Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack This Log Completed


  • This topic is locked This topic is locked

#1
brneyegrl583

brneyegrl583

    Member

  • Member
  • PipPip
  • 16 posts
Here is my HiJack This log.

Logfile of HijackThis v1.99.1
Scan saved at 6:09:25 PM, on 4/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\svqrppqd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\ruwm\ruwmm.exe
C:\PROGRA~1\COMMON~1\ruwm\ruwma.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\windows\system32\hrktdy.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mom\My Documents\download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: indows.
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [svbdmwpi] cqss.exe autorun
O4 - HKLM\..\Run: [xlwzgllf] C:\WINDOWS\svqrppqd.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\System32\
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [aiwdqmfskypwd] C:\WINDOWS\system32\rzlrkpio.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [CH7K89*]M*aC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\rsdjaj.exe
O4 - HKLM\..\Run: [ssfsbnu] c:\windows\system32\hrktdy.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKCU\..\Run: [ruwm] C:\PROGRA~1\COMMON~1\ruwm\ruwmm.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsu...oad/tgctlcm.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...Transporter.cab?
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ntrol_v1-32.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart...oad/XUpload.ocx
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Edited by brneyegrl583, 09 April 2005 - 03:40 PM.

  • 0

Advertisements


#2
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Click here to download Spybot Search & Destroy - install, update, scan and fix all RED items it finds. Reboot when done.

Click here to download Ad-Aware SE and install. Before scanning click on "check for updates now" to make sure you have the latest reference file. Click "Start", select "Perform Full System scan" and "Next" to start the scan. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?".

Reboot when done. Then go here:

http://www.microsoft...re/default.mspx

and download MSAS, check for updates and run it.

Rescan with HJT and post a new log here so that any remnants can be removed manually.
  • 0

#3
brneyegrl583

brneyegrl583

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
..i'll be back in a few with the new HJT Log.

Edited by brneyegrl583, 08 April 2005 - 05:38 PM.

  • 0

#4
brneyegrl583

brneyegrl583

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:51:28 PM, on 4/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\svqrppqd.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
c:\windows\system32\uesyfnq.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\PROGRA~1\COMMON~1\ruwm\ruwmm.exe
C:\PROGRA~1\COMMON~1\ruwm\ruwma.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Mom\My Documents\download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: indows.
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [svbdmwpi] cqss.exe autorun
O4 - HKLM\..\Run: [xlwzgllf] C:\WINDOWS\svqrppqd.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\System32\
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [aiwdqmfskypwd] C:\WINDOWS\system32\rzlrkpio.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [CH7K89*]M*aC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\rsdjaj.exe
O4 - HKLM\..\Run: [ohulkh] c:\windows\system32\uesyfnq.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [ruwm] C:\PROGRA~1\COMMON~1\ruwm\ruwmm.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsu...oad/tgctlcm.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...Transporter.cab?
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ntrol_v1-32.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart...oad/XUpload.ocx
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
  • 0

#5
brneyegrl583

brneyegrl583

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
The amazingautosearch.com/passthrough/popupbaropener.html is not longer attached to my IE, but now everytime I open IE I get a popup that says Aurora.
  • 0

#6
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: indows.
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
O4 - HKLM\..\Run: [svbdmwpi] cqss.exe autorun
O4 - HKLM\..\Run: [xlwzgllf] C:\WINDOWS\svqrppqd.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\System32\
O4 - HKLM\..\Run: [aiwdqmfskypwd] C:\WINDOWS\system32\rzlrkpio.exe
O4 - HKLM\..\Run: [CH7K89*]M*aC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\rsdjaj.exe
O4 - HKLM\..\Run: [ohulkh] c:\windows\system32\uesyfnq.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [ruwm] C:\PROGRA~1\COMMON~1\ruwm\ruwmm.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...Transporter.cab?
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe


Exit HijackThis when done. Reboot into Safe Mode by tapping F8 after the BIOS has loaded. Using Windows Explorer, find and delete the following:

C:\WINDOWS\svqrppqd.exe
C:\WINDOWS\system32\rzlrkpio.exe
C:\WINDOWS\rsdjaj.exe
c:\windows\system32\uesyfnq.exe

Exit Explorer and reboot into Normal Mode. Rescan with HijackThis and post a new log here.
  • 0

#7
brneyegrl583

brneyegrl583

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
C:\WINDOWS\svqrppqd.exe found and deleted
C:\WINDOWS\system32\rzlrkpio.exe not found
C:\WINDOWS\rsdjaj.exe not found
c:\windows\system32\uesyfnq.exe not found

Logfile of HijackThis v1.99.1
Scan saved at 12:59:15 PM, on 4/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\qmjcja.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Mom\My Documents\download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ocqlpj] c:\windows\system32\qmjcja.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsu...oad/tgctlcm.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ntrol_v1-32.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart...oad/XUpload.ocx
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
  • 0

#8
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Click here to download eScan's mwav application. Double-click it to run it, select all local drives, scan all files, press 'scan' and when it is completed, anything found will be displayed in the lower pane. Highlight it, CTRL C and paste it in your next reply.
  • 0

#9
brneyegrl583

brneyegrl583

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
File C:\WINDOWS\cqss.exe infected by "Email-Worm.Win32.Swen" Virus. Action Taken: No Action Taken.
File System Found infected by "Lycos Sidesearch Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "BetterInternet Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "tsa Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "myway Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "morpheus Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\bar.exe infected by "not-a-virus:AdWare.ToolBar.IeSearchBar" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ccc.exe infected by "Trojan-Downloader.Win32.MlFree" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\cnbabeie.exe infected by "not-a-virus:AdWare.CommonName.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\myowdmyl.dll infected by "Trojan-Downloader.Win32.Skoob.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\system32\annjaowj.dll infected by "Trojan-Downloader.Win32.Agent.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\BO2802040113.dll infected by "not-a-virus:AdWare.VirtualBouncer.d" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\BO2802040128.exe infected by "not-a-virus:AdWare.VirtualBouncer.d" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\bS_L.dll infected by "not-a-virus:AdWare.Sidesearch.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\dqeqqree.dll infected by "Trojan.Win32.Golid" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mbbi8016.dll infected by "not-a-virus:AdWare.BargainBuddy.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mbdcnfmt.dll infected by "Trojan.Win32.Goldid" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\nkyoramg.dll infected by "Trojan.Win32.Navid.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\SHAgentNew.dll infected by "not-a-virus:AdWare.ShopAtHome.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ugmswyhk.dll infected by "Trojan.Win32.Golid.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\zomkqhde.exe infected by "Trojan-Proxy.Win32.Agent.ac" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\AA0XAK.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\abViYr.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\bar.exe infected by "not-a-virus:AdWare.ToolBar.IeSearchBar" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\ccc.exe infected by "Trojan-Downloader.Win32.MlFree" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\GLF2E2GLF2E2.EXE infected by "Trojan-Downloader.Win32.TSUpdate.f" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\GLF2F5GLF2F5.EXE infected by "Trojan-Downloader.Win32.TSUpdate.f" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\GrUdGh.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\hO7APp.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\I1thI0.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\iinstall.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\lhSC0A.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg10.tmp10761810599524.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg11.tmp10761810604812.exe infected by "Trojan-Dropper.Win32.Small.fa" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg14.tmp10763721234926.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg15.tmp10763721259548.exe infected by "Trojan-Dropper.Win32.Small.fa" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg16.tmp10767196641412.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg17.tmp10767196662490.exe infected by "Trojan-Dropper.Win32.Small.fa" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg19.tmp10774046881143.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg1B.tmp10771638267321.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg1C.tmp10771638330749.exe infected by "Trojan-Dropper.Win32.Small.fa" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg1D.tmp10774046918395.exe infected by "Trojan-Dropper.Win32.Small.fa" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg20.tmp10774075043637.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg21.tmp10774075089203.exe infected by "Trojan-Dropper.Win32.Small.fa" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg23.tmp10774085151977.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg24.tmp10774085179706.exe infected by "Trojan-Dropper.Win32.Small.fa" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg26.tmp10774328111326.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg27.tmp10774328133021.exe infected by "Trojan-Dropper.Win32.Small.fa" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg29.tmp10774440097566.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg2A.tmp10774440167865.exe infected by "Trojan-Dropper.Win32.Small.fa" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg2B9.tmp10731829800770.exe infected by "Trojan-Downloader.Win32.Skoob.d" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg2F.tmp10775834581298.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg30.tmp10775834690302.exe infected by "Trojan-Dropper.Win32.Small.fa" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg32.tmp10780748884964.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg33.tmp10780748908639.exe infected by "Trojan-Dropper.Win32.Small.fa" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg35.tmp10798054289764.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg37.tmp10805762708008.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg3A.tmp10818039551478.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg3F.tmp10824137949232.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg40.tmp10826953684719.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg44.tmp10827830478879.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg5.tmp10743494337140.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msg6.tmp10748614173786.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msgA.tmp10760344961464.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msgC.tmp10761287601638.exe infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\msgD.tmp10761287442821.exe infected by "Trojan-Dropper.Win32.Small.fa" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\O3qZcB.exe infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\randreco.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\ss_cdt_setup.exe infected by "not-a-virus:AdWare.Sidesearch.e" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\THI10EA.tmp\wupdt.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\THI213.tmp\polall1p.exe infected by "Trojan.Win32.Agent.ay" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\THI213.tmp\pynix.cab infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\THI213.tmp\Pynix.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\THI2BE4.tmp\farmmext.cab infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\THI4931.tmp\wupdt.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\THI4D18.tmp\MMaker4b.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\THI584B.tmp\wupdt.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\THI585C.tmp\wupdt.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\THI5FF3.tmp\MMaker4b.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\THI6757.tmp\TRebates.exe infected by "not-a-virus:AdWare.WebRebates.g" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\THI6A6B.tmp\farmmext.cab infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\thnall1r.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\tsinstall_4_0_3_7.exe infected by "Trojan-Downloader.Win32.TSUpdate.i" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\tsinstall_4_0_3_8_b17.exe infected by "Trojan-Downloader.Win32.TSUpdate.k" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\__unin__.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.

Edited by brneyegrl583, 09 April 2005 - 12:29 PM.

  • 0

#10
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Click here to download Pocket Killbox by Option^Explicit. Extract it from the zip file to your desktop.

Start Killbox and click on Tools->Delete Temp Files. When that finishes, copy and paste each of the following lines into the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each. Keep track of any files it tells you either could not be found or could not be deleted, as you'll need those later:

C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\__unin__.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\AA0XAK.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\abViYr.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\GLF2E2GLF2E2.EXE
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\GLF2F5GLF2F5.EXE
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\GrUdGh.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\hO7APp.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\I1thI0.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\iinstall.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\lhSC0A.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg10.tmp10761810599524.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg11.tmp10761810604812.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg14.tmp10763721234926.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg15.tmp10763721259548.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg16.tmp10767196641412.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg17.tmp10767196662490.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg19.tmp10774046881143.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg1B.tmp10771638267321.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg1C.tmp10771638330749.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg1D.tmp10774046918395.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg20.tmp10774075043637.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg21.tmp10774075089203.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg23.tmp10774085151977.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg24.tmp10774085179706.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg26.tmp10774328111326.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg27.tmp10774328133021.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg29.tmp10774440097566.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg2A.tmp10774440167865.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg2B9.tmp10731829800770.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg2F.tmp10775834581298.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg30.tmp10775834690302.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg32.tmp10780748884964.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg33.tmp10780748908639.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg35.tmp10798054289764.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg37.tmp10805762708008.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg3A.tmp10818039551478.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg3F.tmp10824137949232.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg40.tmp10826953684719.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg44.tmp10827830478879.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg5.tmp10743494337140.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msg6.tmp10748614173786.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msgA.tmp10760344961464.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msgC.tmp10761287601638.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\msgD.tmp10761287442821.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\O3qZcB.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\randreco.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\ss_cdt_setup.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\Temp\bar.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\THI10EA.tmp\wupdt.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\THI213.tmp\polall1p.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\THI213.tmp\pynix.cab
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\THI213.tmp\Pynix.dll
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\THI2BE4.tmp\farmmext.cab
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\THI4931.tmp\wupdt.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\THI4D18.tmp\MMaker4b.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\THI584B.tmp\wupdt.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\THI585C.tmp\wupdt.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\THI5FF3.tmp\MMaker4b.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\THI6757.tmp\TRebates.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\THI6A6B.tmp\farmmext.cab
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\thnall1r.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\tsinstall_4_0_3_7.exe
C:\DOCUMENTS AND SETTINGS\Mom\LOCAL SETTINGS\tsinstall_4_0_3_8_b17.exe
C:\WINDOWS\bar.exe
C:\WINDOWS\ccc.exe
C:\WINDOWS\cnbabeie.exe
C:\WINDOWS\cqss.exe
C:\WINDOWS\myowdmyl.dll
C:\WINDOWS\system32\annjaowj.dll
C:\WINDOWS\system32\BO2802040113.dll
C:\WINDOWS\system32\BO2802040128.exe
C:\WINDOWS\system32\bS_L.dll
C:\WINDOWS\system32\dqeqqree.dll
C:\WINDOWS\system32\mbbi8016.dll
C:\WINDOWS\system32\mbdcnfmt.dll
C:\WINDOWS\system32\nkyoramg.dll
C:\WINDOWS\system32\ugmswyhk.dll
C:\WINDOWS\system32\zomkqhde.exe

For the files that it either couldn't find or couldn't delete, in the killbox again this time, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

Reboot if it doesn't do so automatically. Post a new mwav scan in your next reply.
  • 0

Advertisements


#11
brneyegrl583

brneyegrl583

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
File System Found infected by "Lycos Sidesearch Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "BetterInternet Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "tsa Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "myway Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "morpheus Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\system32\SHAgentNew.dll infected by "not-a-virus:AdWare.ShopAtHome.b" Virus. Action Taken: No Action Taken.
  • 0

#12
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
OK, please post a new HJT log.
  • 0

#13
brneyegrl583

brneyegrl583

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:37:55 PM, on 4/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
c:\windows\system32\vocgbml.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Mom\My Documents\download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [awdfcml] c:\windows\system32\vocgbml.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsu...oad/tgctlcm.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ntrol_v1-32.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart...oad/XUpload.ocx
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
  • 0

#14
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Click here, for instructions on how to enable hidden files and folders to be visible. After enabling, find, zip and send these files:

c:\windows\system32\vocgbml.exe
C:\WINDOWS\Bolger.dll
C:\WINDOWS\svcproc.exe

to this e-mail address including a link to this thread in the body of the email. I'll get back to you.
  • 0

#15
brneyegrl583

brneyegrl583

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sent, actually from two e-mails addys.

Thanks for all your help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP