Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Runtime Error! Please Help


  • Please log in to reply

#1
maverick32

maverick32

    Member

  • Member
  • PipPip
  • 15 posts
Hi, I keep getting the error:

Microsoft Visual C++ Library
Runtime Error! Program: C:\WINDOWS\EXPLORER.EXE
abnormal program termination

i have to press OK and then my explorer shuts down ths making all my icons disappear!
i dont know how to fix this. does anyone have a solution?

here is my hijackthis log:



Logfile of HijackThis v1.99.1
Scan saved at 12:02:08 AM, on 3/16/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\Explorer.EXE
D:\WINNT\system32\rundll32.exe
D:\Program Files\Microsoft Hardware\Mouse\point32.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
J:\quicktime_win2000\qttask.exe
J:\iTunes\iTunesHelper.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
d:\program files\mcafee.com\agent\mcagent.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
D:\WINNT\system32\internat.exe
D:\Program Files\Messenger\msmsgs.exe
J:\SierraImaging\Image Expert\IXApplet.exe
D:\Program Files\Iomega\Tools\IMGICON.EXE
H:\Palm\hotsync.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
d:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\WINNT\Downloaded Program Files\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - D:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\winnt\downloaded program files\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [DeluxeCD] D:\WINNT\System32\cdplayer.exe -tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "J:\quicktime_win2000\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] J:\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Dvx] D:\WINNT\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MSMSGS] D:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [AIM] H:\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ClockSync] D:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - Startup: HotSync Manager.lnk = H:\Palm\hotsync.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer.lnk = J:\SierraImaging\Image Expert\IXApplet.exe
O4 - Global Startup: Iomega Backup Scheduler.lnk = D:\Program Files\Iomega\Iomega Backup\dtiom98.exe
O4 - Global Startup: Iomega Icons.lnk = D:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Global Startup: Iomega Startup Options.lnk = D:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Global Startup: IomegaWare.lnk = D:\Program Files\Iomega\Iomegaware\COMMANDER.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuikSync.lnk = D:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE
O8 - Extra context menu item: &Google Search - res://d:\winnt\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\winnt\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\winnt\downloaded program files\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://d:\winnt\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\winnt\downloaded program files\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - H:\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - H:\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .asx: H:\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .wmv: H:\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybounce.../downloader.ocx
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {8433A16D-1B78-11D4-8006-00D0B725EB0B} (Yahoo! FinanceVision (History)) - http://dl1.yahoo.com/dl/fv/fv.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com...id/MSSurVid.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn....ior/Outside.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.c.../zoomify305.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Houdini License Server (HoudiniLicenseServer) - Side Effects Software Inc. - D:\WINNT\System32\sesinetd.exe
O23 - Service: Houdini License Client (HoudiniServer) - Side Effects Software Inc. - D:\WINNT\System32\hserver.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - J:\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: ZipToA - Iomega Corporation - D:\WINNT\System32\ZipToA.exe
  • 0

Advertisements


#2
maverick32

maverick32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi,

I am desparate as things have only gotten worse and I have not heard anything back... not only do I get the Runtime Error, I also am getting tons of popups most of which seam to come from loadingwebsites...

please help...
  • 0

#3
driving49

driving49

    New Member

  • Member
  • Pip
  • 1 posts
i get the same thing too. RUNTIME ERROR PROGRAM:C:\WINDOWS\EXPLORER.EXE
  • 0

#4
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi maverick32 and welcome
Sorry for the late reply the board has been really busy lately,
If your still looking to resolve this issue,

Please run through all the steps outlined in this Topic
Post back a fresh log when done please

If you have resolved this issue please let us know.

Thanks and again sorry for the late reply

driving49 welcome as well please click on the topic above run through the steps and post a HJT log in a post started by you please

Don
  • 0

#5
maverick32

maverick32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi Don,
thank you sooo much for replying... things have just gotten worse and I was about to loose hope... I am getting desparate...

so I wre-did all the steps you asked me to and regenerated a new HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:08:13 PM, on 04/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\sesinetd.exe
D:\WINNT\System32\hserver.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
D:\WINNT\system32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\tcpsvcs.exe
D:\WINNT\System32\snmp.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Microsoft Hardware\Mouse\point32.exe
J:\quicktime_win2000\qttask.exe
J:\iTunes\iTunesHelper.exe
D:\WINNT\system32\wsxsvc\wsxsvc.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
d:\program files\mcafee.com\agent\mcagent.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
D:\WINNT\system32\internat.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINNT\system32\RUNDLL32.EXE
J:\SierraImaging\Image Expert\IXApplet.exe
D:\Program Files\Iomega\Tools\IMGICON.EXE
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
J:\iPod\bin\iPodService.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
d:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\WINNT\explorer.exe
D:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\WINNT\Downloaded Program Files\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - D:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\winnt\downloaded program files\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [DeluxeCD] D:\WINNT\System32\cdplayer.exe -tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "J:\quicktime_win2000\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] J:\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Dvx] D:\WINNT\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MSMSGS] D:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer.lnk = J:\SierraImaging\Image Expert\IXApplet.exe
O4 - Global Startup: Iomega Backup Scheduler.lnk = D:\Program Files\Iomega\Iomega Backup\dtiom98.exe
O4 - Global Startup: Iomega Icons.lnk = D:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Global Startup: Iomega Startup Options.lnk = D:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Global Startup: IomegaWare.lnk = D:\Program Files\Iomega\Iomegaware\COMMANDER.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuikSync.lnk = D:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - H:\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - H:\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .asx: H:\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .wmv: H:\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybounce.../downloader.ocx
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {8433A16D-1B78-11D4-8006-00D0B725EB0B} (Yahoo! FinanceVision (History)) - http://dl1.yahoo.com/dl/fv/fv.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com...id/MSSurVid.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn....ior/Outside.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.c.../zoomify305.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Houdini License Server (HoudiniLicenseServer) - Side Effects Software Inc. - D:\WINNT\System32\sesinetd.exe
O23 - Service: Houdini License Client (HoudiniServer) - Side Effects Software Inc. - D:\WINNT\System32\hserver.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - J:\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: ZipToA - Iomega Corporation - D:\WINNT\System32\ZipToA.exe
  • 0

#6
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Thanks for your patience maverick32, We have been very busy lately we are trying our best to get caught up,
Anyhow lets see if we can get you sorted out,

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

O4 - HKLM\..\Run: [Dvx] D:\WINNT\system32\wsxsvc\wsxsvc.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybounce.../downloader.ocx


Next Reboot into SAFE MODE Make sure you can view all Hidden Files/Folders search for and delete the files highlighted in BOLD

D:\WINNT\system32\wsxsvc\wsxsvc.exe

Restart your computer, Post back a fresh log please
  • 0

#7
maverick32

maverick32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
So I followed all your steps and re-run Hijack This... here is the log:
Logfile of HijackThis v1.99.1
Scan saved at 9:04:56 PM, on 04/13/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\sesinetd.exe
D:\WINNT\System32\hserver.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
D:\WINNT\system32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\tcpsvcs.exe
D:\WINNT\System32\snmp.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Microsoft Hardware\Mouse\point32.exe
J:\quicktime_win2000\qttask.exe
J:\iTunes\iTunesHelper.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
D:\Documents and Settings\burki\n20050308.EXE
D:\WINNT\system32\internat.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINNT\system32\RUNDLL32.EXE
J:\SierraImaging\Image Expert\IXApplet.exe
D:\Program Files\Iomega\Tools\IMGICON.EXE
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
J:\iPod\bin\iPodService.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
d:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\WINNT\explorer.exe
D:\Program Files\Hijack This\HijackThis.exe
D:\Program Files\Internet Explorer\iexplore.exe

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\WINNT\Downloaded Program Files\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - D:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\winnt\downloaded program files\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [DeluxeCD] D:\WINNT\System32\cdplayer.exe -tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "J:\quicktime_win2000\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] J:\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VBundleOuterDL] D:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [tsvcin] D:\Documents and Settings\burki\n20050308.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MSMSGS] D:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer.lnk = J:\SierraImaging\Image Expert\IXApplet.exe
O4 - Global Startup: Iomega Backup Scheduler.lnk = D:\Program Files\Iomega\Iomega Backup\dtiom98.exe
O4 - Global Startup: Iomega Icons.lnk = D:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Global Startup: Iomega Startup Options.lnk = D:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Global Startup: IomegaWare.lnk = D:\Program Files\Iomega\Iomegaware\COMMANDER.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuikSync.lnk = D:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - H:\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - H:\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .asx: H:\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .wmv: H:\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {8433A16D-1B78-11D4-8006-00D0B725EB0B} (Yahoo! FinanceVision (History)) - http://dl1.yahoo.com/dl/fv/fv.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com...id/MSSurVid.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn....ior/Outside.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.c.../zoomify305.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Houdini License Server (HoudiniLicenseServer) - Side Effects Software Inc. - D:\WINNT\System32\sesinetd.exe
O23 - Service: Houdini License Client (HoudiniServer) - Side Effects Software Inc. - D:\WINNT\System32\hserver.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - J:\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: ZipToA - Iomega Corporation - D:\WINNT\System32\ZipToA.exe
  • 0

#8
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi again maverick32

Please go to Add/Remove programs and remove VBouncer

Next,
Close Ad-Aware and Ad-Watch (if running)
Download the free VX2 Cleaner Here
Install the VX2 Cleaner
Start Ad-Aware
Go to “Add-ons”
Select the VX2 Cleaner add-on and click “Run Tool”
If your computer isn’t infected, click “Close”.

If your computer is infected

Select “Clean System”
Reboot your computer
Scan your computer with Ad-Aware
Remove any VX2 objects detected
Reboot your computer again
Run a second scan to make sure the files have been removed from your computer


Post back a fresh HJT log when done please,
  • 0

#9
maverick32

maverick32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi Don,

first off I couldn't find VBouncer anywhere within Add/Remove Programs... so I couldn't remove it... I did run the VX2 Cleaner through
Ad-Aware and the Scan came back clean... I then re-booted and generated a new HijackThis log... here it is:

Logfile of HijackThis v1.99.1
Scan saved at 8:02:18 AM, on 04/14/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\sesinetd.exe
D:\WINNT\System32\hserver.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
D:\WINNT\system32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\tcpsvcs.exe
D:\WINNT\System32\snmp.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Microsoft Hardware\Mouse\point32.exe
J:\quicktime_win2000\qttask.exe
J:\iTunes\iTunesHelper.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
D:\Documents and Settings\burki\n20050308.EXE
D:\WINNT\system32\internat.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINNT\system32\RUNDLL32.EXE
J:\SierraImaging\Image Expert\IXApplet.exe
D:\Program Files\Iomega\Tools\IMGICON.EXE
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
J:\iPod\bin\iPodService.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
d:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\WINNT\explorer.exe
D:\Program Files\Hijack This\HijackThis.exe

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\WINNT\Downloaded Program Files\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - D:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\winnt\downloaded program files\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [DeluxeCD] D:\WINNT\System32\cdplayer.exe -tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "J:\quicktime_win2000\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] J:\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VBundleOuterDL] D:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [tsvcin] D:\Documents and Settings\burki\n20050308.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MSMSGS] D:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer.lnk = J:\SierraImaging\Image Expert\IXApplet.exe
O4 - Global Startup: Iomega Backup Scheduler.lnk = D:\Program Files\Iomega\Iomega Backup\dtiom98.exe
O4 - Global Startup: Iomega Icons.lnk = D:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Global Startup: Iomega Startup Options.lnk = D:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Global Startup: IomegaWare.lnk = D:\Program Files\Iomega\Iomegaware\COMMANDER.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuikSync.lnk = D:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - H:\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - H:\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .asx: H:\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .wmv: H:\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {8433A16D-1B78-11D4-8006-00D0B725EB0B} (Yahoo! FinanceVision (History)) - http://dl1.yahoo.com/dl/fv/fv.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com...id/MSSurVid.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn....ior/Outside.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.c.../zoomify305.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Houdini License Server (HoudiniLicenseServer) - Side Effects Software Inc. - D:\WINNT\System32\sesinetd.exe
O23 - Service: Houdini License Client (HoudiniServer) - Side Effects Software Inc. - D:\WINNT\System32\hserver.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - J:\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: ZipToA - Iomega Corporation - D:\WINNT\System32\ZipToA.exe
  • 0

#10
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
OK,
Lets see if we can get these for you,

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

O4 - HKLM\..\Run: [VBundleOuterDL] D:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [tsvcin] D:\Documents and Settings\burki\n20050308.EXE

Next Reboot into SAFE MODE Make sure you can view all Hidden Files/Folders search for and delete the files highlighted in BOLD

D:\Program Files\VBouncer\BundleOuter.EXE<-- Delete Folder
D:\Documents and Settings\burki\n20050308.EXE

Restart your computer, Post back a fresh log please
  • 0

Advertisements


#11
maverick32

maverick32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I followed your directions with one difference... inside
D:\Program Files\VBouncer\
there was no Directory nor File called BundleOuter.EXE but only a Setup.INI... I went ahead and deleted the whole directory:
D:\Program Files\VBouncer

here is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 9:53:23 PM, on 04/14/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\sesinetd.exe
D:\WINNT\System32\hserver.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
D:\WINNT\system32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\tcpsvcs.exe
D:\WINNT\System32\snmp.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Microsoft Hardware\Mouse\point32.exe
J:\quicktime_win2000\qttask.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
D:\WINNT\system32\internat.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINNT\system32\RUNDLL32.EXE
J:\SierraImaging\Image Expert\IXApplet.exe
D:\Program Files\Iomega\Tools\IMGICON.EXE
D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
D:\WINNT\explorer.exe
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
d:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\Program Files\Hijack This\HijackThis.exe

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\WINNT\Downloaded Program Files\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - D:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\winnt\downloaded program files\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [DeluxeCD] D:\WINNT\System32\cdplayer.exe -tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "J:\quicktime_win2000\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] J:\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MSMSGS] D:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer.lnk = J:\SierraImaging\Image Expert\IXApplet.exe
O4 - Global Startup: Iomega Backup Scheduler.lnk = D:\Program Files\Iomega\Iomega Backup\dtiom98.exe
O4 - Global Startup: Iomega Icons.lnk = D:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Global Startup: Iomega Startup Options.lnk = D:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Global Startup: IomegaWare.lnk = D:\Program Files\Iomega\Iomegaware\COMMANDER.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuikSync.lnk = D:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - H:\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - H:\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .asx: H:\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .wmv: H:\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {8433A16D-1B78-11D4-8006-00D0B725EB0B} (Yahoo! FinanceVision (History)) - http://dl1.yahoo.com/dl/fv/fv.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com...id/MSSurVid.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn....ior/Outside.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.c.../zoomify305.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Houdini License Server (HoudiniLicenseServer) - Side Effects Software Inc. - D:\WINNT\System32\sesinetd.exe
O23 - Service: Houdini License Client (HoudiniServer) - Side Effects Software Inc. - D:\WINNT\System32\hserver.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - J:\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: ZipToA - Iomega Corporation - D:\WINNT\System32\ZipToA.exe
  • 0

#12
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Looks clean now!

How is the computer running ?
  • 0

#13
maverick32

maverick32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi Don,

so all the previous HijackThis logs were from the administrator login, which seams to be working cleanly now... thank you very much... my user account however is another story...
1. starting up after login into the user account takes for ever
2. I continue to get the Microsoft Visual C++ Runtime error which I can't get rid off
3. I keep getting pop-ups from mostly www.loadingsites.com
4. random software seams to want to install itself...

when I ran Hijack This under this account I received two Warnings/Errors:
1. It reported that it didn't have write access to ..../etc/hosts
2. it showed this error:
An unexpected error has occurred at procedure: modMain_CheckOther1Item()
Error #75 - Path/File access error

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.00.2195
MSIE version: 6.0.2800.1106
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.


here is my HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 8:11:05 AM, on 4/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\Explorer.EXE
D:\WINNT\system32\rundll32.exe
D:\Program Files\Microsoft Hardware\Mouse\point32.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
J:\quicktime_win2000\qttask.exe
J:\iTunes\iTunesHelper.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\WINNT\system32\internat.exe
D:\Program Files\Messenger\msmsgs.exe
J:\SierraImaging\Image Expert\IXApplet.exe
D:\Program Files\Iomega\Tools\IMGICON.EXE
H:\Palm\hotsync.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
d:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\Program Files\Hijack This\HijackThis.exe
D:\WINNT\system32\notepad.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\WINNT\Downloaded Program Files\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - D:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\winnt\downloaded program files\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [DeluxeCD] D:\WINNT\System32\cdplayer.exe -tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "J:\quicktime_win2000\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] J:\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MSMSGS] D:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [AIM] H:\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ClockSync] D:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - Startup: HotSync Manager.lnk = H:\Palm\hotsync.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer.lnk = J:\SierraImaging\Image Expert\IXApplet.exe
O4 - Global Startup: Iomega Backup Scheduler.lnk = D:\Program Files\Iomega\Iomega Backup\dtiom98.exe
O4 - Global Startup: Iomega Icons.lnk = D:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Global Startup: Iomega Startup Options.lnk = D:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Global Startup: IomegaWare.lnk = D:\Program Files\Iomega\Iomegaware\COMMANDER.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuikSync.lnk = D:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE
O8 - Extra context menu item: &Google Search - res://d:\winnt\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\winnt\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\winnt\downloaded program files\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://d:\winnt\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\winnt\downloaded program files\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - H:\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - H:\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .asx: H:\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .wmv: H:\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {8433A16D-1B78-11D4-8006-00D0B725EB0B} (Yahoo! FinanceVision (History)) - http://dl1.yahoo.com/dl/fv/fv.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com...id/MSSurVid.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn....ior/Outside.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.c.../zoomify305.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Houdini License Server (HoudiniLicenseServer) - Side Effects Software Inc. - D:\WINNT\System32\sesinetd.exe
O23 - Service: Houdini License Client (HoudiniServer) - Side Effects Software Inc. - D:\WINNT\System32\hserver.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - J:\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: ZipToA - Iomega Corporation - D:\WINNT\System32\ZipToA.exe
  • 0

#14
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Good deal on the Admin logs,

Now on this one i need you to go to Add/Remove programs and look for and remove
WhenU save or Savenow, and anything else you don't recogonize.

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

O4 - HKCU\..\Run: [ClockSync] D:\PROGRA~1\CLOCKS~1\Sync.exe /q

Next Reboot into SAFE MODE Make sure you can view all Hidden Files/Folders search for and delete the files highlighted in BOLD

D:\PROGRA~1\CLOCKS~1\Sync.exe

Can you log on under the other users or Admin on this computer ?
I need you to check all the users and Admin to make sure we get the files please


Restart your computer,

Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first.
Now run a scan with it please, Have it fix all it finds,

Restart your computer, Restart HJT
Post back a fresh log please
  • 0

#15
maverick32

maverick32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi Don

>Can you log on under the other users or Admin on this computer ?
>I need you to check all the users and Admin to make sure we get the files please

what exactly do you want me to do here??? are you asking me to check that none of the users has any of the programs that I just removed??? or is there something else I should be checking???


>Please download and install AD-Aware.
>Check Here on how setup and use it - please make sure you update it first.
>Now run a scan with it please, Have it fix all it finds,

under which user should I perform this check??? under Admin or the user account I still have problems with???

>Restart your computer, Restart HJT
>Post back a fresh log please

do you want the log from the user account or Admin or both???

thanks,
Markus.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP