|
| ||
| w32\alemod.e.dll removal - help! My computer has been working fine for years and all of a sudden it has been affected by all sorts of viruses, trojans and adware! McAfee virusScan detected the above virus has affected c:\windows\system32\wininet.dll by can't get rid of it. I've had trojan q, I've got dotcomtoolbar, surfsidekick, iefeats. Can someone help. I've downloaded and run spybot, adaware, norton, mcafee - none seem to get rid of the problem. I'm a novice at all this. Here's my log. Do I have to worry about password and credit card info? Many thanks. Ad-Aware SE Build 1.06r1 Logfile Created on:09 September 2005 08:59:30 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R64 31.08.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Malware.Psguard(TAC index:7):34 total references MRU List(TAC index:0):20 total references SearchClick(TAC index:10):1 total references Tracking Cookie(TAC index:3):16 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 09-09-2005 08:59:30 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\fly\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\fly\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-1240196445-362940407-1136933339-1006\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1240196445-362940407-1136933339-1006\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1240196445-362940407-1136933339-1006\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1240196445-362940407-1136933339-1006\software\microsoft\frontpage Description : default save location in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1240196445-362940407-1136933339-1006\software\microsoft\frontpage\editor\recent templates Description : list of recently used templates in microsoft publisher MRU List Object Recognized! Location: : S-1-5-21-1240196445-362940407-1136933339-1006\software\microsoft\frontpage\explorer\frontpage explorer\recent file list Description : list of recently used files in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1240196445-362940407-1136933339-1006\software\microsoft\frontpage\explorer\frontpage explorer\recent page list Description : list of recently used pages in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1240196445-362940407-1136933339-1006\software\microsoft\frontpage\explorer\frontpage explorer\recent web list Description : list of recently used webs in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1240196445-362940407-1136933339-1006\software\microsoft\frontpage\explorer\frontpage explorer\recently created servers Description : list of recently created servers in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1240196445-362940407-1136933339-1006\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1240196445-362940407-1136933339-1006\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru Description : list of recent documents opened by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1240196445-362940407-1136933339-1006\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1240196445-362940407-1136933339-1006\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1240196445-362940407-1136933339-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1240196445-362940407-1136933339-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1240196445-362940407-1136933339-1006\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1240196445-362940407-1136933339-1006\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 372 ThreadCreationTime : 09-09-2005 05:53:35 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 636 ThreadCreationTime : 09-09-2005 05:53:38 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 660 ThreadCreationTime : 09-09-2005 05:53:39 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 704 ThreadCreationTime : 09-09-2005 05:53:42 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 716 ThreadCreationTime : 09-09-2005 05:53:42 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 876 ThreadCreationTime : 09-09-2005 05:53:43 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 900 ThreadCreationTime : 09-09-2005 05:53:43 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [stylexpservice.exe] FilePath : C:\Program Files\TGTSoft\StyleXP\ ProcessID : 928 ThreadCreationTime : 09-09-2005 05:53:43 BasePriority : Normal FileVersion : 0, 10, 0, 3000 ProductVersion : 0, 10, 0, 3000 ProductName : StyleXPService Module FileDescription : StyleXPService Module InternalName : StyleXPService LegalCopyright : Copyright 2001 OriginalFilename : StyleXPService.EXE #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1064 ThreadCreationTime : 09-09-2005 05:53:45 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1088 ThreadCreationTime : 09-09-2005 05:53:45 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1236 ThreadCreationTime : 09-09-2005 05:53:50 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [d3bq.exe] FilePath : C:\WINDOWS\ ProcessID : 1336 ThreadCreationTime : 09-09-2005 05:53:51 BasePriority : Normal #:13 [aolacsd.exe] FilePath : C:\Program Files\Common Files\AOL\ACS\ ProcessID : 1360 ThreadCreationTime : 09-09-2005 05:53:51 BasePriority : Normal #:14 [avgamsvr.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1372 ThreadCreationTime : 09-09-2005 05:53:52 BasePriority : Normal FileVersion : 7,1,0,321 ProductVersion : 7.1.0.321 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Alert Manager InternalName : avgamsvr LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : avgamsvr.EXE #:15 [avgupsvc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1412 ThreadCreationTime : 09-09-2005 05:53:53 BasePriority : Normal FileVersion : 7,1,0,321 ProductVersion : 7.1.0.321 ProductName : AVG 7.0 Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Update Service InternalName : avgupsvc LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : avgupdsvc.EXE #:16 [mcvsrte.exe] FilePath : c:\PROGRA~1\mcafee.com\vso\ ProcessID : 1460 ThreadCreationTime : 09-09-2005 05:53:53 BasePriority : Normal FileVersion : 8, 0, 0, 12 ProductVersion : 8, 0, 0, 0 ProductName : McAfee VirusScan CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan Real-time Engine InternalName : mcvsrte LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc OriginalFilename : mcvsrte.exe Comments : McAfee VirusScan Real-time Engine #:17 [mdm.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\ ProcessID : 1476 ThreadCreationTime : 09-09-2005 05:53:53 BasePriority : Normal FileVersion : 7.00.9064.9150 ProductVersion : 7.00.9064.9150 ProductName : Microsoft Development Environment CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000 OriginalFilename : mdm.exe #:18 [mpfservice.exe] FilePath : C:\PROGRA~1\MCAFEE.COM\PERSON~1\ ProcessID : 1528 ThreadCreationTime : 09-09-2005 05:53:54 BasePriority : Normal FileVersion : 4.1.0.1 ProductVersion : 4.1.0.1 ProductName : McAfee Personal Firewall CompanyName : McAfee Corporation FileDescription : McAfee Personal Firewall Service InternalName : MPFService LegalCopyright : Copyright © 2000,2001 OriginalFilename : MpfService.exe Comments : McAfee Personal Firewall Service #:19 [nprotect.exe] FilePath : C:\Program Files\Norton SystemWorks\Norton Utilities\ ProcessID : 1576 ThreadCreationTime : 09-09-2005 05:53:55 BasePriority : Normal FileVersion : 16.00.0.22 ProductVersion : 16.00.0.22 ProductName : Norton Utilities CompanyName : Symantec Corporation FileDescription : Norton Protection Status InternalName : NPROTECT LegalCopyright : Copyright (C) 2003 Symantec Corporation LegalTrademarks : Norton Utilities OriginalFilename : NPROTECT.EXE #:20 [nopdb.exe] FilePath : C:\PROGRA~1\NORTON~1\SPEEDD~1\ ProcessID : 1624 ThreadCreationTime : 09-09-2005 05:53:57 BasePriority : Normal FileVersion : 7.00.0.24 ProductVersion : 7.00.0.24 ProductName : Norton Speed Disk CompanyName : Symantec Corporation FileDescription : NOPDB InternalName : NOPDB LegalCopyright : Copyright (C) 2002 OriginalFilename : NOPDB.dll #:21 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1664 ThreadCreationTime : 09-09-2005 05:53:58 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:22 [wanmpsvc.exe] FilePath : C:\WINDOWS\ ProcessID : 1692 ThreadCreationTime : 09-09-2005 05:53:58 BasePriority : Normal FileVersion : 7, 0, 0, 2 ProductVersion : 7, 0, 0, 2 ProductName : America Online CompanyName : America Online, Inc. FileDescription : Wan Miniport (ATW) Service InternalName : WanMPSvc LegalCopyright : Copyright © 2001 America Online, Inc. OriginalFilename : WanMPSvc.exe #:23 [mcshield.exe] FilePath : c:\PROGRA~1\mcafee.com\vso\ ProcessID : 1816 ThreadCreationTime : 09-09-2005 05:54:02 BasePriority : High #:24 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 272 ThreadCreationTime : 09-09-2005 05:54:38 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:25 [s3apphk.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 460 ThreadCreationTime : 09-09-2005 05:54:53 BasePriority : Normal #:26 [hpztsb04.exe] FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\ ProcessID : 468 ThreadCreationTime : 09-09-2005 05:54:54 BasePriority : Normal FileVersion : 2,80,0,0 ProductVersion : 2,80,0,0 ProductName : HP DeskJet CompanyName : HP LegalCopyright : Copyright (c) Hewlett-Packard Company 1999-2001 #:27 [realplay.exe] FilePath : C:\Program Files\Real\RealPlayer\ ProcessID : 424 ThreadCreationTime : 09-09-2005 05:54:55 BasePriority : Normal FileVersion : 6.0.9.584 ProductVersion : 6.0.9.584 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealPlayer InternalName : REALPLAY LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000 LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc. OriginalFilename : REALPLAY.EXE #:28 [aoldial.exe] FilePath : C:\Program Files\Common Files\AOL\ACS\ ProcessID : 428 ThreadCreationTime : 09-09-2005 05:54:57 BasePriority : Normal FileVersion : 2.6.6.3.UK.53 ProductVersion : 2.6.6.3.UK.53 ProductName : AOL Connectivity Service CompanyName : America Online, Inc FileDescription : AOL Connectivity Service Dialer LegalCopyright : Copyright © 2003 America Online, Inc. OriginalFilename : AOLDial.exe #:29 [aolsp scheduler.exe] FilePath : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\ ProcessID : 484 ThreadCreationTime : 09-09-2005 05:54:58 BasePriority : Normal FileVersion : 1, 5, 0, 0 ProductVersion : 1, 5, 0, 0 ProductName : AOLSP Scheduler FileDescription : AOLSP Scheduler InternalName : AOLSP Scheduler LegalCopyright : Copyright (C) America Online, Inc. 2004 OriginalFilename : AOLSP Scheduler.exe #:30 [qttask.exe] FilePath : C:\Program Files\QuickTime\ ProcessID : 492 ThreadCreationTime : 09-09-2005 05:54:58 BasePriority : Normal FileVersion : 6.5 ProductVersion : QuickTime 6.5 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:31 [dslstat.exe] FilePath : C:\Program Files\BT Voyager 105 ADSL Modem\ ProcessID : 520 ThreadCreationTime : 09-09-2005 05:54:59 BasePriority : Normal FileVersion : 4.0.7 ProductVersion : 4.0.7 ProductName : DSL Status CompanyName : GlobespanVirata, Inc. FileDescription : DSL Status Executable InternalName : DslStatus LegalCopyright : Copyright (C) 2002 OriginalFilename : dslstatus.exe #:32 [dslagent.exe] FilePath : C:\Program Files\BT Voyager 105 ADSL Modem\ ProcessID : 536 ThreadCreationTime : 09-09-2005 05:55:00 BasePriority : Normal #:33 [fts.exe] FilePath : C:\Program Files\VoyagerTest\ ProcessID : 544 ThreadCreationTime : 09-09-2005 05:55:00 BasePriority : Normal FileVersion : 1, 0, 2, 2 ProductVersion : 1, 0, 0, 0 ProductName : Friendly Products CompanyName : Friendly Technologies FileDescription : fts InternalName : fts LegalCopyright : Copyright © 2001 Friendly Technologies OriginalFilename : fts.exe Comments : Built 06/05/2003 #:34 [avgcc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 556 ThreadCreationTime : 09-09-2005 05:55:01 BasePriority : Normal FileVersion : 7,1,0,338 ProductVersion : 7.1.0.338 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Control Center InternalName : AvgCC LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : AvgCC.EXE #:35 [avgemc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 564 ThreadCreationTime : 09-09-2005 05:55:02 BasePriority : Normal FileVersion : 7,1,0,338 ProductVersion : 7.1.0.338 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG E-Mail Scanner InternalName : avgemc LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : avgemc.exe #:36 [mpftray.exe] FilePath : C:\PROGRA~1\MCAFEE.COM\PERSON~1\ ProcessID : 604 ThreadCreationTime : 09-09-2005 05:55:04 BasePriority : Normal FileVersion : 4.5.3.30 ProductVersion : 4.5.3.30 ProductName : McAfee Personal Firewall (MPF) CompanyName : McAfee Security FileDescription : McAfee Personal Firewall Tray Monitor InternalName : MpfTray LegalCopyright : Copyright © 2000-2003 Networks Associates Technologies, Inc. OriginalFilename : MPFTRAY.EXE Comments : Tray Icon for McAfee Personal Firewall #:37 [mcvsshld.exe] FilePath : C:\PROGRA~1\mcafee.com\vso\ ProcessID : 1648 ThreadCreationTime : 09-09-2005 05:55:08 BasePriority : Normal FileVersion : 8, 0, 0, 15 ProductVersion : 8, 0, 0, 0 ProductName : McAfee VirusScan CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan ActiveShield Resource InternalName : msvcshld LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc OriginalFilename : mcvsshld.exe Comments : McAfee VirusScan ActiveShield Resource #:38 [mcvsescn.exe] FilePath : c:\progra~1\mcafee.com\vso\ ProcessID : 1652 ThreadCreationTime : 09-09-2005 05:55:11 BasePriority : Normal FileVersion : 8, 0, 0, 20 ProductVersion : 8, 0, 0, 0 ProductName : McAfee VirusScan CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan E-mail Scan Module InternalName : mcvsescn LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc OriginalFilename : mcvsescn.EXE Comments : McAfee VirusScan E-mail Scan Module #:39 [mcagent.exe] FilePath : c:\program files\mcafee.com\agent\ ProcessID : 1944 ThreadCreationTime : 09-09-2005 05:55:11 BasePriority : Normal FileVersion : 4, 3, 0, 10 ProductVersion : 4, 3, 0, 0 ProductName : McAfee SecurityCenter CompanyName : Networks Associates Technology, Inc FileDescription : McAfee SecurityCenter Agent InternalName : mcagent LegalCopyright : Copyright © 1998-2002 Networks Associates Technology, Inc. OriginalFilename : mcagent.exe #:40 [d3xf.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 196 ThreadCreationTime : 09-09-2005 05:55:14 BasePriority : Normal SearchClick Object Recognized! Type : Process Data : d3xf.exe TAC Rating : 10 Category : Malware Comment : (CSI MATCH) Object : C:\WINDOWS\system32\ Warning! SearchClick Object found in memory(C:\WINDOWS\system32\d3xf.exe) "C:\WINDOWS\system32\d3xf.exe"Process terminated successfully "C:\WINDOWS\system32\d3xf.exe"Process terminated successfully #:41 [mpfagent.exe] FilePath : C:\PROGRA~1\MCAFEE.COM\PERSON~1\ ProcessID : 772 ThreadCreationTime : 09-09-2005 05:55:14 BasePriority : Normal FileVersion : 4.1.0.1 ProductVersion : 4.1.0.1 ProductName : McAfee Personal Firewall (MPF) CompanyName : McAfee Security FileDescription : McAfee Personal Firewall Agent Interface InternalName : MpfAgent LegalCopyright : Copyright © 2000-2003 Networks Associates Technologies, Inc. OriginalFilename : MPFAGENT.EXE Comments : McAfee Personal Firewall Security Center Module #:42 [ctfmon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2012 ThreadCreationTime : 09-09-2005 05:55:15 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:43 [wkcalrem.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\ ProcessID : 2452 ThreadCreationTime : 09-09-2005 05:55:34 BasePriority : Normal FileVersion : 6.00.1828.1 ProductVersion : 6.00.1828.1 ProductName : Microsoft® Works 6.0 CompanyName : Microsoft® Corporation FileDescription : Microsoft® Works Calendar Reminder Service InternalName : WkCalRem LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved. OriginalFilename : WKCALREM.EXE #:44 [aoltray.exe] FilePath : C:\Program Files\AOL 9.0\ ProcessID : 2476 ThreadCreationTime : 09-09-2005 05:55:37 BasePriority : Normal FileVersion : 9.00.001 ProductVersion : 9.00.001 ProductName : America Online CompanyName : America Online, Inc. FileDescription : AOL Tray Icon InternalName : AolTray LegalCopyright : Copyright (C) America Online, Inc. 1999 - 2004 #:45 [wuauclt.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3920 ThreadCreationTime : 09-09-2005 05:56:07 BasePriority : Normal FileVersion : 5.8.0.2469 built by: lab01_n(wmbla) ProductVersion : 5.8.0.2469 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:46 [waol.exe] FilePath : C:\PROGRA~1\AOL9~1.0\ ProcessID : 2580 ThreadCreationTime : 09-09-2005 05:57:03 BasePriority : Normal #:47 [shellmon.exe] FilePath : C:\PROGRA~1\AOL9~1.0\ ProcessID : 3768 ThreadCreationTime : 09-09-2005 05:57:23 BasePriority : Normal #:48 [aoltpspd.exe] FilePath : C:\Program Files\Common Files\AOL\ ProcessID : 244 ThreadCreationTime : 09-09-2005 05:57:26 BasePriority : Normal FileVersion : 1, 1, 1, 0 ProductVersion : [v1_r1.1-2] On Mon 11/29/2004 19:54:26.07 ProductName : AOL TopSpeed(TM) CompanyName : America Online Inc FileDescription : AOL TopSpeed(TM) InternalName : AOL TopSpeed(TM) LegalCopyright : Copyright © America Online 2003 LegalTrademarks : AOL TopSpeed(TM) OriginalFilename : aoltpspd.exe #:49 [dreamweaver.exe] FilePath : C:\Program Files\Macromedia\Dreamweaver MX 2004\ ProcessID : 2444 ThreadCreationTime : 09-09-2005 06:27:51 BasePriority : Normal FileVersion : 7.0.1 ProductVersion : 7.0.1.2181 ProductName : Macromedia Dreamweaver MX 2004 CompanyName : Macromedia, Inc. FileDescription : Dreamweaver MX 2004 InternalName : Dreamweaver MX 2004 LegalCopyright : Copyright (c) 1997-2004 Macromedia, Inc. LegalTrademarks : Macromedia, the Macromedia logo, ColdFusion, Dreamweaver, and HomeSite are trademarks or registered trademarks of Macromedia, Inc. in the United States and/or other countries. Other marks are the properties of their respective owners. OriginalFilename : Dreamweaver.exe Comments : Experience Matters #:50 [~e5d141.tmp] FilePath : C:\DOCUME~1\fly\LOCALS~1\Temp\ ProcessID : 3832 ThreadCreationTime : 09-09-2005 06:28:00 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Macrovision Europe Ltd. Cleanup CompanyName : Macrovision Europe Ltd. FileDescription : Cleanup InternalName : Cleanup LegalCopyright : Copyright © 2002 OriginalFilename : Cleanup.exe #:51 [~e5d141.tmp] FilePath : C:\DOCUME~1\fly\LOCALS~1\Temp\ ProcessID : 1196 ThreadCreationTime : 09-09-2005 06:32:47 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Macrovision Europe Ltd. Cleanup CompanyName : Macrovision Europe Ltd. FileDescription : Cleanup InternalName : Cleanup LegalCopyright : Copyright © 2002 OriginalFilename : Cleanup.exe #:52 [macromedia licensing.exe] FilePath : C:\Program Files\Common Files\Macromedia Shared\Service\ ProcessID : 1640 ThreadCreationTime : 09-09-2005 06:32:50 BasePriority : Normal FileVersion : 2.42.000 FileDescription : System Level Service Utilty LegalCopyright : Copyright (c) 1998-2003 Macrovision Corp. #:53 [avgw.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 2680 ThreadCreationTime : 09-09-2005 06:59:59 BasePriority : Normal FileVersion : 7,1,0,321 ProductVersion : 7.1.0.321 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG 7.0 InternalName : avgw LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : AVGW.EXE #:54 [swish2.exe] FilePath : C:\Program Files\SWiSH v2.01\ ProcessID : 2584 ThreadCreationTime : 09-09-2005 07:48:59 BasePriority : Normal FileVersion : 2004.06.29 ProductVersion : 2004.06.29 ProductName : SWiSH v2.01 CompanyName : SWiSHzone.com Pty Ltd FileDescription : SWiSH MFC Application InternalName : SWiSH LegalCopyright : Copyright (c) 1999-2004 LegalTrademarks : SWiSH OriginalFilename : SWiSH2.exe Comments : Version 2.01 #:55 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 780 ThreadCreationTime : 09-09-2005 07:58:51 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 21 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{057e242f-2947-4e0a-8e61-a11345d97ea6} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{357a87ed-3e5d-437d-b334-deb7eb4982a3} Malware.Psguard Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{357a87ed-3e5d-437d-b334-deb7eb4982a3} Value : No Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{08101c3e-6c90-439e-9734-6e4dd1b53b69} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{09b90087-4ffa-4a44-be69-da117a710f07} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1449f89c-ad28-427a-97ff-1d5bd812ea43} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1c08d3d0-1e04-4dde-ab0a-75355ea2585e} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{206538f7-f98c-4a46-a7d4-4a37fcdc932b} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{20f8b70d-9f16-4dcb-8788-90a0498e46b9} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{28fedb90-53c7-4928-994a-cee782606507} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{2c462d06-3ba0-48bb-9282-bb6519fe86e9} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{3a350193-c7f7-4e10-b347-02ff4c3cc4e9} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{4723879b-8f52-4be7-9994-626afa539366} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{7b6a3434-8625-4abf-b79d-09d98c2498c4} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8b6c0168-baac-4c7c-911e-0132590f5661} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8ec33b7d-9953-4edb-ace2-d4c105968601} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a00e2305-7001-4200-ba00-5779f9a3e7d3} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a20f5672-7486-4d27-bd2b-e555e4692c5f} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a917b2f3-a9bf-477c-a0e3-0382d0376159} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b26b5883-f15f-4283-b3d5-a1728077de47} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b803d266-a08d-4a4c-9604-6d35689abe09} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6e2a22c-b3a8-43a4-b5ec-a5bb671ab3f7} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{cb9385ab-8541-4b2f-a363-48f64c612993} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{cf1674cc-ec9a-4aee-996e-65a8f7c0b0e4} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{d5d6e9b5-30d5-4457-ac8b-399205f50411} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{d6a7d177-0b2f-4283-b2e8-b6310a45e606} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{e0d6c30a-b9a3-4181-8099-3b0d5a2b98af} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{f100a342-3ac5-47ff-b5b3-fcdb6fc9f016} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{f4364eec-31f5-4b8b-a7e0-3b6394c9d23f} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{982392f9-9c65-48b4-b667-3459c46630d1} Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{f61d1ce1-5199-4b57-b59e-c6819ea92f3b} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 31 Objects found so far: 52 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 52 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : fly@atdmt[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:4 Value : Cookie:fly@atdmt.com/ Expires : 07-09-2010 01:00:00 LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : fly@ads.addynamix[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:fly@ads.addynamix.com/ Expires : 09-09-2005 20:04:04 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : fly@hitbox[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:6 Value : Cookie:fly@hitbox.com/ Expires : 08-09-2006 15:54:24 LastSync : Hits:6 UseCount : 0 Hits : 6 Tracking Cookie Object Recognized! Type : IECache Entry Data : fly@apmebf[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:fly@apmebf.com/ Expires : 07-09-2010 10:44:46 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : fly@statcounter[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:fly@statcounter.com/ Expires : 07-09-2010 09:39:20 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : fly@2o7[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:9 Value : Cookie:fly@2o7.net/ Expires : 07-09-2010 14:14:58 LastSync : Hits:9 UseCount : 0 Hits : 9 Tracking Cookie Object Recognized! Type : IECache Entry Data : fly@bluestreak[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:5 Value : Cookie:fly@bluestreak.com/ Expires : 07-09-2015 02:59:16 LastSync : Hits:5 UseCount : 0 Hits : 5 Tracking Cookie Object Recognized! Type : IECache Entry Data : fly@www.entrepreneur[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:fly@www.entrepreneur.com/ Expires : 07-09-2014 00:50:08 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : fly@mediaplex[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:5 Value : Cookie:fly@mediaplex.com/ Expires : 22-06-2009 01:00:00 LastSync : Hits:5 UseCount : 0 Hits : 5 Tracking Cookie Object Recognized! Type : IECache Entry Data : fly@advertising[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:11 Value : Cookie:fly@advertising.com/ Expires : 07-09-2010 20:16:08 LastSync : Hits:11 UseCount : 0 Hits : 11 Tracking Cookie Object Recognized! Type : IECache Entry Data : fly@ehg-natr.hitbox[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:fly@ehg-natr.hitbox.com/ Expires : 08-09-2006 15:54:24 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : fly@fastclick[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:fly@fastclick.net/ Expires : 29-08-2007 20:04:02 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : fly@valueclick[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:fly@valueclick.net/ Expires : 31-08-2030 11:20:42 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : fly@overture[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:9 Value : Cookie:fly@overture.com/ Expires : 06-09-2015 14:23:12 LastSync : Hits:9 UseCount : 0 Hits : 9 Tracking Cookie Object Recognized! Type : IECache Entry Data : fly@servedby.advertising[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:7 Value : Cookie:fly@servedby.advertising.com/ Expires : 08-10-2005 20:16:08 LastSync : Hits:7 UseCount : 0 Hits : 7 Tracking Cookie Object Recognized! Type : IECache Entry Data : fly@doubleclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:8 Value : Cookie:fly@doubleclick.net/ Expires : 07-09-2008 10:03:46 LastSync : Hits:8 UseCount : 0 Hits : 8 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 16 Objects found so far: 68 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 68 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\shudderltd Malware.Psguard Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\desktop\general Value : Wallpaper Malware.Psguard Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Display Inline Images Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 3 Objects found so far: 71 09:33:54 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:34:23.367 Objects scanned:201389 Objects identified:51 Objects ignored:0 New critical objects:51 |
| ||
| Re: w32\alemod.e.dll removal - help! I recommend starting with a thorough cleaning. Use this guide. Start with Step 1 and work all the way through Step 2. See if this helps address some of your problems. If some of the problems still remain, let me know what they are. You might want to work through the entire guide so that you can optimize and secure your system as much as possible. |
| All times are GMT -4. The time now is 11:36 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC