Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
*Modified to get past the filter as i dont care if its outdated..i know whats wrong
Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\System32\Ati2evxx.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\system32\Ati2evxx.exe
C:\WINDOWS2\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS2\System32\scvhost32.exe
C:\WINDOWS2\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IDA\ida.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\keith.SALMELA-6M4F393\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KEITH~1.SAL\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KEITH~1.SAL\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: (no name) - {92044299-E001-4E6B-8CDD-E3F2543D12CA} - C:\WINDOWS2\System32\jogn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS2\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\KEITH~1.SAL\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\RunServices: [Microsoft SCVHOST32 Protocol] scvhost32.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O18 - Filter: text/html - {90C57C01-B2A3-41A4-8B7F-34685F5F12C4} - C:\WINDOWS2\System32\jogn.dll
O18 - Filter: text/plain - {90C57C01-B2A3-41A4-8B7F-34685F5F12C4} - C:\WINDOWS2\System32\jogn.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS2\System32\Ati2evxx.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
Well if you see in the running processes it says Rundll32.exe. I know rundll is important....but thats clearly spyware/malware/annoying as it causes popups.
I was wondering how would be the best possible way to deleteing it without killing my computer.
Also does rundll also reside in system32? if not then thats one easy way to kill it.
The rest i will have to find manually and delete as it wont be deleted any other way.