Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AIM Instant Message Trojan - Unknown Name [RESOLVED]

Started by blueheadsets , Jun 19 2005 09:47 PM

  • This topic is locked This topic is locked

#1
blueheadsets
Posted 19 June 2005 - 09:47 PM

blueheadsets

    Member

  • Member
  • PipPip
  • 37 posts
Hello,
Like an idiot I clicked on a link sent from a friend on my AOL buddy list and it resulted in the following:

People on my AIM buddy list receive a text message from my name with a hyperlink on the word "this". When you click on the link it installs some nasty software. When I start windows boot up I get a blank webpage (www.freewebs.com).

I have run all the antivirus software, spyware, Ad-Aware, etc., I could get my hands on but I cannot get rid of it. It also is asking me to insert a disk in one of my drives.

Below is my hijack file...can anyone help me?????????

Logfile of HijackThis v1.99.1
Scan saved at 11:42:24 PM, on 6/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Quicken Online Backup\AgentSrv.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Prime95\prime95.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Expertcity\GoToMyPC\g2mainh.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Expertcity\GoToMyPC\g2host.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\unn.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\default\Desktop\HijackThis.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [AtomTime] "C:\Program Files\AtomTime Pro\AtomTime.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ActiveX] C:\unn.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Quicken Online Backup TaskBar Icon.LNK = C:\Program Files\Quicken Online Backup\CBSysTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...16/sdcregie.cab
O16 - DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} (printQuick Browser Add In) - http://www.pqpc.com/.../printQuick.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vividenc...torLauncher.cab
O16 - DPF: {72133CC5-DE1E-42FE-B8B0-93D2C6C3472E} (FillerX Class) - http://www.formatta....d/pffloader.cab
O16 - DPF: {73954DC6-A1B2-4157-966F-D9914A39F59C} (Vividence Connector Launcher) - http://task.vividenc...torLauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {9240ED3C-8C9A-11D3-B32E-0060082E9206} (SiteBroker.CompanyInformation) - http://merchantaccou.../SiteBroker.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weat...uginstaller.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://service.ringc...X/BMAXSetup.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networkso...rueSwitchEC.exe
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Quicken Online Backup\AgentSrv.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - 3am Labs, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - 3am Labs, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
  • 0

Advertisements

#2
Guest_thatman_*
Posted 20 June 2005 - 02:16 PM

Guest_thatman_*
  • Guest
Hi blueheadsets

Please read through the instructions before you start (you may want to print this out).

You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder

Please set your system to show all files; please see here if you're unsure how to do this.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ActiveX] C:\unn.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weat...uginstaller.cab
O18 - Filter: text/html - (no CLSID) - (no file)
Click on Fix Checked when finished and exit HijackThis.

Download Pocket Killbox and unzip it; save it to your Desktop.
Run killbox and click the radio button that says Delete a file on reboot. Paste the file's one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
C:\unn.exe
Let the system reboot.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#3
blueheadsets
Posted 21 June 2005 - 08:53 AM

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Ok, no more Freewebs on startup! I still get the message, "There is no disk in hte drive.Please insert a disk into the drive" Now I am not sure if this is maybe my Roxio program or not, I will have to investigate further.

Below are my HiJack and Panda logs.

Logfile of HijackThis v1.99.1
Scan saved at 10:48:20 AM, on 6/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Quicken Online Backup\AgentSrv.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Prime95\prime95.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\default\Desktop\HiJackThis\HijackThis.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [AtomTime] "C:\Program Files\AtomTime Pro\AtomTime.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Quicken Online Backup TaskBar Icon.LNK = C:\Program Files\Quicken Online Backup\CBSysTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...16/sdcregie.cab
O16 - DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} (printQuick Browser Add In) - http://www.pqpc.com/.../printQuick.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vividenc...torLauncher.cab
O16 - DPF: {72133CC5-DE1E-42FE-B8B0-93D2C6C3472E} (FillerX Class) - http://www.formatta....d/pffloader.cab
O16 - DPF: {73954DC6-A1B2-4157-966F-D9914A39F59C} (Vividence Connector Launcher) - http://task.vividenc...torLauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {9240ED3C-8C9A-11D3-B32E-0060082E9206} (SiteBroker.CompanyInformation) - http://merchantaccou.../SiteBroker.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://service.ringc...X/BMAXSetup.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networkso...rueSwitchEC.exe
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Quicken Online Backup\AgentSrv.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - 3am Labs, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - 3am Labs, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE



Incident Status Location

Spyware:Spyware/Bridge No disinfected Windows Registry
Adware:Adware/SideSearch No disinfected C:\Documents and Settings\default\Application Data\Lycos
Adware:Adware/BlazeFind No disinfected C:\DOCUME~1\default\LOCALS~1\Temp\Installer?.exe
Adware:Adware/TopRebates No disinfected C:\Program Files\WebRebates
Adware:Adware/ExactSearch No disinfected Windows Registry
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.inf
Virus:W32/Oscarbot.H.worm Disinfected C:\WINDOWS\msi.exe
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729594.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729602.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729610.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729629.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729636.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729644.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729652.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729662.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729671.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729689.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729701.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729711.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729727.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729732.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729741.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729758.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729771.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729810.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729818.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729827.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729838.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729847.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729857.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729868.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729878.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729894.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729905.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729914.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729940.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729968.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729978.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729989.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13729997.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730004.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730013.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730022.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730032.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730048.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730073.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730085.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730098.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730112.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730123.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730135.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730144.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730152.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730163.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730171.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730185.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730197.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730209.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730218.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730229.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730234.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730246.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730260.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730273.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730288.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730301.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730317.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730328.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730341.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730356.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730377.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730386.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730395.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730408.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730416.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730421.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730432.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730439.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730448.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730456.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730466.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730474.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730486.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730497.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730506.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730516.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730525.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730536.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730546.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730563.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730574.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730585.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730593.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730602.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730610.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730620.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730692.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730703.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730712.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730722.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730731.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730741.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730750.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730763.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730778.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730805.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730811.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730821.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730830.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730857.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730871.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730882.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730893.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730905.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730918.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730929.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730938.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730977.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730986.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13730997.asw
Adware:Adware/MoeMoney No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731006.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731017.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731026.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731038.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731048.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731059.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731073.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731081.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731091.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731100.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731111.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731120.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731131.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731142.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731153.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731161.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731177.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731201.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731216.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731228.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731239.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731250.asw
Adware:Adware/TopMoxie No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\13731262.asw
  • 0

#4
Guest_thatman_*
Posted 21 June 2005 - 09:19 AM

Guest_thatman_*
  • Guest
Hi blueheadsets

Your system is looking good how is it running are you getting any problem.

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first. Don't run yet.

Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later.

Please download SpyBot V1.4 http://www.majorgeek...wnload2471.html Update the program then run it.

Reboot into Safe Mode: please see here if you are not sure how to do this.

C:\Documents and Settings\default\Application Data\Lycos<--Delete this folder
C:\DOCUME~1\default\LOCALS~1\Temp\Installer?.exe<--Delete this file
C:\Program Files\WebRebates<--Delete the whole folder
C:\WINDOWS\Downloaded Program Files\popcaploader.inf<--Delete this file
C:\WINDOWS\msi.exe <--Delete this file
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\<--Delete all the backup file's in this folder

Run Ewido full scan. Save the scan.log.

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

Run Ad-aware se let remove all it finds

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

You have MSConfig.exeset to auto<--Please reset this back to normal start

Reboot as normal

Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.ste...p/CleanUp40.exe
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingc...tutorial93.html
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button
When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
Please post the logs From Panda, Ewido and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#5
blueheadsets
Posted 21 June 2005 - 04:06 PM

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Ok, I am running the Panda scan now and when that is done I will post all 3 logfiles. I could not locate any file by the name of "msi.exe" the closest thing I found was a .ini I believe.

My computer does not like the MSCONFIG set to "normal". It loads the Symantec WinFax setup program on startup...I think that's why I had it set to "auto" or whatever I had it set before.

I alsoget the following:

1. Dialog box that is titled "WJVIEW ERROR" "Error: Could not execute main: The system cannot find the specified file. " I am not sure if this is gotomypc.com file or not. Although it does not seem to adversely affect gotomypc.com, which is a must have for me.

2. I still get the error "no disk in drive". That goes away after I hit cancel about 4 times and doesn't seem to re-occur. I am not sure where this is coming from.

Panda has already found at least 1 infected file again. And I will post those logs later when it is done.

Thanks for all your help!!
  • 0

#6
Guest_thatman_*
Posted 21 June 2005 - 04:55 PM

Guest_thatman_*
  • Guest
Hi blueheadsets

In Internet Explorer, you will also see a right-click context-menu item named WebSavings. You may remove it using ToolbarCop. http://www.majorgeek...wnload4126.html

Might be caused by an adware called WebSavings [WebSavings / TopMoxie]. This adds an entry in registry and loads the Java Class file present in it's folder, at Windows startup. This may also be caused by any other software. One of the most common cause I noticed is due to WebSavings / TopMoxie.

[WJView is the Microsoft command-line loader for Java and it's a legit file. You don't need to extract a new copy of this file, nor download Java VM. Spyware removers and the Anti-virus software removes the Java Class file without removing the startup entry referencing WJView. That's why the error is caused]

You may uncheck the WJView entry from MSCONFIG Startup tab. To remove the traces from the registry, re-check the startup entry and start Registry Editor. Browse to the following registry location:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
Value: "WebSavingsfromEbates"
Data: "wjview /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates""
Removal

First, use the Control Panel Add/Remove Programs to uninstall this ad-ware. If this does not help, try this:
Click Start, Run and type Regedit. Press OK.
Go to this location:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
In the right pane, delete the value called WebSavingsfromEbates
Close registry editor.
Delete the following folders and subfolders:
C:\Program Files\WebSavingsfromEbates\

Kc :tazz:
  • 0

#7
blueheadsets
Posted 21 June 2005 - 06:07 PM

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
No WebSavingsfromEbates on my computer. I am waiting for Panda to finish, looks like at least another 90 mins before it is done.

While waiting what can you recommend to help keep this junk off the computer??? I am sure you can see the software I have installed now: Ad-Aware, Spyware Doctor, etc., but with so much out there it's hard to know what to use and I have an odler computer with only 512MB of RAM but also have 2 brand new laptops that I need to protect.

Mark

Edited by blueheadsets, 21 June 2005 - 06:09 PM.

  • 0

#8
Guest_thatman_*
Posted 22 June 2005 - 08:27 AM

Guest_thatman_*
  • Guest
Hi blueheadsets

I will knock up a list of good programs anti-virus, firewals, malware removers,ect

Will be waiting for your logs when you are ready to post

Kc :tazz:
  • 0

#9
blueheadsets
Posted 22 June 2005 - 08:44 AM

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Ok, here are the logs. Please note HIJACK THIS was run without rebooting after the virus scan. Please let me know if you need it with a fresh reboot.

Thanks!

Mark
----------------------------------
PANDA SCAN:


Incident Status Location

Spyware:Spyware/Bridge No disinfected Windows Registry

-----------------------------------
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:28:23 PM, 6/21/2005
+ Report-Checksum: E4C4EFC7

+ Date of database: 6/19/2005
+ Version of scan engine: v3.0

+ Duration: 82 min
+ Scanned Files: 148657
+ Speed: 29.97 Files/Second
+ Infected files: 60
+ Removed files: 60
+ Files put in quarantine: 60
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\default\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@gostats[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@exitfuel[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@81281782[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@hotbar[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@dcswtptci21e5h2b3g5btax3z_1j7d[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@dcsyzvsj121e5h6egjsc99yfy_7p2m[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@dcsserqb8erp17368wkcsn8pc_2z2f[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@gostats[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@dcsvxglyv11e5h6a9f1myd9cn_2u9m[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@dcsew60m1oifwznbkznc6j9ix_5x7j[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@46333301[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@dcsx8pw0epifwzbqfcuk9q0y1_7n3v[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][4].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@myaffiliateprogram[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][6].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@S109869[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@S118485[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@dcswtptci21e5h2b3g5btax3z_1j7d[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@dcsvxglyv11e5h6a9f1myd9cn_2u9m[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@43465825[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@looksmart[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@53912102[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@62672927[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@link[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@dcsew60m1oifwznbkznc6j9ix_5x7j[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@dcskxd8wferp17368wkcsn8pc_1z4x[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@dcs2omr9fpifwznrgv67zf9ub_7p8i[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@dcsn42u4k11e5hyzziz7zntl5_1j8l[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@dcs50w0haerp17368wkcsn8pc_6z4i[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@dcsx8pw0epifwzbqfcuk9q0y1_7n3v[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@dcssho9ey5twkfrvzxus561vr_7z6l[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@dcslt9a2911e5h27gz9cy9xcg_5f1j[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@dcslh1x9yoifwzzw4fisxq75d_1h5m[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@dcslh1x9yoifwzzw4fisxq75d_1h5m[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][5].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\System Volume Information\_restore{709216AB-3DAA-45ED-BFA1-11B991831EF6}\RP1060\A0251275.dll -> Backdoor.CrashCoool.e -> Cleaned with backup
C:\System Volume Information\_restore{709216AB-3DAA-45ED-BFA1-11B991831EF6}\RP1060\A0251276.vxd -> Spyware.MediaPass -> Cleaned with backup
C:\Recycled\Dc17.exe -> Spyware.PurityScan.u -> Cleaned with backup


::Report End
------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:43:54 AM, on 6/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Quicken Online Backup\AgentSrv.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Prime95\prime95.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\AtomTime Pro\AtomTime.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\ioSoftware\Logitech.Pen.TrayIcon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe
C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
C:\Program Files\eFax Messenger Plus\HotTray.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\America Online 9.0a\aoltray.exe
c:\program files\logitech\iosoftware\Logitech.Pen.LplsHost.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Logitech\ioSoftware\Logitech.FileSystem.AccessManager.Server.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Expertcity\GoToMyPC\g2mainh.exe
C:\Program Files\Expertcity\GoToMyPC\g2host.exe
C:\Program Files\Expertcity\GoToMyPC\g2printh.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\default\Desktop\HiJackThis\HijackThis.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [AtomTime] "C:\Program Files\AtomTime Pro\AtomTime.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMC] C:\WINDOWS\msi.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Logitech.Pen.TrayIcon] C:\Program Files\Logitech\ioSoftware\Logitech.Pen.TrayIcon.exe
O4 - HKLM\..\Run: [LexStart] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Folding@home 3.14.lnk = ?
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Quicken Online Backup TaskBar Icon.LNK = C:\Program Files\Quicken Online Backup\CBSysTray.exe
O4 - Global Startup: RingCentral.lnk = C:\Program Files\RingCentral\RingCentral\RCUI.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Quickenw\QWDLLS.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Quickenw\bagent.exe
O4 - Global Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O4 - Global Startup: eFax Tray Menu.lnk = C:\Program Files\eFax Messenger Plus\HotTray.exe
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Configuration Wizard.lnk = C:\Program Files\Symantec\WinFax\WTNSETUP.EXE
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...16/sdcregie.cab
O16 - DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} (printQuick Browser Add In) - http://www.pqpc.com/.../printQuick.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vividenc...torLauncher.cab
O16 - DPF: {72133CC5-DE1E-42FE-B8B0-93D2C6C3472E} (FillerX Class) - http://www.formatta....d/pffloader.cab
O16 - DPF: {73954DC6-A1B2-4157-966F-D9914A39F59C} (Vividence Connector Launcher) - http://task.vividenc...torLauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {9240ED3C-8C9A-11D3-B32E-0060082E9206} (SiteBroker.CompanyInformation) - http://merchantaccou.../SiteBroker.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://service.ringc...X/BMAXSetup.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networkso...rueSwitchEC.exe
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Quicken Online Backup\AgentSrv.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - 3am Labs, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - 3am Labs, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
  • 0

#10
Guest_thatman_*
Posted 22 June 2005 - 10:01 AM

Guest_thatman_*
  • Guest
Hi blueheadsets

To remove bridge
Now click Start -> Run, type regedit and press [Return]. First browse to HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ explorer \ Browser Helper Objects \ {9C691A33-7DDA-4C2F-BE4C-C176083F35CF}. Right-click the {9C691A33...} entry in the left-hand pane and select Delete. Now browse to HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ bridge. Again, right-click the bridge entry and select Delete.

Finally, browse to HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run. In the right-hand pane you’ll see a value called systray: right-click this and delete it. This should remove all trace of the adware from your PC and get rid of the message at startup.

Search your system for:
c:\windows\bridge.dll
C:\Windows\system32\bridge.dll
If found delete with killbox.

1. Click Start, and then click Run. The Run dialog box appears.
2. Type regedit and then click OK. The Registry Editor opens.
3. Navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>
4. In the right pane, delete the following value: easyServ <path to server.exe>\Server.exe
5. Exit the Registry Editor.


Name C:\WINDOWS\msi.exe W32/Oscabot-I
Type Worm How it spreads * Chat programs Affected operating systems Windows
Side effects
* Allows others to access the computer
* Downloads code from the internet
* Reduces system security
* Installs itself in the Registry
Aliases IM-Worm.Win32.Funmov.a

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Use windows add remove program file's uninstall the following. This may be what is causing the malware BKDR_OPTIX.04.A
This backdoor malware allows remote users to access and manipulate a compromised system. It has a server component, which is installed on the target system, and a client component that connects to the server program and controls the target machine.
C:\Program Files\Logitech\ioSoftware\Logitech.FileSystem.AccessManager.Server.exeExit the Task Manager when finished.

[*]Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
O4 - HKLM\..\Run: [MMC] C:\WINDOWS\msi.exe
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com (file missing) (HKCU)
O16 - DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} (printQuick Browser Add In) - http://www.pqpc.com/.../printQuick.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vividenc...torLauncher.cab
O16 - DPF: {72133CC5-DE1E-42FE-B8B0-93D2C6C3472E} (FillerX Class) - http://www.formatta....d/pffloader.cab
O16 - DPF: {73954DC6-A1B2-4157-966F-D9914A39F59C} (Vividence Connector Launcher) - http://task.vividenc...torLauncher.cab
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://service.ringc...X/BMAXSetup.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networkso...rueSwitchEC.exe
Click on Fix Checked when finished and exit HijackThis.

[*]Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\Program Files\Logitech\ioSoftware\Logitech.FileSystem.AccessManager.Server.exeExit Explorer.Reboot as normal.

Download Pocket Killbox and unzip it; save it to your Desktop.
Run killbox and click the radio button that says Delete a file on reboot. Paste the file's one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
C:\WINDOWS\msi.exe
Let the system reboot.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

Advertisements

#11
blueheadsets
Posted 22 June 2005 - 11:41 AM

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Ok, of all the REGEDIT stuff you had me do the only thing that was present was SYSTRAY. I couldn't find any of the bridge registry items or files nor the msi.exe file.

I will have to run the virus scans later after I am done working for the day. Here is my latest HIJACK:

Logfile of HijackThis v1.99.1
Scan saved at 1:38:57 PM, on 6/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Quicken Online Backup\AgentSrv.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Prime95\prime95.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Logitech\ioSoftware\Logitech.Pen.AutoLaunch.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Envelope Manager\DAZzle\DAZZLE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\default\Desktop\HiJackThis\HijackThis.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [AtomTime] "C:\Program Files\AtomTime Pro\AtomTime.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Logitech.Pen.TrayIcon] C:\Program Files\Logitech\ioSoftware\Logitech.Pen.TrayIcon.exe
O4 - HKLM\..\Run: [LexStart] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Folding@home 3.14.lnk = ?
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Quicken Online Backup TaskBar Icon.LNK = C:\Program Files\Quicken Online Backup\CBSysTray.exe
O4 - Global Startup: RingCentral.lnk = C:\Program Files\RingCentral\RingCentral\RCUI.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Quickenw\QWDLLS.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Quickenw\bagent.exe
O4 - Global Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O4 - Global Startup: eFax Tray Menu.lnk = C:\Program Files\eFax Messenger Plus\HotTray.exe
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Configuration Wizard.lnk = C:\Program Files\Symantec\WinFax\WTNSETUP.EXE
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...16/sdcregie.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {9240ED3C-8C9A-11D3-B32E-0060082E9206} (SiteBroker.CompanyInformation) - http://merchantaccou.../SiteBroker.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Quicken Online Backup\AgentSrv.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - 3am Labs, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - 3am Labs, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
  • 0

#12
Guest_thatman_*
Posted 22 June 2005 - 12:05 PM

Guest_thatman_*
  • Guest
Hi blueheadsets

Your HijackThis.log is clean we just need the panda scan now.

How is the system running now.

Kc :tazz:
  • 0

#13
blueheadsets
Posted 22 June 2005 - 12:33 PM

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
It is running pretty good. I will get the panda scan for you probably by tomorrow.
  • 0

#14
blueheadsets
Posted 22 June 2005 - 12:40 PM

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
How do we keep this garbage from coming back? It's INCREDIBLE and SCARY!
  • 0

#15
blueheadsets
Posted 22 June 2005 - 10:20 PM

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I still have the bridge spyware from the Panda Scan:


Spyware:Spyware/Bridge No disinfected Windows Registry

I can only find 3 files on my computer with the name "bridge:.xxx"

C:\I386 bridge (no extension)
C:\windows\system\drivers (system file)
c:\windows\servicepackfiles\i386 (system file)

I couldn't find those registry entries you mentioned previously, any other possibilities?

Here is the latest HIJACK:

Logfile of HijackThis v1.99.1
Scan saved at 12:19:31 AM, on 6/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Quicken Online Backup\AgentSrv.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Prime95\prime95.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Logitech\ioSoftware\Logitech.Pen.AutoLaunch.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Expertcity\GoToMyPC\g2mainh.exe
C:\Program Files\Expertcity\GoToMyPC\g2host.exe
C:\Program Files\Expertcity\GoToMyPC\g2printh.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\default\Desktop\HiJackThis\HijackThis.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [AtomTime] "C:\Program Files\AtomTime Pro\AtomTime.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Logitech.Pen.TrayIcon] C:\Program Files\Logitech\ioSoftware\Logitech.Pen.TrayIcon.exe
O4 - HKLM\..\Run: [LexStart] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Folding@home 3.14.lnk = ?
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Quicken Online Backup TaskBar Icon.LNK = C:\Program Files\Quicken Online Backup\CBSysTray.exe
O4 - Global Startup: RingCentral.lnk = C:\Program Files\RingCentral\RingCentral\RCUI.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Quickenw\QWDLLS.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Quickenw\bagent.exe
O4 - Global Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O4 - Global Startup: eFax Tray Menu.lnk = C:\Program Files\eFax Messenger Plus\HotTray.exe
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Configuration Wizard.lnk = C:\Program Files\Symantec\WinFax\WTNSETUP.EXE
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...16/sdcregie.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {9240ED3C-8C9A-11D3-B32E-0060082E9206} (SiteBroker.CompanyInformation) - http://merchantaccou.../SiteBroker.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Quicken Online Backup\AgentSrv.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - 3am Labs, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - 3am Labs, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP