enoughalready

Members
  • Content Count

    7
  • Joined

  • Last visited

Community Reputation

0 Neutral

About enoughalready

  • Rank
    Newbie
  1. Looking good! I can't thank you enough for all your help!
  2. Sorry, just want to make sure...should I be running this DelDomains.inf again? Thanks!
  3. Here's the latest HJT log. One added bonus of all this is that I finally got rid of a harmless (I think) but annoying blue screen that popped up everytime I booted up. I also lost my XP wallpaper, but I can get that back easy enough! Thanks so much Logfile of HijackThis v1.99.1 Scan saved at 8:43:01 PM, on 6/11/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe c:\program files\mcafee.com\agent\mcagent.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\RegSrvc.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\System32\1XConfig.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\WordPerfect Office 11\Programs\wpwin11.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - Global Startup: Digital Line Detect.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  4. Hello again and thank you for your continued help! Here are the rapport.txt file and fresh HJT log. Thanks again! SmitFraudFix v2.58 Scan done at 11:45:51.38, Sun 06/11/2006 Run from C:\Documents and Settings\Gret\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\bg.gif Deleted C:\WINDOWS\BTGrab.dll Deleted C:\WINDOWS\close-bar.gif Deleted C:\WINDOWS\dlmax.dll Deleted C:\WINDOWS\infected.gif Deleted C:\WINDOWS\Pynix.dll Deleted C:\WINDOWS\star.gif Deleted C:\WINDOWS\warning-bar-ico.gif Deleted C:\WINDOWS\system32\jao.dll Deleted C:\WINDOWS\system32\questmod.dll Deleted C:\WINDOWS\system32\runsrv32.dll Deleted C:\WINDOWS\system32\tcpservice2.exe Deleted C:\WINDOWS\system32\txfdb32.dll Deleted C:\WINDOWS\system32\udpmod.dll Deleted C:\WINDOWS\system32\wstart.dll Deleted »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Logfile of HijackThis v1.99.1 Scan saved at 11:53:45 AM, on 6/11/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\RegSrvc.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\System32\1XConfig.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe C:\WINDOWS\System32\wuauclt.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - Global Startup: Digital Line Detect.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O15 - Trusted Zone: http://*.public.windupdates.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  5. OK. I took care of all this stuff. Only problem was that after running BruteForce Uninstaller, I realized that the "Save log" box wasn't checked, so I didn't have anything to save. I checked it and ran it again. Hopefully that's not a problem. Logs are below. Thanks so much for your help! 1. BFU Log BFU v1.00.9 Windows XP SP1 (WinNT 5.01.2600 SP1) Script started at 4:21:52 PM, on 6/10/2006 Option Unload Explorer: Yes Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found) Failed: ServiceStop Network Monitor (service not found) Failed: ServiceStop cmdService (service not found) Failed: ServiceDisable Network Monitor (service not found) Failed: ServiceDisable cmdService (service not found) Failed: ServiceDelete Network Monitor (service not found) Failed: ServiceDelete cmdService (service not found) Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (key not found) Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (key not found) Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|p2pnetwork (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|winlog (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found) Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found) Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2pnetwork (key not found) Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|ms-update (key not found) Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2pnetworking (key not found) Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|virtual-ie (key not found) Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|MS DATABASE (key not found) Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|xp (key not found) Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|winlog (key not found) Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|wmplayer (key not found) Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|tetriz3 (key not found) Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CQ4d6 (key not found) Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|SystemTools (key not found) Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|eventwvr (key not found) Option pause between commands: 300 ms Option pause between commands: 50 ms Failed: FolderDelete C:\Program Files\MsConfigs (folder not found) Failed: FolderDelete C:\Program Files\winupdates (folder not found) Failed: FolderDelete C:\Program Files\winupdate (folder not found) Failed: FolderDelete C:\Program Files\winsupdater (folder not found) Failed: FolderDelete C:\Program Files\MsUpdate (folder not found) Failed: FolderDelete C:\Program Files\MsMovies (folder not found) Failed: FolderDelete C:\Program Files\wmplayer (folder not found) Failed: FolderDelete C:\Program Files\outlook (folder not found) Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed) Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed) Failed: FileDelete C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_3a0.dat (operation failed) Failed: FileDelete C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF6271.tmp (operation failed) Failed: FolderDelete C:\Program Files\Maxifiles (folder not found) Failed: FolderDelete C:\Program Files\DNS (folder not found) Failed: FolderDelete C:\Program Files\EQAdvice (folder not found) Failed: FolderDelete C:\Program Files\FCAdvice (folder not found) Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found) Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found) Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found) Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found) Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found) Failed: FolderDelete C:\Program Files\InetGet2 (folder not found) Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found) Failed: FolderDelete C:\Program Files\Network Monitor (folder not found) Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found) Failed: FolderDelete C:\Program Files\Update06 (folder not found) Failed: FolderDelete C:\Program Files\Update03 (folder not found) Failed: FolderDelete C:\Program Files\Update04 (folder not found) Failed: FolderDelete C:\Program Files\Update08 (folder not found) Failed: FolderDelete C:\Program Files\W-Update (folder not found) Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found) Failed: FolderDelete C:\Program Files\Cas (folder not found) Failed: FolderDelete C:\Program Files\CasStub (folder not found) Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found) Failed: FolderDelete C:\Program Files\ipwins (folder not found) Failed: FolderDelete C:\temp (folder not found) Failed: FolderDelete C:\WINDOWS\mdrive (folder not found) Failed: FolderCreate C:\bintheredunthat (folder already exists) Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found) Script completed. 2. Ewido Scan log --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 4:17:37 PM, 6/10/2006 + Report-Checksum: 5DAA990F + Scan result: HKLM\SOFTWARE\Classes\CLSID\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e52dedbb-d168-4bdb-b229-c48160800e81} -> Hijacker.Generic : Cleaned with backup C:\Documents and Settings\Gret\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Gret\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\Gret\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Gret\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Gret\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\Gret\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Gret\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Gret\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Gret\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Gret\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Gret\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\Gret\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Sidefind : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP29\A0017533.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP29\A0017540.exe -> Not-A-Virus.Hoax.Win32.Renos.dk : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP30\A0017559.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP30\A0017596.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP30\A0017604.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP30\A0017646.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup C:\WINDOWS\SYSTEM32\elyinobo.dma -> Trojan.Agent.qe : Cleaned with backup C:\WINDOWS\SYSTEM32\ipod.raw.exe -> Proxy.Lager.bi : Cleaned with backup C:\WINDOWS\SYSTEM32\qjrkvy.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup C:\WINDOWS\SYSTEM32\rtyduhuo.exe -> Downloader.VB.aan : Cleaned with backup C:\WINDOWS\SYSTEM32\users32.exe -> Not-A-Virus.Hoax.Win32.Renos.dk : Cleaned with backup C:\WINDOWS\SYSTEM32\winflash.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup ::Report End 3. Fresh HJT log (done after items fixed and system running in normal mode) Logfile of HijackThis v1.99.1 Scan saved at 4:58:57 PM, on 6/10/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\RegSrvc.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\1XConfig.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Notepad\NOTEPAD.EXE C:\Program Files\Notepad\NOTEPAD.EXE C:\Program Files\HijackThis\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKCU\..\Run: [wccapp] c:\windows\winhelp.exe O4 - HKCU\..\Run: [serwvdrv] C:\WINDOWS\System32\serwvdrv.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [d3d8] C:\WINDOWS\System32\d3d8.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe O4 - Global Startup: Digital Line Detect.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O15 - Trusted Zone: http://*.public.windupdates.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe END ALL LOGS Bye for now and thanks again!
  6. Ad-Aware SE Build 1.06r1 Logfile Created on:Friday, June 09, 2006 9:02:55 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R111 08.06.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adware.Admess(TAC index:5):6 total references Alexa(TAC index:5):18 total references CoolWebSearch(TAC index:10):2 total references DailyToolbar(TAC index:5):14 total references Other(TAC index:5):1 total references Transponder(TAC index:10):1 total references WinFavorites(TAC index:6):14 total references VX2(TAC index:10):6 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 6-9-2006 9:02:55 PM - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 740 ThreadCreationTime : 6-10-2006 12:07:16 AM BasePriority : Normal #:2 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 816 ThreadCreationTime : 6-10-2006 12:07:21 AM BasePriority : High #:3 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 860 ThreadCreationTime : 6-10-2006 12:07:21 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:4 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 872 ThreadCreationTime : 6-10-2006 12:07:21 AM BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:5 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1044 ThreadCreationTime : 6-10-2006 12:07:22 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1068 ThreadCreationTime : 6-10-2006 12:07:22 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [s24evmon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1104 ThreadCreationTime : 6-10-2006 12:07:22 AM BasePriority : Normal FileVersion : 8, 0, 0, 162 ProductVersion : 8, 0, 0, 162 ProductName : Mobile Unit Support Service CompanyName : Intel Corporation FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters. InternalName : S24EvMon LegalCopyright : Copyright © 2001 - 2003 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions Copyright © MIT OriginalFilename : S24EvMon.exe #:8 [zcfgsvc.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1432 ThreadCreationTime : 6-10-2006 12:07:23 AM BasePriority : Normal FileVersion : 8, 0, 0, 162 ProductVersion : 8, 0, 0, 162 ProductName : ZeroCfgSvc Application CompanyName : Intel Corporation FileDescription : ZeroCfgSvc MFC Application InternalName : ZeroCfgSvc LegalCopyright : Copyright © 2002 - 2003 Intel Corporation OriginalFilename : ZeroCfgSvc.EXE #:9 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1544 ThreadCreationTime : 6-10-2006 12:07:24 AM BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:10 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1816 ThreadCreationTime : 6-10-2006 12:07:24 AM BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:11 [mcdetect.exe] FilePath : c:\program files\mcafee.com\agent\ ProcessID : 1944 ThreadCreationTime : 6-10-2006 12:07:24 AM BasePriority : Normal FileVersion : 6, 0, 0, 19 ProductVersion : 6, 0, 0, 0 ProductName : McAfee SecurityCenter CompanyName : McAfee, Inc FileDescription : McAfee WSC Integration Service InternalName : McDetect LegalCopyright : Copyright © 2005 McAfee, Inc. OriginalFilename : McDetect.exe Comments : McAfee WSC Integration Service #:12 [mcshield.exe] FilePath : c:\PROGRA~1\mcafee.com\vso\ ProcessID : 1964 ThreadCreationTime : 6-10-2006 12:07:24 AM BasePriority : High #:13 [mctskshd.exe] FilePath : c:\PROGRA~1\mcafee.com\agent\ ProcessID : 1992 ThreadCreationTime : 6-10-2006 12:07:24 AM BasePriority : Normal FileVersion : 6, 0, 0, 13 ProductVersion : 6, 0, 0, 0 ProductName : McAfee SecurityCenter CompanyName : McAfee, Inc FileDescription : McAfee Task Scheduler InternalName : McTskshd LegalCopyright : Copyright © 2005 McAfee, Inc. OriginalFilename : McTskshd.exe #:14 [oasclnt.exe] FilePath : c:\PROGRA~1\mcafee.com\vso\ ProcessID : 2032 ThreadCreationTime : 6-10-2006 12:07:25 AM BasePriority : Normal FileVersion : 10, 0, 0, 24 ProductVersion : 10, 0, 0, 0 ProductName : McAfee VirusScan CompanyName : McAfee, Inc. FileDescription : McAfee VirusScan OAS Client InternalName : OasClnt LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved. OriginalFilename : OasClnt.exe Comments : McAfee VirusScan OAS Client #:15 [mcvsshld.exe] FilePath : c:\program files\mcafee.com\vso\ ProcessID : 344 ThreadCreationTime : 6-10-2006 12:07:27 AM BasePriority : Normal FileVersion : 10, 0, 0, 22 ProductVersion : 10, 0, 0, 0 ProductName : McAfee VirusScan CompanyName : McAfee, Inc. FileDescription : McAfee VirusScan ActiveShield Resource InternalName : McVsShld LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved. OriginalFilename : McVsShld.exe Comments : McAfee VirusScan ActiveShield Resource #:16 [mcvsescn.exe] FilePath : c:\progra~1\mcafee.com\vso\ ProcessID : 404 ThreadCreationTime : 6-10-2006 12:07:27 AM BasePriority : Normal FileVersion : 10, 0, 0, 20 ProductVersion : 10, 0, 0, 0 ProductName : McAfee VirusScan CompanyName : McAfee, Inc. FileDescription : McAfee VirusScan E-mail Scan Module InternalName : mcvsescn LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved. OriginalFilename : mcvsescn.EXE Comments : McAfee VirusScan E-mail Scan Module #:17 [jusched.exe] FilePath : C:\Program Files\Java\j2re1.4.2_03\bin\ ProcessID : 520 ThreadCreationTime : 6-10-2006 12:07:29 AM BasePriority : Normal #:18 [pcmservice.exe] FilePath : C:\Program Files\Dell\Media Experience\ ProcessID : 540 ThreadCreationTime : 6-10-2006 12:07:29 AM BasePriority : Normal FileVersion : 1.0.1212 ProductVersion : 1.0.1212 ProductName : PCM2Launcher Application CompanyName : CyberLink Corp. FileDescription : PowerCinema Resident Program for Dell InternalName : PowerCinema Resident Program for Dell LegalCopyright : Copyright c 2003 CyberLink Corp. OriginalFilename : PCM2Launcher.EXE #:19 [dsentry.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 652 ThreadCreationTime : 6-10-2006 12:07:31 AM BasePriority : Normal FileVersion : 1, 0, 5, 0 ProductVersion : 1, 0, 5, 0 ProductName : Dell - DVDSentry CompanyName : Dell - Advanced Desktop Engineering FileDescription : DVDSentry InternalName : DVDSentry LegalCopyright : Copyright © 2002 Dell OriginalFilename : DSentry.exe Comments : DVDSentry launches your software DVD player when a DVD is inserted. #:20 [tfswctrl.exe] FilePath : C:\WINDOWS\system32\dla\ ProcessID : 660 ThreadCreationTime : 6-10-2006 12:07:31 AM BasePriority : Normal FileVersion : 1.04.05b CompanyName : Sonic Solutions FileDescription : Drive Letter Access Component LegalCopyright : Copyright © 2003 Sonic Solutions #:21 [quickset.exe] FilePath : C:\Program Files\Dell\QuickSet\ ProcessID : 676 ThreadCreationTime : 6-10-2006 12:07:31 AM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : QuickSet Application FileDescription : QuickSet MFC Application InternalName : direct LegalCopyright : Copyright © 2001 OriginalFilename : direct.EXE #:22 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 696 ThreadCreationTime : 6-10-2006 12:07:31 AM BasePriority : Normal FileVersion : 6.14.10.4586 ProductVersion : 6.14.10.4586 ProductName : NVIDIA Driver Helper Service, Version 45.86 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 45.86 InternalName : NVSVC LegalCopyright : © NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:23 [apoint.exe] FilePath : C:\Program Files\Apoint\ ProcessID : 400 ThreadCreationTime : 6-10-2006 12:07:32 AM BasePriority : Normal FileVersion : 5.4.101.118 ProductVersion : 5.4.101.118 ProductName : Alps Pointing-device Driver CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver InternalName : Alps Pointing-device Driver LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd. OriginalFilename : Apoint.exe #:24 [ntvdm.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 784 ThreadCreationTime : 6-10-2006 12:07:32 AM BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : NTVDM.EXE InternalName : NTVDM.EXE LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : NTVDM.EXE #:25 [regsrvc.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1092 ThreadCreationTime : 6-10-2006 12:07:33 AM BasePriority : Normal FileVersion : 8, 0, 0, 162 ProductVersion : 8, 0, 0, 162 ProductName : RegSrvc Module CompanyName : Intel Corporation FileDescription : RegSrvc Module InternalName : RegSrvc LegalCopyright : Copyright © 2002 - 2003 Intel Corporation OriginalFilename : RegSrvc.EXE #:26 [wanmpsvc.exe] FilePath : C:\WINDOWS\ ProcessID : 1208 ThreadCreationTime : 6-10-2006 12:07:33 AM BasePriority : Normal FileVersion : 7, 0, 0, 2 ProductVersion : 7, 0, 0, 2 ProductName : America Online CompanyName : America Online, Inc. FileDescription : Wan Miniport (ATW) Service InternalName : WanMPSvc LegalCopyright : Copyright © 2001 America Online, Inc. OriginalFilename : WanMPSvc.exe #:27 [dsagnt.exe] FilePath : C:\Program Files\Dell Support\ ProcessID : 1280 ThreadCreationTime : 6-10-2006 12:07:34 AM BasePriority : Below Normal FileVersion : 1, 1, 0, 73 ProductVersion : 1, 1, 0, 73 ProductName : Dell Support CompanyName : Gteko Ltd. FileDescription : Dell Support InternalName : AUAgent LegalCopyright : Copyright © 2000 - 2004 Gteko Ltd. OriginalFilename : AUAgent.exe #:28 [mnyexpr.exe] FilePath : C:\Program Files\Microsoft Money\System\ ProcessID : 1500 ThreadCreationTime : 6-10-2006 12:07:35 AM BasePriority : Normal FileVersion : 12.00.0613 ProductVersion : 12.00.0613 ProductName : Microsoft® MSN Money Deluxe CompanyName : Microsoft Corp. FileDescription : Microsoft Money Express InternalName : mnyexpr LegalCopyright : Copyright © Microsoft Corporation OriginalFilename : mnyexpr.exe #:29 [mcagent.exe] FilePath : c:\program files\mcafee.com\agent\ ProcessID : 1620 ThreadCreationTime : 6-10-2006 12:07:37 AM BasePriority : Normal FileVersion : 6, 0, 0, 16 ProductVersion : 6, 0, 0, 0 ProductName : McAfee SecurityCenter CompanyName : McAfee, Inc FileDescription : McAfee SecurityCenter Agent InternalName : mcagent LegalCopyright : Copyright © 2005 McAfee, Inc. OriginalFilename : mcagent.exe #:30 [dlg.exe] FilePath : C:\Program Files\Digital Line Detect\ ProcessID : 1636 ThreadCreationTime : 6-10-2006 12:07:38 AM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : BVRP Software TestLine CompanyName : BVRP Software FileDescription : Digital Line Detection InternalName : TestLine LegalCopyright : Copyright © 2003 OriginalFilename : TestLine.exe #:31 [apntex.exe] FilePath : C:\Program Files\Apoint\ ProcessID : 1696 ThreadCreationTime : 6-10-2006 12:07:38 AM BasePriority : Normal FileVersion : 5.0.1.15 ProductVersion : 5.0.1.15 ProductName : Alps Pointing-device Driver for Windows NT/2000/XP CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP InternalName : Alps Pointing-device Driver for Windows NT/2000/XP LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd. OriginalFilename : ApntEx.exe #:32 [1xconfig.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 552 ThreadCreationTime : 6-10-2006 12:07:40 AM BasePriority : Normal FileVersion : 8, 0, 0, 162 ProductVersion : 8, 0, 0, 162 ProductName : 8021XConfig Module CompanyName : Intel FileDescription : 8021XConfig Module InternalName : 8021XConfig LegalCopyright : Copyright 2003 OriginalFilename : 1XConfig.EXE Comments : Wrapper for MH. (Service COM) #:33 [wuauclt.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3180 ThreadCreationTime : 6-10-2006 12:08:41 AM BasePriority : Normal FileVersion : 5.8.0.2469 built by: lab01_n(wmbla) ProductVersion : 5.8.0.2469 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:34 [firefox.exe] FilePath : C:\Program Files\Mozilla Firefox\ ProcessID : 3840 ThreadCreationTime : 6-10-2006 12:08:58 AM BasePriority : Normal #:35 [regedit.exe] FilePath : C:\WINDOWS\ ProcessID : 3576 ThreadCreationTime : 6-10-2006 12:15:11 AM BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Registry Editor InternalName : REGEDIT LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : REGEDIT.EXE #:36 [users32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 4068 ThreadCreationTime : 6-10-2006 12:16:42 AM BasePriority : Normal FileVersion : 1.00 ProductVersion : 1.00 ProductName : Project1 CompanyName : Trojan Factory InternalName : main OriginalFilename : main.dat #:37 [wpwin11.exe] FilePath : C:\Program Files\WordPerfect Office 11\Programs\ ProcessID : 2752 ThreadCreationTime : 6-10-2006 12:34:04 AM BasePriority : Normal FileVersion : 11.0.0.233 ProductVersion : 11.0.0.233 ProductName : WordPerfect® 11 CompanyName : Corel Corporation Limited FileDescription : WordPerfect® 11 InternalName : WPWIN LegalCopyright : Copyright 2001 - 2003. Corel Corporation. All rights reserved. LegalTrademarks : WordPerfect® 11 OriginalFilename : wpwin11.exe #:38 [hijackthis.exe] FilePath : C:\Program Files\HijackThis\ ProcessID : 2256 ThreadCreationTime : 6-10-2006 12:54:32 AM BasePriority : Normal FileVersion : 1.99.0001 ProductVersion : 1.99.0001 ProductName : HijackThis CompanyName : Soeperman Enterprises Ltd. FileDescription : HijackThis InternalName : HijackThis LegalCopyright : Freeware OriginalFilename : HijackThis.exe Comments : Version history is in Help section #:39 [notepad.exe] FilePath : C:\WINDOWS\ ProcessID : 2316 ThreadCreationTime : 6-10-2006 12:54:35 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Notepad InternalName : Notepad LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : NOTEPAD.EXE #:40 [ad-aware.exe] FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\ ProcessID : 124 ThreadCreationTime : 6-10-2006 1:02:40 AM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adware.Admess Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\{f6bdb4e5-d6aa-4d1f-8b67-bcb0f2246e21} Adware.Admess Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\wstart.dll Adware.Admess Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{9896231a-c487-43a5-8369-6ec9b0a96cc0} Adware.Admess Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : wstart.whttphelper Adware.Admess Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : wstart.whttphelper.1 Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : alxtb.bho Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{f1fabe79-25fc-46de-8c5a-2c6db9d64333} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{0bbb0424-e98e-4405-9a94-481854765c80} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{0f3332b5-bc98-48af-9fac-05fec94ebe73} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{3e60160f-0ed6-4dcc-b6b6-850cde4fd217} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a69107cc-bec8-4a34-b474-211b0f46a764} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b7b84995-8b92-46bf-94aa-fa2f3dd23b84} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{fa77ad79-09cf-41fb-b171-cc856f9e737f} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : popmenu.menu Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : popup.popupkiller Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{547ab549-4dd8-4ea0-b070-f6ea062148ff} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a6a68cbd-6673-41b1-b997-3f83a25b45b0} Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b71c7d9a-da43-4e8b-bb98-1684ac2af324} DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\dailytoolbar.dll DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\{951b3138-ae8e-4676-a05a-250a5f111631} DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{58f9b276-e1cc-458e-8159-21cbc021874b} DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{8333c319-0669-4893-a418-f56d9249fca6} DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : dailytoolbar.ieband DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : dailytoolbar.sysmgr DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : ietoolbar.affiliatectl DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{10195311-e434-47a9-adba-48839e3f7e4e} DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{abafa0b4-f78d-42e5-8c31-1a441d01c1df} WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : bridge.brdg WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1} WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : jao.jao WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27} Adware.Admess Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wsoft Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\alexa internet CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{7b55bb05-0b4d-44fd-81a6-b136188f5deb} DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\dailytoolbar DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\nix solutions\dailytoolbar Transponder Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\transponder WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{9c691a33-7dda-4c2f-be4c-c176083f35cf} WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1} WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\interface\{4fdbdbad-fefe-4c4c-9cc1-1181052afb12} WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\respondmiter VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{ffd2825e-0785-40c5-9a41-518f53a8261f} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-f09c-02b4-6ec2-ad0300000000} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-c1ec-0345-6ec2-4d0300000000} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-59d4-4008-9058-080011001200} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 46 Objects found so far: 46 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8333c319-0669-4893-a418-f56d9249fca6} Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 47 Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 48 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 48 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 0 entries scanned. New critical objects:0 Objects found so far: 48 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\alexa toolbar Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\alexa toolbar Alexa Object Recognized! Type : File Data : alxres.dll TAC Rating : 5 Category : Data Miner Comment : Object : C:\WINDOWS\System32\ DailyToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\nix solutions DailyToolbar Object Recognized! Type : File Data : dailytoolbar.dll TAC Rating : 5 Category : Misc Comment : Object : C:\WINDOWS\System32\ WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{4fdbdbad-fefe-4c4c-9cc1-1181052afb12} WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bridge WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\bridge.brdg WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\jao.jao WinFavorites Object Recognized! Type : File Data : a.exe TAC Rating : 6 Category : Malware Comment : Object : C:\WINDOWS\System32\ WinFavorites Object Recognized! Type : File Data : bridge.dll TAC Rating : 6 Category : Malware Comment : Object : C:\WINDOWS\System32\ CoolWebSearch Object Recognized! Type : RegData Data : about:blank TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Start Page Data : about:blank VX2 Object Recognized! Type : File Data : ZServ.dll TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\ Other Object Recognized! Type : File Data : NLDDKZUA.EXE-08BD186C.pf TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\prefetch\ Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 14 Objects found so far: 62 9:16:04 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:13:08.173 Objects scanned:125678 Objects identified:63 Objects ignored:0 New critical objects:63
  7. evil spyware bastards make me mad helpful community members make me smile any help dealing with this antispywarebox scum much appreciated Logfile of HijackThis v1.99.1 Scan saved at 8:54:34 PM, on 6/9/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\System32\RegSrvc.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe c:\program files\mcafee.com\agent\mcagent.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\System32\1XConfig.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\Regedit.exe C:\WINDOWS\System32\users32.exe C:\Program Files\WordPerfect Office 11\Programs\wpwin11.exe C:\Program Files\HijackThis\HijackThis.exe O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file) O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file) O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file) O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: adobepnl.ADOBE_PANEL - {5E8FA924-DEF0-4E71-8A82-A11CA0C1413B} - C:\WINDOWS\System32\adobepnl.dll O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file) O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file) O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file) O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file) O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file) O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [dwcrnt.exe] dwcrnt.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\System32\runsrv32.exe O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\System32\susp.exe O4 - HKCU\..\Run: [wccapp] c:\windows\winhelp.exe O4 - HKCU\..\Run: [serwvdrv] C:\WINDOWS\System32\serwvdrv.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [d3d8] C:\WINDOWS\System32\d3d8.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe O4 - Global Startup: Digital Line Detect.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O15 - Trusted Zone: http://*.public.windupdates.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3082F763-4A70-43E4-9151-623244CD9B9B}: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CCS\Services\Tcpip\..\{95F90027-B28D-4E23-A721-073E6C0CDCD3}: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CCS\Services\Tcpip\..\{AC71EF8F-F453-4DCF-BE65-6EC2B500E6AC}: NameServer = 69.50.184.84,195.225.176.37 O17 - HKLM\System\CS1\Services\Tcpip\..\{3082F763-4A70-43E4-9151-623244CD9B9B}: NameServer = 69.50.184.84,195.225.176.37 O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing) O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe