2600.0000
    shimeng.dll Shim Engine DLL Microsoft Corporation 5.01.2600.2180
    shimgvw.dll Windows Picture and Fax Viewer Microsoft Corporation 6.00.2900.2180
    shlres.dll McAfee VirusScan Shell Extension Resource Networks Associates Technology, Inc 8.00.0000.0012
    shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.2861
    SORTKEY.NLS
    sorttbls.nls
    stobject.dll Systray shell service object Microsoft Corporation 5.01.2600.2180
    swpg.DAT Spyware Doctor PC Tools 3.06.0000.1069
    sxs.dll Fusion 2.5 Microsoft Corporation 5.01.2600.2180
    tapi32.dll Microsoft® Windows(TM) Telephony API Client DLL Microsoft Corporation 5.01.2600.2180
    themeui.dll Windows Theme API Microsoft Corporation 6.00.2900.2180
    UMDMXFRM.DLL Unimodem Tranform Module Microsoft Corporation 5.01.2600.0000
    UNICODE.NLS
    urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 6.00.2900.2870
    user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.2622
    userenv.dll Userenv Microsoft Corporation 5.01.2600.2180
    uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180
    version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180
    wdmaud.drv WDM Audio driver mapper Microsoft Corporation 5.01.2600.2180
    webcheck.dll Web Site Monitor Microsoft Corporation 6.00.2900.2180
    winhttp.dll Windows HTTP Services Microsoft Corporation 5.01.2600.2180
    wininet.dll Internet Extensions for Win32 Microsoft Corporation 6.00.2900.2861
    winmm.dll MCI API DLL Microsoft Corporation 5.01.2600.2180
    winsta.dll Winstation Library Microsoft Corporation 5.01.2600.2180
    wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.2180
    wldap32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180
    ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180
    ws2help.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180
    wsock32.dll Windows Socket 32-Bit DLL Microsoft Corporation 5.01.2600.2180
    wtsapi32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.01.2600.2180
    wuapi.dll Windows Update Client API Microsoft Corporation 5.08.0000.2469
    xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180
    zipfldr.dll Compressed (zipped) Folders Microsoft Corporation 6.00.2900.2180

     
    Last edited: May 1, 2006
  19. tapiiri

    tapiiri Regular member

    Joined:
    Jun 11, 2005
    Messages:
    1,142
    Likes Received:
    0
    Trophy Points:
    46
    Hi, jerrold3,

    Run Killbox.

    Choise

    * Delete on Reboot
    * Click All Files option.


    # Copy and paste follow lines to clipboard:

    C:\WINDOWS\System32\atmclk.exe
    C:\WINDOWS\System32\dcomcfg.exe
    C:\WINDOWS\System32\ot.ico
    C:\WINDOWS\System32\simpole.tlb
    C:\WINDOWS\System32\stdole3.tlb
    C:\WINDOWS\System32\ts.ico


    # return to Killbox, go to File , and choise Paste from Clipboard.

    # Clicka red-white Delete File . Click Yes "Delete on Reboot"
    Click OK every question PendingFileRenameOperations asks and let me know if those exist.

    Your computer should restart now. If not boot yourselves.


    Send fresh hijackthis log and tell does that help.
     
  20. jerrold3

    jerrold3 Member

    Joined:
    Apr 29, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    Fresh Hijack This Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:34:44 AM, on 5/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\DSentry.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Labtec\Mouse\2.1\moffice.exe
    C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0241FF11-A7E1-5092-8456-3DFA7F6DE6FE} - http://85.255.113.214/1/gdnUS2218.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.suscc.cc.al.us/CFIDE/classes/CFJava.cab
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1BC8AD41-2234-140B-9B49-00434FC5AE62} - http://85.255.113.214/1/gdnUS2218.exe
    O16 - DPF: {21B4D129-A414-574D-8FDB-462B13594027} - http://85.255.113.214/1/gdnUS2218.exe
    O16 - DPF: {32292AFB-AE93-3F4F-65F1-70C7361F3012} - http://85.255.113.214/1/gdnUS2218.exe
    O16 - DPF: {343E3F35-089D-1793-101F-5BC76A2AB35B} - http://85.255.113.214/1/gdnUS2218.exe
    O16 - DPF: {3F9ED016-F987-16FD-6B43-5A41462CA94A} - http://85.255.113.214/1/gdnUS2218.exe
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {4E3E5CF1-C65E-71DF-B1C1-3CD80BA9AD87} - http://85.255.113.214/1/gdnUS2218.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6B1A7B84-AC29-7F07-BFB5-04A51504A476} - http://85.255.113.214/1/gdnUS2218.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144947407062
    O16 - DPF: {7A49177F-6001-1A9E-8489-05461284E76B} - http://85.255.113.214/1/gdnUS2218.exe
    O16 - DPF: {7FC27242-2F87-2C8F-51DE-42627A3F38AF} - http://85.255.113.214/1/gdnUS2218.exe
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

     

Share This Page