Unsolved
This post is more than 5 years old
49 Posts
0
3585
February 4th, 2007 15:00
Unwanted pop-ups/spyware/adware
Logfile of HijackThis v1.99.1
Scan saved at 12:15:33 PM, on 2/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Object\pmsnrr.exe
C:\Program Files\Video ActiveX Object\isamntr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Video ActiveX Object\pmmnt.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\wiaacmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isadd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe" -l
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857D} - http://earthlink.cf1live.com/earthlink/static/weblaunch/SupportBridge.WebLaunch.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4955/mcfscan.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - C:\WINDOWS\system32\cwgppb.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
0 events found
bamajim
10.4K Posts
0
February 4th, 2007 15:00
Please go HERE
And Download SmitFraudFix by S!ri
Double-Click SmitfraudFix.exe (it will create a Smitfraudfix folder on your Desktop)
When another window opens
Select 1 and hit Enter to create a report of the infected files.
WhenFinished the log will open in Notepad, Ctrl+A to copy
Copy and Paste that log as a reply to this thread
By default The report can be found at the root of the system drive, usually at C:\rapport.txt
Do Not run option 2 until instructed to do so
Please note that some Antivirus programs flag process.exe as an infection, but it is actually a needed componient of this tool
bamajim
10.4K Posts
0
February 4th, 2007 16:00
You may want to print out these instructions for reference
1. Go here and Download AVG Anti-Spyware
( 30 day free trial version) Save it to Your Desktop
Double Click AVG Anti-Spyware-setup
(It will create its own folder)
Once the program starts You will be at the Status menu
Click change status on Resident shield to inactive
Click Update now (next to last update)
After the update loads
Under Automatic updates Uncheck download and install updates automatically(recommended)
(you can always select maual updates the next day)
Under how to scan All boxes should be checked
Under Possibly unwanted software All boxes should be checked
Under reports Select Automatically generate report after every scan
Uncheck Only if threats were found
Under what to scan Scan every file should be highlited
2. Reboot into Safe Mode
This can be done by
Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices)
Use your arrow keys and select Safe Mode and then Enter
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : " Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file ?" by typing Y and hit Enter.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
4. Run AVG Anti-Spyware
Select Complete system scan
Click save report as (Another window will open)
Save it to your desktop
(By default It will be saved in the AVG folder as)
C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports
Reboot your PC in Normal Mode->>Re run Hijackthis and post a fresh Hijackthis log.
It will open in Notepad
Copy and paste that report as a reply to this thread
your c:rapport.txt log from Smitfraudfix
your report_scan.txt from AVG
Bigalo
49 Posts
0
February 4th, 2007 16:00
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
!!!Attention, following keys are not inevitably infected!!!
Search SharedTaskScheduler's .dll
"{2acf3add-34a1-4f2f-99cf-cc69785d1e90}"="exemplars"
@="C:\WINDOWS\system32\cwgppb.dll"
@="C:\WINDOWS\system32\cwgppb.dll"
!!!Attention, following keys are not inevitably infected!!!
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Bigalo
49 Posts
0
February 4th, 2007 19:00
Scan saved at 4:49:55 PM, on 2/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\SpywareBlaster\sbautoupdate.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SpywareBlaster\sbautoupdate.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iPod\bin\iPodService.exe
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe" -l
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857D} - http://earthlink.cf1live.com/earthlink/static/weblaunch/SupportBridge.WebLaunch.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4955/mcfscan.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - C:\WINDOWS\system32\cwgppb.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
Bigalo
49 Posts
0
February 4th, 2007 19:00
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
!!!Attention, following keys are not inevitably infected!!!
Search SharedTaskScheduler's .dll
"{2acf3add-34a1-4f2f-99cf-cc69785d1e90}"="exemplars"
@="C:\WINDOWS\system32\cwgppb.dll"
@="C:\WINDOWS\system32\cwgppb.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\owner\FAVORI~1\Online Security Test.url Deleted
C:\Program Files\Video ActiveX Object\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
Search SharedTaskScheduler's .dll
"{2acf3add-34a1-4f2f-99cf-cc69785d1e90}"="exemplars"
@="C:\WINDOWS\system32\cwgppb.dll"
@="C:\WINDOWS\system32\cwgppb.dll"
Bigalo
49 Posts
0
February 4th, 2007 20:00
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
F:\Documents and Settings\LocalService\Cookies\owner@komtrack[2].txt -> TrackingCookie.Komtrack : Cleaned.
F:\Documents and Settings\LocalService\Cookies\owner@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
F:\Documents and Settings\LocalService\Cookies\owner@ads-205.quarterserver[2].txt -> TrackingCookie.Quarterserver : Cleaned.
::Report end
bamajim
10.4K Posts
0
February 4th, 2007 20:00
1. Rerun Hijackthis (scan only) and place checks beside the following entries
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - C:\WINDOWS\system32\cwgppb.dll (file missing)
Close all other open windows except Hijackthis and Select " Fix checked"
Close Hijackthis->>Reboot your PC->>Rerun Hijackthis and post a fresh Hijackthis log
Bigalo
49 Posts
0
February 4th, 2007 20:00
Scan saved at 5:53:04 PM, on 2/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe" -l
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857D} - http://earthlink.cf1live.com/earthlink/static/weblaunch/SupportBridge.WebLaunch.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4955/mcfscan.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
bamajim
10.4K Posts
0
February 4th, 2007 23:00
Looking better, but some entries remain that Hijackthis should have fixed.
This time, Reboot into Safe Mode
Then rerun Hijackthis (scan only) and place checks beside the following entries
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
Close all other open windows except Hijackthis and Select " Fix checked"
Reboot your PC into Normal windowss Rerun Hijackthis and post a fresh log
Bigalo
49 Posts
0
February 5th, 2007 00:00
Scan saved at 8:59:20 PM, on 2/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe" -l
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857D} - http://earthlink.cf1live.com/earthlink/static/weblaunch/SupportBridge.WebLaunch.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4955/mcfscan.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
bamajim
10.4K Posts
0
February 6th, 2007 00:00
Those 2 entries remain. It's not clear whether something is hiding that is re-loading them or Defender is interfering. Let's do this.
Go HERE and Download System Repair Engine by smallfrogs
- Save it to your Desktop
Do not run any other options with this tool unless instructed to do so.Rt Click sreng2.zip->>Extract all->>Extract it to your desktop
Open the sreng folder
Double click SREng->>Click Run
At the main Window, in the left Pane,Select Smart Scan
At the next window make sure all of the boxes are checked and Select Scan
When the scan is complete Select Save reports
Save it to your desktop and Close the tool
Double Click SREngLog.txt copy and paste that log as a reply to this thread
You may have to post the results in more than one reply
Bigalo
49 Posts
0
February 6th, 2007 01:00
[PID: 836][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 940][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [N/A, N/A]
[PID: 1008][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1020][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1200][C:\WINDOWS\system32\Ati2evxx.exe] [N/A, N/A]
[PID: 1212][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1308][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1500][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1576][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1680][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 420][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\HPBMMON.DLL] [Hewlett-Packard, 10.00.16]
[C:\WINDOWS\system32\hppamon0.dll] [HP, 7, 0, 5, 0]
[C:\WINDOWS\system32\hpdomon.dll] [Hewlett-Packard, 03.42.00]
[C:\WINDOWS\system32\HPBHealr.dll] [N/A, N/A]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp041.dll] [Hewlett-Packard Corporation, 60.041.41.00]
[C:\WINDOWS\system32\hpbmmjno.dll] [Hewlett-Packard, 00.01.00]
[PID: 672][C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe] [Atheros, 6.0.0.25]
[C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\AegisE5.dll] [Meetinghouse Data Communications, 3, 2, 14, 0]
[C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\athcfg20U.dll] [Atheros, 6.0.0.25]
[C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\athcfg20ResU.dll] [Atheros Communications, Inc., 6.0.0.25]
[PID: 728][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe] [Anti-Malware Development a.s., 7, 5, 0, 47]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [Anti-Malware Development a.s., 4, 2, 0, 15]
[PID: 744][C:\WINDOWS\system32\cisvc.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][C:\WINDOWS\System32\CTsvcCDA.exe] [Creative Technology Ltd, 1.0.1.0]
[PID: 108][C:\Program Files\Common Files\Command Software\dvpapi.exe] [Command Software Systems, Inc., 4,93,0,50511]
[PID: 1368][C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe] [Boingo Wireless, Inc., 1, 4, 1220, 0]
[C:\Program Files\EarthLink TotalAccess\WENGINE\wruntime.dll] [Boingo Wireless, Inc., 1, 4, 1220, 0]
[C:\Program Files\EarthLink TotalAccess\WENGINE\W32N55.dll] [Printing Communications Assoc., Inc. (PCAUSA), 5.5.17.00]
[PID: 1760][C:\WINDOWS\system32\Ati2evxx.exe] [N/A, N/A]
[C:\Program Files\ATI Technologies\ATI HydraVision\HydraDMH.dll] [ATI Technologies Inc., 3.21.2108]
[PID: 1800][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1856][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPHk2KS2.DLL] [Visual Networks, 5.8.0.13]
[C:\Program Files\ATI Technologies\ATI HydraVision\HydraDMH.dll] [ATI Technologies Inc., 3.21.2108]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll] [Anti-Malware Development a.s., 7, 5, 0, 49]
[C:\Program Files\Pure Networks\Network Magic\nmspce2.dll] [Pure Networks, Inc., 4.0.6313.0]
[C:\Program Files\Pure Networks\Network Magic\nmrsrc.dll] [Pure Networks, Inc., 4.0.6313.0]
[C:\Program Files\Pure Networks\Network Magic\nmusrutl.dll] [Pure Networks, Inc., 4.0.6313.0]
[C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll] [Pure Networks, Inc., 4.0.6305.0]
[C:\Program Files\Pure Networks\Network Magic\nmcorePS.dll] [Pure Networks, Inc., 4.0.6313.0]
[C:\Program Files\McAfee\VirusScan\mcodsax.dll] [McAfee, Inc., 11,1,124,0]
[C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll] [EarthLink, Inc., 3.1.142.0]
[C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll] [EarthLink, Inc., 3.2.54.0]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
[C:\WINDOWS\system32\dla\tfswshx.dll] [Sonic Solutions, 1.04.05b]
[C:\WINDOWS\system32\tfswapi.dll] [Sonic Solutions, 1.04.05b]
[C:\WINDOWS\system32\dla\tfswcres.dll] [Sonic Solutions, 1.04.05b]
[c:\program files\mcafee\virusscan\scriptcl.dll] [McAfee, Inc., VSCORE.13.3.0.132.x86]
[C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll] [EarthLink, Inc., 3.2.54.0]
[C:\Program Files\EarthLink TotalAccess\Toolbar\CabRes.dll] [EarthLink, Inc., 3.2.54.0]
[C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll] [EarthLink, Inc., 3.2.54.0]
[PID: 1876][C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe] [McAfee, Inc., 8.1.105.0]
[c:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[c:\program files\common files\mcafee\hackerwatch\hwapips.dll] [McAfee, Inc., 8.1.105.0]
[PID: 1944][C:\PROGRA~1\McAfee\MSC\mclogsrv.exe] [McAfee, Inc., 7,1,131,0]
[c:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[c:\program files\mcafee\msc\mcdbmgr.dll] [McAfee, Inc., 7,1,128,0]
[c:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll] [McAfee, Inc., 7,1,114,0]
[PID: 212][C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe] [McAfee, Inc., 7,1,137,0]
[C:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll] [McAfee, Inc., 7,1,114,0]
[c:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[c:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,1,128,0]
[c:\program files\mcafee\msc\mcmscver.dll] [McAfee, Inc., 7,1,128,0]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[C:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll] [McAfee, Inc., 11,1,124,0]
[c:\program files\mcafee\mpf\mc\mpfmisp.dll] [McAfee, Inc., 8.1.123.0]
[c:\program files\mcafee\mwl\mcmwlver.dll] [McAfee, Inc., 2,1,123,0]
[c:\program files\mcafee\mhn\mcmhnver.dll] [McAfee, Inc., 1,1,110,0]
[c:\program files\mcafee\mbk\mbkclient.dll] [McAfee Corporation, 1.1.121.0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[c:\program files\mcafee\msc\mcnmcver.dll] [McAfee, Inc., 1,1,108,0]
[c:\program files\mcafee\mqc\qcmisp.dll] [McAfee, Inc., 7,1,123,0]
[c:\program files\mcafee\mqc\QcLite.dll] [McAfee, Inc., 7,1,123,0]
[c:\program files\mcafee\virusscan\mvsver.dll] [McAfee, Inc., 11,1,124,0]
[c:\PROGRA~1\COMMON~1\mcafee\emproxy\empxyver.dll] [McAfee, Inc., 11,2,115,0]
[c:\program files\common files\mcafee\fwdriver\fwdrvver.dll] [McAfee, Inc., 8.1.112.0]
[c:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[c:\program files\mcafee\msc\mcregobj\7,1,128,0\mcregobj.dll] [McAfee, Inc., 7,1,128,0]
[c:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[PID: 200][c:\program files\common files\mcafee\mna\mcnasvc.exe] [McAfee, Inc., 1,1,110,0]
[C:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll] [McAfee, Inc., 7,1,114,0]
[c:\program files\mcafee\msc\mcnmcsrv.dll] [McAfee, Inc., 1,1,108,0]
[c:\program files\mcafee\mwl\prestocallback.dll] [McAfee, Inc., 2,1,123,0]
[c:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[c:\program files\mcafee\mhn\mcensrv.dll] [McAfee, Inc., 1,1,110,0]
[c:\program files\common files\mcafee\mna\mcuj.dll] [McAfee, Inc., 1,1,110,0]
[c:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,1,128,0]
[c:\program files\common files\mcafee\mna\mcnasvcps.dll] [McAfee, Inc., 1,1,110,0]
[c:\program files\mcafee\mwl\prestosvcps.dll] [McAfee, Inc., 2,1,123,0]
[c:\program files\mcafee\msc\mcnmcsps.dll] [McAfee, Inc., 1,1,108,0]
Bigalo
49 Posts
0
February 6th, 2007 01:00
[C:\WINDOWS\system32\tfswapi.dll] [Sonic Solutions, 1.04.05b]
[C:\WINDOWS\system32\dla\tfswcres.dll] [Sonic Solutions, 1.04.05b]
[C:\Program Files\ATI Technologies\ATI HydraVision\HydraDMH.dll] [ATI Technologies Inc., 3.21.2108]
[PID: 824][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5117]
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPHk2KS2.DLL] [Visual Networks, 5.8.0.13]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5117]
[C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.ENU] [ATI Technologies, Inc., 6.14.10.5117]
[C:\Program Files\ATI Technologies\ATI HydraVision\HydraDMH.dll] [ATI Technologies Inc., 3.21.2108]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5117]
[PID: 864][C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe] [ATI Technologies Inc., 3.21.2108]
[C:\Program Files\ATI Technologies\ATI HydraVision\HydraHlp.dll] [ATI Technologies Inc., 3.21.2108]
[C:\Program Files\ATI Technologies\ATI HydraVision\HydraEnu.dll] [ATI, 3.21.2108]
[C:\Program Files\ATI Technologies\ATI HydraVision\HydraDMH.dll] [ATI Technologies Inc., 3.21.2108]
[PID: 880][C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe] [Hewlett-Packard Co., 50.0.146.000]
[C:\Program Files\ATI Technologies\ATI HydraVision\HydraDMH.dll] [ATI Technologies Inc., 3.21.2108]
[PID: 1056][C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe] [McAfee, Inc., VSCORE.13.3.0.132.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll] [McAfee, Inc., VSCORE.13.3.0.132.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll] [McAfee, Inc., VSCORE.13.3.0.132.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mytilus2.dll] [McAfee, Inc., VSCORE.13.3.0.132.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll] [McAfee, Inc., VSCORE.13.3.0.132]
[C:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll] [McAfee, Inc., VSCORE.13.3.0.132.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll] [McAfee, Inc., 11,1,124,0]
[c:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[c:\program files\mcafee\virusscan\mcvsps.dll] [McAfee, Inc., 11,1,124,0]
[c:\program files\mcafee\virusscan\naiannps.dll] [McAfee, Inc., 11,1,124,0]
[c:\program files\mcafee\virusscan\mvscfg.dll] [McAfee, Inc., 11,1,124,0]
[c:\program files\mcafee\virusscan\mcvsqt.dll] [McAfee, Inc., 11,1,124,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll] [McAfee, Inc., 11,1,124,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll] [McAfee, Inc., 11,1,124,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\scriptsv.dll] [McAfee, Inc., VSCORE.13.3.0.132.x86]
[C:\Program Files\McAfee\VirusScan\mcscan32.dll] [McAfee, Inc., 5.1.00]
[C:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll] [McAfee, Inc., SYSCORE.13.3.0.111.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll] [McAfee, Inc., SYSCORE.13.3.0.111.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll] [McAfee, Inc., SYSCORE.13.3.0.111.x86]
[c:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[c:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[PID: 912][C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe] [Visual Networks, 5.8.0.13]
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPDiag32.dll] [Visual Networks, 5.8.0.13]
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPERes32.dll] [Visual Networks, 5.8.0.13]
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPFormat.dll] [Visual Networks, 5.8.0.13]
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPFmtLRs.dll] [Visual Networks, 5.8.0.13]
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPVNMn32.dll] [Visual Networks, 5.8.0.13]
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPHk2KS2.DLL] [Visual Networks, 5.8.0.13]
[C:\Program Files\ATI Technologies\ATI HydraVision\HydraDMH.dll] [ATI Technologies Inc., 3.21.2108]
[PID: 916][C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe] [Visual Networks, 5.8.0.13]
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPFormat.dll] [Visual Networks, 5.8.0.13]
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPProt32.dll] [Visual Networks, 5.8.0.13]
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPFmtLRs.dll] [Visual Networks, 5.8.0.13]
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPERes32.dll] [Visual Networks, 5.8.0.13]
[C:\Program Files\ATI Technologies\ATI HydraVision\HydraDMH.dll] [ATI Technologies Inc., 3.21.2108]
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPHk2KS2.DLL] [Visual Networks, 5.8.0.13]
[PID: 984][C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe] [N/A, 3.4.01.13062]
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPHk2KS2.DLL] [Visual Networks, 5.8.0.13]
[C:\Program Files\ATI Technologies\ATI HydraVision\HydraDMH.dll] [ATI Technologies Inc., 3.21.2108]
[PID: 1140][C:\Program Files\iTunes\iTunesHelper.exe] [Apple Computer, Inc., 7.0.1.8]
[C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL] [Apple Computer, Inc., 7.0.1.8]
[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Computer, Inc., 7.0.1.8]
[C:\Program Files\ATI Technologies\ATI HydraVision\HydraDMH.dll] [ATI Technologies Inc., 3.21.2108]
[PID: 1396][C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.100.3]
[PID: 1424][C:\Program Files\Mcafee\MWL\MWLGui.exe] [McAfee, Inc., 2,1,123,0]
[C:\Program Files\Mcafee\MWL\WSCServiceu.dll] [McAfee, Inc., 2,1,123,0]
[C:\Program Files\Mcafee\MWL\wscutilu.dll] [McAfee, Inc., 2,1,123,0]
[C:\Program Files\Mcafee\MWL\LIBEAY32.dll] [The OpenSSL Project, http://www.openssl.org/, 0.9.8a]
[C:\Program Files\Mcafee\MWL\wscsettingsu.dll] [McAfee, Inc., 2,1,123,0]
[C:\Program Files\Mcafee\MWL\jbtregistryu.dll] [McAfee, Inc., 2,1,123,0]
[C:\Program Files\Mcafee\MWL\wscnetlibu.dll] [McAfee, Inc., 2,1,123,0]
[C:\Program Files\Mcafee\MWL\Wsc8021xu.dll] [McAfee, Inc., 2,1,123,0]
[C:\Program Files\Mcafee\MWL\SSLEAY32.dll] [The OpenSSL Project, http://www.openssl.org/, 0.9.8a]
[C:\Program Files\Mcafee\MWL\wscpnetmgru.dll] [McAfee, Inc., 2,1,123,0]
[C:\Program Files\Mcafee\MWL\wscconnectionmgru.dll] [McAfee, Inc., 2,1,123,0]
[C:\Program Files\Mcafee\MWL\wscpapconfigu.dll] [McAfee, Inc., 2,1,123,0]
[C:\Program Files\Mcafee\MWL\wscpcommu.dll] [McAfee, Inc., 2,1,123,0]
[C:\Program Files\Mcafee\MWL\sqlite3.dll] [N/A, N/A]
[C:\Program Files\Mcafee\MWL\WscWlansu.dll] [McAfee, Inc., 2,1,123,0]
[C:\Program Files\Mcafee\MWL\MwlRes.DLL] [McAfee, Inc., 2,1,123,0]
[C:\Program Files\Mcafee\MWL\wscpapmodulesu.dll] [McAfee, Inc., 2,1,123,0]
[C:\Program Files\Mcafee\MWL\MWLMispUtils.dll] [McAfee, Inc., 2,1,123,0]
[C:\PROGRA~1\COMMON~1\McAfee\MSC\MispLF.dll] [McAfee, Inc., 7,1,114,0]
[c:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[c:\program files\mcafee\msc\mcregobj\7,1,128,0\mcregobj.dll] [McAfee, Inc., 7,1,128,0]
[C:\Program Files\ATI Technologies\ATI HydraVision\HydraDMH.dll] [ATI Technologies Inc., 3.21.2108]
[C:\PROGRA~1\McAfee\MSC\McAltLib.dll] [McAfee, Inc., 7,1,128,0]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[C:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[c:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[c:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[PID: 1432][C:\Program Files\Pure Networks\Network Magic\nmapp.exe] [Pure Networks, Inc., 4.0.6277.0]
[C:\Program Files\Pure Networks\Network Magic\nmapplb.dll] [Pure Networks, Inc., 4.0.6313.0]
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPHk2KS2.DLL] [Visual Networks, 5.8.0.13]
[C:\Program Files\Pure Networks\Network Magic\nmrsrc.dll] [Pure Networks, Inc., 4.0.6313.0]
[C:\Program Files\Pure Networks\Network Magic\nmusrutl.dll] [Pure Networks, Inc., 4.0.6313.0]
[C:\Program Files\ATI Technologies\ATI HydraVision\HydraDMH.dll] [ATI Technologies Inc., 3.21.2108]
[C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll] [Pure Networks, Inc., 4.0.6305.0]
[C:\Program Files\Pure Networks\Network Magic\nmcorePS.dll] [Pure Networks, Inc., 4.0.6313.0]
[C:\Program Files\Pure Networks\Network Magic\nmrasvPS.dll] [Pure Networks, Inc., 4.0.6313.0]
[C:\Program Files\Pure Networks\Network Magic\venrsrc.dll] [Pure Networks, Inc., 4.0.6313.0]
[PID: 1456][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe] [Anti-Malware Development a.s., 7, 5, 0, 50]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [Anti-Malware Development a.s., 4, 2, 0, 15]
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPHk2KS2.DLL] [Visual Networks, 5.8.0.13]
[C:\Program Files\ATI Technologies\ATI HydraVision\HydraDMH.dll] [ATI Technologies Inc., 3.21.2108]
[PID: 1480][C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe] [Hewlett-Packard, 00 .00 .15]
[C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\hpptui0.dll] [Hewlett-Packard, 01.00.60]
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPHk2KS2.DLL] [Visual Networks, 5.8.0.13]
[C:\Program Files\ATI Technologies\ATI HydraVision\HydraDMH.dll] [ATI Technologies Inc., 3.21.2108]
[PID: 1572][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPHk2KS2.DLL] [Visual Networks, 5.8.0.13]
[C:\Program Files\ATI Technologies\ATI HydraVision\HydraDMH.dll] [ATI Technologies Inc., 3.21.2108]
[PID: 1776][C:\Program Files\Windows Media Player\WMPNSCFG.exe] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPHk2KS2.DLL] [Visual Networks, 5.8.0.13]
[C:\Program Files\ATI Technologies\ATI HydraVision\HydraDMH.dll] [ATI Technologies Inc., 3.21.2108]
Bigalo
49 Posts
0
February 6th, 2007 01:00
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPHk2KS2.DLL] [Visual Networks, 5.8.0.13]
[C:\Program Files\ATI Technologies\ATI HydraVision\HydraDMH.dll] [ATI Technologies Inc., 3.21.2108]
[C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll] [EarthLink, Inc., 3.2.54.0]
[C:\Program Files\EarthLink TotalAccess\Toolbar\CabRes.dll] [EarthLink, Inc., 3.2.54.0]
[C:\Program Files\EarthLink TotalAccess\Toolbar\ERss.dll] [EarthLink, Inc., 3.2.54.0]
[C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkHost.dll] [EarthLink, Inc., 3.2.54.0]
[C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll] [EarthLink, Inc., 3.2.54.0]
[C:\Program Files\EarthLink TotalAccess\Toolbar\PubUI.dll] [EarthLink, Inc., 3.2.54.0]
[C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll] [EarthLink, Inc., 3.2.54.0]
[C:\Program Files\EarthLink TotalAccess\Toolbar\PCCenter.dll] [EarthLink, Inc., 3.2.54.0]
[C:\Program Files\EarthLink TotalAccess\Toolbar\AccelUI.dll] [EarthLink, Inc., 3.2.54.0]
[C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll] [EarthLink, Inc., 3.1.142.0]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
[C:\WINDOWS\system32\dla\tfswshx.dll] [Sonic Solutions, 1.04.05b]
[C:\WINDOWS\system32\tfswapi.dll] [Sonic Solutions, 1.04.05b]
[C:\WINDOWS\system32\dla\tfswcres.dll] [Sonic Solutions, 1.04.05b]
[c:\program files\mcafee\virusscan\scriptcl.dll] [McAfee, Inc., VSCORE.13.3.0.132.x86]
[C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll] [EarthLink, Inc., 3.2.54.0]
[c:\program files\google\googletoolbar1.dll] [Google Inc., 3, 0, 125, 1]
[C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll] [EarthLink, Inc., 3.2.54.0]
[C:\Program Files\EarthLink TotalAccess\EAUTHMGR.DLL] [EarthLink, Inc., 2005.2.118.0]
[C:\Program Files\EarthLink TotalAccess\Utils.dll] [EarthLink, Inc., 2005.2.15.0]
[C:\Program Files\EarthLink TotalAccess\E60Cmmon.dll] [EarthLink, Inc., 2005.2.15.0]
[C:\Program Files\EarthLink TotalAccess\Ecrypt.dll] [EarthLink, Inc., 2005.2.118.0]
[C:\Program Files\EarthLink TotalAccess\AuthMgr.dll] [EarthLink, Inc., 2005.2.118.0]
[C:\Program Files\EarthLink TotalAccess\Win.dll] [EarthLink, Inc., 2005.2.15.0]
[C:\Program Files\EarthLink TotalAccess\Location.dll] [EarthLink, Inc., 2005.2.118.0]
[C:\Program Files\EarthLink TotalAccess\zlib.dll] [N/A, 1.1.4.0]
[C:\Program Files\EarthLink TotalAccess\EventLog.dll] [EarthLink, Inc., 2005.2.118.0]
[C:\WINDOWS\System32\quartz.dll] [N/A, N/A]
[C:\WINDOWS\System32\devenum.dll] [N/A, N/A]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 2784][C:\Documents and Settings\Owner\Desktop\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\Program Files\EarthLink TotalAccess\FastLane2\IPHk2KS2.DLL] [Visual Networks, 5.8.0.13]
[C:\Program Files\ATI Technologies\ATI HydraVision\HydraDMH.dll] [ATI Technologies Inc., 3.21.2108]
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
Winsock Provider
N/A
Autorun.Inf
N/A
HOSTS File
127.0.0.1 localhost
API HOOK
N/A
[/CODE]
Bigalo
49 Posts
0
February 6th, 2007 01:00
Browser Add-ons
[ElnkBhoGuard Class]
{00000000-0000-0000-0000-000000000002}
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[ElnkPubBHO Class]
{512ACF1B-64D9-4928-B382-A80556F28DB4}
[]
{53707962-6F74-2D53-2644-206D7942484F}
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890}
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
[scriptproxy]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
[ElnkProtectionBHO Class]
{9579D574-D4D8-4335-9560-FE8641A013BD}
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7}
[ElnkLegacyUninstBHO Class]
{E713904C-DF05-4C79-BBAD-02DB923253BE}
[Java Plug-in 1.5.0_10]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
[&Research]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683}
[EarthLink Toolbar]
{C7768536-96F8-4001-B1A2-90EE21279187}
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700}
[VerifyGMN Class]
{200B3EE9-7242-4EFD-B1E4-D97EE825BA53}
[Java Plug-in 1.5.0_10]
{8AD9C840-044E-11D1-B3E9-00805F499D93}
[Office Update Installation Engine]
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}
[Java Plug-in 1.5.0_06]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <, N/A>
[Java Plug-in 1.5.0_10]
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
[Java Plug-in 1.5.0_10]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[ASPRO Installer Class]
{D6376DD2-C2BD-49B2-A1B1-138F869633F3}
[McFreeScan Class]
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}
[ElnkBhoGuard Class]
{00000000-0000-0000-0000-000000000002}
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB}
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
[Office Genuine Advantage Validation Tool]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[Microsoft ProgressBar Control, version 5.0 (SP2)]
{0713E8D2-850A-101B-AFC0-4210102A8DA7}
[PeerDraw Class]
{10072CEC-8CC1-11D1-986E-00A0C955B42E}
[ElnkScamBHO Class]
{15F4D456-5BAA-4076-8486-EECB38CD3E57}
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <, N/A>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700}
[HPHubSearch Class]
{1E807E5C-521F-465E-AF4E-267AAD50B3AC}
[VerifyGMN Class]
{200B3EE9-7242-4EFD-B1E4-D97EE825BA53}
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95}
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
[Shockwave ActiveX Control]
{233C1507-6A77-46A4-9443-F871F945D258}
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
[Microsoft HTML Document 6.0]
{25336921-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83}
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D}
[SpamBlockerCtrl Class]
{3D6A4D0C-66AC-46D4-ACE1-75A1D7E579D8}
[QuickTime Object]
{4063BE15-3B08-470D-A0D5-B37161CFFD69}
[Microsoft Office Control]
{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D}
[ControlConexion Class]
{45289711-D698-4A3E-ABBF-2AD49E1F4C74}
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, N/A>
[Reporte Class]
{4A2A4430-3967-4461-94C7-BD95C419F3CF}
[ElnkPubBHO Class]
{512ACF1B-64D9-4928-B382-A80556F28DB4}
[Microsoft Licensed Class Manager 1.0]
{5220CB21-C88D-11CF-B347-00AA00A28331}
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436}
[]
{53707962-6F74-2D53-2644-206D7942484F}
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\System32\shdocvw.dll, N/A>
[InstallShield Update Service Agent]
{5B7524C8-2446-40E9-9474-94A779DBA224}
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890}
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C}
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6}
[Seleccion Class]
{6CEC0297-FAFB-41FB-97EA-77E3081B1DFE}
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
[ControlConexion Class]
{6FDCDD41-6C97-4A3B-9E6D-0144B66A1CE4}
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
[McAfee Virtual Technician Control Class]
{78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC}
[scriptproxy]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2}
[Java Plug-in 1.5.0_10]
{8AD9C840-044E-11D1-B3E9-00805F499D93}
[ModemHelperCom Class]
{94BF6C82-F075-11D4-AB95-000102B2D025}
[ElnkProtectionBHO Class]
{9579D574-D4D8-4335-9560-FE8641A013BD}
[Panda ActiveScan]
{96567F65-E04C-4611-AF29-7CDEA6FA6A84}
[Pegasus PrintPRO Control v2.0]
{9841D1AE-9C0B-11D3-9452-00105A098C21}
[SOS Class]
{986E9C29-CDC9-4E7D-B730-74E3A3893A49}
[Panda ASPRO]
{A351A85A-7821-44C0-91FE-33B27D7A4E91}
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062}
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7}
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389}
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[HPSIEnumeration Class]
{B63C249D-7FA4-42A6-8AF1-D83AB0CE00B3}
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36}
[PnIEUrlManager Class]
{C151FCFD-E2A7-4E07-B4E6-9BA2987D3515}
[EarthLink Toolbar]
{C7768536-96F8-4001-B1A2-90EE21279187}
[Seleccion Class]
{C7C7FF54-3353-4898-90CA-DBB32D43D792}
[Office Update Installation Engine]
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}
[Adobe PDF Reader]
{CA8A9780-280D-11CF-A24D-444553540000}
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127}
[AUDIO__X_MS_WAX Moniker Class]
{CD3AFA83-B84F-48F0-9393-7EDC34128127}
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127}
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127}
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[ASPRO Installer Class]
{D6376DD2-C2BD-49B2-A1B1-138F869633F3}
[iTunesDetector Class]
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB}
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21}
[ElnkLegacyUninstBHO Class]
{E713904C-DF05-4C79-BBAD-02DB923253BE}
[DeviceEnum Class]
{E9348280-2D74-4933-BE25-73D946926795}
[InstallShield Update Service Agent]
{E9880553-B8A7-4960-A668-95C68BED571E}
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, N/A>
[McFreeScan Class]
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}
[JScript Language]
{F414C260-6AC0-11CF-B6D1-00AA00BBBB58}
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, N/A>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, N/A>
[Reporte Class]
{FEBA372A-D6B4-468B-9B99-FB97263C89AD}
[&Google Search]
[&Translate English Word]
[Backward Links]
[Cached Snapshot of Page]
[E&xport to Microsoft Excel]
[EarthLink Google Search]
[Similar Pages]
[Translate Page into English]