Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RUNDLL error message [CLOSED]


  • This topic is locked This topic is locked

#1
garfluver

garfluver

    Member

  • Member
  • PipPipPip
  • 103 posts
Anyone know anything about this message?...

an exception occurred while trying to run "C:/Windows/system32/AmCTRES.CPY.dll", U Monitor

I've been getting it once in a while (just out of the blue it seems to me) and was wonderind what it means. Is it some kind of spyware trying to get in?

Thanks for any help,
Garfluver
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
That's an indication of a VX2.BetterInternet spyware infection. First try Ad-aware as it's able to automatically remove many of these infections.

CLICK HERE to download Ad-aware
Using Ad-aware: Open Ad-Aware and use the Check for updates now link. Download and accept the latest reference file. When finished click the Start button. When done scanning, the Abort button will change to Next. Click the Next button. Right-click in the Scanning Results window and click "Select all objects". Then click the "Next" button and confirm that you want to delete the selected entries.

When finished we'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
garfluver

garfluver

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Hi!

I've scanned with Ad Aware 6.0 and Spybot 1.3...they both came up empty. Then I rebooted and ran HiJackThis. Here's the log results of that.

Logfile of HijackThis v1.97.7
Scan saved at 4:44:12 PM, on 4/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\McAfee.com\MPS\mscifapp.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bhawk.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bhawk.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bhawk.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BlackHawk Internet
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pu...er/isetupML.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,19/mcgdmgr.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?316
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.ho...ex/HMAtchmt.ocx

Another thing that keeps happening (even while logged on to this website and trying to send a reply) I keep getting the website www.spotresults.com coming up. Seems to do that when I am trying to get from one window to another. On spotresults window it says "website isn't available at this time" meaning the website I'm trying to go to. I have this as a "blocked" website on my McAfee...but it still gets through.

Thanks for looking into these.
Garfluver
  • 0

#4
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
You have some type of spyware on your system, but I've read your log four times, and it's clean. Let's see if an Ad-aware log shows anything. Perform system scan, when finished click "Show log file" button, and paste the results back to this topic. <_<
  • 0

#5
garfluver

garfluver

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here is the results of my Ad-aware scan...

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Friday, April 30, 2004 6:39:04 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R217 08.09.2003
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


4-30-2004 6:39:04 PM - Scan started. (Smart mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 4-30-2004 10:47:52 AM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 4-30-2004 10:47:54 AM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 4-30-2004 10:47:54 AM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 4/30/2004 11:39:04 PM
Last modified : 8/29/2002 11:00:00 AM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 4-30-2004 10:47:54 AM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 4/30/2004 11:39:04 PM
Last modified : 8/29/2002 11:00:00 AM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 4-30-2004 10:47:55 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 4/30/2004 11:39:04 PM
Last modified : 8/29/2002 11:00:00 AM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 4-30-2004 10:47:55 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 4/30/2004 11:39:04 PM
Last modified : 8/29/2002 11:00:00 AM

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 4-30-2004 10:47:56 AM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 4/30/2004 11:39:04 PM
Last modified : 8/29/2002 11:00:00 AM

#:8 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 4-30-2004 10:47:56 AM
BasePriority : Normal
FileSize : 31 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 4/30/2004 11:13:43 PM
Last modified : 8/29/2002 11:00:00 AM

#:9 [acsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ThreadCreationTime : 4-30-2004 10:47:59 AM
BasePriority : Normal
FileSize : 1344 KB
FileVersion : 1,0,17,5
ProductVersion : 1,0,17,5
Copyright : Copyright
CompanyName : America Online, Inc.
FileDescription : AOL Connectivity Service
InternalName : acsd
OriginalFilename : acsd.exe
ProductName : AOL Connectivity Service
Created on : 3/23/2004 3:40:48 PM
Last accessed : 4/30/2004 11:39:04 PM
Last modified : 8/6/2003 10:58:26 PM

#:10 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 4-30-2004 10:47:59 AM
BasePriority : Normal
FileSize : 5 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
OriginalFilename : cisvc.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 4/30/2004 11:39:04 PM
Last modified : 8/29/2002 11:00:00 AM

#:11 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 4-30-2004 10:48:00 AM
BasePriority : Normal
FileSize : 43 KB
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
Copyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
OriginalFilename : CTsvcCDA.EXE
ProductName : Creative Service for CDROM Access
Created on : 3/23/2004 3:39:58 PM
Last accessed : 4/30/2004 11:39:04 PM
Last modified : 12/13/1999 7:01:00 AM

#:12 [mcvsrte.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ThreadCreationTime : 4-30-2004 10:48:00 AM
BasePriority : Normal
FileSize : 104 KB
FileVersion : 8, 0, 0, 12
ProductVersion : 8, 0, 0, 0
Copyright : Copyright
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
OriginalFilename : mcvsrte.exe
ProductName : McAfee VirusScan
Created on : 3/23/2004 3:56:15 PM
Last accessed : 4/30/2004 11:39:04 PM
Last modified : 8/9/2003 12:04:38 AM

#:13 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ThreadCreationTime : 4-30-2004 10:48:00 AM
BasePriority : Normal
FileSize : 314 KB
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
OriginalFilename : mdm.exe
ProductName : Microsoft
Created on : 6/20/2003 5:25:00 AM
Last accessed : 4/30/2004 11:39:04 PM
Last modified : 6/20/2003 5:25:00 AM

#:14 [mpfservice.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ThreadCreationTime : 4-30-2004 10:48:00 AM
BasePriority : Normal
FileSize : 492 KB
FileVersion : 4.1.0.1
ProductVersion : 4.1.0.1
Copyright : Copyright
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
OriginalFilename : MpfService.exe
ProductName : McAfee Personal Firewall
Created on : 3/26/2004 2:12:26 AM
Last accessed : 4/30/2004 11:39:04 PM
Last modified : 9/2/2003 8:00:00 PM

#:15 [sqlservr.exe]
FilePath : C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\
ThreadCreationTime : 4-30-2004 10:48:00 AM
BasePriority : Normal
FileSize : 7368 KB
FileVersion : 2000.080.0818.00
ProductVersion : 8.00.818
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
OriginalFilename : SQLSERVR.EXE
ProductName : Microsoft SQL Server
Created on : 12/18/2002 1:26:22 AM
Last accessed : 4/30/2004 11:39:04 PM
Last modified : 6/1/2003 12:02:32 AM

#:16 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 4-30-2004 10:48:00 AM
BasePriority : Normal
FileSize : 72 KB
FileVersion : 6.14.10.4501
ProductVersion : 6.14.10.4501
Copyright : © NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 45.01
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 45.01
Created on : 1/1/1980 6:00:00 AM
Last accessed : 4/30/2004 11:39:04 PM
Last modified : 10/30/2003 2:06:02 PM

#:17 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 4-30-2004 10:48:00 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 4/30/2004 11:39:04 PM
Last modified : 8/29/2002 11:00:00 AM

#:18 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 4-30-2004 10:48:00 AM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
Copyright : Copyright
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
OriginalFilename : WanMPSvc.exe
ProductName : America Online
Created on : 3/23/2004 3:40:51 PM
Last accessed : 4/30/2004 11:39:04 PM
Last modified : 1/10/2003 11:13:04 PM

#:19 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 4-30-2004 10:48:00 AM
BasePriority : Normal
FileSize : 52 KB
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
Copyright : Copyright © Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
OriginalFilename : MSPMSPSV.EXE
ProductName : Microsoft ® DRM
Created on : 6/26/2000 1:44:20 PM
Last accessed : 4/30/2004 11:39:05 PM
Last modified : 6/26/2000 1:44:20 PM

#:20 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ThreadCreationTime : 4-30-2004 10:48:02 AM
BasePriority : High
FileSize : 220 KB
Created on : 3/27/2004 6:31:28 AM
Last accessed : 4/30/2004 11:39:05 PM
Last modified : 3/13/2002 2:50:34 PM

#:21 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 4-30-2004 10:48:57 AM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 4/30/2004 11:38:46 PM
Last modified : 8/29/2002 11:00:00 AM

#:22 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ThreadCreationTime : 4-30-2004 10:48:57 AM
BasePriority : Normal
FileSize : 112 KB
FileVersion : 1.04.05b
Copyright : Copyright
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
Created on : 3/23/2004 3:37:50 PM
Last accessed : 4/30/2004 11:39:05 PM
Last modified : 8/6/2003 7:04:00 AM

#:23 [dsentry.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 4-30-2004 10:48:57 AM
BasePriority : Normal
FileSize : 28 KB
FileVersion : 1, 0, 5, 0
ProductVersion : 1, 0, 5, 0
Copyright : Copyright
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
OriginalFilename : DSentry.exe
ProductName : Dell - DVDSentry
Created on : 8/13/2003 4:27:40 PM
Last accessed : 4/30/2004 11:39:05 PM
Last modified : 8/13/2003 4:27:40 PM

#:24 [pcmservice.exe]
FilePath : C:\Program Files\Dell\Media Experience\
ThreadCreationTime : 4-30-2004 10:48:58 AM
BasePriority : Normal
FileSize : 200 KB
FileVersion : 1.0.0826
ProductVersion : 1.0.0826
Copyright : Copyright c 2003 CyberLink Corp.
CompanyName : CyberLink Corp.
FileDescription : PowerCinema Resident Program for Dell
InternalName : PowerCinema Resident Program for Dell
OriginalFilename : PCM2Launcher.EXE
ProductName : PCM2Launcher Application
Created on : 3/23/2004 3:39:13 PM
Last accessed : 4/30/2004 11:39:05 PM
Last modified : 8/27/2003 1:47:34 AM

#:25 [mmtask.exe]
FilePath : C:\Program Files\MusicMatch\MusicMatch Jukebox\
ThreadCreationTime : 4-30-2004 10:48:58 AM
BasePriority : Normal
FileSize : 52 KB
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
Copyright : TODO: © <Company name>. All rights reserved.
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
OriginalFilename : mmtask.exe
ProductName : TODO: <Product name>
Created on : 3/23/2004 3:45:05 PM
Last accessed : 4/30/2004 11:39:05 PM
Last modified : 10/6/2003 4:05:40 PM

#:26 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ThreadCreationTime : 4-30-2004 10:48:58 AM
BasePriority : Normal
FileSize : 116 KB
FileVersion : 8.10.1006
ProductVersion : 8.10.1006
Copyright : Copyright
CompanyName : MUSICMATCH, Inc.
FileDescription : mm_tray
InternalName : mm_tray
OriginalFilename : mm_tray.exe
ProductName : MUSICMATCH JUKEBOX
Created on : 3/23/2004 3:45:05 PM
Last accessed : 4/30/2004 10:43:13 PM
Last modified : 10/6/2003 4:05:40 PM

#:27 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ThreadCreationTime : 4-30-2004 10:48:58 AM
BasePriority : Normal
FileSize : 240 KB
FileVersion : 4, 3, 0, 27
ProductVersion : 4, 3, 0, 0
Copyright : Copyright
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
OriginalFilename : mcagent.exe
ProductName : McAfee SecurityCenter
Created on : 3/27/2004 6:31:24 AM
Last accessed : 4/30/2004 11:39:05 PM
Last modified : 12/8/2003 9:38:52 PM

#:28 [support.exe]
FilePath : C:\Program Files\Common Files\Dell\EUSW\
ThreadCreationTime : 4-30-2004 10:48:58 AM
BasePriority : Normal
FileSize : 288 KB
FileVersion : 2, 0, 0, 34
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Dell
FileDescription : Support
InternalName : Support
OriginalFilename : Support.exe
ProductName : Dell Support
Created on : 10/7/2003 10:21:10 PM
Last accessed : 4/30/2004 11:39:05 PM
Last modified : 10/7/2003 10:21:10 PM

#:29 [mcvsshld.exe]
FilePath : C:\PROGRA~1\mcafee.com\vso\
ThreadCreationTime : 4-30-2004 10:48:58 AM
BasePriority : Normal
FileSize : 160 KB
FileVersion : 8, 0, 0, 15
ProductVersion : 8, 0, 0, 0
Copyright : Copyright
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
OriginalFilename : mcvsshld.exe
ProductName : McAfee VirusScan
Created on : 3/23/2004 3:56:15 PM
Last accessed : 4/30/2004 11:39:05 PM
Last modified : 8/18/2003 3:50:34 AM

#:30 [mpftray.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ThreadCreationTime : 4-30-2004 10:48:58 AM
BasePriority : Normal
FileSize : 1348 KB
FileVersion : 5.0.1.5
ProductVersion : 5.0.1.5
Copyright : Copyright
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
OriginalFilename : MPFTRAY.EXE
ProductName : McAfee Personal Firewall (MPF)
Created on : 3/26/2004 2:12:26 AM
Last accessed : 4/30/2004 11:39:05 PM
Last modified : 9/2/2003 8:00:00 PM

#:31 [hpgs2wnd.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\
ThreadCreationTime : 4-30-2004 10:48:59 AM
BasePriority : Normal
FileSize : 56 KB
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
Copyright : Copyright
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
OriginalFilename : hpgs2wnd.exe
ProductName : Hewlett-Packard hpgs2wnd
Created on : 3/27/2004 2:38:58 AM
Last accessed : 4/30/2004 11:39:05 PM
Last modified : 7/3/2001 3:11:52 PM

#:32 [mscifapp.exe]
FilePath : C:\Program Files\McAfee.com\MPS\
ThreadCreationTime : 4-30-2004 10:48:59 AM
BasePriority : Normal
FileSize : 220 KB
FileVersion : 4, 0, 1, 24
ProductVersion : 4, 0, 0, 0
Copyright : Copyright
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee Privacy Service
InternalName : mscifapp
OriginalFilename : mscifapp.exe
ProductName : McAfee Privacy Service
Created on : 3/31/2004 12:45:44 AM
Last accessed : 4/30/2004 11:39:05 PM
Last modified : 7/25/2003 9:56:18 PM

#:33 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ThreadCreationTime : 4-30-2004 10:48:59 AM
BasePriority : Normal
FileSize : 404 KB
FileVersion : 8, 0, 0, 20
ProductVersion : 8, 0, 0, 0
Copyright : Copyright
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
OriginalFilename : mcvsescn.EXE
ProductName : McAfee VirusScan
Created on : 3/23/2004 3:56:18 PM
Last accessed : 4/30/2004 11:39:05 PM
Last modified : 9/28/2003 7:47:00 PM

#:34 [screenprint32.exe]
FilePath : C:\Program Files\ScreenPrint32 v3\
ThreadCreationTime : 4-30-2004 10:48:59 AM
BasePriority : Normal
FileSize : 436 KB
FileVersion : 3.50.0515
ProductVersion : 3.50.0515
Copyright : Copyright 1997-2003 Provtech Limited
CompanyName : Provtech Limited
FileDescription : Main Executable
InternalName : ScreenPrint32
OriginalFilename : ScreenPrint32.exe
ProductName : ScreenPrint32 - v3.5
Created on : 5/16/2003 1:36:40 AM
Last accessed : 4/30/2004 11:39:05 PM
Last modified : 5/16/2003 1:36:40 AM

#:35 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 4-30-2004 10:48:59 AM
BasePriority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 3/23/2004 3:42:03 PM
Last accessed : 4/30/2004 11:39:05 PM
Last modified : 3/23/2004 3:42:03 PM

#:36 [notifyalert.exe]
FilePath : C:\Program Files\Dell\Support\Alert\bin\
ThreadCreationTime : 4-30-2004 10:48:59 AM
BasePriority : Normal
FileSize : 344 KB
FileVersion : 2.1.0.72
ProductVersion : 2.1.0.72
InternalName : NotifyAlert.exe
OriginalFilename : NotifyAlert.exe
Created on : 10/7/2003 10:20:18 PM
Last accessed : 4/30/2004 11:39:05 PM
Last modified : 10/7/2003 10:20:18 PM

#:37 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 4-30-2004 10:48:59 AM
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 4/30/2004 11:39:05 PM
Last modified : 8/29/2002 11:00:00 AM

#:38 [mnyexpr.exe]
FilePath : C:\Program Files\Microsoft Money\System\
ThreadCreationTime : 4-30-2004 10:48:59 AM
BasePriority : Normal
FileSize : 196 KB
FileVersion : 12.00.0613
ProductVersion : 12.00.0613
Copyright : Copyright
CompanyName : Microsoft Corp.
FileDescription : Microsoft Money Express
InternalName : mnyexpr
OriginalFilename : mnyexpr.exe
ProductName : Microsoft
Created on : 6/18/2003 6:00:00 PM
Last accessed : 4/30/2004 11:39:06 PM
Last modified : 6/18/2003 6:00:00 PM

#:39 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 4-30-2004 10:48:59 AM
BasePriority : Normal
FileSize : 1456 KB
FileVersion : 4.7.2009
ProductVersion : Version 4.7
Copyright : Copyright © Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 4/15/2003 1:30:14 AM
Last accessed : 4/30/2004 11:23:33 PM
Last modified : 4/15/2003 1:30:14 AM

#:40 [dlg.exe]
FilePath : C:\Program Files\Digital Line Detect\
ThreadCreationTime : 4-30-2004 10:49:00 AM
BasePriority : Normal
FileSize : 24 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
OriginalFilename : TestLine.exe
ProductName : BVRP Software TestLine
Created on : 3/23/2004 3:37:23 PM
Last accessed : 4/30/2004 11:39:06 PM
Last modified : 6/20/2003 9:43:00 AM

#:41 [iam.exe]
FilePath : C:\Program Files\CallWave\
ThreadCreationTime : 4-30-2004 10:49:01 AM
BasePriority : Normal
FileSize : 949 KB
FileVersion : 3.07.1 (16-March-2004)
ProductVersion : 3.07.1 (16-March-2004)
Copyright : Copyright
CompanyName : CallWave, Inc.
FileDescription : Internet Answering Machine
InternalName : CallApp
OriginalFilename : CallApp.exe
ProductName : CallWave Service
Created on : 3/27/2004 3:44:35 AM
Last accessed : 4/30/2004 11:13:45 PM
Last modified : 3/27/2004 3:44:35 AM

#:42 [diagent.exe]
FilePath : C:\Program Files\Creative\SBLive\Diagnostics\
ThreadCreationTime : 4-30-2004 10:49:01 AM
BasePriority : Normal
FileSize : 132 KB
FileVersion : 1, 1, 4, 0
ProductVersion : 1.01.04
Copyright : Copyright © 2002 Creative Technology Ltd
CompanyName : Creative Technology Ltd
FileDescription : Creative Diagnostics Agent
InternalName : Creative Diagnostics Agent
OriginalFilename : diagent.exe
ProductName : Creative Diagnostics Agent
Created on : 3/23/2004 3:39:54 PM
Last accessed : 4/30/2004 11:39:06 PM
Last modified : 4/3/2002 7:01:00 AM

#:43 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ThreadCreationTime : 4-30-2004 10:49:01 AM
BasePriority : Normal
FileSize : 52 KB
FileVersion : 5.00.1928.1
ProductVersion : 5.00.1928.1
CompanyName : Microsoft
FileDescription : Microsoft
InternalName : WkCalRem
OriginalFilename : WKCALREM.EXE
ProductName : Microsoft
Created on : 9/5/1999 5:23:00 AM
Last accessed : 4/30/2004 11:39:06 PM
Last modified : 9/5/1999 5:23:00 AM

#:44 [hpgs2wnf.exe]
FilePath : C:\PROGRA~1\HEWLET~1\HPSHAR~1\
ThreadCreationTime : 4-30-2004 10:49:02 AM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
Copyright : Copyright 2001
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
OriginalFilename : hpgs2wnf.EXE
ProductName : hpgs2wnf Module
Created on : 3/27/2004 2:38:58 AM
Last accessed : 4/30/2004 11:39:06 PM
Last modified : 7/3/2001 3:17:04 PM

#:45 [mpfagent.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ThreadCreationTime : 4-30-2004 10:49:06 AM
BasePriority : Normal
FileSize : 500 KB
FileVersion : 4.1.0.1
ProductVersion : 4.1.0.1
Copyright : Copyright
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
OriginalFilename : MPFAGENT.EXE
ProductName : McAfee Personal Firewall (MPF)
Created on : 3/26/2004 2:12:26 AM
Last accessed : 4/30/2004 11:39:06 PM
Last modified : 9/2/2003 8:00:00 PM

#:46 [mcvsftsn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ThreadCreationTime : 4-30-2004 10:49:11 AM
BasePriority : Normal
FileSize : 216 KB
FileVersion : 8, 0, 0, 20
ProductVersion : 8, 0, 0, 0
Copyright : Copyright
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
OriginalFilename : mcvsftsn.EXE
ProductName : McAfee VirusScan
Created on : 3/23/2004 3:56:20 PM
Last accessed : 4/30/2004 11:39:06 PM
Last modified : 9/29/2003 9:38:16 PM

#:47 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 4-30-2004 10:55:42 AM
BasePriority : Idle
FileSize : 8 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
OriginalFilename : cidaemon.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 4/30/2004 11:39:06 PM
Last modified : 8/29/2002 11:00:00 AM

#:48 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 4-30-2004 10:55:45 AM
BasePriority : Idle
FileSize : 8 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
OriginalFilename : cidaemon.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 4/30/2004 11:39:06 PM
Last modified : 8/29/2002 11:00:00 AM

#:49 [rnathchk.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 4-30-2004 12:09:02 PM
BasePriority : Normal
FileSize : 56 KB
FileVersion : 7.0.0.1176
ProductVersion : 7.0.0.1176
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks ATH Check App
InternalName : rnathchk
OriginalFilename : rnathchk.EXE
ProductName : RealOne Player (32-bit)
Created on : 3/23/2004 3:42:03 PM
Last accessed : 4/30/2004 11:39:06 PM
Last modified : 3/23/2004 3:42:03 PM

#:50 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 4-30-2004 11:38:50 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 4/20/2004 1:49:38 AM
Last accessed : 4/30/2004 11:38:50 PM
Last modified : 7/13/2003 3:00:20 AM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Tracking Cookie Object recognized!
Type : File
Data : ertmer@zedo[2].txt
Object : C:\Documents and Settings\ertmer\Cookies\

Created on : 4/30/2004 1:54:27 AM
Last accessed : 4/30/2004 11:40:23 PM
Last modified : 4/30/2004 6:15:23 PM


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 1


6:40:48 PM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:01:44:219
Objects scanned :45387
Objects identified :1
Objects ignored :0
New objects :1


For now I quarantined the 1 new object. Waiting to see what you find first.

I did have the "spotresults.com" website jump in as I was trying to post my message just now.

Thanks for your help!
Garfluver
  • 0

#6
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Must be a Link2Me infection. Try this fix first:
http://www.spywarein...les/kill2me.zip
  • 0

#7
garfluver

garfluver

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
I opened the Kill2...just said that if I was infected it killed it.

As I was opening the download sight you suggested...the message I was originally writing about showed up. I hadn't seen it for a while.

I also downloaded an updated version of CW Shredder and ran that again. (I haven't seen spotresult.com since.

Should I do anything else??

Garfluver
  • 0

#8
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Are you still getting the DLL error? If not, and you're not getting pop-ups you should be good to go <_<

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use).

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.
Link to SpywareBlaster: http://www.javacools...areblaster.html

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.
  • 0

#9
garfluver

garfluver

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Haven't had the Rundll message again...but still getting popups from spotresults and now zestyfind.

I did run a virus scan...YIKES...came up with 98 potentially unwanted files. They were all Adware or Clearsearch files...except for 2 of them.

I got rid of those last night...then scanned again this morning. I think there were about 14 of those same types of files. I have them quarantined right now.

Any other suggestions?

Garfluver
  • 0

#10
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
:D Zestyfind :D

Let's see another Hijack Log please... <_<
  • 0

Advertisements


#11
garfluver

garfluver

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
I'll run another HiJackThis...but want to let you know...I ran a virus scan and deleted the potentially unwanted files. One of them could not be cleaned and would not let me delete it either...so I have it quarantined.

File name: C:/Windows/SYSTEM32/AmCTRES.cpy.dll
Program name: Adware-Look2Me

Garfluver
  • 0

#12
garfluver

garfluver

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here's the latest HiJackThis log:

Logfile of HijackThis v1.97.7
Scan saved at 6:21:31 PM, on 5/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\McAfee.com\MPS\mscifapp.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\CallWave\IAM.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bhawk.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bhawk.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bhawk.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BlackHawk Internet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pu...er/isetupML.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,19/mcgdmgr.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?316
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.ho...ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D841BDB-66E7-4061-B5B9-52ECBAA63E69}: NameServer = 12.148.201.34 12.148.201.35


Thank you so much for your help...this is driving me crazy! <_<

Garfluver
  • 0

#13
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Here's the problem:

File name: C:/Windows/SYSTEM32/AmCTRES.cpy.dll
Program name: Adware-Look2Me

Here's the fix:
Disconnect from the internet (unplug is best so you wont connect on re-boot). Then empty all your temp files from within your browser (Tools, Internet Options, Delete Temporary Internet Files). Next, you'll need your Windows XP CD. Put the Windows CD in the tray and reboot the computer...

-You should get a "press any key to boot from CD" message, so do that.

-It will load a bunch of files and eventually give you a menu where you can select the "Recovery Console" by pressing R... press R.

-You'll see your Windows Installation like "C:\Windows", type the number 1 and press enter.

-Administrator password is next: it's probably blank, so just press enter. Unless you've created one, in which case enter it.

-With all that done you'll end up with a C:\Windows> prompt

Now to delete these files:

At the command prompt type del c:\windows\system32\AmCTRES.dll

and

del c:\windows\system32\AmCTRES.cpy.dll

Then when that is complete, remove the CD from the tray and type Exit and it will reboot.

Rescan with Ad-aware and let it remove the registry entry. When done, reconnect to the Internet, and let us know how it works. Hope this helps!

Ad-aware: http://www.lavasoftu...ftware/adaware/
  • 0

#14
garfluver

garfluver

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Hi!

Well...I hate to admit it...but I'm a little chicken to try your recent suggestion :D

So thought I'd try the suggestion from May 1 again

http://www.spywarein...les/kill2me.zip

This time I got a message saying it would try to delete the Look2Me file...then it said file was deleted if present. Hoping this is good news!!

I'll run another HiJack log after doing a virus scan and spybot/ad aware scans. Then if things still look suspicious I'll try to overcome the fear and try your suggestions.

I'm just such a novice...I'm afraid I'll do something wrong. <_< I've only had this computer for a month!

Garfluver
  • 0

#15
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
The instructions look harder than they really are, but I understand your reluctance. This is an especially hard pest to remove. :D

You could also try running Ad-aware with the most recent reference file installed. They are getting better at removing this infection--as they see more of them.

Unfortunatley, Look2Me doesn't show up in Hijack This logs. <_<
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP