Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Smart Security desktop problem [Resolved]

Started by Kithogue , Apr 06 2005 01:35 PM

  • This topic is locked This topic is locked

#1
Kithogue
Posted 06 April 2005 - 01:35 PM

Kithogue

    Member

  • Member
  • PipPip
  • 11 posts
Like several other posters here, I've been invaded by the Smart Security bug. My desktop is frozen, with an ugly great banner inviting me to click through to "Smart Security" and I can't use the right mouse button.

When this first happened, the desktop kept sprouting a bunch of "sex" icons - I've managed to stop that happening (and to stop pop-ups which kept directing me to the Smart Security website), but I'm desperate to get my PC back to how it was. This is my Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 20:23:22, on 06/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\winsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: C:\WINDOWS\system32\atmpvc.dll - {7DBA5E61-9C51-4365-ACD2-DE684E133F8C} - C:\WINDOWS\system32\atmpvc.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Fkm] C:\WINDOWS\system32\Lcs.exe
O4 - HKLM\..\Run: [Dum] C:\WINDOWS\system32\Bdk.exe
O4 - HKLM\..\Run: [Meo] C:\WINDOWS\Mka.exe
O4 - HKLM\..\Run: [Hai] C:\WINDOWS\system32\Utk.exe
O4 - HKLM\..\Run: [Suo] C:\WINDOWS\Ptn.exe
O4 - HKLM\..\Run: [Lpi] C:\WINDOWS\system32\Iso.exe
O4 - HKLM\..\Run: [Mba] C:\WINDOWS\system32\Ado.exe
O4 - HKLM\..\Run: [Tvm] C:\WINDOWS\system32\Hdm.exe
O4 - HKLM\..\Run: [Ski] C:\WINDOWS\system32\Fnj.exe
O4 - HKLM\..\Run: [Vai] C:\WINDOWS\system32\Poi.exe
O4 - HKLM\..\Run: [Ptp] C:\WINDOWS\Oct.exe
O4 - HKLM\..\Run: [Hks] C:\WINDOWS\system32\Lrd.exe
O4 - HKLM\..\Run: [Rig] C:\WINDOWS\system32\Rec.exe
O4 - HKLM\..\Run: [Kuc] C:\WINDOWS\Mdm.exe
O4 - HKLM\..\Run: [Hgd] C:\WINDOWS\system32\Shn.exe
O4 - HKLM\..\Run: [Eva] C:\WINDOWS\Qlc.exe
O4 - HKLM\..\Run: [Ehf] C:\WINDOWS\Tjm.exe
O4 - HKLM\..\Run: [Aef] C:\WINDOWS\system32\Ssg.exe
O4 - HKLM\..\Run: [Uko] C:\WINDOWS\system32\Bdg.exe
O4 - HKLM\..\Run: [Isb] C:\WINDOWS\system32\Aut.exe
O4 - HKLM\..\Run: [Guf] C:\WINDOWS\Ccd.exe
O4 - HKLM\..\Run: [Jgq] C:\WINDOWS\Nud.exe
O4 - HKLM\..\Run: [Nej] C:\WINDOWS\system32\Jpf.exe
O4 - HKLM\..\Run: [Shg] C:\WINDOWS\Vpi.exe
O4 - HKLM\..\Run: [Rte] C:\WINDOWS\Ifm.exe
O4 - HKLM\..\Run: [Qvl] C:\WINDOWS\Atd.exe
O4 - HKLM\..\Run: [Mmd] C:\WINDOWS\system32\Hgh.exe
O4 - HKLM\..\Run: [Aei] C:\WINDOWS\system32\Fha.exe
O4 - HKLM\..\Run: [Ihu] C:\WINDOWS\Tqj.exe
O4 - HKLM\..\Run: [Kme] C:\WINDOWS\Qpq.exe
O4 - HKLM\..\Run: [Hol] C:\WINDOWS\Jfc.exe
O4 - HKLM\..\Run: [Ukk] C:\WINDOWS\Jde.exe
O4 - HKLM\..\Run: [Kau] C:\WINDOWS\Bsa.exe
O4 - HKLM\..\Run: [Ttn] C:\WINDOWS\Tck.exe
O4 - HKLM\..\Run: [Lgh] C:\WINDOWS\system32\Ncc.exe
O4 - HKLM\..\Run: [Btm] C:\WINDOWS\Vgo.exe
O4 - HKLM\..\Run: [Rhl] C:\WINDOWS\system32\Qrh.exe
O4 - HKLM\..\Run: [Jsm] C:\WINDOWS\Umm.exe
O4 - HKLM\..\Run: [Jnu] C:\WINDOWS\system32\Nec.exe
O4 - HKLM\..\Run: [Vqu] C:\WINDOWS\Cgj.exe
O4 - HKLM\..\Run: [Scf] C:\WINDOWS\Ahb.exe
O4 - HKLM\..\Run: [Qco] C:\WINDOWS\Mkm.exe
O4 - HKLM\..\Run: [Lcu] C:\WINDOWS\system32\Cql.exe
O4 - HKLM\..\Run: [Pog] C:\WINDOWS\Mqe.exe
O4 - HKLM\..\Run: [Tpi] C:\WINDOWS\system32\Egc.exe
O4 - HKLM\..\Run: [Urq] C:\WINDOWS\Vjc.exe
O4 - HKLM\..\Run: [Djo] C:\WINDOWS\system32\Tbp.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Fkm] C:\WINDOWS\system32\Lcs.exe
O4 - HKCU\..\Run: [Dum] C:\WINDOWS\system32\Bdk.exe
O4 - HKCU\..\Run: [Meo] C:\WINDOWS\Mka.exe
O4 - HKCU\..\Run: [Hai] C:\WINDOWS\system32\Utk.exe
O4 - HKCU\..\Run: [Suo] C:\WINDOWS\Ptn.exe
O4 - HKCU\..\Run: [Lpi] C:\WINDOWS\system32\Iso.exe
O4 - HKCU\..\Run: [Mba] C:\WINDOWS\system32\Ado.exe
O4 - HKCU\..\Run: [Tvm] C:\WINDOWS\system32\Hdm.exe
O4 - HKCU\..\Run: [Ski] C:\WINDOWS\system32\Fnj.exe
O4 - HKCU\..\Run: [Vai] C:\WINDOWS\system32\Poi.exe
O4 - HKCU\..\Run: [Ptp] C:\WINDOWS\Oct.exe
O4 - HKCU\..\Run: [Hks] C:\WINDOWS\system32\Lrd.exe
O4 - HKCU\..\Run: [Rig] C:\WINDOWS\system32\Rec.exe
O4 - HKCU\..\Run: [Kuc] C:\WINDOWS\Mdm.exe
O4 - HKCU\..\Run: [Hgd] C:\WINDOWS\system32\Shn.exe
O4 - HKCU\..\Run: [Eva] C:\WINDOWS\Qlc.exe
O4 - HKCU\..\Run: [Ehf] C:\WINDOWS\Tjm.exe
O4 - HKCU\..\Run: [Aef] C:\WINDOWS\system32\Ssg.exe
O4 - HKCU\..\Run: [Uko] C:\WINDOWS\system32\Bdg.exe
O4 - HKCU\..\Run: [Isb] C:\WINDOWS\system32\Aut.exe
O4 - HKCU\..\Run: [Guf] C:\WINDOWS\Ccd.exe
O4 - HKCU\..\Run: [Jgq] C:\WINDOWS\Nud.exe
O4 - HKCU\..\Run: [Nej] C:\WINDOWS\system32\Jpf.exe
O4 - HKCU\..\Run: [Shg] C:\WINDOWS\Vpi.exe
O4 - HKCU\..\Run: [Rte] C:\WINDOWS\Ifm.exe
O4 - HKCU\..\Run: [Qvl] C:\WINDOWS\Atd.exe
O4 - HKCU\..\Run: [Mmd] C:\WINDOWS\system32\Hgh.exe
O4 - HKCU\..\Run: [Aei] C:\WINDOWS\system32\Fha.exe
O4 - HKCU\..\Run: [Ihu] C:\WINDOWS\Tqj.exe
O4 - HKCU\..\Run: [Kme] C:\WINDOWS\Qpq.exe
O4 - HKCU\..\Run: [Hol] C:\WINDOWS\Jfc.exe
O4 - HKCU\..\Run: [Ukk] C:\WINDOWS\Jde.exe
O4 - HKCU\..\Run: [Kau] C:\WINDOWS\Bsa.exe
O4 - HKCU\..\Run: [Ttn] C:\WINDOWS\Tck.exe
O4 - HKCU\..\Run: [Lgh] C:\WINDOWS\system32\Ncc.exe
O4 - HKCU\..\Run: [Btm] C:\WINDOWS\Vgo.exe
O4 - HKCU\..\Run: [Rhl] C:\WINDOWS\system32\Qrh.exe
O4 - HKCU\..\Run: [Jsm] C:\WINDOWS\Umm.exe
O4 - HKCU\..\Run: [Jnu] C:\WINDOWS\system32\Nec.exe
O4 - HKCU\..\Run: [Vqu] C:\WINDOWS\Cgj.exe
O4 - HKCU\..\Run: [Scf] C:\WINDOWS\Ahb.exe
O4 - HKCU\..\Run: [Qco] C:\WINDOWS\Mkm.exe
O4 - HKCU\..\Run: [Lcu] C:\WINDOWS\system32\Cql.exe
O4 - HKCU\..\Run: [Pog] C:\WINDOWS\Mqe.exe
O4 - HKCU\..\Run: [Tpi] C:\WINDOWS\system32\Egc.exe
O4 - HKCU\..\Run: [Urq] C:\WINDOWS\Vjc.exe
O4 - HKCU\..\Run: [Djo] C:\WINDOWS\system32\Tbp.exe
O4 - Startup: winupdate07252093[1].exe
O4 - Startup: winupdate68613071[1].exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc....kup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9EF3E1D-6ABC-4332-BEDF-73032250D192}: NameServer = 205.188.146.145
O20 - Winlogon Notify: eventss - C:\WINDOWS\system32\atmpvc.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Windows update Service (updater) - Unknown owner - C:\WINDOWS\system32\winsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


Can anyone out there help? Please?

Edited by Efwis, 18 April 2005 - 05:41 AM.

  • 0

Advertisements

#2
Dragon
Posted 12 April 2005 - 02:40 PM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
Hi sorry for the delayed response

could you please find this file, zip it up and submit it here

next please download findfiles.zip
unzip and click find.bat
Then post the log that it produces into your next response.
After that I will have the next fix for you

Edited by Efwis, 12 April 2005 - 03:47 PM.

  • 0

#3
Kithogue
Posted 12 April 2005 - 02:47 PM

Kithogue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi

Since posting, I think I may have solved this, by a combination of different anti-spyware software recommended on this site, and noting the instructions given on the boards to people with similar problems.

I've got my desktop back and my right-clicking mouse, and the pop-ups have stopped. But maybe you could take a quick glance at my latest HijackThis log just to check there's no nasty bugs I'm not aware of.

Logfile of HijackThis v1.99.1
Scan saved at 21:41:25, on 12/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\winsvc.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Milne\Desktop\Anti-spyware software\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: C:\WINDOWS\system32\miamore32.dll - {1559C6FD-8BDE-476E-98C7-871E59193FCE} - C:\WINDOWS\system32\miamore32.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: C:\WINDOWS\system32\atmpvc.dll - {7DBA5E61-9C51-4365-ACD2-DE684E133F8C} - C:\WINDOWS\system32\atmpvc.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: winupdate07252093[1].exe
O4 - Startup: winupdate68613071[1].exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\miamore32.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\miamore32.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc....kup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9EF3E1D-6ABC-4332-BEDF-73032250D192}: NameServer = 205.188.146.145
O20 - Winlogon Notify: eventss - C:\WINDOWS\system32\atmpvc.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: lindow - C:\WINDOWS\system32\miamore32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Windows update Service (updater) - Unknown owner - C:\WINDOWS\system32\winsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#4
Dragon
Posted 12 April 2005 - 02:50 PM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
Well you killed the worst of it so far. you still have that file I requested, could you please submit that where it says submit it here We think it may be a new strain of malware.

unfortunately I can't get the rest of the fix done until I have that file. as soon as I have had a chance to analyze it I will post what needs to be done next
  • 0

#5
Kithogue
Posted 12 April 2005 - 03:04 PM

Kithogue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I did as you asked, but the log was completely blank. Is this good or bad?
  • 0

#6
Dragon
Posted 12 April 2005 - 03:09 PM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
Thats good,
I will be analyzing your file submission shortly, please be patient for a response.
  • 0

#7
Dragon
Posted 12 April 2005 - 03:25 PM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
The file wasn't attached, could you please resubmit it.
  • 0

#8
Dragon
Posted 12 April 2005 - 03:49 PM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
heh, i just relized I forgot to tell you what file I needed. I'm sorry about that.:tazz:

find C:\WINDOWS\system32\atmpvc.dll and submit here
Thanks
  • 0

#9
Kithogue
Posted 13 April 2005 - 12:35 AM

Kithogue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry, could you take me through that process again, step by step? I'm a bit confused now! :tazz:
  • 0

#10
Dragon
Posted 13 April 2005 - 07:45 AM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
could you please find this file, zip it up and submit it here

C:\WINDOWS\system32\atmpvc.dll

you should be able to navigate to the above file by doing the following.

open My computer
click on tools
choose folder options.
Click on the View tab, then scroll down and choose show hidden folder/files

next navigate to C:\Windows\System32 adn find that file for submission
  • 0

Advertisements

#11
Kithogue
Posted 13 April 2005 - 09:43 AM

Kithogue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I spoke too soon about having fixed my problem. The Danger:Spyware desktop is back as of this afternoon, when my wife logged onto AOL, along with the frozen right-click and the annoying pop-ups.

Anyway, I've posted the file you requested, and look forward to hearing from you. I'm round and about for the next few hours on and off, if you've got a chance to look at this problem.
  • 0

#12
Kithogue
Posted 13 April 2005 - 09:49 AM

Kithogue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here's the log from findfiles, as well:


* result-> C:\WINDOWS\System32\BSR.EXE
* result-> C:\WINDOWS\JEC.EXE
* result-> C:\WINDOWS\SKI.EXE
* result-> C:\WINDOWS\DESKTO~1.HTM
* result-> C:\WINDOWS\NMQ~1.HTM
* result-> C:\WINDOWS\POPUP~1.HTM
  • 0

#13
Dragon
Posted 13 April 2005 - 11:02 AM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
navigate to and delete all of these files:

C:\WINDOWS\System32\BSR.EXE
C:\WINDOWS\JEC.EXE
C:\WINDOWS\SKI.EXE
C:\WINDOWS\DESKTO~1.HTM
C:\WINDOWS\NMQ~1.HTM
C:\WINDOWS\POPUP~1.HTM

Then post a fresh Hijack this log
  • 0

#14
Kithogue
Posted 13 April 2005 - 01:10 PM

Kithogue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I couldn't find

C:\WINDOWS\DESKTO~1.HTM
C:\WINDOWS\NMQ~1.HTM
C:\WINDOWS\POPUP~1.HTM

but I deleted the other three. Here's the hijackthis log now:


Logfile of HijackThis v1.99.1
Scan saved at 20:05:26, on 13/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\winsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\open32.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\services\SVCHOST.EXE
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Milne\Desktop\Anti-spyware software\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: C:\WINDOWS\system32\miamore32.dll - {1559C6FD-8BDE-476E-98C7-871E59193FCE} - C:\WINDOWS\system32\miamore32.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: C:\WINDOWS\system32\atmpvc.dll - {7DBA5E61-9C51-4365-ACD2-DE684E133F8C} - C:\WINDOWS\system32\atmpvc.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [Obu] C:\WINDOWS\Jec.exe
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Amd] C:\WINDOWS\system32\Bsr.exe
O4 - HKLM\..\Run: [Iib] C:\WINDOWS\Ski.exe
O4 - HKLM\..\Run: [Ubq] C:\WINDOWS\system32\Psk.exe
O4 - HKLM\..\Run: [Nkf] C:\WINDOWS\system32\Eho.exe
O4 - HKLM\..\Run: [Hjj] C:\WINDOWS\system32\Qrt.exe
O4 - HKLM\..\Run: [Nth] C:\WINDOWS\Egt.exe
O4 - HKLM\..\Run: [Fho] C:\WINDOWS\system32\Jue.exe
O4 - HKLM\..\Run: [Imu] C:\WINDOWS\Qat.exe
O4 - HKLM\..\Run: [Bfr] C:\WINDOWS\system32\Det.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Obu] C:\WINDOWS\Jec.exe
O4 - HKCU\..\Run: [xservice] C:\WINDOWS\services\SVCHOST.EXE
O4 - HKCU\..\Run: [Amd] C:\WINDOWS\system32\Bsr.exe
O4 - HKCU\..\Run: [Iib] C:\WINDOWS\Ski.exe
O4 - HKCU\..\Run: [Ubq] C:\WINDOWS\system32\Psk.exe
O4 - HKCU\..\Run: [Nkf] C:\WINDOWS\system32\Eho.exe
O4 - HKCU\..\Run: [Hjj] C:\WINDOWS\system32\Qrt.exe
O4 - HKCU\..\Run: [Nth] C:\WINDOWS\Egt.exe
O4 - HKCU\..\Run: [Fho] C:\WINDOWS\system32\Jue.exe
O4 - HKCU\..\Run: [Imu] C:\WINDOWS\Qat.exe
O4 - HKCU\..\Run: [Bfr] C:\WINDOWS\system32\Det.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: winupdate07252093[1].exe
O4 - Startup: winupdate68613071[1].exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\miamore32.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\miamore32.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {456E43CC-A958-4FAE-8470-2BFA3B5FD45E} - C:\WINDOWS\system32\miamore32.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {456E43CC-A958-4FAE-8470-2BFA3B5FD45E} - C:\WINDOWS\system32\miamore32.dll (HKCU)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc....kup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: eventss - C:\WINDOWS\system32\atmpvc.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: lindow - C:\WINDOWS\system32\miamore32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Windows update Service (updater) - Unknown owner - C:\WINDOWS\system32\winsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#15
Kithogue
Posted 14 April 2005 - 12:13 AM

Kithogue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I had another look for the other three htm files - I found files called desktop.htm, nmq.htm and popup.htm which I deleted.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP