Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Bolger.dll-----same as everyone else

Started by carguy131313 , May 12 2005 12:26 PM

  • Please log in to reply

#1
carguy131313
Posted 12 May 2005 - 12:26 PM

carguy131313

    New Member

  • Member
  • Pip
  • 2 posts
well I have tried every anti-spyware and virus program that has a free trial version and I've yet to get it off my computer. I even ran a program called ETremover, http://www.simplytec...mover/index.htm , which I am told is made specifically for this Bolger.dll variant. I too get the aurora pop-ups but I also get a few other ones as well. I am hoping that they are all variants of the same infection. I have run ad-aware most recently. just so you know it could not delete C:\WINDOWS\system32\DrPMon.dll I have downloaded and installed ewido but have yet to run a scan and will wait until instructed to do so. I have also read through the other posts on this topic but I have yet to take any action as I am afraid that I would be wasting my time because i get the feeling that this infection is machine specific because i consistently see you guys ask for different things to be deleted based on the hijackthis log.
I have been able to find two files in the C://WINDOWS/ folder that I am positive are a result of this virus. they are:
rurghrskx.exe
nail.exe

Here is a list of the programs that I have not uninstalled, thus they're at my disposal:
Ad-Aware SE
Resgistry Mechanic
CCleaner
Ewido

Any recommendations on these or any others to try is appreciated as well

however as you probably would guess deleting these files does no good as they re-spawn nearly seconds after I delete them

here is my most recent hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 11:24:14 AM, on 5/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ADAMS1~1.0\network\lmgrd.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
C:\EDS\I-DEAS10\Iona\OrbixE2A\asp\5.1\bin\itconfig_rep.exe
C:\PROGRA~1\ADAMS1~1.0\network\adamsd.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\ansyslmd.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\EDS\I-DEAS10\mf\mfjobman\bin\mfjobman.exe
c:\matlab6p5\bin\win32\matlab.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\EDS\I-DEAS10\Iona\OrbixE2A\asp\5.1\bin\itlocator.exe
C:\WINDOWS\system32\nipalsm.exe
C:\EDS\I-DEAS10\Iona\OrbixE2A\asp\5.1\bin\itnode_daemon.exe
C:\WINDOWS\system32\nipalsm.exe
C:\EDS\I-DEAS10\Iona\OrbixE2A\asp\5.1\bin\itnaming.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\PROGRA~1\EzButton\CPLBTS88.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
c:\windows\system32\ypbtyc.exe
C:\Documents and Settings\Michael\Application Data\rrup.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\t?skmgr.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GC75-Manager-Class] "C:\Program Files\Sony Ericsson\Wireless Manager\GC75Manager.exe" -startup
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CPLBTS88] C:\PROGRA~1\EzButton\CPLBTS88.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [hhhajp] c:\windows\system32\ypbtyc.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [ESPN BottomLine] G:\hard drive C\Program Files\ESPN\BottomLine\bline.exe
O4 - HKCU\..\Run: [msnmsgr] "F:\hard drive C\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Osus] C:\Documents and Settings\Michael\Application Data\rrup.exe
O4 - HKCU\..\Run: [Hsqawc] C:\WINDOWS\system32\t?skmgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104045957532
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://E:\AUTORUN\Flash\swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
O23 - Service: ADAMS FLEXlm v7.2g Server - GLOBEtrotter Software Inc. - C:\PROGRA~1\ADAMS1~1.0\network\lmgrd.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Groove Installer Service (GrooveInstallerService) - Unknown owner - C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe (file missing)
O23 - Service: IDEAS - GLOBEtrotter Software Inc. - C:\EDS\I-DEAS10\sec\lmgrd.exe
O23 - Service: IT iona_services.config_rep.apex cfr-MyDomain - Unknown owner - C:\EDS\I-DEAS10\Iona\OrbixE2A\asp\5.1\bin\itconfig_rep.exe" -ORBproduct_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A" -ORBlicense_file "C:\EDS\I-DEAS10\Iona\OrbixE2A\Licenses.txt" -ORBconfig_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A\etc" -ORBconfig_domains_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A\etc\domains" -ORBdomain_name cfr-MyDomain -ORBname iona_services.config_rep.apex -plugin=config_rep it_jump_start (file missing)
O23 - Service: IT iona_services.locator.apex MyDomain - Unknown owner - C:\EDS\I-DEAS10\Iona\OrbixE2A\asp\5.1\bin\itlocator.exe" -ORBproduct_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A" -ORBlicense_file "C:\EDS\I-DEAS10\Iona\OrbixE2A\Licenses.txt" -ORBconfig_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A\etc" -ORBconfig_domains_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A\etc\domains" -ORBdomain_name MyDomain -ORBname iona_services.locator.apex -plugin=locator it_jump_start (file missing)
O23 - Service: IT iona_services.naming.apex MyDomain - Unknown owner - C:\EDS\I-DEAS10\Iona\OrbixE2A\asp\5.1\bin\itnaming.exe" -ORBproduct_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A" -ORBlicense_file "C:\EDS\I-DEAS10\Iona\OrbixE2A\Licenses.txt" -ORBconfig_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A\etc" -ORBconfig_domains_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A\etc\domains" -ORBdomain_name MyDomain -ORBname iona_services.naming.apex -plugin=naming it_jump_start (file missing)
O23 - Service: IT iona_services.node_daemon.apex MyDomain - Unknown owner - C:\EDS\I-DEAS10\Iona\OrbixE2A\asp\5.1\bin\itnode_daemon.exe" -ORBproduct_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A" -ORBlicense_file "C:\EDS\I-DEAS10\Iona\OrbixE2A\Licenses.txt" -ORBconfig_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A\etc" -ORBconfig_domains_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A\etc\domains" -ORBdomain_name MyDomain -ORBname iona_services.node_daemon.apex -plugin=node_daemon it_jump_start (file missing)
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: Moldflow Job Manager (mfjobman) - Unknown owner - C:\EDS\I-DEAS10\mf\mfjobman\bin\mfjobman.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Unigraphics Plot Server (ugiipqd) (ugiipqd) - Unknown owner - C:\UGS180\plot\ugiipqd.exe (file missing)
O23 - Service: UGS180 - Unknown owner - C:\UGS180\UGFLEXLM\lmgrd.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


Thanks in advance and I hope I have done everything I can to make this a short post.

Edited by carguy131313, 12 May 2005 - 12:27 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP