Aller au contenu principal

'nother antispywarebox HJT log

Commentaires

8 commentaires

  • Support

    We're getting there, enoughalready!

     

    That 015 item is being stubborn. We'll use the following to fix it for good.

     

    Download: DelDomains.inf

     

    Right-click the following URL and select: Save Target As (IE only) and save to your desktop.

    http://www.mvps.org/winhelp2002/DelDomains.inf

     

    To use: right-click Deldomains.inf and select: Install (no need to restart - there is no on-screen action)

    Note: This will remove all entries in the "Trusted Zone" and "Ranges" also. DelDomains was revised (01-16-05) to include the "Enhanced Security Configuration Zones" as some of these newer infections are targeting the "Enhanced" Zone.

     

    Scan once more with HijackThis and post a fresh log please

    0
  • Customer

    Ad-Aware SE Build 1.06r1

    Logfile Created on:Friday, June 09, 2006 9:02:55 PM

    Created with Ad-Aware SE Personal, free for private use.

    Using definitions file:SE1R111 08.06.2006

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    References detected during the scan:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Adware.Admess(TAC index:5):6 total references

    Alexa(TAC index:5):18 total references

    CoolWebSearch(TAC index:10):2 total references

    DailyToolbar(TAC index:5):14 total references

    Other(TAC index:5):1 total references

    Transponder(TAC index:10):1 total references

    WinFavorites(TAC index:6):14 total references

    VX2(TAC index:10):6 total references

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Ad-Aware SE Settings

    ===========================

    Set : Search for negligible risk entries

    Set : Safe mode (always request confirmation)

    Set : Scan active processes

    Set : Scan registry

    Set : Deep-scan registry

    Set : Scan my IE Favorites for banned URLs

    Set : Scan my Hosts file

     

    Extended Ad-Aware SE Settings

    ===========================

    Set : Unload recognized processes & modules during scan

    Set : Scan registry for all users instead of current user only

    Set : Always try to unload modules before deletion

    Set : During removal, unload Explorer and IE if necessary

    Set : Let Windows remove files in use at next reboot

    Set : Delete quarantined objects after restoring

    Set : Include basic Ad-Aware settings in log file

    Set : Include additional Ad-Aware settings in log file

    Set : Include reference summary in log file

    Set : Include alternate data stream details in log file

    Set : Play sound at scan completion if scan locates critical objects

     

     

    6-9-2006 9:02:55 PM - Scan started. (Full System Scan)

     

    Listing running processes

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    #:1 [smss.exe]

    FilePath : \SystemRoot\System32\

    ProcessID : 740

    ThreadCreationTime : 6-10-2006 12:07:16 AM

    BasePriority : Normal

     

     

    #:2 [winlogon.exe]

    FilePath : \??\C:\WINDOWS\system32\

    ProcessID : 816

    ThreadCreationTime : 6-10-2006 12:07:21 AM

    BasePriority : High

     

     

    #:3 [services.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 860

    ThreadCreationTime : 6-10-2006 12:07:21 AM

    BasePriority : Normal

    FileVersion : 5.1.2600.0 (xpclient.010817-1148)

    ProductVersion : 5.1.2600.0

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Services and Controller app

    InternalName : services.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : services.exe

     

    #:4 [lsass.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 872

    ThreadCreationTime : 6-10-2006 12:07:21 AM

    BasePriority : Normal

    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

    ProductVersion : 5.1.2600.1106

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : LSA Shell (Export Version)

    InternalName : lsass.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : lsass.exe

     

    #:5 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1044

    ThreadCreationTime : 6-10-2006 12:07:22 AM

    BasePriority : Normal

    FileVersion : 5.1.2600.0 (xpclient.010817-1148)

    ProductVersion : 5.1.2600.0

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:6 [svchost.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 1068

    ThreadCreationTime : 6-10-2006 12:07:22 AM

    BasePriority : Normal

    FileVersion : 5.1.2600.0 (xpclient.010817-1148)

    ProductVersion : 5.1.2600.0

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:7 [s24evmon.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 1104

    ThreadCreationTime : 6-10-2006 12:07:22 AM

    BasePriority : Normal

    FileVersion : 8, 0, 0, 162

    ProductVersion : 8, 0, 0, 162

    ProductName : Mobile Unit Support Service

    CompanyName : Intel Corporation

    FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.

    InternalName : S24EvMon

    LegalCopyright : Copyright © 2001 - 2003 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions Copyright © MIT

    OriginalFilename : S24EvMon.exe

     

    #:8 [zcfgsvc.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1432

    ThreadCreationTime : 6-10-2006 12:07:23 AM

    BasePriority : Normal

    FileVersion : 8, 0, 0, 162

    ProductVersion : 8, 0, 0, 162

    ProductName : ZeroCfgSvc Application

    CompanyName : Intel Corporation

    FileDescription : ZeroCfgSvc MFC Application

    InternalName : ZeroCfgSvc

    LegalCopyright : Copyright © 2002 - 2003 Intel Corporation

    OriginalFilename : ZeroCfgSvc.EXE

     

    #:9 [explorer.exe]

    FilePath : C:\WINDOWS\

    ProcessID : 1544

    ThreadCreationTime : 6-10-2006 12:07:24 AM

    BasePriority : Normal

    FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

    ProductVersion : 6.00.2800.1106

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Windows Explorer

    InternalName : explorer

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : EXPLORER.EXE

     

    #:10 [spoolsv.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1816

    ThreadCreationTime : 6-10-2006 12:07:24 AM

    BasePriority : Normal

    FileVersion : 5.1.2600.0 (XPClient.010817-1148)

    ProductVersion : 5.1.2600.0

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Spooler SubSystem App

    InternalName : spoolsv.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : spoolsv.exe

     

    #:11 [mcdetect.exe]

    FilePath : c:\program files\mcafee.com\agent\

    ProcessID : 1944

    ThreadCreationTime : 6-10-2006 12:07:24 AM

    BasePriority : Normal

    FileVersion : 6, 0, 0, 19

    ProductVersion : 6, 0, 0, 0

    ProductName : McAfee SecurityCenter

    CompanyName : McAfee, Inc

    FileDescription : McAfee WSC Integration Service

    InternalName : McDetect

    LegalCopyright : Copyright © 2005 McAfee, Inc.

    OriginalFilename : McDetect.exe

    Comments : McAfee WSC Integration Service

     

    #:12 [mcshield.exe]

    FilePath : c:\PROGRA~1\mcafee.com\vso\

    ProcessID : 1964

    ThreadCreationTime : 6-10-2006 12:07:24 AM

    BasePriority : High

     

     

    #:13 [mctskshd.exe]

    FilePath : c:\PROGRA~1\mcafee.com\agent\

    ProcessID : 1992

    ThreadCreationTime : 6-10-2006 12:07:24 AM

    BasePriority : Normal

    FileVersion : 6, 0, 0, 13

    ProductVersion : 6, 0, 0, 0

    ProductName : McAfee SecurityCenter

    CompanyName : McAfee, Inc

    FileDescription : McAfee Task Scheduler

    InternalName : McTskshd

    LegalCopyright : Copyright © 2005 McAfee, Inc.

    OriginalFilename : McTskshd.exe

     

    #:14 [oasclnt.exe]

    FilePath : c:\PROGRA~1\mcafee.com\vso\

    ProcessID : 2032

    ThreadCreationTime : 6-10-2006 12:07:25 AM

    BasePriority : Normal

    FileVersion : 10, 0, 0, 24

    ProductVersion : 10, 0, 0, 0

    ProductName : McAfee VirusScan

    CompanyName : McAfee, Inc.

    FileDescription : McAfee VirusScan OAS Client

    InternalName : OasClnt

    LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

    OriginalFilename : OasClnt.exe

    Comments : McAfee VirusScan OAS Client

     

    #:15 [mcvsshld.exe]

    FilePath : c:\program files\mcafee.com\vso\

    ProcessID : 344

    ThreadCreationTime : 6-10-2006 12:07:27 AM

    BasePriority : Normal

    FileVersion : 10, 0, 0, 22

    ProductVersion : 10, 0, 0, 0

    ProductName : McAfee VirusScan

    CompanyName : McAfee, Inc.

    FileDescription : McAfee VirusScan ActiveShield Resource

    InternalName : McVsShld

    LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

    OriginalFilename : McVsShld.exe

    Comments : McAfee VirusScan ActiveShield Resource

     

    #:16 [mcvsescn.exe]

    FilePath : c:\progra~1\mcafee.com\vso\

    ProcessID : 404

    ThreadCreationTime : 6-10-2006 12:07:27 AM

    BasePriority : Normal

    FileVersion : 10, 0, 0, 20

    ProductVersion : 10, 0, 0, 0

    ProductName : McAfee VirusScan

    CompanyName : McAfee, Inc.

    FileDescription : McAfee VirusScan E-mail Scan Module

    InternalName : mcvsescn

    LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.

    OriginalFilename : mcvsescn.EXE

    Comments : McAfee VirusScan E-mail Scan Module

     

    #:17 [jusched.exe]

    FilePath : C:\Program Files\Java\j2re1.4.2_03\bin\

    ProcessID : 520

    ThreadCreationTime : 6-10-2006 12:07:29 AM

    BasePriority : Normal

     

     

    #:18 [pcmservice.exe]

    FilePath : C:\Program Files\Dell\Media Experience\

    ProcessID : 540

    ThreadCreationTime : 6-10-2006 12:07:29 AM

    BasePriority : Normal

    FileVersion : 1.0.1212

    ProductVersion : 1.0.1212

    ProductName : PCM2Launcher Application

    CompanyName : CyberLink Corp.

    FileDescription : PowerCinema Resident Program for Dell

    InternalName : PowerCinema Resident Program for Dell

    LegalCopyright : Copyright c 2003 CyberLink Corp.

    OriginalFilename : PCM2Launcher.EXE

     

    #:19 [dsentry.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 652

    ThreadCreationTime : 6-10-2006 12:07:31 AM

    BasePriority : Normal

    FileVersion : 1, 0, 5, 0

    ProductVersion : 1, 0, 5, 0

    ProductName : Dell - DVDSentry

    CompanyName : Dell - Advanced Desktop Engineering

    FileDescription : DVDSentry

    InternalName : DVDSentry

    LegalCopyright : Copyright © 2002 Dell

    OriginalFilename : DSentry.exe

    Comments : DVDSentry launches your software DVD player when a DVD is inserted.

     

    #:20 [tfswctrl.exe]

    FilePath : C:\WINDOWS\system32\dla\

    ProcessID : 660

    ThreadCreationTime : 6-10-2006 12:07:31 AM

    BasePriority : Normal

    FileVersion : 1.04.05b

    CompanyName : Sonic Solutions

    FileDescription : Drive Letter Access Component

    LegalCopyright : Copyright © 2003 Sonic Solutions

     

    #:21 [quickset.exe]

    FilePath : C:\Program Files\Dell\QuickSet\

    ProcessID : 676

    ThreadCreationTime : 6-10-2006 12:07:31 AM

    BasePriority : Normal

    FileVersion : 1, 0, 0, 1

    ProductVersion : 1, 0, 0, 1

    ProductName : QuickSet Application

    FileDescription : QuickSet MFC Application

    InternalName : direct

    LegalCopyright : Copyright © 2001

    OriginalFilename : direct.EXE

     

    #:22 [nvsvc32.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 696

    ThreadCreationTime : 6-10-2006 12:07:31 AM

    BasePriority : Normal

    FileVersion : 6.14.10.4586

    ProductVersion : 6.14.10.4586

    ProductName : NVIDIA Driver Helper Service, Version 45.86

    CompanyName : NVIDIA Corporation

    FileDescription : NVIDIA Driver Helper Service, Version 45.86

    InternalName : NVSVC

    LegalCopyright : © NVIDIA Corporation. All rights reserved.

    OriginalFilename : nvsvc32.exe

     

    #:23 [apoint.exe]

    FilePath : C:\Program Files\Apoint\

    ProcessID : 400

    ThreadCreationTime : 6-10-2006 12:07:32 AM

    BasePriority : Normal

    FileVersion : 5.4.101.118

    ProductVersion : 5.4.101.118

    ProductName : Alps Pointing-device Driver

    CompanyName : Alps Electric Co., Ltd.

    FileDescription : Alps Pointing-device Driver

    InternalName : Alps Pointing-device Driver

    LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd.

    OriginalFilename : Apoint.exe

     

    #:24 [ntvdm.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 784

    ThreadCreationTime : 6-10-2006 12:07:32 AM

    BasePriority : Normal

    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

    ProductVersion : 5.1.2600.1106

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : NTVDM.EXE

    InternalName : NTVDM.EXE

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : NTVDM.EXE

     

    #:25 [regsrvc.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 1092

    ThreadCreationTime : 6-10-2006 12:07:33 AM

    BasePriority : Normal

    FileVersion : 8, 0, 0, 162

    ProductVersion : 8, 0, 0, 162

    ProductName : RegSrvc Module

    CompanyName : Intel Corporation

    FileDescription : RegSrvc Module

    InternalName : RegSrvc

    LegalCopyright : Copyright © 2002 - 2003 Intel Corporation

    OriginalFilename : RegSrvc.EXE

     

    #:26 [wanmpsvc.exe]

    FilePath : C:\WINDOWS\

    ProcessID : 1208

    ThreadCreationTime : 6-10-2006 12:07:33 AM

    BasePriority : Normal

    FileVersion : 7, 0, 0, 2

    ProductVersion : 7, 0, 0, 2

    ProductName : America Online

    CompanyName : America Online, Inc.

    FileDescription : Wan Miniport (ATW) Service

    InternalName : WanMPSvc

    LegalCopyright : Copyright © 2001 America Online, Inc.

    OriginalFilename : WanMPSvc.exe

     

    #:27 [dsagnt.exe]

    FilePath : C:\Program Files\Dell Support\

    ProcessID : 1280

    ThreadCreationTime : 6-10-2006 12:07:34 AM

    BasePriority : Below Normal

    FileVersion : 1, 1, 0, 73

    ProductVersion : 1, 1, 0, 73

    ProductName : Dell Support

    CompanyName : Gteko Ltd.

    FileDescription : Dell Support

    InternalName : AUAgent

    LegalCopyright : Copyright © 2000 - 2004 Gteko Ltd.

    OriginalFilename : AUAgent.exe

     

    #:28 [mnyexpr.exe]

    FilePath : C:\Program Files\Microsoft Money\System\

    ProcessID : 1500

    ThreadCreationTime : 6-10-2006 12:07:35 AM

    BasePriority : Normal

    FileVersion : 12.00.0613

    ProductVersion : 12.00.0613

    ProductName : Microsoft® MSN Money Deluxe

    CompanyName : Microsoft Corp.

    FileDescription : Microsoft Money Express

    InternalName : mnyexpr

    LegalCopyright : Copyright © Microsoft Corporation

    OriginalFilename : mnyexpr.exe

     

    #:29 [mcagent.exe]

    FilePath : c:\program files\mcafee.com\agent\

    ProcessID : 1620

    ThreadCreationTime : 6-10-2006 12:07:37 AM

    BasePriority : Normal

    FileVersion : 6, 0, 0, 16

    ProductVersion : 6, 0, 0, 0

    ProductName : McAfee SecurityCenter

    CompanyName : McAfee, Inc

    FileDescription : McAfee SecurityCenter Agent

    InternalName : mcagent

    LegalCopyright : Copyright © 2005 McAfee, Inc.

    OriginalFilename : mcagent.exe

     

    #:30 [dlg.exe]

    FilePath : C:\Program Files\Digital Line Detect\

    ProcessID : 1636

    ThreadCreationTime : 6-10-2006 12:07:38 AM

    BasePriority : Normal

    FileVersion : 1, 0, 0, 1

    ProductVersion : 1, 0, 0, 1

    ProductName : BVRP Software TestLine

    CompanyName : BVRP Software

    FileDescription : Digital Line Detection

    InternalName : TestLine

    LegalCopyright : Copyright © 2003

    OriginalFilename : TestLine.exe

     

    #:31 [apntex.exe]

    FilePath : C:\Program Files\Apoint\

    ProcessID : 1696

    ThreadCreationTime : 6-10-2006 12:07:38 AM

    BasePriority : Normal

    FileVersion : 5.0.1.15

    ProductVersion : 5.0.1.15

    ProductName : Alps Pointing-device Driver for Windows NT/2000/XP

    CompanyName : Alps Electric Co., Ltd.

    FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP

    InternalName : Alps Pointing-device Driver for Windows NT/2000/XP

    LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd.

    OriginalFilename : ApntEx.exe

     

    #:32 [1xconfig.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 552

    ThreadCreationTime : 6-10-2006 12:07:40 AM

    BasePriority : Normal

    FileVersion : 8, 0, 0, 162

    ProductVersion : 8, 0, 0, 162

    ProductName : 8021XConfig Module

    CompanyName : Intel

    FileDescription : 8021XConfig Module

    InternalName : 8021XConfig

    LegalCopyright : Copyright 2003

    OriginalFilename : 1XConfig.EXE

    Comments : Wrapper for MH. (Service COM)

     

    #:33 [wuauclt.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 3180

    ThreadCreationTime : 6-10-2006 12:08:41 AM

    BasePriority : Normal

    FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)

    ProductVersion : 5.8.0.2469

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Automatic Updates

    InternalName : wuauclt.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : wuauclt.exe

     

    #:34 [firefox.exe]

    FilePath : C:\Program Files\Mozilla Firefox\

    ProcessID : 3840

    ThreadCreationTime : 6-10-2006 12:08:58 AM

    BasePriority : Normal

     

     

    #:35 [regedit.exe]

    FilePath : C:\WINDOWS\

    ProcessID : 3576

    ThreadCreationTime : 6-10-2006 12:15:11 AM

    BasePriority : Normal

    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

    ProductVersion : 5.1.2600.1106

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Registry Editor

    InternalName : REGEDIT

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : REGEDIT.EXE

     

    #:36 [users32.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 4068

    ThreadCreationTime : 6-10-2006 12:16:42 AM

    BasePriority : Normal

    FileVersion : 1.00

    ProductVersion : 1.00

    ProductName : Project1

    CompanyName : Trojan Factory

    InternalName : main

    OriginalFilename : main.dat

     

    #:37 [wpwin11.exe]

    FilePath : C:\Program Files\WordPerfect Office 11\Programs\

    ProcessID : 2752

    ThreadCreationTime : 6-10-2006 12:34:04 AM

    BasePriority : Normal

    FileVersion : 11.0.0.233

    ProductVersion : 11.0.0.233

    ProductName : WordPerfect® 11

    CompanyName : Corel Corporation Limited

    FileDescription : WordPerfect® 11

    InternalName : WPWIN

    LegalCopyright : Copyright 2001 - 2003. Corel Corporation. All rights reserved.

    LegalTrademarks : WordPerfect® 11

    OriginalFilename : wpwin11.exe

     

    #:38 [hijackthis.exe]

    FilePath : C:\Program Files\HijackThis\

    ProcessID : 2256

    ThreadCreationTime : 6-10-2006 12:54:32 AM

    BasePriority : Normal

    FileVersion : 1.99.0001

    ProductVersion : 1.99.0001

    ProductName : HijackThis

    CompanyName : Soeperman Enterprises Ltd.

    FileDescription : HijackThis

    InternalName : HijackThis

    LegalCopyright : Freeware

    OriginalFilename : HijackThis.exe

    Comments : Version history is in Help section

     

    #:39 [notepad.exe]

    FilePath : C:\WINDOWS\

    ProcessID : 2316

    ThreadCreationTime : 6-10-2006 12:54:35 AM

    BasePriority : Normal

    FileVersion : 5.1.2600.0 (xpclient.010817-1148)

    ProductVersion : 5.1.2600.0

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Notepad

    InternalName : Notepad

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : NOTEPAD.EXE

     

    #:40 [ad-aware.exe]

    FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\

    ProcessID : 124

    ThreadCreationTime : 6-10-2006 1:02:40 AM

    BasePriority : Normal

    FileVersion : 6.2.0.236

    ProductVersion : SE 106

    ProductName : Lavasoft Ad-Aware SE

    CompanyName : Lavasoft Sweden

    FileDescription : Ad-Aware SE Core application

    InternalName : Ad-Aware.exe

    LegalCopyright : Copyright © Lavasoft AB Sweden

    OriginalFilename : Ad-Aware.exe

    Comments : All Rights Reserved

     

    Memory scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 0

     

     

    Started registry scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Adware.Admess Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : appid\{f6bdb4e5-d6aa-4d1f-8b67-bcb0f2246e21}

     

    Adware.Admess Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : appid\wstart.dll

     

    Adware.Admess Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : clsid\{9896231a-c487-43a5-8369-6ec9b0a96cc0}

     

    Adware.Admess Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : wstart.whttphelper

     

    Adware.Admess Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : wstart.whttphelper.1

     

    Alexa Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : alxtb.bho

     

    Alexa Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : clsid\{f1fabe79-25fc-46de-8c5a-2c6db9d64333}

     

    Alexa Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : interface\{0bbb0424-e98e-4405-9a94-481854765c80}

     

    Alexa Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : interface\{0f3332b5-bc98-48af-9fac-05fec94ebe73}

     

    Alexa Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : interface\{3e60160f-0ed6-4dcc-b6b6-850cde4fd217}

     

    Alexa Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : interface\{a69107cc-bec8-4a34-b474-211b0f46a764}

     

    Alexa Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : interface\{b7b84995-8b92-46bf-94aa-fa2f3dd23b84}

     

    Alexa Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : interface\{fa77ad79-09cf-41fb-b171-cc856f9e737f}

     

    Alexa Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : popmenu.menu

     

    Alexa Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : popup.popupkiller

     

    Alexa Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : typelib\{547ab549-4dd8-4ea0-b070-f6ea062148ff}

     

    Alexa Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : interface\{a6a68cbd-6673-41b1-b997-3f83a25b45b0}

     

    Alexa Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : interface\{b71c7d9a-da43-4e8b-bb98-1684ac2af324}

     

    DailyToolbar Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Misc

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : appid\dailytoolbar.dll

     

    DailyToolbar Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Misc

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : appid\{951b3138-ae8e-4676-a05a-250a5f111631}

     

    DailyToolbar Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Misc

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : clsid\{58f9b276-e1cc-458e-8159-21cbc021874b}

     

    DailyToolbar Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Misc

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : clsid\{8333c319-0669-4893-a418-f56d9249fca6}

     

    DailyToolbar Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Misc

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : dailytoolbar.ieband

     

    DailyToolbar Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Misc

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : dailytoolbar.sysmgr

     

    DailyToolbar Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Misc

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : ietoolbar.affiliatectl

     

    DailyToolbar Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Misc

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : interface\{10195311-e434-47a9-adba-48839e3f7e4e}

     

    DailyToolbar Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Misc

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : interface\{abafa0b4-f78d-42e5-8c31-1a441d01c1df}

     

    WinFavorites Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 6

    Category : Malware

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : bridge.brdg

     

    WinFavorites Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 6

    Category : Malware

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}

     

    WinFavorites Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 6

    Category : Malware

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : jao.jao

     

    WinFavorites Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 6

    Category : Malware

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27}

     

    Adware.Admess Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\wsoft

     

    Alexa Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\alexa internet

     

    CoolWebSearch Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 10

    Category : Malware

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{7b55bb05-0b4d-44fd-81a6-b136188f5deb}

     

    DailyToolbar Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Misc

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\dailytoolbar

     

    DailyToolbar Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Misc

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\nix solutions\dailytoolbar

     

    Transponder Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 10

    Category : Data Miner

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\transponder

     

    WinFavorites Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 6

    Category : Malware

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{9c691a33-7dda-4c2f-be4c-c176083f35cf}

     

    WinFavorites Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 6

    Category : Malware

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\classes\clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}

     

    WinFavorites Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 6

    Category : Malware

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\classes\interface\{4fdbdbad-fefe-4c4c-9cc1-1181052afb12}

     

    WinFavorites Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 6

    Category : Malware

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\classes\typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27}

     

    VX2 Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 10

    Category : Malware

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\respondmiter

     

    VX2 Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 10

    Category : Malware

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{ffd2825e-0785-40c5-9a41-518f53a8261f}

     

    VX2 Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 10

    Category : Malware

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-f09c-02b4-6ec2-ad0300000000}

     

    VX2 Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 10

    Category : Malware

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-c1ec-0345-6ec2-4d0300000000}

     

    VX2 Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 10

    Category : Malware

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-59d4-4008-9058-080011001200}

     

    Registry Scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 46

    Objects found so far: 46

     

     

    Started deep registry scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    DailyToolbar Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Misc

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8333c319-0669-4893-a418-f56d9249fca6}

     

    Deep registry scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 1

    Objects found so far: 47

     

    Alexa Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b}

     

     

    Started Tracking Cookie scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

     

    Tracking cookie scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 48

     

     

     

    Deep scanning and examining files (C:)

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Disk Scan Result for C:\

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 48

     

     

    Scanning Hosts file......

    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Hosts file scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    0 entries scanned.

    New critical objects:0

    Objects found so far: 48

     

     

     

     

    Performing conditional scans...

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Alexa Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\alexa toolbar

     

    Alexa Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\microsoft\windows\currentversion\uninstall\alexa toolbar

     

    Alexa Object Recognized!

    Type : File

    Data : alxres.dll

    TAC Rating : 5

    Category : Data Miner

    Comment :

    Object : C:\WINDOWS\System32\

     

     

     

    DailyToolbar Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 5

    Category : Misc

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\nix solutions

     

    DailyToolbar Object Recognized!

    Type : File

    Data : dailytoolbar.dll

    TAC Rating : 5

    Category : Misc

    Comment :

    Object : C:\WINDOWS\System32\

     

     

     

    WinFavorites Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 6

    Category : Malware

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : interface\{4fdbdbad-fefe-4c4c-9cc1-1181052afb12}

     

    WinFavorites Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 6

    Category : Malware

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\microsoft\windows\currentversion\uninstall\bridge

     

    WinFavorites Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 6

    Category : Malware

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\classes\bridge.brdg

     

    WinFavorites Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 6

    Category : Malware

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : software\classes\jao.jao

     

    WinFavorites Object Recognized!

    Type : File

    Data : a.exe

    TAC Rating : 6

    Category : Malware

    Comment :

    Object : C:\WINDOWS\System32\

     

     

     

    WinFavorites Object Recognized!

    Type : File

    Data : bridge.dll

    TAC Rating : 6

    Category : Malware

    Comment :

    Object : C:\WINDOWS\System32\

     

     

     

    CoolWebSearch Object Recognized!

    Type : RegData

    Data : about:blank

    TAC Rating : 10

    Category : Malware

    Comment :

    Rootkey : HKEY_CURRENT_USER

    Object : software\microsoft\internet explorer\main

    Value : Start Page

    Data : about:blank

     

    VX2 Object Recognized!

    Type : File

    Data : ZServ.dll

    TAC Rating : 10

    Category : Malware

    Comment :

    Object : C:\WINDOWS\

     

     

     

    Other Object Recognized!

    Type : File

    Data : NLDDKZUA.EXE-08BD186C.pf

    TAC Rating : 10

    Category : Malware

    Comment :

    Object : C:\WINDOWS\prefetch\

     

     

     

    Conditional scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 14

    Objects found so far: 62

     

    9:16:04 PM Scan Complete

     

    Summary Of This Scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Total scanning time:00:13:08.173

    Objects scanned:125678

    Objects identified:63

    Objects ignored:0

    New critical objects:63

    0
  • Support

    you have got a whole bundle of malware, including some very nasty trojans. This will take numerous steps to get everything.

     

    1. Please download the free trial program Ewido per the following instructions. This is a good trojan scanner and will help to block any further trojan downloads of malware onto your system while we're trying to clean it all up. Should any nasties try to enter your system it should popup a warning and you can block anything new coming in. But first lets install it, update it, and we'll scan later in SAFE MODE.

     

    Download, install, and update Ewido AntiMalware (get the free trial version)

    http://www.ewido.net/en/download/

     

    a. Install Ewido AntiMalware

     

    b. Launch Ewido, there should be a big yellowE icon on your desktop, double-click it.

     

    c. The program will prompt you to update click the OK button

     

    d. The program will now go to the main screen

     

    e. On the left hand side of the main screen click on Update

     

    f. Click on Start. The update will start and a progress bar will show the updates being installed.

     

    g. Do not scan yet. We'll do that later in SAFE MODE. After updating close Ewido and any open programs.

     

    *Note: Ewido is a free trial product for 14 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).

    You will still be able to manually update Ewido using the *update* button

     

    2. Please download Brute Force Uninstaller to your desktop.

    • Right click the BFU folder on your desktop, and choose Extract All

    • Click "Next"

    • In the box to choose where to extract the files to,

    • Click "Browse"

    • Click on the + sign next to "My Computer"

    • Click on "Local Disk (C:) or whatever your primary drive is

    • Click "Make New Folder"

    • Type in BFU

    • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

    3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.

    Save it in the same folder you made earlier (c:\BFU).

     

    Do not do anything with these yet!

     

    4. Reboot into Safe Mode

    You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

     

    How to start the computer in Safe mode

    http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

     

    5. Once in safe mode, start Ewido AntiMalware

     

    a. Click on scanner

     

    b. Click on *complete system scan*

     

    c. Let the program scan the machine.

     

    d. While the scan is in progress you will be prompted to clean the first infected file it finds. Choose Remove, then put a check next to Perform action on all infections in the left corner of the box so you don't have to sit and watch Ewido the whole time.

    Checkmark the box: *Create encrypted backup in the quarantine* (recommended)

     

    Click OK.

     

    When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

     

    6. Then, please go to Start > My Computer and navigate to the C:\BFU folder.

    • Start the Brute Force Uninstaller by doubleclicking BFU.exe

    • Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu

    • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)

    • Wait for the complete script execution box to pop up and press OK.

    • click "save"
      IN "filename" enter log.txt

    • click exit to exit the BFU program.

    Please copy the contents of the log.txt back here in your next reply. The log.txt will be in the C:\BFU\ folder

     

    7. Now please scan with HijackThis and do a *scan only*. Checkmark these items in the list (if found) and then press the *fix checked* button.

     

    O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)

     

    O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)

     

    O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)

     

    O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)

     

    O2 - BHO: adobepnl.ADOBE_PANEL - {5E8FA924-DEF0-4E71-8A82-A11CA0C1413B} - C:\WINDOWS\System32\adobepnl.dll

     

    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

     

    O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)

     

    O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)

     

    O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)

     

    O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)

     

    O4 - HKLM\..\Run: [dwcrnt.exe] dwcrnt.exe

     

    O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\System32\runsrv32.exe

     

    O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\System32\susp.exe

     

    O4 - HKCU\..\Run: [wccapp] c:\windows\winhelp.exe

     

    O4 - HKCU\..\Run: [serwvdrv] C:\WINDOWS\System32\serwvdrv.exe

     

    O4 - HKCU\..\Run: [d3d8] C:\WINDOWS\System32\d3d8.exe

     

    O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe

     

    O15 - Trusted Zone: http://*.public.windupdates.com

     

    O17 - HKLM\System\CCS\Services\Tcpip\..\{3082F763-4A70-43E4-9151-623244CD9B9B}: NameServer = 69.50.184.84,195.225.176.37

     

    O17 - HKLM\System\CCS\Services\Tcpip\..\{95F90027-B28D-4E23-A721-073E6C0CDCD3}: NameServer = 69.50.184.84,195.225.176.37

     

    O17 - HKLM\System\CCS\Services\Tcpip\..\{AC71EF8F-F453-4DCF-BE65-6EC2B500E6AC}: NameServer = 69.50.184.84,195.225.176.37

     

    O17 - HKLM\System\CS1\Services\Tcpip\..\{3082F763-4A70-43E4-9151-623244CD9B9B}: NameServer = 69.50.184.84,195.225.176.37

     

    8. Delete these files(if found)

     

    C:\WINDOWS\system32\users32.exe

     

    C:\WINDOWS\system32\susp.exe

     

    C:\WINDOWS\system32\runsrv32.exe

     

    dwcrnt.exe

     

    c:\windows\winhelp.exe

     

    C:\WINDOWS\System32\serwvdrv.exe

     

    C:\WINDOWS\System32\d3d8.exe

     

    C:\WINDOWS\System32\taskdir.exe

     

    9. Reboot back into normal mode

    Logs needed in your next post are:

     

    log.txt will be in the C:\BFU\ folder

     

    Ewido Scan log

     

    Fresh HijackThis log

     

    There will be more to do but this will be a good start

    0
  • Support

    Sorry for the late reply, I missed seeing this last post.

     

    Open HijackThis, do a *scan only* and when it finishes checkmark these entries, then press *fix checked*

     

    O4 - HKCU\..\Run: [wccapp] c:\windows\winhelp.exe

     

    O4 - HKCU\..\Run: [serwvdrv] C:\WINDOWS\System32\serwvdrv.exe

     

    O4 - HKCU\..\Run: [d3d8] C:\WINDOWS\System32\d3d8.exe

     

    O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe

     

    O15 - Trusted Zone: http://*.public.windupdates.com

    ......................................

    1. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).

    http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

     

    How to extract (decompress) zipped or compressed files

    http://www.lvsonline.com/compresstut/index.shtml

     

    Note : process.exe is part of the SmitFraudFix tool and is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky, Panda) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

     

     

    2. Reboot into Safe Mode

    You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

     

    How to start the computer in Safe mode

    http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

     

    3. Once in Safe mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd

     

    Select option #2 - Clean by typing 2 and press Enter.

    Wait for the tool to complete and disk cleanup to finish.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

    The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

     

    A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

     

    4. Once back into normal mode, please scan with HijackThis to produce a log. Post that log into your topic along with the other requested logs named below.

     

    Logs needed in your next post are:

     

    rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed

     

    Fresh HijackThis log

    0
  • Customer

    OK. I took care of all this stuff. Only problem was that after running BruteForce Uninstaller, I realized that the "Save log" box wasn't checked, so I didn't have anything to save. I checked it and ran it again. Hopefully that's not a problem. Logs are below. Thanks so much for your help!

     

    1. BFU Log

     

    BFU v1.00.9

    Windows XP SP1 (WinNT 5.01.2600 SP1)

    Script started at 4:21:52 PM, on 6/10/2006

     

    Option Unload Explorer: Yes

    Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)

    Failed: ServiceStop Network Monitor (service not found)

    Failed: ServiceStop cmdService (service not found)

    Failed: ServiceDisable Network Monitor (service not found)

    Failed: ServiceDisable cmdService (service not found)

    Failed: ServiceDelete Network Monitor (service not found)

    Failed: ServiceDelete cmdService (service not found)

    Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (key not found)

    Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (key not found)

    Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)

    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|p2pnetwork (key not found)

    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|winlog (key not found)

    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)

    Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)

    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found)

    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found)

    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found)

    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2pnetwork (key not found)

    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|ms-update (key not found)

    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2pnetworking (key not found)

    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|virtual-ie (key not found)

    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|MS DATABASE (key not found)

    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|xp (key not found)

    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|winlog (key not found)

    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|wmplayer (key not found)

    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|tetriz3 (key not found)

    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CQ4d6 (key not found)

    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|SystemTools (key not found)

    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|eventwvr (key not found)

    Option pause between commands: 300 ms

    Option pause between commands: 50 ms

    Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)

    Failed: FolderDelete C:\Program Files\winupdates (folder not found)

    Failed: FolderDelete C:\Program Files\winupdate (folder not found)

    Failed: FolderDelete C:\Program Files\winsupdater (folder not found)

    Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)

    Failed: FolderDelete C:\Program Files\MsMovies (folder not found)

    Failed: FolderDelete C:\Program Files\wmplayer (folder not found)

    Failed: FolderDelete C:\Program Files\outlook (folder not found)

    Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)

    Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)

    Failed: FileDelete C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_3a0.dat (operation failed)

    Failed: FileDelete C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF6271.tmp (operation failed)

    Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)

    Failed: FolderDelete C:\Program Files\DNS (folder not found)

    Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)

    Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)

    Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)

    Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)

    Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found)

    Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)

    Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)

    Failed: FolderDelete C:\Program Files\InetGet2 (folder not found)

    Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)

    Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)

    Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)

    Failed: FolderDelete C:\Program Files\Update06 (folder not found)

    Failed: FolderDelete C:\Program Files\Update03 (folder not found)

    Failed: FolderDelete C:\Program Files\Update04 (folder not found)

    Failed: FolderDelete C:\Program Files\Update08 (folder not found)

    Failed: FolderDelete C:\Program Files\W-Update (folder not found)

    Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)

    Failed: FolderDelete C:\Program Files\Cas (folder not found)

    Failed: FolderDelete C:\Program Files\CasStub (folder not found)

    Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)

    Failed: FolderDelete C:\Program Files\ipwins (folder not found)

    Failed: FolderDelete C:\temp (folder not found)

    Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)

    Failed: FolderCreate C:\bintheredunthat (folder already exists)

    Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)

    Script completed.

     

    2. Ewido Scan log

     

    ---------------------------------------------------------

    ewido anti-malware - Scan report

    ---------------------------------------------------------

     

    + Created on: 4:17:37 PM, 6/10/2006

    + Report-Checksum: 5DAA990F

     

    + Scan result:

     

    HKLM\SOFTWARE\Classes\CLSID\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e52dedbb-d168-4bdb-b229-c48160800e81} -> Hijacker.Generic : Cleaned with backup

    C:\Documents and Settings\Gret\Cookies\gret@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

    C:\Documents and Settings\Gret\Cookies\gret@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup

    C:\Documents and Settings\Gret\Cookies\gret@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup

    C:\Documents and Settings\Gret\Cookies\gret@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup

    C:\Documents and Settings\Gret\Cookies\gret@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup

    C:\Documents and Settings\Gret\Cookies\gret@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup

    C:\Documents and Settings\Gret\Cookies\gret@jcrew.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

    C:\Documents and Settings\Gret\Cookies\gret@marketlive.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

    C:\Documents and Settings\Gret\Cookies\gret@mars.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

    C:\Documents and Settings\Gret\Cookies\gret@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

    C:\Documents and Settings\Gret\Cookies\gret@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup

    C:\Documents and Settings\Gret\Cookies\gret@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup

    C:\Documents and Settings\LocalService\Cookies\gret@www.sidefind[1].txt -> TrackingCookie.Sidefind : Cleaned with backup

    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP29\A0017533.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup

    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP29\A0017540.exe -> Not-A-Virus.Hoax.Win32.Renos.dk : Cleaned with backup

    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP30\A0017559.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup

    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP30\A0017596.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup

    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP30\A0017604.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup

    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP30\A0017646.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup

    C:\WINDOWS\SYSTEM32\elyinobo.dma -> Trojan.Agent.qe : Cleaned with backup

    C:\WINDOWS\SYSTEM32\ipod.raw.exe -> Proxy.Lager.bi : Cleaned with backup

    C:\WINDOWS\SYSTEM32\qjrkvy.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup

    C:\WINDOWS\SYSTEM32\rtyduhuo.exe -> Downloader.VB.aan : Cleaned with backup

    C:\WINDOWS\SYSTEM32\users32.exe -> Not-A-Virus.Hoax.Win32.Renos.dk : Cleaned with backup

    C:\WINDOWS\SYSTEM32\winflash.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup

     

     

    ::Report End

     

     

    3. Fresh HJT log (done after items fixed and system running in normal mode)

     

    Logfile of HijackThis v1.99.1

    Scan saved at 4:58:57 PM, on 6/10/2006

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\S24EvMon.exe

    C:\WINDOWS\system32\ZCfgSvc.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\ewido anti-malware\ewidoctrl.exe

    C:\Program Files\ewido anti-malware\ewidoguard.exe

    c:\program files\mcafee.com\agent\mcdetect.exe

    c:\PROGRA~1\mcafee.com\vso\mcshield.exe

    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe

    C:\Program Files\McAfee.com\VSO\mcvsshld.exe

    c:\program files\mcafee.com\agent\mcagent.exe

    c:\progra~1\mcafee.com\vso\mcvsescn.exe

    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

    C:\Program Files\Dell\Media Experience\PCMService.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\WINDOWS\System32\RegSrvc.exe

    C:\WINDOWS\wanmpsvc.exe

    C:\WINDOWS\System32\DSentry.exe

    C:\WINDOWS\system32\dla\tfswctrl.exe

    C:\Program Files\Dell\QuickSet\quickset.exe

    C:\Program Files\Apoint\Apoint.exe

    C:\Program Files\Dell Support\DSAgnt.exe

    C:\Program Files\Microsoft Money\System\mnyexpr.exe

    C:\Program Files\Apoint\Apntex.exe

    C:\Program Files\Digital Line Detect\DLG.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\WINDOWS\System32\1XConfig.exe

    C:\WINDOWS\System32\wuauclt.exe

    C:\Program Files\Notepad\NOTEPAD.EXE

    C:\Program Files\Notepad\NOTEPAD.EXE

    C:\Program Files\HijackThis\HijackThis.exe

     

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

    O4 - HKCU\..\Run: [wccapp] c:\windows\winhelp.exe

    O4 - HKCU\..\Run: [serwvdrv] C:\WINDOWS\System32\serwvdrv.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [d3d8] C:\WINDOWS\System32\d3d8.exe

    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

    O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe

    O4 - Global Startup: Digital Line Detect.lnk = ?

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

    O15 - Trusted Zone: http://*.public.windupdates.com

    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab

    O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll

    O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)

    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

     

     

    END ALL LOGS

    Bye for now and thanks again!

     

     

    you have got a whole bundle of malware, including some very nasty trojans. This will take numerous steps to get everything.

     

    1. Please download the free trial program Ewido per the following instructions. This is a good trojan scanner and will help to block any further trojan downloads of malware onto your system while we're trying to clean it all up. Should any nasties try to enter your system it should popup a warning and you can block anything new coming in. But first lets install it, update it, and we'll scan later in SAFE MODE.

     

    Download, install, and update Ewido AntiMalware (get the free trial version)

    http://www.ewido.net/en/download/

     

    a. Install Ewido AntiMalware

     

    b. Launch Ewido, there should be a big yellowE icon on your desktop, double-click it.

     

    c. The program will prompt you to update click the OK button

     

    d. The program will now go to the main screen

     

    e. On the left hand side of the main screen click on Update

     

    f. Click on Start. The update will start and a progress bar will show the updates being installed.

     

    g. Do not scan yet. We'll do that later in SAFE MODE. After updating close Ewido and any open programs.

     

    *Note: Ewido is a free trial product for 14 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).

    You will still be able to manually update Ewido using the *update* button

     

    2. Please download Brute Force Uninstaller to your desktop.

    • Right click the BFU folder on your desktop, and choose Extract All

    • Click "Next"

    • In the box to choose where to extract the files to,

    • Click "Browse"

    • Click on the + sign next to "My Computer"

    • Click on "Local Disk (C:) or whatever your primary drive is

    • Click "Make New Folder"

    • Type in BFU

    • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

    3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.

    Save it in the same folder you made earlier (c:\BFU).

     

    Do not do anything with these yet!

     

    4. Reboot into Safe Mode

    You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

     

    How to start the computer in Safe mode

    http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

     

    5. Once in safe mode, start Ewido AntiMalware

     

    a. Click on scanner

     

    b. Click on *complete system scan*

     

    c. Let the program scan the machine.

     

    d. While the scan is in progress you will be prompted to clean the first infected file it finds. Choose Remove, then put a check next to Perform action on all infections in the left corner of the box so you don't have to sit and watch Ewido the whole time.

    Checkmark the box: *Create encrypted backup in the quarantine* (recommended)

     

    Click OK.

     

    When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

     

    6. Then, please go to Start > My Computer and navigate to the C:\BFU folder.

    • Start the Brute Force Uninstaller by doubleclicking BFU.exe

    • Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu

    • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)

    • Wait for the complete script execution box to pop up and press OK.

    • click "save"
      IN "filename" enter log.txt

    • click exit to exit the BFU program.

    Please copy the contents of the log.txt back here in your next reply. The log.txt will be in the C:\BFU\ folder

     

    7. Now please scan with HijackThis and do a *scan only*. Checkmark these items in the list (if found) and then press the *fix checked* button.

     

    O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)

     

    O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)

     

    O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)

     

    O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)

     

    O2 - BHO: adobepnl.ADOBE_PANEL - {5E8FA924-DEF0-4E71-8A82-A11CA0C1413B} - C:\WINDOWS\System32\adobepnl.dll

     

    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

     

    O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)

     

    O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)

     

    O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)

     

    O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)

     

    O4 - HKLM\..\Run: [dwcrnt.exe] dwcrnt.exe

     

    O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\System32\runsrv32.exe

     

    O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\System32\susp.exe

     

    O4 - HKCU\..\Run: [wccapp] c:\windows\winhelp.exe

     

    O4 - HKCU\..\Run: [serwvdrv] C:\WINDOWS\System32\serwvdrv.exe

     

    O4 - HKCU\..\Run: [d3d8] C:\WINDOWS\System32\d3d8.exe

     

    O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe

     

    O15 - Trusted Zone: http://*.public.windupdates.com

     

    O17 - HKLM\System\CCS\Services\Tcpip\..\{3082F763-4A70-43E4-9151-623244CD9B9B}: NameServer = 69.50.184.84,195.225.176.37

     

    O17 - HKLM\System\CCS\Services\Tcpip\..\{95F90027-B28D-4E23-A721-073E6C0CDCD3}: NameServer = 69.50.184.84,195.225.176.37

     

    O17 - HKLM\System\CCS\Services\Tcpip\..\{AC71EF8F-F453-4DCF-BE65-6EC2B500E6AC}: NameServer = 69.50.184.84,195.225.176.37

     

    O17 - HKLM\System\CS1\Services\Tcpip\..\{3082F763-4A70-43E4-9151-623244CD9B9B}: NameServer = 69.50.184.84,195.225.176.37

     

    8. Delete these files(if found)

     

    C:\WINDOWS\system32\users32.exe

     

    C:\WINDOWS\system32\susp.exe

     

    C:\WINDOWS\system32\runsrv32.exe

     

    dwcrnt.exe

     

    c:\windows\winhelp.exe

     

    C:\WINDOWS\System32\serwvdrv.exe

     

    C:\WINDOWS\System32\d3d8.exe

     

    C:\WINDOWS\System32\taskdir.exe

     

    9. Reboot back into normal mode

    Logs needed in your next post are:

     

    log.txt will be in the C:\BFU\ folder

     

    Ewido Scan log

     

    Fresh HijackThis log

     

    There will be more to do but this will be a good start


    0
  • Customer

    Sorry for the late reply, I missed seeing this last post.

     

    Open HijackThis, do a *scan only* and when it finishes checkmark these entries, then press *fix checked*

     

    O4 - HKCU\..\Run: [wccapp] c:\windows\winhelp.exe

     

    O4 - HKCU\..\Run: [serwvdrv] C:\WINDOWS\System32\serwvdrv.exe

     

    O4 - HKCU\..\Run: [d3d8] C:\WINDOWS\System32\d3d8.exe

     

    O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe

     

    O15 - Trusted Zone: http://*.public.windupdates.com

    ......................................

    1. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).

    http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

     

    How to extract (decompress) zipped or compressed files

    http://www.lvsonline.com/compresstut/index.shtml

     

    Note : process.exe is part of the SmitFraudFix tool and is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky, Panda) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

    2. Reboot into Safe Mode

    You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

     

    How to start the computer in Safe mode

    http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

     

    3. Once in Safe mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd

     

    Select option #2 - Clean by typing 2 and press Enter.

    Wait for the tool to complete and disk cleanup to finish.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

    The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

     

    A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

     

    4. Once back into normal mode, please scan with HijackThis to produce a log. Post that log into your topic along with the other requested logs named below.

     

    Logs needed in your next post are:

     

    rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed

     

    Fresh HijackThis log


     

     

     

    Hello again and thank you for your continued help! Here are the rapport.txt file and fresh HJT log. Thanks again!

     

    SmitFraudFix v2.58

     

    Scan done at 11:45:51.38, Sun 06/11/2006

    Run from C:\Documents and Settings\Gret\Desktop\SmitfraudFix

    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

    Fix ran in safe mode

     

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

    !!!Attention, following keys are not inevitably infected!!!

     

    SrchSTS.exe by S!Ri

    Search SharedTaskScheduler's .dll

     

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

     

    C:\WINDOWS\bg.gif Deleted

    C:\WINDOWS\BTGrab.dll Deleted

    C:\WINDOWS\close-bar.gif Deleted

    C:\WINDOWS\dlmax.dll Deleted

    C:\WINDOWS\infected.gif Deleted

    C:\WINDOWS\Pynix.dll Deleted

    C:\WINDOWS\star.gif Deleted

    C:\WINDOWS\warning-bar-ico.gif Deleted

    C:\WINDOWS\system32\jao.dll Deleted

    C:\WINDOWS\system32\questmod.dll Deleted

    C:\WINDOWS\system32\runsrv32.dll Deleted

    C:\WINDOWS\system32\tcpservice2.exe Deleted

    C:\WINDOWS\system32\txfdb32.dll Deleted

    C:\WINDOWS\system32\udpmod.dll Deleted

    C:\WINDOWS\system32\wstart.dll Deleted

     

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

     

    GenericRenosFix by S!Ri

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

     

    Registry Cleaning done.

     

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

    !!!Attention, following keys are not inevitably infected!!!

     

    SrchSTS.exe by S!Ri

    Search SharedTaskScheduler's .dll

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» End

     

     

     

     

    Logfile of HijackThis v1.99.1

    Scan saved at 11:53:45 AM, on 6/11/2006

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\S24EvMon.exe

    C:\WINDOWS\system32\ZCfgSvc.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\ewido anti-malware\ewidoctrl.exe

    C:\Program Files\ewido anti-malware\ewidoguard.exe

    c:\program files\mcafee.com\agent\mcdetect.exe

    c:\PROGRA~1\mcafee.com\vso\mcshield.exe

    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe

    C:\Program Files\McAfee.com\VSO\mcvsshld.exe

    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

    C:\Program Files\Dell\Media Experience\PCMService.exe

    c:\program files\mcafee.com\agent\mcagent.exe

    c:\progra~1\mcafee.com\vso\mcvsescn.exe

    C:\WINDOWS\System32\DSentry.exe

    C:\WINDOWS\system32\dla\tfswctrl.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\WINDOWS\System32\RegSrvc.exe

    C:\Program Files\Dell\QuickSet\quickset.exe

    C:\WINDOWS\wanmpsvc.exe

    C:\Program Files\Apoint\Apoint.exe

    C:\Program Files\Dell Support\DSAgnt.exe

    C:\Program Files\Microsoft Money\System\mnyexpr.exe

    C:\Program Files\Digital Line Detect\DLG.exe

    C:\Program Files\Apoint\Apntex.exe

    C:\WINDOWS\System32\1XConfig.exe

    C:\WINDOWS\System32\wuauclt.exe

    C:\Program Files\HijackThis\HijackThis.exe

    C:\WINDOWS\System32\wuauclt.exe

     

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

    O4 - Global Startup: Digital Line Detect.lnk = ?

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

    O15 - Trusted Zone: http://*.public.windupdates.com

    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab

    O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll

    O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)

    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    0
  • Support

    Everything looks good except that 015 item is being stubborn.

    We'll use this to fix it

    Download: DelDomains.inf

     

    Right-click this link and select: Save Target As (IE only)

    http://www.mvps.org/winhelp2002/DelDomains.inf

     

    To use: right-click and select: Install (no need to restart - there is no on-screen action)

    Note: This will remove all entries in the "Trusted Zone" and "Ranges" also. DelDomains was revised (01-16-05) to include the "Enhanced Security Configuration Zones" as some of these newer infections are targeting the "Enhanced" Zone.

    .........................

    Your Sun Java is out of date and old versions left on your pc, even after updating can be vulnerable to malware exploit. Go to Start / Control Panel and look in Add/Remove programs. Remove all old versions of Sun Java. Then go get the latest up to date version here:

    http://www.java.com/en/download/manual.jsp

     

    Here's why removing old versions of Sun Java is important:

    Potential Vulnerability with Sun Java auto update

    http://www.dslreports.com/forum/remark,14738046

     

    Scan once more with HijackThis and post a fresh please?

    0
  • Customer

    Here's the latest HJT log. One added bonus of all this is that I finally got rid of a harmless (I think) but annoying blue screen that popped up everytime I booted up. I also lost my XP wallpaper, but I can get that back easy enough! Thanks so much

     

    Logfile of HijackThis v1.99.1

    Scan saved at 8:43:01 PM, on 6/11/2006

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\S24EvMon.exe

    C:\WINDOWS\system32\ZCfgSvc.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\ewido anti-malware\ewidoctrl.exe

    C:\Program Files\ewido anti-malware\ewidoguard.exe

    c:\program files\mcafee.com\agent\mcdetect.exe

    c:\PROGRA~1\mcafee.com\vso\mcshield.exe

    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe

    c:\program files\mcafee.com\vso\mcvsshld.exe

    c:\progra~1\mcafee.com\vso\mcvsescn.exe

    c:\program files\mcafee.com\agent\mcagent.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\WINDOWS\System32\RegSrvc.exe

    C:\WINDOWS\wanmpsvc.exe

    C:\Program Files\Dell\Media Experience\PCMService.exe

    C:\WINDOWS\System32\DSentry.exe

    C:\WINDOWS\system32\dla\tfswctrl.exe

    C:\Program Files\Dell\QuickSet\quickset.exe

    C:\Program Files\Apoint\Apoint.exe

    C:\Program Files\Dell Support\DSAgnt.exe

    C:\Program Files\Microsoft Money\System\mnyexpr.exe

    C:\Program Files\Apoint\Apntex.exe

    C:\Program Files\Digital Line Detect\DLG.exe

    C:\WINDOWS\System32\1XConfig.exe

    C:\WINDOWS\System32\wuauclt.exe

    C:\Program Files\WordPerfect Office 11\Programs\wpwin11.exe

    C:\WINDOWS\System32\msiexec.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\HijackThis\HijackThis.exe

     

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

    O4 - Global Startup: Digital Line Detect.lnk = ?

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab

    O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll

    O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)

    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    0

Vous devez vous connecter pour laisser un commentaire.