Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Crazy Trojan Horse keeps closing Win. Explorer


  • Please log in to reply

#1
mmoody26

mmoody26

    Member

  • Member
  • PipPip
  • 12 posts
When I log into windows xp, my ewido and avg go crazy detecting trohjan horses.
AVG shows the DropperAgent.lj, TrojanHorse Clicker.qb, trojanhorse generic.bey

Ewido brings up:
vxgame2.exe in my system32 directory with trojanproxy.lager.x
latest.exe with trojan.crypt.i
vxgamet2.exe with trojan.spabot.r

The main problem is I keep getting the message that windows explorer has experienced a problem and keeps shutting down; followed by a rundll box that says error loading c:/windows/system32/chp.dll Access is denied.

This is crazy!!!!
Here is my hijack log, followed by my ewido scan log.
Thanks for your help

Logfile of HijackThis v1.99.1
Scan saved at 1:19:32 PM, on 9/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\kernels32.exe
C:\WINDOWS\DELLMMKB.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\qttask.exe
C:\WINDOWS\System32\kernels32.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\B.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\A.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\D.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\C.scr
C:\WINDOWS\System32\kernels32.exe
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\12.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\13.scr
C:\WINDOWS\System32\kernels32.exe
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\18.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\17.scr
C:\WINDOWS\System32\kernels32.exe
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\1C.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\1D.scr
C:\WINDOWS\System32\kernels32.exe
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\22.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\21.scr
C:\WINDOWS\System32\kernels32.exe
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\26.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\27.scr
C:\WINDOWS\System32\kernels32.exe
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\2B.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\2C.scr
C:\WINDOWS\System32\kernels32.exe
C:\WINDOWS\System32\vxgame2.exe
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\35.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\36.scr
C:\WINDOWS\System32\kernels32.exe
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\3C.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\3B.scr
C:\WINDOWS\System32\kernels32.exe
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\41.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\40.scr
C:\WINDOWS\System32\sysvcs.exe
C:\WINDOWS\System32\kernels32.exe
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\45.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\46.scr
C:\WINDOWS\System32\kernels32.exe
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\4A.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\4B.scr
C:\WINDOWS\System32\kernels32.exe
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\50.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\4F.scr
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\kernels32.exe
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\54.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\55.scr
C:\WINDOWS\System32\kernels32.exe
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\59.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\5A.scr
C:\WINDOWS\System32\kernels32.exe
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\5F.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\5E.scr
C:\WINDOWS\System32\kernels32.exe
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\64.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\63.scr
C:\WINDOWS\System32\kernels32.exe
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\69.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\68.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\kernels32.exe
C:\WINDOWS\System32\dwwin.exe
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\6D.scr
C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\6E.scr
C:\Documents and Settings\Mark.MARKANDKARLA\My Documents\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O2 - BHO: - {009a787f-9a26-493d-bf15-ecf8257a30d6} - C:\WINDOWS\system32\rchbqv.dll (disabled by BHODemon)
O2 - BHO: - {03214798-d16c-45e5-bb9e-508ab1a1fd50} - C:\WINDOWS\system32\t.dll (disabled by BHODemon)
O2 - BHO: - {04abe39e-76b1-4db7-bdbc-35548e7a2c59} - C:\WINDOWS\system32\jgstp.dll (disabled by BHODemon)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: - {09edae6c-cdf6-491c-94ae-eee18c979154} - C:\WINDOWS\System32\jgmjgjgd.dll
O2 - BHO: - {1d2635c5-8ea1-4250-b3d9-9ab4c30d3406} - C:\WINDOWS\system32\pkyrrpwh.dll (disabled by BHODemon)
O2 - BHO: - {1f29e958-575e-42fd-a417-3ee1c0f190d3} - C:\WINDOWS\system32\vn.dll (disabled by BHODemon)
O2 - BHO: - {201ca607-a1ad-454b-8d1d-074df1606d9f} - C:\WINDOWS\System32\dfunclel.dll
O2 - BHO: - {20306a80-36a7-4f72-adcc-c63762700acc} - C:\WINDOWS\system32\viutrxv.dll (disabled by BHODemon)
O2 - BHO: - {319eb40c-93d3-4b38-a70f-684018dbc025} - C:\WINDOWS\system32\rcz.dll (disabled by BHODemon)
O2 - BHO: - {3bd9379d-8403-42fb-afc4-d3f2810e1bf3} - C:\WINDOWS\system32\phzl.dll (disabled by BHODemon)
O2 - BHO: - {3bd9bead-9ea3-4b34-9b50-a2a7a1e4c303} - C:\WINDOWS\System32\phxbmnr.dll
O2 - BHO: - {47236ac3-8e35-4939-ac76-6e52d6f9593f} - C:\WINDOWS\System32\phzxdhk.dll
O2 - BHO: - {479fb68e-fcb9-42ec-baa9-0c5edee11ff4} - C:\WINDOWS\System32\phxphno.dll
O2 - BHO: - {49690011-d351-4ae2-a1e1-f9f0aa394b87} - C:\WINDOWS\system32\phxpjnol.dll (disabled by BHODemon)
O2 - BHO: - {51f2182d-1692-4e6e-8e0e-41367b1056f4} - C:\WINDOWS\system32\pkyny.dll (disabled by BHODemon)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: - {5b61a819-4393-417b-96ca-b3c00c3f5630} - C:\WINDOWS\system32\h.dll (disabled by BHODemon)
O2 - BHO: - {5ba86d97-d5e2-46ff-9cb3-b9ac69a28f1a} - C:\WINDOWS\System32\jgmjox.dll
O2 - BHO: - {68fd94c2-913c-4df3-8659-51f294fd965d} - C:\WINDOWS\system32\duz.dll (disabled by BHODemon)
O2 - BHO: - {6a7fc27d-8682-4b3e-9d47-e3ea2e148aee} - C:\WINDOWS\system32\visdutz.dll (disabled by BHODemon)
O2 - BHO: - {7389df13-93a2-4bda-80e9-e151e6f94aa1} - C:\WINDOWS\System32\pj.dll
O2 - BHO: - {7d85444e-ab6d-4c7c-b179-d5d5e10bc511} - C:\WINDOWS\system32\r.dll (disabled by BHODemon)
O2 - BHO: - {7efb9de2-65b2-40de-b211-332c088fe552} - C:\WINDOWS\system32\p.dll (disabled by BHODemon)
O2 - BHO: - {82940738-75f4-40b6-ac72-46a8b4fc1e39} - C:\WINDOWS\system32\jgmjgjgd.dll (disabled by BHODemon)
O2 - BHO: - {82cf7cf6-9f18-4b70-adcc-395907204eef} - C:\WINDOWS\System32\z.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: - {92e1b94f-e340-4547-8e7f-260aaf3eb8a1} - C:\WINDOWS\System32\phxprpel.dll
O2 - BHO: - {a0c26edb-4300-411a-9f87-e7d6404796e0} - C:\WINDOWS\System32\visr.dll
O2 - BHO: - {a64d4ef9-3ad2-4831-94d2-363662bbc6a2} - C:\WINDOWS\System32\bzgb.dll
O2 - BHO: - {a78fbea6-0a0a-4c6b-a9e6-47326e3e704e} - C:\WINDOWS\System32\phjzxx.dll
O2 - BHO: - {a7c599ae-9a9f-4d52-bfb7-321f61953e4c} - C:\WINDOWS\System32\phjlth.dll
O2 - BHO: - {b3327ba5-8c36-4a88-8074-98e4f1a2b458} - C:\WINDOWS\System32\dfbdfdfh.dll
O2 - BHO: - {be22710a-3517-4968-8327-49310b1aa03b} - C:\WINDOWS\System32\phxla.dll
O2 - BHO: - {c602dd90-e1c8-46ea-b3c5-7bbbcbe56443} - C:\WINDOWS\System32\jgmhx.dll
O2 - BHO: - {d079c90c-7390-499d-b62e-2b3f4033330e} - C:\WINDOWS\System32\jgrvubz.dll
O2 - BHO: - {d7a26809-e890-4c67-bf0c-740bcd30249f} - C:\WINDOWS\System32\be.dll
O2 - BHO: - {dbd9f931-7180-494b-ac2f-c133a53de5c1} - C:\WINDOWS\System32\jgmjgzn.dll
O2 - BHO: - {df194a41-db6d-4dd1-b854-7d5125fb134b} - C:\WINDOWS\System32\phhxy.dll
O2 - BHO: - {e944ccbf-c4b2-4608-b4ca-db61c08cf4bf} - C:\WINDOWS\System32\l.dll
O2 - BHO: - {f22d9418-a27a-4578-8ca7-a34557ba994a} - C:\WINDOWS\System32\xqyzx.dll
O2 - BHO: - {fc326f25-3e25-43ad-ae8e-0b87f4ea2e4e} - C:\WINDOWS\System32\jgmjgjgd.dll
O2 - BHO: - {fdcf6e8c-f585-46b1-a5bf-592fe40e89b1} - C:\WINDOWS\System32\jyqrcb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [WheelsMouse] C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\6E.scr" /
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels32.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\Msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\Msjava.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O21 - SSODL: abi-1 - {26D4D9D7-5DEC-5FC8-C88C-978461DF7661} - c:\program files\internet explorer\wtdgjww6.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:15:05 AM, 9/22/2005
+ Report-Checksum: 97CE7868

+ Scan result:

C:\WINDOWS\system\__delete_on_reboot__svchost.dll -> TrojanProxy.Small.bw : Cleaned with backup
C:\WINDOWS\system32\latest.exe -> Trojan.Crypt.l : Cleaned with backup


::Report End
  • 0

Advertisements


#2
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please print out these instructions or copy them into a text file on your Desktop for easy access.

During the fix, u will be asked to fix some entries, delete some files or uninstall some programs. If in case, you do not see those entries / files / programs, please make a note of it. Continue with the fix and in your next post please inform me of all deviations from the fix prescribed.

1. Download Programs

Please download these programs and save them in a new folder on your desktop -

CleanUp


2. Run Hijack This

Run Hijack This and click on scan. The following items need to be fixed -

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O2 - BHO: - {009a787f-9a26-493d-bf15-ecf8257a30d6} - C:\WINDOWS\system32\rchbqv.dll (disabled by BHODemon)
O2 - BHO: - {03214798-d16c-45e5-bb9e-508ab1a1fd50} - C:\WINDOWS\system32\t.dll (disabled by BHODemon)
O2 - BHO: - {04abe39e-76b1-4db7-bdbc-35548e7a2c59} - C:\WINDOWS\system32\jgstp.dll (disabled by BHODemon)
O2 - BHO: - {09edae6c-cdf6-491c-94ae-eee18c979154} - C:\WINDOWS\System32\jgmjgjgd.dll
O2 - BHO: - {1d2635c5-8ea1-4250-b3d9-9ab4c30d3406} - C:\WINDOWS\system32\pkyrrpwh.dll (disabled by BHODemon)
O2 - BHO: - {1f29e958-575e-42fd-a417-3ee1c0f190d3} - C:\WINDOWS\system32\vn.dll (disabled by BHODemon)
O2 - BHO: - {201ca607-a1ad-454b-8d1d-074df1606d9f} - C:\WINDOWS\System32\dfunclel.dll
O2 - BHO: - {20306a80-36a7-4f72-adcc-c63762700acc} - C:\WINDOWS\system32\viutrxv.dll (disabled by BHODemon)
O2 - BHO: - {319eb40c-93d3-4b38-a70f-684018dbc025} - C:\WINDOWS\system32\rcz.dll (disabled by BHODemon)
O2 - BHO: - {3bd9379d-8403-42fb-afc4-d3f2810e1bf3} - C:\WINDOWS\system32\phzl.dll (disabled by BHODemon)
O2 - BHO: - {3bd9bead-9ea3-4b34-9b50-a2a7a1e4c303} - C:\WINDOWS\System32\phxbmnr.dll
O2 - BHO: - {47236ac3-8e35-4939-ac76-6e52d6f9593f} - C:\WINDOWS\System32\phzxdhk.dll
O2 - BHO: - {479fb68e-fcb9-42ec-baa9-0c5edee11ff4} - C:\WINDOWS\System32\phxphno.dll
O2 - BHO: - {49690011-d351-4ae2-a1e1-f9f0aa394b87} - C:\WINDOWS\system32\phxpjnol.dll (disabled by BHODemon)
O2 - BHO: - {51f2182d-1692-4e6e-8e0e-41367b1056f4} - C:\WINDOWS\system32\pkyny.dll (disabled by BHODemon)
O2 - BHO: - {5b61a819-4393-417b-96ca-b3c00c3f5630} - C:\WINDOWS\system32\h.dll (disabled by BHODemon)
O2 - BHO: - {5ba86d97-d5e2-46ff-9cb3-b9ac69a28f1a} - C:\WINDOWS\System32\jgmjox.dll
O2 - BHO: - {68fd94c2-913c-4df3-8659-51f294fd965d} - C:\WINDOWS\system32\duz.dll (disabled by BHODemon)
O2 - BHO: - {6a7fc27d-8682-4b3e-9d47-e3ea2e148aee} - C:\WINDOWS\system32\visdutz.dll (disabled by BHODemon)
O2 - BHO: - {7389df13-93a2-4bda-80e9-e151e6f94aa1} - C:\WINDOWS\System32\pj.dll
O2 - BHO: - {7d85444e-ab6d-4c7c-b179-d5d5e10bc511} - C:\WINDOWS\system32\r.dll (disabled by BHODemon)
O2 - BHO: - {7efb9de2-65b2-40de-b211-332c088fe552} - C:\WINDOWS\system32\p.dll (disabled by BHODemon)
O2 - BHO: - {82940738-75f4-40b6-ac72-46a8b4fc1e39} - C:\WINDOWS\system32\jgmjgjgd.dll (disabled by BHODemon)
O2 - BHO: - {82cf7cf6-9f18-4b70-adcc-395907204eef} - C:\WINDOWS\System32\z.dll
O2 - BHO: - {92e1b94f-e340-4547-8e7f-260aaf3eb8a1} - C:\WINDOWS\System32\phxprpel.dll
O2 - BHO: - {a0c26edb-4300-411a-9f87-e7d6404796e0} - C:\WINDOWS\System32\visr.dll
O2 - BHO: - {a64d4ef9-3ad2-4831-94d2-363662bbc6a2} - C:\WINDOWS\System32\bzgb.dll
O2 - BHO: - {a78fbea6-0a0a-4c6b-a9e6-47326e3e704e} - C:\WINDOWS\System32\phjzxx.dll
O2 - BHO: - {a7c599ae-9a9f-4d52-bfb7-321f61953e4c} - C:\WINDOWS\System32\phjlth.dll
O2 - BHO: - {b3327ba5-8c36-4a88-8074-98e4f1a2b458} - C:\WINDOWS\System32\dfbdfdfh.dll
O2 - BHO: - {be22710a-3517-4968-8327-49310b1aa03b} - C:\WINDOWS\System32\phxla.dll
O2 - BHO: - {c602dd90-e1c8-46ea-b3c5-7bbbcbe56443} - C:\WINDOWS\System32\jgmhx.dll
O2 - BHO: - {d079c90c-7390-499d-b62e-2b3f4033330e} - C:\WINDOWS\System32\jgrvubz.dll
O2 - BHO: - {d7a26809-e890-4c67-bf0c-740bcd30249f} - C:\WINDOWS\System32\be.dll
O2 - BHO: - {dbd9f931-7180-494b-ac2f-c133a53de5c1} - C:\WINDOWS\System32\jgmjgzn.dll
O2 - BHO: - {df194a41-db6d-4dd1-b854-7d5125fb134b} - C:\WINDOWS\System32\phhxy.dll
O2 - BHO: - {e944ccbf-c4b2-4608-b4ca-db61c08cf4bf} - C:\WINDOWS\System32\l.dll
O2 - BHO: - {f22d9418-a27a-4578-8ca7-a34557ba994a} - C:\WINDOWS\System32\xqyzx.dll
O2 - BHO: - {fc326f25-3e25-43ad-ae8e-0b87f4ea2e4e} - C:\WINDOWS\System32\jgmjgjgd.dll
O2 - BHO: - {fdcf6e8c-f585-46b1-a5bf-592fe40e89b1} - C:\WINDOWS\System32\jyqrcb.dll


O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\Run: [WheelsMouse] C:\DOCUME~1\MARK~1.MAR\LOCALS~1\Temp\6E.scr" /
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels32.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe



Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).

3. Delete Rogue files

Run Ewido full scan. Let it fix any items it finds.

Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following files -

C:\WINDOWS\System32\kernels32.exe
C:\WINDOWS\System\svchost.exe (DO NOT delete the file c:\Windows\System32\svchost.exe)
C:\WINDOWS\System32\sysvcs.exe


Run CleanUp and delete all temp files including temporary internet files

Reboot the PC in Normal Mode.

Please visit Panda and do an online scan. Save the scan report.

Run Hijack This and post a fresh HJT log along with Panda scan report.
  • 0

#3
mmoody26

mmoody26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here you go.....

Logfile of HijackThis v1.99.1
Scan saved at 9:10:01 AM, on 9/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
D:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Documents and Settings\Mark.MARKANDKARLA\My Documents\HijackThis.exe

O2 - BHO: - {009a787f-9a26-493d-bf15-ecf8257a30d6} - C:\WINDOWS\system32\rchbqv.dll (disabled by BHODemon)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\Msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\Msjava.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O21 - SSODL: abi-1 - {26D4D9D7-5DEC-5FC8-C88C-978461DF7661} - c:\program files\internet explorer\wtdgjww6.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


Panda:

Incident Status Location

Adware:adware/adsmart No disinfected C:\WINDOWS\SYSTEM32\vxgame4.exe
Adware:adware/craft No disinfected C:\WINDOWS\SYSTEM32\web.exe
Spyware:spyware/bridge No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\bridge.inf
Spyware:spyware/surfsidekick No disinfected C:\Documents and Settings\Mark.MARKANDKARLA\Application Data\Sskcwrd.dll
Adware:adware/tvmedia No disinfected C:\Documents and Settings\Mark.MARKANDKARLA\Application Data\tvmknwrd.dll
Adware:adware/ipinsight No disinfected C:\WINDOWS\INF\alchem.inf
Adware:adware/twain-tech No disinfected C:\WINDOWS\INF\twaintec.inf
Adware:adware/transponder No disinfected C:\WINDOWS\abiuninst.htm
Adware:adware/dealhelper No disinfected C:\WINDOWS\dhsvr.exe
Adware:adware/sahagent No disinfected C:\WINDOWS\unstall.exe
Adware:adware/powerscan No disinfected C:\PROGRAM FILES\Power Scan
Adware:adware/sqwire No disinfected C:\PROGRAM FILES\COMMON FILES\tsa
Adware:adware/ist.sidefind No disinfected Windows Registry
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Mark.MARKANDKARLA\Mark\Local Settings\Temp\cdt_bbi8016.exe
Adware:Adware/IST.ISTBar No disinfected C:\Documents and Settings\Mark.MARKANDKARLA\Mark\Local Settings\Temp\shortcuts.txt
Possible Virus. No disinfected C:\Documents and Settings\Mark.MARKANDKARLA\My Documents\Corel\corel\Graphics10\Register\NAVBrowser.exe
Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\tsa\rainbow\classify.dll
Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\tsa\tsuninst.exe
Virus:Trj/Shellbot.B Disinfected C:\RECYCLER\svchost.exe
Adware:Adware/eZula No disinfected C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0072524.exe
Adware:Adware/Imibar No disinfected C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP256\A0072538.exe
Virus:Trj/Shellbot.B Disinfected C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP267\A0103456.exe
Adware:Adware/Adsmart No disinfected C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP267\A0104535.exe
Virus:Trj/Shellbot.B Disinfected C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP267\A0104539.exe
Virus:Trj/Downloader.EXI Disinfected C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP267\A0104561.exe
Virus:Trj/Shellot.B Disinfected C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP267\A0104564.dll
Virus:Trj/Shellot.B Disinfected C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP267\A0104565.dll
Virus:Trj/Shellbot.B Disinfected C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP267\A0104584.exe
Virus:Trj/Shellbot.B Disinfected C:\System Volume Information\_restore{E1FA3FE7-09AC-4074-93A5-D67607BBC83C}\RP267\A0104600.exe
Adware:Adware/DealHelper No disinfected C:\WINDOWS\dhsvr.exe
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\BridgeX.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\alchem.inf
Virus:Trj/Shellot.B Disinfected C:\WINDOWS\system\svchost.dll
Virus:W32/Sober.I.worm Disinfected C:\WINDOWS\system32\clonzips.ssc
Spyware:Spyware/Omi No disinfected C:\WINDOWS\system32\msfdje.gif
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\system32\msglji.gif
Adware:Adware/StatBlaster No disinfected C:\WINDOWS\system32\O
Adware:Adware/StatBlaster No disinfected C:\WINDOWS\system32\O.BAT
Virus:Trj/Downloader.EXI Disinfected C:\WINDOWS\system32\web.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\xmltok.dll
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\unstall.exe
  • 0

#4
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Run Hijack This and click on scan. The following items need to be fixed -

O2 - BHO: - {009a787f-9a26-493d-bf15-ecf8257a30d6} - C:\WINDOWS\system32\rchbqv.dll (disabled by BHODemon)
O21 - SSODL: abi-1 - {26D4D9D7-5DEC-5FC8-C88C-978461DF7661} - c:\program files\internet explorer\wtdgjww6.dll (file missing)


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.


Delete the files -

C:\WINDOWS\abiuninst.htm
C:\WINDOWS\dhsvr.exe
C:\WINDOWS\unstall.exe
C:\WINDOWS\DOWNLOADED PROGRAM FILES\bridge.inf
C:\WINDOWS\Downloaded Program Files\BridgeX.inf
C:\WINDOWS\INF\alchem.inf
C:\WINDOWS\INF\twaintec.inf
C:\WINDOWS\SYSTEM32\vxgame4.exe
C:\WINDOWS\SYSTEM32\web.exe
C:\WINDOWS\system32\clonzips.ssc
C:\WINDOWS\system32\msfdje.gif
C:\WINDOWS\system32\msglji.gif
C:\WINDOWS\system32\O
C:\WINDOWS\system32\O.BAT
C:\WINDOWS\system32\web.exe
C:\WINDOWS\system32\xmltok.dll

C:\Documents and Settings\Mark.MARKANDKARLA\Application Data\Sskcwrd.dll
C:\Documents and Settings\Mark.MARKANDKARLA\Application Data\tvmknwrd.dll

C:\WINDOWS\system\svchost.dll
(make sure that you dont delete the file c:\windows\system32\svchost.exe)



Delete the folders -

C:\PROGRAM FILES\Power Scan
C:\PROGRAM FILES\COMMON FILES\tsa


Reboot the PC and post a fresh HJT log
  • 0

#5
mmoody26

mmoody26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:25:37 PM, on 9/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Documents and Settings\Mark.MARKANDKARLA\My Documents\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\Msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\Msjava.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
  • 0

#6
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
How is your PC behaving now ????
  • 0

#7
mmoody26

mmoody26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Everything looks good! Thanks so much for your help. On a side note, since this has happened, I am unable to access Windows Task Manager. It says task manager was disabled by administrator. Could this have been caused by this virus/trojan horse?
  • 0

#8
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Do you have administrative rights on the PC ???

How many people have log in profiles on this PC ???


Can try and run this application - C:\WINDOWS\system32\taskmgr.exe - and let me know what happens

Edited by tampabelle, 23 September 2005 - 05:44 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP