Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

regenerating spyware [RESOLVED]

Started by polling , Oct 12 2005 08:43 AM

  • This topic is locked This topic is locked

#1
polling
Posted 12 October 2005 - 08:43 AM

polling

    Member

  • Member
  • PipPipPip
  • 303 posts
i have ewido and every morning i run the scanner for ewido and it picks up eight spyware items. even when the computer isn't in use these items seem to regenerate themselves i wanted to know do i have a problem elsewhere.Also i had an extension named RarExtdll added to my computer a couple of weeks ago by some program and i have been unable to delete it and when i do click on that icon about 15 other icons appear on my screen please help here's my hijack thanx in advance


Logfile of HijackThis v1.99.1
Scan saved at 10:42:31 AM, on 10/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\frank\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberli...xp/CheckDVD.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...484/mcfscan.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements

#2
greyknight17
Posted 18 October 2005 - 09:59 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Give me the Ewido report/log so I can take a look at that also. Also run a new HijackThis scan and post a more updated log here.

To answer your other question in the 3 day with no reply topic, TkBellexe is a safe process. But deny it from starting up if you wish since it's related to RealOne and it's just a resource hog if you ask it to startup.

I really don't see anything wrong here, so I have to take a look at your Ewido log first.

Did you run Ad-aware and Spybot already?
  • 0

#3
polling
Posted 19 October 2005 - 01:44 PM

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
thanx for responding to my log i can't delete a Rar Ext.dll when i click on the icon to try to delete it i get this message: cannot delete Rar Ext.dll.0 Access denied make sure the disk is not full or write protected and that the file is not currently in use


i don't understand that because i didn't ask for this icon it just popped up on my sceen


also when i run ewido scan i have regenerating spyware everyday even after cleaning my computer

hers my logs:adware log Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, October 19, 2005 2:35:33 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R70 12.10.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):16 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R70 12.10.2005
Internal build : 82
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 532922 Bytes
Total size : 1597866 Bytes
Signature data size : 1564479 Bytes
Reference data size : 32875 Bytes
Signatures total : 44398
Fingerprints total : 1051
Fingerprints size : 37487 Bytes
Target categories : 15
Target families : 759


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:34 %
Total physical memory:458224 kb
Available physical memory:151772 kb
Total page file size:1082712 kb
Available on page file:536752 kb
Total virtual memory:2097024 kb
Available virtual memory:2047952 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


10-19-2005 2:35:33 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\frank\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1782325225-2551428485-1480717513-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1782325225-2551428485-1480717513-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1782325225-2551428485-1480717513-1007\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-1782325225-2551428485-1480717513-1007\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1782325225-2551428485-1480717513-1007\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1782325225-2551428485-1480717513-1007\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1782325225-2551428485-1480717513-1007\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1782325225-2551428485-1480717513-1007\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1782325225-2551428485-1480717513-1007\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1782325225-2551428485-1480717513-1007\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1782325225-2551428485-1480717513-1007\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1782325225-2551428485-1480717513-1007\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 376
ThreadCreationTime : 10-18-2005 1:03:15 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 428
ThreadCreationTime : 10-18-2005 1:03:18 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 452
ThreadCreationTime : 10-18-2005 1:03:18 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 496
ThreadCreationTime : 10-18-2005 1:03:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 508
ThreadCreationTime : 10-18-2005 1:03:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 652
ThreadCreationTime : 10-18-2005 1:03:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 716
ThreadCreationTime : 10-18-2005 1:03:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 784
ThreadCreationTime : 10-18-2005 1:03:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [incdsrv.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCDsrv.exe
Command Line : "C:\Program Files\Ahead\InCD\InCDsrv.exe"
ProcessID : 804
ThreadCreationTime : 10-18-2005 1:03:20 PM
BasePriority : Normal
FileVersion : 4, 1, 0, 2
ProductVersion : 4, 1, 0, 2
ProductName : AHEAD Software incdsrv
CompanyName : AHEAD Software
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright © 2003
OriginalFilename : incdsrv.exe

#:10 [smc.exe]
ModuleName : C:\Program Files\Sygate\SPF\smc.exe
Command Line : n/a
ProcessID : 928
ThreadCreationTime : 10-18-2005 1:03:21 PM
BasePriority : Normal
FileVersion : 5.6.00.2808
ProductVersion : 5.6.00.2808
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE

#:11 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 976
ThreadCreationTime : 10-18-2005 1:03:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1060
ThreadCreationTime : 10-18-2005 1:03:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1188
ThreadCreationTime : 10-18-2005 1:03:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1616
ThreadCreationTime : 10-18-2005 1:03:26 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:15 [zhotkey.exe]
ModuleName : C:\WINDOWS\zHotkey.exe
Command Line : "C:\WINDOWS\zHotkey.exe"
ProcessID : 1720
ThreadCreationTime : 10-18-2005 1:03:31 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 0
ProductName : Chicony Multimedia Driver
CompanyName : Chicony
FileDescription : Chicony Multimedia Driver
InternalName : Multimedia Hotkey Driver
LegalCopyright : Copyright © 2000 Chicony
OriginalFilename : mHotkey.res

#:16 [winpatrol.exe]
ModuleName : C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
Command Line : "C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe"
ProcessID : 1772
ThreadCreationTime : 10-18-2005 1:03:31 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 0
ProductVersion : 9.1.0.0
ProductName : WinPatrol Monitor
CompanyName : BillP Studios
FileDescription : WinPatrol System Monitor
InternalName : WinPatrol Monitor
LegalCopyright : Copyright © 1997- 2005 BillP Studios
OriginalFilename : Scotty
Comments : Let Scotty the Windows Watchdog patrol your system.

#:17 [spysweeper.exe]
ModuleName : C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Command Line : "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
ProcessID : 1800
ThreadCreationTime : 10-18-2005 1:03:32 PM
BasePriority : Normal
FileVersion : 4,0,3,363
ProductVersion : 4, 0
ProductName : Spy Sweeper Retail
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper Retail Executable
LegalCopyright : Copyright © 2002 - 2005, All Rights Reserved.
OriginalFilename : SpySweeper.exe

#:18 [acsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
ProcessID : 1808
ThreadCreationTime : 10-18-2005 1:03:32 PM
BasePriority : Normal


#:19 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 1816
ThreadCreationTime : 10-18-2005 1:03:32 PM
BasePriority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:20 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
ProcessID : 1872
ThreadCreationTime : 10-18-2005 1:03:33 PM
BasePriority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:21 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1892
ThreadCreationTime : 10-18-2005 1:03:33 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:22 [hpwuschd2.exe]
ModuleName : C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Command Line : "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
ProcessID : 1936
ThreadCreationTime : 10-18-2005 1:03:33 PM
BasePriority : Normal
FileVersion : 2, 0, 39, 0
ProductVersion : 2, 0, 39, 0
ProductName : Hewlett-Packard hpwuSchd
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd2.exe

#:23 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 1952
ThreadCreationTime : 10-18-2005 1:03:33 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:24 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 1984
ThreadCreationTime : 10-18-2005 1:03:34 PM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.5
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2004
OriginalFilename : HpCmpMgr.exe

#:25 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
ProcessID : 1996
ThreadCreationTime : 10-18-2005 1:03:34 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:26 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2008
ThreadCreationTime : 10-18-2005 1:03:34 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:27 [gearsec.exe]
ModuleName : C:\WINDOWS\system32\gearsec.exe
Command Line : system32\gearsec.exe
ProcessID : 2032
ThreadCreationTime : 10-18-2005 1:03:35 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001 GEAR Software
OriginalFilename : gearsec.exe

#:28 [kodakccs.exe]
ModuleName : C:\WINDOWS\system32\drivers\KodakCCS.exe
Command Line : C:\WINDOWS\system32\drivers\KodakCCS.exe
ProcessID : 128
ThreadCreationTime : 10-18-2005 1:03:35 PM
BasePriority : Normal
FileVersion : 1.1.5100.4
ProductVersion : 4.4.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : KodakCCS.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2004
OriginalFilename : DcFsSvc.exe

#:29 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 152
ThreadCreationTime : 10-18-2005 1:03:36 PM
BasePriority : Normal
FileVersion : 6.14.10.5664
ProductVersion : 6.14.10.5664
ProductName : NVIDIA Driver Helper Service, Version 56.64
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 56.64
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:30 [sndsrvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
ProcessID : 112
ThreadCreationTime : 10-18-2005 1:03:37 PM
BasePriority : Normal
FileVersion : 5.4.4.17
ProductVersion : 5.4
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:31 [bigfix.exe]
ModuleName : C:\Program Files\BigFix\BigFix.exe
Command Line : "C:\Program Files\BigFix\BigFix.exe" /atstartup
ProcessID : 472
ThreadCreationTime : 10-18-2005 1:03:38 PM
BasePriority : Normal
FileVersion : 1, 7, 6, 0
ProductVersion : 1, 7, 6, 0
ProductName : BigFix
CompanyName : BigFix Inc.
FileDescription : BigFix Client Application
InternalName : BigFix
LegalCopyright : Copyright © 2002
OriginalFilename : BigFix.exe

#:32 [hpqtra08.exe]
ModuleName : C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Command Line : "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"
ProcessID : 512
ThreadCreationTime : 10-18-2005 1:03:39 PM
BasePriority : Normal
FileVersion : 43.1.5.000
ProductVersion : 043.001.005.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:33 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 772
ThreadCreationTime : 10-18-2005 1:03:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:34 [easyshare.exe]
ModuleName : C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Command Line : "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -h
ProcessID : 832
ThreadCreationTime : 10-18-2005 1:03:40 PM
BasePriority : Normal
FileVersion : 5, 0, 4, 128
ProductVersion : 4, 0, 2, 134
ProductName : Kodak EasyShare software
CompanyName : Eastman Kodak Company
FileDescription : Kodak EasyShare software
InternalName : EasyShare
LegalCopyright : Copyright © Eastman Kodak Company 2002
LegalTrademarks : EasyShare
OriginalFilename : EasyShare.exe

#:35 [wrsssdk.exe]
ModuleName : C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Command Line : "C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe"
ProcessID : 936
ThreadCreationTime : 10-18-2005 1:03:41 PM
BasePriority : Normal
FileVersion : 1,0,3,221
ProductVersion : 1, 0
ProductName : Spy Sweeper SDK
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper SDK
LegalCopyright : Copyright © 2002 - 2004, All Rights Reserved.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.
OriginalFilename : SpySweeper.exe

#:36 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1316
ThreadCreationTime : 10-18-2005 1:03:46 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:37 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 1364
ThreadCreationTime : 10-18-2005 1:03:46 PM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:38 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 1536
ThreadCreationTime : 10-18-2005 1:03:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:39 [hpqgalry.exe]
ModuleName : C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
Command Line : "C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe" -s
ProcessID : 2200
ThreadCreationTime : 10-18-2005 1:04:06 PM
BasePriority : Normal


#:40 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 836
ThreadCreationTime : 10-19-2005 1:21:59 AM
BasePriority : Normal


#:41 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 2260
ThreadCreationTime : 10-19-2005 1:21:59 AM
BasePriority : High


#:42 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 3852
ThreadCreationTime : 10-19-2005 1:22:09 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:43 [zhotkey.exe]
ModuleName : C:\WINDOWS\zHotkey.exe
Command Line : "C:\WINDOWS\zHotkey.exe"
ProcessID : 3608
ThreadCreationTime : 10-19-2005 1:22:13 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 0
ProductName : Chicony Multimedia Driver
CompanyName : Chicony
FileDescription : Chicony Multimedia Driver
InternalName : Multimedia Hotkey Driver
LegalCopyright : Copyright © 2000 Chicony
OriginalFilename : mHotkey.res

#:44 [winpatrol.exe]
ModuleName : C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
Command Line : "C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe"
ProcessID : 2056
ThreadCreationTime : 10-19-2005 1:22:14 AM
BasePriority : Normal
FileVersion : 9, 1, 0, 0
ProductVersion : 9.1.0.0
ProductName : WinPatrol Monitor
CompanyName : BillP Studios
FileDescription : WinPatrol System Monitor
InternalName : WinPatrol Monitor
LegalCopyright : Copyright © 1997- 2005 BillP Studios
OriginalFilename : Scotty
Comments : Let Scotty the Windows Watchdog patrol your system.

#:45 [spysweeper.exe]
ModuleName : C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Command Line : "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
ProcessID : 2140
ThreadCreationTime : 10-19-2005 1:22:14 AM
BasePriority : Normal
FileVersion : 4,0,3,363
ProductVersion : 4, 0
ProductName : Spy Sweeper Retail
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper Retail Executable
LegalCopyright : Copyright © 2002 - 2005, All Rights Reserved.
OriginalFilename : SpySweeper.exe

#:46 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 3664
ThreadCreationTime : 10-19-2005 1:22:14 AM
BasePriority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:47 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
ProcessID : 824
ThreadCreationTime : 10-19-2005 1:22:14 AM
BasePriority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:48 [hpwuschd2.exe]
ModuleName : C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Command Line : "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
ProcessID : 1420
ThreadCreationTime : 10-19-2005 1:22:15 AM
BasePriority : Normal
FileVersion : 2, 0, 39, 0
ProductVersion : 2, 0, 39, 0
ProductName : Hewlett-Packard hpwuSchd
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd2.exe

#:49 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 2540
ThreadCreationTime : 10-19-2005 1:22:15 AM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.5
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2004
OriginalFilename : HpCmpMgr.exe

#:50 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 3136
ThreadCreationTime : 10-19-2005 1:22:15 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:51 [hpqtra08.exe]
ModuleName : C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Command Line : "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"
ProcessID : 3972
ThreadCreationTime : 10-19-2005 1:22:18 AM
BasePriority : Normal
FileVersion : 43.1.5.000
ProductVersion : 043.001.005.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:52 [easyshare.exe]
ModuleName : C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Command Line : "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -h
ProcessID : 1508
ThreadCreationTime : 10-19-2005 1:22:20 AM
BasePriority : Normal
FileVersion : 5, 0, 4, 128
ProductVersion : 4, 0, 2, 134
ProductName : Kodak EasyShare software
CompanyName : Eastman Kodak Company
FileDescription : Kodak EasyShare software
InternalName : EasyShare
LegalCopyright : Copyright © Eastman Kodak Company 2002
LegalTrademarks : EasyShare
OriginalFilename : EasyShare.exe

#:53 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Command Line : "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
ProcessID : 476
ThreadCreationTime : 10-19-2005 1:22:25 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:54 [hpqgalry.exe]
ModuleName : C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
Command Line : "C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe" -s
ProcessID : 2532
ThreadCreationTime : 10-19-2005 1:22:41 AM
BasePriority : Normal


#:55 [firefox.exe]
ModuleName : C:\Program Files\Mozilla Firefox\firefox.exe
Command Line : "C:\Program Files\Mozilla Firefox\firefox.exe"
ProcessID : 3936
ThreadCreationTime : 10-19-2005 6:08:34 PM
BasePriority : Normal


#:56 [securitysuite.exe]
ModuleName : C:\Program Files\ewido\security suite\SecuritySuite.exe
Command Line : "C:\Program Files\ewido\security suite\SecuritySuite.exe"
ProcessID : 548
ThreadCreationTime : 10-19-2005 6:35:07 PM
BasePriority : Normal
FileVersion : 3, 5, 0, 0
ProductVersion : 3, 5, 0, 0
ProductName : ewido security suite
CompanyName : ewido networks
FileDescription : security suite
InternalName : GuiLoader
LegalCopyright : © 2003 ewido networks
OriginalFilename : SecuritySuite.exe

#:57 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1484
ThreadCreationTime : 10-19-2005 6:35:23 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : frank@audioadserver[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/audioadserver
Expires : 11-18-2005 3:05:14 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : frank@live365[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 10-23-2010 9:47:12 AM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 18



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1063 entries scanned.
New critical objects:0
Objects found so far: 18




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18

3:02:22 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:26:49.171
Objects scanned:142241
Objects identified:2
Objects ignored:0
New critical objects:2


ewido log+ Created on: 3:42:35 PM, 10/19/2005
+ Report-Checksum: C6488CFC

+ Scan result:

:mozilla.49:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.55:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.56:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.57:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.58:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.59:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.60:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.61:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.62:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.76:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.81:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.82:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.83:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.84:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.112:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.113:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.114:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.115:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.116:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.119:C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
25 infected objects here



ran a spybot and it found no immediate threats


thanx in advance
  • 0

#4
greyknight17
Posted 19 October 2005 - 04:16 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK, you have to pay attention to the instructions I gave you. I never asked for the Ad-aware log...as you can see it's just wasting lots of space here for no reason. I want your Ewido log which you still didn't post yet. I will NOT continue any further unless you follow the instructions I gave you...otherwise you might as well work this out yourself.
  • 0

#5
polling
Posted 19 October 2005 - 08:20 PM

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
the ewido log is right at the bottom what are you talking about ? :tazz: :) :woot:



im sorry for posting the ad aware log, but i did post a ewido log right behind it



here is my new hijack Logfile of HijackThis v1.99.1
Scan saved at 10:32:59 PM, on 10/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\frank\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberli...xp/CheckDVD.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...484/mcfscan.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by polling, 19 October 2005 - 08:33 PM.

  • 0

#6
greyknight17
Posted 20 October 2005 - 08:40 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Sorry about that...yes Ewido is there. I just hate it when users post that loooooooooooooong Ad-aware log when I didn't ask for it.

Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

The only problem you have now is with that Rar Ext.dll file? How is it spelled exactly? Rar Ext.dll with a space between Rar and Ext.dll? Is it on your desktop?
  • 0

#7
polling
Posted 21 October 2005 - 10:22 AM

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
it's RarExtdll with no space in between, and it is on my desktop thanx in advance
  • 0

#8
greyknight17
Posted 21 October 2005 - 04:55 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Have to be careful there :tazz: Is it RarExtdll or RarExt.dll? We'll try both then :)

Download KillBox http://www.greyknigh...spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Right click and copy the below lines. Go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes:

C:\Documents and Settings\frank\Desktop\RarExt.dll
C:\Documents and Settings\frank\Desktop\RarExtdll

If you get a PendingOperations message, just close it and restart your computer manually.

Restart. Still there? Any other problems?
  • 0

#9
polling
Posted 24 October 2005 - 11:39 AM

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
thanx that got rid of it thanx for everything :tazz: :) :woot: :woot:
  • 0

#10
greyknight17
Posted 24 October 2005 - 12:47 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP