Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Aurora, BetterInternet trojans

Started by keburton , Jul 30 2005 07:05 AM

  • Please log in to reply

#1
keburton
Posted 30 July 2005 - 07:05 AM

keburton

    New Member

  • Member
  • Pip
  • 2 posts
I have gone through the protocol recommended before posting a HijackThis log. Still have some bad files. After running a second McAfee scan, it said the following file was write-protected and I couldn't clean, delete or quarantine it:

C:\Documents and Settings\Karen\Local Settings\Temp\C6.tmp\thnall1ac.exe

(Adware-abetterinternt.dldr)

I will post my HijackThis and Ewido report next.
  • 0

Advertisements

#2
keburton
Posted 30 July 2005 - 07:09 AM

keburton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:52:47 PM, 7/29/2005
+ Report-Checksum: 1EB532F1

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Spyware.DealHelper : Cleaned with backup
HKU\S-1-5-21-905303659-516116760-269536213-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-905303659-516116760-269536213-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-905303659-516116760-269536213-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44BE0690-5429-47F0-85BB-3FFD8020233E} -> Spyware.UCmore : Cleaned with backup
HKU\S-1-5-21-905303659-516116760-269536213-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-905303659-516116760-269536213-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-905303659-516116760-269536213-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
[1608] C:\WINDOWS\system32\DrPMon.dll -> Adware.BetterInternet : Error during cleaning
[3600] VM_012A0000 -> Adware.BetterInternet : Error during cleaning
[3824] C:\Program Files\SurfSideKick 3\SskCore.dll -> Spyware.SurfSide : Cleaned with backup
C:\WINDOWS\system32\rwyiyav.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\vdfzvo.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\ncjwka.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\uunmsh.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\sxltcwj.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\gpnwegg.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\biqiqw.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\3sjorec0.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\srbmvs.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\maileu.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\szsalqd.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\jxfgkvp.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\crfpdqk.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\CDM\wjxnfnhska.dll -> Spyware.SmartPops : Cleaned with backup
C:\WINDOWS\system32\CDM\wjxnfnhska.exe -> Spyware.SmartPops : Cleaned with backup
C:\WINDOWS\system32\Lyvawv.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__DrPMon.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__reqq2vpb.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__Lwpkpw.exe -> Trojan.Popmon.a : Cleaned with backup
C:\WINDOWS\SSK3_B5.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\WINDOWS\abpgo7jg.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\ktuupp.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\Documents and Settings\Karen\Desktop\AlexaInstaller.exe -> Spyware.AlexaBar : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Karen\Application Data\Netscape\NSB\Profiles\olqfjx84.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Karen\Application Data\Netscape\NSB\Profiles\olqfjx84.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Karen\Application Data\Netscape\NSB\Profiles\olqfjx84.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Karen\Application Data\Netscape\NSB\Profiles\olqfjx84.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\WeirdOnTheWeb\__delete_on_reboot__WeirdOnTheWeb.exe -> Spyware.WeirWeb : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskBho.dll -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskCore.dll -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\Ssk.exe -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\SurfAccuracy\SAcc.exe -> Spyware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP124\A0023652.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP125\A0023679.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP125\A0024655.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP126\A0024699.dll -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP126\A0024717.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP126\A0024724.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP126\A0024726.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP126\A0024727.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP127\A0024765.dll -> Spyware.UCmore : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP127\A0024769.dll -> TrojanDownloader.Dyfuca.eg : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP127\A0024770.exe/UCMTSAIE.DLL -> Spyware.UCmore : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP127\A0024770.exe/IUCMORE.DLL -> Spyware.UCmore : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP128\A0025005.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP128\A0025020.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP128\A0025082.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP128\A0025083.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP128\A0025090.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP128\A0025091.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP128\A0025092.exe -> Spyware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP129\A0025132.exe -> Adware.BetterInternet : Cleaned with backup


::Report End


HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:51:33 AM, on 7/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works

Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\COMMON~1\AOL\111257~1\EE\AOLHOS~1.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\COMMON~1\AOL\111257~1\EE\AOLServiceHost.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
c:\windows\system32\jritqr.exe
c:\program files\mcafee.com\vso\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Software Downloads\HijackThis.exe
C:\Program Files\America Online 9.0\shellmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.bestbuy.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.bestbuy.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9}

- C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Bucket Class - {00000001-C003-4A2F-9142-7CB1D78DE6C1} -

C:\WINDOWS\tct101.dll (file missing)
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} -

C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31EED482-298A-A16C-D9B4-18CFE8F95B28} -

C:\WINDOWS\system32\CDM\wjxnfnhska.dll (file missing)
O2 - BHO: AuroraHandlerObj Class -

{4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll

(file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class -

{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no

file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -

C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655}

- c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program

Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC]

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common

Files\AOL\1112576945\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common

Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection]

"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common

Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD

Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD

Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [VSOCheckTask]

"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online]

"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe]

C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic]

"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program

Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program

Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus C82 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON

Stylus C82 Series" /O6 "USB002" /M "Stylus C82"
O4 - HKLM\..\Run: [EPSON Stylus Photo R800]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON

Stylus Photo R800" /O6 "USB003" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program

Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [reqq2vpb] C:\WINDOWS\system32\reqq2vpb.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick

3\Ssk.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [ngwhjb] c:\windows\system32\jritqr.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program

Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online

9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick

3\Ssk.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program

Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program

Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program

Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -

res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C}

- (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar -

{4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj

Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating

System Class) -

http://download.av.a...4,0,0,83/mcinsc

tl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://v5.windowsupd...ols/en/x86/clie

nt/wuweb_site.cab?1113918131574
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai...trendmicro.com/

housecall/xscan53.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class)

- https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer

Anti-Spyware Scanner) -

http://download.zone...ctor/WebAAS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class)

-

http://download.av.a...,0,0,20/mcgdmgr

.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program

Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online -

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America

Online, Inc - C:\Program Files\Common

Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown

owner - C:\Program Files\Common Files\AOL\AOL Spyware

Protection\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks -

C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program

Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -

c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -

Networks Associates Technology, Inc -

C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) -

Networks Associates Technology, Inc -

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - -

C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner -

C:\WINDOWS\svcproc.exe (file missing)



Thanks in advance for your help!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP