Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

W32/Alemod.e.dll virus [CLOSED]

Started by Nbernstein , Aug 26 2005 05:23 PM

  • This topic is locked This topic is locked

#1
Nbernstein
Posted 26 August 2005 - 05:23 PM

Nbernstein

    New Member

  • Member
  • Pip
  • 4 posts
Before I/we begin, I don't know who you are or why you devote your time to help nontechie strangers...but thank you! Good Karma is returned.

I have AOL v9 with McAfee but it and I are not perfect!

I performed:

CleanUp
AdAware SE
CWShredder
Spybot S&D

and also ran EWIDO and then HijackThis.

Prior to receiving the above virus I had run and installed security update 2.

However C:\WINDOWS\system32\WINNET.dll is still infected with the W32/Alemod.e.dll virus.

Here is the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:02:30 PM, on 8/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\SM1BG.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\COMMON~1\AOL\110296~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110296~1\EE\AOLServiceHost.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102960677\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...m-ob-assets.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://kohler1.view2...ew22/V22RTE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v6.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com...did/BoardID.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?312
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60...geWell-ipix.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BA1E260-5C4E-4AE9-B1DC-946D9B67CA6A}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: xad2 - Unknown owner - C:\WINDOWS\fojgka.exe (file missing)

What now???????????????????
  • 0

Advertisements

#2
tampabelle
Posted 26 August 2005 - 06:08 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please print out these instructions or copy them into a text file on your Desktop for easy access.

During the fix, u will be asked to fix some entries, delete some files or uninstall some programs. If in case, you do not see those entries / files / programs, please make a note of it. Continue with the fix and in your next post please inform me of all deviations from the fix prescribed.

1. Download Programs

Please download these programs and save them in a new folder on your desktop -

CleanUp

2. Run Hijack This

Run Hijack This and click on scan. The following items need to be fixed -

O17 - HKLM\System\CCS\Services\Tcpip\..\{1BA1E260-5C4E-4AE9-B1DC-946D9B67CA6A}: NameServer = 205.188.146.145

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.


3. Delete Rogue files

Click on Start ---> Run. Type Services.msc and hit enter. Locate the item - xad2. Right click on it and then click on properties. In the Startup Type choose the option Disable. Close the window.

Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).

Run CleanUp and delete all temp files including temporary internet files

Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following file -

C:\WINDOWS\fojgka.exe

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch. It will open the folder Prefetch. Delete all the files in that folder. Dont delete the folder, only the files in it !!!!!!!!

Run Hijack This again. Click on config ---> Misc Tools ---> Delete an NT Service. Type in xad2 and hit enter.

Reboot the PC in Normal Mode.

Please visit Panda and do an online scan. Save the scan report.

Run Hijack This and post a fresh HJT log along with Panda scan report.
  • 0

#3
Nbernstein
Posted 27 August 2005 - 10:02 PM

Nbernstein

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for the reply. I had already downloaded CleanUp so I just reran HJT but the file 017-... was not found here is the HJT file from that run:

Logfile of HijackThis v1.99.1
Scan saved at 6:46:11 PM, on 8/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\SM1BG.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\COMMON~1\AOL\110296~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110296~1\EE\AOLServiceHost.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102960677\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...m-ob-assets.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://kohler1.view2...ew22/V22RTE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v6.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com...did/BoardID.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?312
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60...geWell-ipix.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: xad2 - Unknown owner - C:\WINDOWS\fojgka.exe (file missing)


The file C:\windows\fojgka.exe does not exist and therefor could not be deleted.

I reran HJT to delete an NT service and input xad2 and received the following message:

The following service was found
short name: xad2
full name: xad2
File: C:\windows\fojgka.exe (file missing)
Owner: Unknown owner

Are you absolutely sure you want to delete the service? Y/N

I said Yes

I ran Panda on 3 separate occaisions but after between 1-2 hours of scanning my IE closed and I couldn't find any log from Panda! I ran it scanning MY COMPUTER twice and LOCAL DRIVES once.

I was able to run an EWIDO scan and here is the report:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:42:06 AM, 8/27/2005
+ Report-Checksum: CB946F49

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
[1228] C:\WINDOWS\System32\OLEEXT.dll -> Trojan.Agent.ff : Error during cleaning
[1332] C:\WINDOWS\system32\OLEEXT.dll -> Trojan.Agent.ff : Error during cleaning
[1728] C:\WINDOWS\system32\OLEEXT.dll -> Trojan.Agent.ff : Error during cleaning
[860] C:\WINDOWS\system32\OLEEXT.dll -> Trojan.Agent.ff : Error during cleaning
[528] C:\WINDOWS\system32\OLEEXT.dll -> Trojan.Agent.ff : Error during cleaning
[600] C:\WINDOWS\system32\OLEEXT.dll -> Trojan.Agent.ff : Error during cleaning
[728] C:\WINDOWS\system32\OLEEXT.dll -> Trojan.Agent.ff : Error during cleaning
[2052] C:\WINDOWS\system32\OLEEXT.dll -> Trojan.Agent.ff : Error during cleaning
[3316] C:\WINDOWS\system32\OLEEXT.dll -> Trojan.Agent.ff : Error during cleaning
[2740] C:\WINDOWS\system32\OLEEXT.dll -> Trojan.Agent.ff : Error during cleaning
C:\Program Files\PSGuard -> Spyware.PSGuard : Cleaned with backup
C:\Program Files\PSGuard\Core.dll -> Spyware.PSGuard : Cleaned with backup
C:\Program Files\PSGuard\database.pkg -> Spyware.PSGuard : Cleaned with backup
C:\Program Files\PSGuard\Localization.dll -> Spyware.PSGuard : Cleaned with backup
C:\Program Files\PSGuard\Logfile.txt -> Spyware.PSGuard : Cleaned with backup
C:\Program Files\PSGuard\msvcp71.dll -> Spyware.PSGuard : Cleaned with backup
C:\Program Files\PSGuard\msvcr71.dll -> Spyware.PSGuard : Cleaned with backup
C:\Program Files\PSGuard\PSGuard.exe -> Spyware.PSGuard : Cleaned with backup
C:\Program Files\PSGuard\PSGuard.exe.local -> Spyware.PSGuard : Cleaned with backup
C:\Program Files\PSGuard\Quarantine -> Spyware.PSGuard : Cleaned with backup
C:\Program Files\PSGuard\Uninstall.exe -> Spyware.PSGuard : Cleaned with backup
C:\Program Files\PSGuard\WndSystem.dll -> Spyware.PSGuard : Cleaned with backup
C:\WINDOWS\cmsetacl.log:pozfx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\DirectX.log:bjbaj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\ikglu.dat:qmupp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB824146.log:ptbcs -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB828035.log:pxaqx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB841873.log:rvicz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB841873.log:yamst -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB890175.log:tipap -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB891781.log:ksgba -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\msgsocm.log:ukoie -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ocmsn.log:iobav -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Q308676.log:zwewr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Q311967.log:qnigd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Q323172.log:bzahf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Q329390.log:kuttc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Q815021.log:bfbee -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\QUICKEN(2).INI:wtljg -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\QUICKEN(3).INI:wtljg -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\QUICKEN(4).INI:wtljg -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:hqyzj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32:rdaa.dll -> TrojanDownloader.Small.azk : Cleaned with backup
C:\WINDOWS\system32\ole32vbs.exe -> Trojan.Favadd.aj : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__OLEEXT.dll -> Trojan.Small.ev : Cleaned with backup
C:\WINDOWS\T30DebugLogFile.txt:xlxwh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\vminst.log:suhug -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\WMSysPr9(2).prx:jrrbw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\WMSysPr9(3).prx:jrrbw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\WMSysPr9(4).prx:jrrbw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\WMSysPr9(5).prx:jrrbw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\WMSysPr9(6).prx:jrrbw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(10).pif:awbcf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(10).pif:ewlcj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(10).pif:mkfcv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(10).pif:oapvet -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(10).pif:rhxru -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(10).pif:rmlmn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(10).pif:thdlz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(10).pif:vurto -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(10).pif:xetkr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(10).pif:xfbzh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(11).pif:awbcf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(11).pif:ewlcj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(11).pif:mkfcv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(11).pif:oapvet -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(11).pif:rhxru -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(11).pif:rmlmn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(11).pif:thdlz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(11).pif:vurto -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(11).pif:xetkr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(11).pif:xfbzh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(12).pif:awbcf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(12).pif:ewlcj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(12).pif:mkfcv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(12).pif:oapvet -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(12).pif:rhxru -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(12).pif:rmlmn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(12).pif:thdlz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(12).pif:vurto -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(12).pif:xetkr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(12).pif:xfbzh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(13).pif:awbcf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(13).pif:ewlcj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(13).pif:mkfcv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(13).pif:oapvet -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(13).pif:rhxru -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(13).pif:rmlmn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(13).pif:thdlz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(13).pif:vurto -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(13).pif:xetkr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(13).pif:xfbzh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(14).pif:awbcf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(14).pif:ewlcj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(14).pif:mkfcv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(14).pif:oapvet -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(14).pif:rhxru -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(14).pif:rmlmn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(14).pif:thdlz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(14).pif:vurto -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(14).pif:xetkr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(14).pif:xfbzh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(15).pif:awbcf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(15).pif:ewlcj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(15).pif:mkfcv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(15).pif:oapvet -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(15).pif:rhxru -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(15).pif:rmlmn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(15).pif:thdlz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(15).pif:vurto -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(15).pif:xetkr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(15).pif:xfbzh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(16).pif:awbcf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(16).pif:mkfcv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(16).pif:oapvet -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(16).pif:rhxru -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(16).pif:rmlmn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(16).pif:thdlz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(16).pif:vurto -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(17).pif:mkfcv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(17).pif:oapvet -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(17).pif:rhxru -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(17).pif:rmlmn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(17).pif:vurto -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(18).pif:mkfcv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(18).pif:oapvet -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(18).pif:rhxru -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(18).pif:rmlmn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(18).pif:vurto -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(2).pif:awbcf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(2).pif:ewlcj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(2).pif:mkfcv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(2).pif:oapvet -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(2).pif:rhxru -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(2).pif:rmlmn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(2).pif:thdlz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(2).pif:vurto -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(2).pif:xetkr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(2).pif:xfbzh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(2).pif:zthft -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(3).pif:awbcf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(3).pif:ewlcj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(3).pif:mkfcv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(3).pif:oapvet -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(3).pif:rhxru -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(3).pif:rmlmn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(3).pif:thdlz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(3).pif:vurto -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(3).pif:xetkr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(3).pif:xfbzh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(3).pif:zthft -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(4).pif:awbcf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(4).pif:ewlcj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(4).pif:mkfcv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(4).pif:oapvet -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(4).pif:rhxru -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(4).pif:rmlmn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(4).pif:thdlz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(4).pif:vurto -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(4).pif:xetkr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(4).pif:xfbzh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(4).pif:zthft -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(5).pif:awbcf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(5).pif:ewlcj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(5).pif:mkfcv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(5).pif:oapvet -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(5).pif:rhxru -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(5).pif:rmlmn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(5).pif:thdlz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(5).pif:vurto -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(5).pif:xetkr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(5).pif:xfbzh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(5).pif:zthft -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(6).pif:awbcf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(6).pif:ewlcj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(6).pif:mkfcv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(6).pif:oapvet -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(6).pif:rhxru -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(6).pif:rmlmn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(6).pif:thdlz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(6).pif:vurto -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(6).pif:xetkr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(6).pif:xfbzh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(7).pif:awbcf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(7).pif:ewlcj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(7).pif:mkfcv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(7).pif:oapvet -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(7).pif:rhxru -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(7).pif:rmlmn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(7).pif:thdlz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(7).pif:vurto -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(7).pif:xetkr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(7).pif:xfbzh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(8).pif:awbcf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(8).pif:ewlcj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(8).pif:mkfcv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(8).pif:oapvet -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(8).pif:rhxru -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(8).pif:rmlmn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(8).pif:thdlz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(8).pif:vurto -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(8).pif:xetkr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(8).pif:xfbzh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(9).pif:awbcf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(9).pif:ewlcj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(9).pif:mkfcv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(9).pif:oapvet -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(9).pif:rhxru -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(9).pif:rmlmn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(9).pif:thdlz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(9).pif:vurto -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(9).pif:xetkr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(9).pif:xfbzh -> TrojanDownloader.Agent.bc : Cleaned with backup


::Report End

and finally a Hijack This report:

Logfile of HijackThis v1.99.1
Scan saved at 8:58:43 PM, on 8/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\SM1BG.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\COMMON~1\AOL\110296~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\110296~1\EE\AOLServiceHost.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102960677\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...m-ob-assets.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://kohler1.view2...ew22/V22RTE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v6.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com...did/BoardID.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?312
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60...geWell-ipix.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BA1E260-5C4E-4AE9-B1DC-946D9B67CA6A}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

I hope this helps. By the way, my system is running better with the help of cleanup etc.... thanks
  • 0

#4
tampabelle
Posted 28 August 2005 - 07:49 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
pen the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot the PC in Normal Mode and post back the smitfiles.txt file along with Ewido and HJT logs
  • 0

#5
Nbernstein
Posted 28 August 2005 - 06:43 PM

Nbernstein

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here is the HJT file:

Logfile of HijackThis v1.99.1
Scan saved at 5:36:56 PM, on 8/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\SM1BG.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\COMMON~1\AOL\110296~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110296~1\EE\AOLServiceHost.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102960677\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...m-ob-assets.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://kohler1.view2...ew22/V22RTE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v6.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com...did/BoardID.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?312
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60...geWell-ipix.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BA1E260-5C4E-4AE9-B1DC-946D9B67CA6A}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

The EWIDO log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:23:38 PM, 8/29/2005
+ Report-Checksum: 4078BD02

+ Scan result:

C:\WINDOWS\Q331953.log:eayhfy -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\tsoc.log:lzlsxe -> Trojan.Agent.bi : Cleaned with backup


::Report End

and finally:


smitRem log file
version 2.3

by noahdfear

The current date is: Mon 08/29/2005
The current time is: 12:20:53.26

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ShudderLTD key present! Running LTDFix!

ShudderLTD key was successfully removed! :)


Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~

PSGuard spyware remover


~~~ Favorites ~~~



~~~ system32 folder ~~~

logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

sites.ini


~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

wininet.dll INFECTED!! :tazz: Starting replacement procedure.


~~~~ Looking for C:\WINDOWS\system32\dllcache\wininet.dll ~~~~


~~~~ C:\WINDOWS\system32\dllcache\wininet.dll Present! ~~~~


~~~~ Checking dllcache\wininet.dll for infection ~~~~


~~~~ dllcache\wininet.dll Clean! ~~~~

~~~ Replaced wininet.dll from dllcache ~~~



~~~ Upon reboot ~~~

wininet.old present!
oleadm.dll not present!
oleext.dll not present!


~~~ Upon completion ~~~

wininet.old not present!
oleadm.dll not present!
oleext.dll not present!


~~~~ Rechecking C:\WINDOWS\system32\wininet.dll for infection ~~~~


~~~~ C:\WINDOWS\system32\wininet.dll Clean! :) ~~~~

Thanks again for the help!
  • 0

#6
tampabelle
Posted 29 August 2005 - 07:24 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,

Your logs look good.


Do you have any issues with your PC ????
  • 0

#7
Nbernstein
Posted 30 August 2005 - 12:14 AM

Nbernstein

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for asking Tampabelle...things are working much better! I ran for almost 24hrs without any virus warnings. I did receive this today from my McAfee that is packaged with my AOL 9.0SE:

The file C:|System Volume Information\_restore07067F02-601B-445E-AF8E-8602C05A674E\RP78|A0048217.old was infected by the W32/Alemod.e.dll virus but has been automatically cleaned by Virus Scan.

Since it has been clean I hope that it isn't a real problem, any insights on why it popped up again?

Also, I am now running WinPatrol as well as Ewido (along with the McAfee that runs with AOL). Do you see any conflict or problem with this?

One more question if it is not too much to ask.....

When I check windows task maager>processes I have typically 41 things running and I have no idea what many of them are. Anyway to figure out what they are and what is extemporanious?

Again you have been great and I really appreciate your help, so if this question should go to another forum (or is not really worth exploration since I am running OK) just let me know.

Thanks so much!
  • 0

#8
tampabelle
Posted 30 August 2005 - 07:02 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
It is normal to have about 40 processes running even if you dont have a single window open !! I have about 40 processes running.

What is extemporanious?? Is it one of the processes listed ??? Can you locate the file on your PC and give me the full path name ???

You can try searching for the various processes on Google !! You will find a lot of information there


Delete the following programs and the associated folders, which you downloaded during the cleaning up process -

smitrem

Uninstall Ewido as it is a trial product and the trial period will expire shortly. Conflicts can arise between multiple anti-virus programs and can severely hamper the performance of the PC.

After this, please visit Windows security and critical updates and get all the updates and patches and install them on your PC.

Since your PC is currently clean, create a system restore point. A system restore would enable you to revert to the settings on the PC when the restore point was created. It is also a good idea to flush all earlier system restore points which may be containing infected files.

A. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

B. Restart your computer.

C. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

System Restore will now be active again.

Post a fresh HJT log
  • 0

#9
tampabelle
Posted 22 September 2005 - 11:38 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP