Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sorry Posted In Wrong Place~


  • Please log in to reply
21 replies to this topic

#1 mistressbluz

mistressbluz

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:09:29 AM

Posted 20 April 2005 - 11:23 AM

[COLOR=blue] I posted this in the wrong place earlier, am sooo sorry, I didnt realize there was a forum just for this..I apologize. Any help would be most appreciated! Tam



COLOR=blue] Hi..I was wondering if anyone can help me...my son was on my system the other night and since I have been having nothing but pop-up problems and actually problems running certain programs. I tried to do a restore that didnt help, I even tried to boot from my original XP Cd and start all over, but found that I had an SP2 error, which in going to uninstall that, I got another area pertaining to languages etc... I ran hijack this and here is my report, if anyone knows of anything I can do, I would greatly greatly appreciate it, as these pop-ups are driving me nuts, because just popping up they seem to even download themselves. Thanks again!
Tam!



Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\adsldp62.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\asferror.exe
C:\WINDOWS\system32\picsvr\picsvr.exe
C:\WINDOWS\system32\exp.exe
C:\WINDOWS\system32\wintask.exe
C:\WINDOWS\system32\ppfnx\kqbqcsk.exe
C:\WINDOWS\system32\Ujrzng.exe
C:\WINDOWS\system32\ktam\oaus.exe
C:\WINDOWS\system32\sdxjjxax\ybftqh.exe
C:\WINDOWS\system32\ivpizi.exe
C:\WINDOWS\system32\tgsumesw\wglhr.exe
C:\WINDOWS\system32\ualfijr\ukltnxic.exe
C:\WINDOWS\system32\sxrc\pefenos.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\appnardo da vinci.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ahuispl.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
c:\windows\system32\kypzfh.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\WINDOWS\system32\wuauclt.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eX] C:\Documents and Settings\MATT\Local Settings\Temp\eX.exe
O4 - HKLM\..\Run: [qNq] C:\documents and settings\matt\local settings\temp\qNq.exe
O4 - HKLM\..\Run: [SZY] C:\documents and settings\matt\local settings\temp\SZY.exe
O4 - HKLM\..\Run: [w] C:\documents and settings\matt\local settings\temp\w.exe
O4 - HKLM\..\Run: [NpQ] C:\Documents and Settings\MATT\Local Settings\Temp\NpQ.exe
O4 - HKLM\..\Run: [6f457dcba1dd] C:\WINDOWS\system32\adsldp62.exe
O4 - HKLM\..\Run: [SHl] C:\documents and settings\matt\local settings\temp\SHl.exe
O4 - HKLM\..\Run: [Brk3fj] C:\documents and settings\matt\local settings\temp\Brk3fj.exe
O4 - HKLM\..\Run: [cm2OH5aAX] C:\documents and settings\matt\local settings\temp\cm2OH5aAX.exe
O4 - HKLM\..\Run: [3J8JK8F42T8AYA] C:\WINDOWS\system32\Hcj2t6.exe
O4 - HKLM\..\Run: [7QDe] C:\documents and settings\matt\local settings\temp\7QDe.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [960539e7fbda] C:\WINDOWS\system32\asferror.exe
O4 - HKLM\..\Run: [motoin] C:\WINDOWS\mm15201518.Stub.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~3\NORTON~1\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\system32\pacis.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [ekbdckym] C:\WINDOWS\system32\epmqf\ekbdckym.exe
O4 - HKLM\..\Run: [leptoij] C:\WINDOWS\system32\qenrnnw\leptoij.exe
O4 - HKLM\..\Run: [jvyg] C:\WINDOWS\system32\lwgjqb\jvyg.exe
O4 - HKLM\..\Run: [dorurwl] C:\WINDOWS\dorurwl.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe
O4 - HKLM\..\Run: [kqbqcsk] C:\WINDOWS\system32\ppfnx\kqbqcsk.exe
O4 - HKLM\..\Run: [kedq] C:\WINDOWS\system32\dnpyhgh\kedq.exe
O4 - HKLM\..\Run: [otauvvn] C:\WINDOWS\system32\rcduthd\otauvvn.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Ujrzng.exe
O4 - HKLM\..\Run: [ybftqh] C:\WINDOWS\system32\sdxjjxax\ybftqh.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\ivpizi.exe
O4 - HKLM\..\Run: [ukltnxic] C:\WINDOWS\system32\ualfijr\ukltnxic.exe
O4 - HKLM\..\Run: [oaus] C:\WINDOWS\system32\ktam\oaus.exe
O4 - HKLM\..\Run: [pefenos] C:\WINDOWS\system32\sxrc\pefenos.exe
O4 - HKLM\..\Run: [wglhr] C:\WINDOWS\system32\tgsumesw\wglhr.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [3sEP39V] appnardo da vinci.exe
O4 - HKLM\..\Run: [qbucjbq] c:\windows\system32\kypzfh.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IBxFRVZEW] ahuispl.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bargain-buddy.net/download...MARKETING11.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/grab/CLOAct...tallerProj1.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partner...ony/install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://download.toontown.com/sv1.0.15.25/ttinst.cab
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia.com/install/pcs_0002.exe
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://i.grab.com/media/70efdf/games/files...aploader_v6.cab




--------------------

[COLOR=blue] [/QUOTE] What doesn't kill you, Makes you stronger"
"What doesn't kill you, Makes you stronger"

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:29 AM

Posted 20 April 2005 - 03:35 PM

Please run two online virus scans:

http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
http://housecall.antivirus.com/

Then let us know if its working better and what the scans found.

#3 mistressbluz

mistressbluz
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:09:29 AM

Posted 20 April 2005 - 06:48 PM

Grinler: Thank you so very much for replying I have been having an awful time, I ran the first scan you suggested and Its long but I removed 160 infected items. See below am working on the 2nd now and will let you know... Again, Thank you so very much! :thumbsup:







File Infection Status Path
thin-138-1-x-x.exe Win32.BettInet deleted C:\Documents and Settings\MATT\Local Settings\Temp\DrTemp\
installer_MARKETING18.exe Win32.SillyDl.JB deleted C:\Documents and Settings\MATT\Local Settings\Temp\
ojruehgs.exe Win32.Darliz.F deleted C:\Documents and Settings\MATT\Local Settings\Temp\
uvqu.exe Win32.Darliz.F deleted C:\Documents and Settings\MATT\Local Settings\Temp\
00000005.exe Win32.Memwatch.A deleted C:\RECYCLER\NPROTECT\
00000284.exe Win32.Memwatch.A deleted C:\RECYCLER\NPROTECT\
00000285.exe Win32.Memwatch.A deleted C:\RECYCLER\NPROTECT\
A0061622.exe Win32.SillyDl.GL deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP201\
A0061632.exe Win32.SillyDl.GM deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP201\
A0062435.exe Win32.SillyDl.GL deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP204\
A0062449.exe Win32.SillyDl.GM deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP204\
A0062597.exe Win32.SillyDl.GM deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP210\
A0062828.exe Win32.SillyDl.GL deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP211\
A0062911.exe Win32.SillyDl.GM deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP211\
A0062981.exe Win32.Dyfuca.K deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP211\
A0063228.exe Win32.SillyDl.GL deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP212\
A0063234.exe Win32.SillyDl.JD deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP212\
A0063239.exe Win32.SillyDl.KL deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP212\
A0064965.exe Win32.SillyDl.JD deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP216\
A0065287.exe Win32.SillyDl.JC deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP218\
A0066134.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP220\
A0066178.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP220\
A0066254.exe Win32.SillyDl.KU deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP220\
A0066275.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP220\
A0066276.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP220\
A0066330.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP221\
A0066338.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP221\
A0066534.exe Win32.SillyDl.FG deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP221\
A0066535.exe Win32.SillyDl.KU deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP221\
A0066571.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP221\
A0066588.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP221\
A0066598.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP221\
A0067598.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP221\
A0067608.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP221\
A0067648.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP222\
A0067675.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP222\
A0068678.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP222\
A0068688.exe Win32.SillyDl.KU deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP222\
A0068694.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP222\
A0068701.exe Win32.Multidropper.N deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP222\
A0068702.dll Win32.SillyDl.GS deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP222\
A0068719.dll Win32.SillyDl.GS deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP222\
A0068732.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP222\
A0068750.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP222\
A0068762.exe Win32.WinAd.H deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP222\
A0068774.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP222\
A0068778.exe Win32.Darliz.H deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP222\
A0068831.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP222\
A0069108.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP223\
A0069116.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP223\
A0069127.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP223\
A0069137.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP223\
A0070137.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP223\
A0070141.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070449.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070451.exe Win32.Darliz.H deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070452.exe Win32.Darliz.H deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070453.exe Win32.Darliz.G deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070454.exe Win32.Darliz.G deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070456.dll Win32.SillyDl.GS deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070460.exe Win32.SillyDl.KU deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070461.exe Win32.Startpage.PH deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070463.exe Win32.Startpage.PH deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070464.exe Win32.Multidropper.N deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070466.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070477.exe Win32.SillyDl.FG deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070496.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070498.exe Win32.SillyDl.KU deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070499.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070503.exe Win32.Darliz.H deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070504.exe Win32.Darliz.G deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070505.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070506.exe Win32.SillyDl.KU deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070554.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP224\
A0070556.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070864.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070866.exe Win32.Darliz.H deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070867.exe Win32.Darliz.H deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070868.exe Win32.Darliz.G deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070869.exe Win32.Darliz.G deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070871.dll Win32.SillyDl.GS deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070875.exe Win32.SillyDl.KU deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070876.exe Win32.Startpage.PH deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070878.exe Win32.Startpage.PH deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070879.exe Win32.Multidropper.N deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070881.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070892.exe Win32.SillyDl.FG deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070911.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070913.exe Win32.SillyDl.KU deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070914.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070918.exe Win32.Darliz.H deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070919.exe Win32.Darliz.G deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070920.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070921.exe Win32.SillyDl.KU deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070969.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP225\
A0070971.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071279.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071281.exe Win32.Darliz.H deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071282.exe Win32.Darliz.H deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071283.exe Win32.Darliz.G deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071284.exe Win32.Darliz.G deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071286.dll Win32.SillyDl.GS deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071290.exe Win32.SillyDl.KU deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071291.exe Win32.Startpage.PH deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071293.exe Win32.Startpage.PH deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071294.exe Win32.Multidropper.N deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071296.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071307.exe Win32.SillyDl.FG deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071326.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071328.exe Win32.SillyDl.KU deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071329.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071333.exe Win32.Darliz.H deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071334.exe Win32.Darliz.G deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071335.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071336.exe Win32.SillyDl.KU deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071384.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP226\
A0071385.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071693.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071695.exe Win32.Darliz.H deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071696.exe Win32.Darliz.H deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071697.exe Win32.Darliz.G deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071698.exe Win32.Darliz.G deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071700.dll Win32.SillyDl.GS deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071704.exe Win32.SillyDl.KU deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071705.exe Win32.Startpage.PH deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071707.exe Win32.Startpage.PH deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071708.exe Win32.Multidropper.N deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071710.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071721.exe Win32.SillyDl.FG deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071740.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071742.exe Win32.SillyDl.KU deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071743.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071747.exe Win32.Darliz.H deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071748.exe Win32.Darliz.G deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071749.exe Win32.Darliz.F deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071750.exe Win32.SillyDl.KU deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071798.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
A0071832.exe Win32.BettInet.U deleted C:\System Volume Information\_restore{F9E6BE89-408E-4C19-84EB-AFD0AD944CF4}\RP227\
backup-20050418-200303-254.dll Win32.SillyDl.GS deleted C:\unzipped\hijackthis[1]\backups\
abi.exe Win32.BettInet.C deleted C:\WINDOWS\
optimize.exe Win32.Dyfuca.K deleted C:\WINDOWS\
kedq.exe Win32.Darliz.G deleted C:\WINDOWS\SYSTEM32\dnpyhgh\
elitejng32.exe Win32.Startpage.PH deleted C:\WINDOWS\SYSTEM32\
elitejtg32.exe Win32.Startpage.PH deleted C:\WINDOWS\SYSTEM32\
elitemxi32.exe Win32.Startpage.PH deleted C:\WINDOWS\SYSTEM32\
eliterjo32.exe Win32.Startpage.PH deleted C:\WINDOWS\SYSTEM32\
ekbdckym.exe Win32.Darliz.F deleted C:\WINDOWS\SYSTEM32\epmqf\
installer_MARKETING18.exe Win32.SillyDl.KU deleted C:\WINDOWS\SYSTEM32\
kypzfh.exe Win32.BettInet.U cannot delete C:\WINDOWS\SYSTEM32\
jvyg.exe Win32.Darliz.H deleted C:\WINDOWS\SYSTEM32\lwgjqb\
main.exe Win32.SillyDl.FG deleted C:\WINDOWS\SYSTEM32\
Pop2.exe Win32.SillyDl.KU deleted C:\WINDOWS\SYSTEM32\
leptoij.exe Win32.Darliz.G deleted C:\WINDOWS\SYSTEM32\qenrnnw\
otauvvn.exe Win32.Darliz.H deleted C:\WINDOWS\SYSTEM32\rcduthd\
temperror32.dat Win32.Startpage.PH deleted C:\WINDOWS\SYSTEM32\
ventura5.exe Win32.Multidropper.N deleted C:\WINDOWS\SYSTEM32\
wrapperouter.exe Win32.SillyDl.KU deleted C:\WINDOWS\SYSTEM32\
xvfil.exe Win32.Darliz.F deleted C:\WINDOWS\SYSTEM32\
TMP_FILE_2.tmp Win32.SillyDl.GM deleted C:\WINDOWS\
wupdsnff.exe Win32.SillyDl.GM deleted C:\WINDOWS\



Search

CA Security Advisor Virus Encyclopedia Vulnerability Encyclopedia Spyware Encyclopedia News and Information


Download Signature Files
Scan For Viruses
Cleaning Utilities
Submit a Virus Sample


CA Security Advisor
Virus Encyclopedia
Vulnerability Information Center
Spyware Information Center
News and Information
Glossary



eTrust Security Management Solutions

eTrust Antivirus
eTrust EZ Armor
eTrust Secure Content Manager









How valuable was this information? Not at all Extremely
Submit


Contact Legal Notice Privacy Policy Site Map
Copyright © 2005 Computer Associates International, Inc. All rights reserved.
"What doesn't kill you, Makes you stronger"

#4 mistressbluz

mistressbluz
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:09:29 AM

Posted 20 April 2005 - 07:28 PM

Ok..I ran the second scan you suggested and I could remove all 46 items except this one, it keeps saying cannot clean or delete acess is denied, any suggestions?

TSPY DLOADER.D C:windowssystem32\kypz......
"What doesn't kill you, Makes you stronger"

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:29 AM

Posted 20 April 2005 - 10:30 PM

Lets see a new hjt log

#6 mistressbluz

mistressbluz
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:09:29 AM

Posted 21 April 2005 - 10:56 AM

[FONT=Arial][SIZE=1][COLOR=blue] Here ya Go, I'm sorry it took so long, just got back on system....Thanks again and Have A Great Day! :thumbsup:





MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\adsldp62.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\asferror.exe
C:\WINDOWS\system32\Ujrzng.exe
C:\WINDOWS\system32\sdxjjxax\ybftqh.exe
C:\WINDOWS\system32\ivpizi.exe
C:\WINDOWS\system32\ualfijr\ukltnxic.exe
C:\WINDOWS\system32\ktam\oaus.exe
C:\WINDOWS\system32\sxrc\pefenos.exe
C:\WINDOWS\system32\tgsumesw\wglhr.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ISEPDLL.EXE
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\WINDOWS\ZKRYENC.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AIM\aim.exe
c:\windows\system32\fgxkfp.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [eX] C:\Documents and Settings\MATT\Local Settings\Temp\eX.exe
O4 - HKLM\..\Run: [qNq] C:\documents and settings\matt\local settings\temp\qNq.exe
O4 - HKLM\..\Run: [SZY] C:\documents and settings\matt\local settings\temp\SZY.exe
O4 - HKLM\..\Run: [w] C:\documents and settings\matt\local settings\temp\w.exe
O4 - HKLM\..\Run: [NpQ] C:\Documents and Settings\MATT\Local Settings\Temp\NpQ.exe
O4 - HKLM\..\Run: [6f457dcba1dd] C:\WINDOWS\system32\adsldp62.exe
O4 - HKLM\..\Run: [SHl] C:\documents and settings\matt\local settings\temp\SHl.exe
O4 - HKLM\..\Run: [Brk3fj] C:\documents and settings\matt\local settings\temp\Brk3fj.exe
O4 - HKLM\..\Run: [cm2OH5aAX] C:\documents and settings\matt\local settings\temp\cm2OH5aAX.exe
O4 - HKLM\..\Run: [3J8JK8F42T8AYA] C:\WINDOWS\system32\Hcj2t6.exe
O4 - HKLM\..\Run: [7QDe] C:\documents and settings\matt\local settings\temp\7QDe.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [960539e7fbda] C:\WINDOWS\system32\asferror.exe
O4 - HKLM\..\Run: [motoin] C:\WINDOWS\mm15201518.Stub.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\system32\pacis.exe
O4 - HKLM\..\Run: [ekbdckym] C:\WINDOWS\system32\epmqf\ekbdckym.exe
O4 - HKLM\..\Run: [leptoij] C:\WINDOWS\system32\qenrnnw\leptoij.exe
O4 - HKLM\..\Run: [jvyg] C:\WINDOWS\system32\lwgjqb\jvyg.exe
O4 - HKLM\..\Run: [dorurwl] C:\WINDOWS\dorurwl.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe
O4 - HKLM\..\Run: [kqbqcsk] C:\WINDOWS\system32\ppfnx\kqbqcsk.exe
O4 - HKLM\..\Run: [kedq] C:\WINDOWS\system32\dnpyhgh\kedq.exe
O4 - HKLM\..\Run: [otauvvn] C:\WINDOWS\system32\rcduthd\otauvvn.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Ujrzng.exe
O4 - HKLM\..\Run: [ybftqh] C:\WINDOWS\system32\sdxjjxax\ybftqh.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\ivpizi.exe
O4 - HKLM\..\Run: [ukltnxic] C:\WINDOWS\system32\ualfijr\ukltnxic.exe
O4 - HKLM\..\Run: [oaus] C:\WINDOWS\system32\ktam\oaus.exe
O4 - HKLM\..\Run: [pefenos] C:\WINDOWS\system32\sxrc\pefenos.exe
O4 - HKLM\..\Run: [wglhr] C:\WINDOWS\system32\tgsumesw\wglhr.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [3sEP39V] appnardo da vinci.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ISEPDLL] C:\WINDOWS\ISEPDLL.EXE
O4 - HKLM\..\Run: [ZKRYENC] C:\WINDOWS\ZKRYENC.EXE
O4 - HKLM\..\Run: [jtcbvc] c:\windows\system32\fgxkfp.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IBxFRVZEW] ahuispl.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bargain-buddy.net/download...MARKETING11.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/grab/CLOAct...tallerProj1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partner...ony/install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://download.toontown.com/sv1.0.15.25/ttinst.cab
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia.com/install/pcs_0002.exe
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejewele...aploader_v7.cab
"What doesn't kill you, Makes you stronger"

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:29 AM

Posted 21 April 2005 - 04:13 PM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O4 - HKLM\..\Run: [eX] C:\Documents and Settings\MATT\Local Settings\Temp\eX.exe
O4 - HKLM\..\Run: [qNq] C:\documents and settings\matt\local settings\temp\qNq.exe
O4 - HKLM\..\Run: [SZY] C:\documents and settings\matt\local settings\temp\SZY.exe
O4 - HKLM\..\Run: [w] C:\documents and settings\matt\local settings\temp\w.exe
O4 - HKLM\..\Run: [NpQ] C:\Documents and Settings\MATT\Local Settings\Temp\NpQ.exe
O4 - HKLM\..\Run: [6f457dcba1dd] C:\WINDOWS\system32\adsldp62.exe
O4 - HKLM\..\Run: [SHl] C:\documents and settings\matt\local settings\temp\SHl.exe
O4 - HKLM\..\Run: [Brk3fj] C:\documents and settings\matt\local settings\temp\Brk3fj.exe
O4 - HKLM\..\Run: [cm2OH5aAX] C:\documents and settings\matt\local settings\temp\cm2OH5aAX.exe
O4 - HKLM\..\Run: [3J8JK8F42T8AYA] C:\WINDOWS\system32\Hcj2t6.exe
O4 - HKLM\..\Run: [7QDe] C:\documents and settings\matt\local settings\temp\7QDe.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [960539e7fbda] C:\WINDOWS\system32\asferror.exe
O4 - HKLM\..\Run: [motoin] C:\WINDOWS\mm15201518.Stub.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\system32\pacis.exe
O4 - HKLM\..\Run: [ekbdckym] C:\WINDOWS\system32\epmqf\ekbdckym.exe
O4 - HKLM\..\Run: [leptoij] C:\WINDOWS\system32\qenrnnw\leptoij.exe
O4 - HKLM\..\Run: [jvyg] C:\WINDOWS\system32\lwgjqb\jvyg.exe
O4 - HKLM\..\Run: [dorurwl] C:\WINDOWS\dorurwl.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe
O4 - HKLM\..\Run: [kqbqcsk] C:\WINDOWS\system32\ppfnx\kqbqcsk.exe
O4 - HKLM\..\Run: [kedq] C:\WINDOWS\system32\dnpyhgh\kedq.exe
O4 - HKLM\..\Run: [otauvvn] C:\WINDOWS\system32\rcduthd\otauvvn.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Ujrzng.exe
O4 - HKLM\..\Run: [ybftqh] C:\WINDOWS\system32\sdxjjxax\ybftqh.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\ivpizi.exe
O4 - HKLM\..\Run: [ukltnxic] C:\WINDOWS\system32\ualfijr\ukltnxic.exe
O4 - HKLM\..\Run: [oaus] C:\WINDOWS\system32\ktam\oaus.exe
O4 - HKLM\..\Run: [pefenos] C:\WINDOWS\system32\sxrc\pefenos.exe
O4 - HKLM\..\Run: [wglhr] C:\WINDOWS\system32\tgsumesw\wglhr.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [3sEP39V] appnardo da vinci.exe
O4 - HKLM\..\Run: [ISEPDLL] C:\WINDOWS\ISEPDLL.EXE
O4 - HKLM\..\Run: [ZKRYENC] C:\WINDOWS\ZKRYENC.EXE
O4 - HKLM\..\Run: [jtcbvc] c:\windows\system32\fgxkfp.exe
O4 - HKCU\..\Run: [IBxFRVZEW] ahuispl.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bargain-buddy.net/download...MARKETING11.cab
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia.com/install/pcs_0002.exe


Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\Program Files\CxtPls\
C:\WINDOWS\Bolger.dll
C:\Documents and Settings\MATT\Local Settings\Temp\eX.exe
C:\documents and settings\matt\local settings\temp\qNq.exe
C:\documents and settings\matt\local settings\temp\SZY.exe
C:\documents and settings\matt\local settings\temp\w.exe
C:\Documents and Settings\MATT\Local Settings\Temp\NpQ.exe
C:\WINDOWS\system32\adsldp62.exe
C:\documents and settings\matt\local settings\temp\SHl.exe
C:\documents and settings\matt\local settings\temp\Brk3fj.exe
C:\documents and settings\matt\local settings\temp\cm2OH5aAX.exe
C:\WINDOWS\system32\Hcj2t6.exe
C:\documents and settings\matt\local settings\temp\7QDe.exe
C:\Program Files\Common files\SearchUpgrader\
C:\WINDOWS\system32\asferror.exe
C:\WINDOWS\mm15201518.Stub.exe
C:\WINDOWS\system32\picsvr\
C:\WINDOWS\system32\pacis.exe
C:\WINDOWS\system32\epmqf\
C:\WINDOWS\system32\qenrnnw\
C:\WINDOWS\system32\lwgjqb\
C:\WINDOWS\dorurwl.exe
C:\WINDOWS\system32\ap9h4qmo.exe
C:\WINDOWS\system32\ppfnx\
C:\WINDOWS\system32\dnpyhgh\
C:\WINDOWS\system32\rcduthd\
C:\WINDOWS\system32\Ujrzng.exe
C:\WINDOWS\system32\sdxjjxax\
C:\WINDOWS\system32\ivpizi.exe
C:\WINDOWS\system32\ualfijr\
C:\WINDOWS\system32\ktam\
C:\WINDOWS\system32\sxrc\
C:\WINDOWS\system32\tgsumesw\
C:\Program Files\AutoUpdate\
c:\windows\system32\appnardo da vinci.exe
C:\WINDOWS\ISEPDLL.EXE
C:\WINDOWS\ZKRYENC.EXE
c:\windows\system32\fgxkfp.exe
c:\windows\system32\ahuispl.exe
C:\Program Files\AWS\



Reboot your computer to go back to normal mode and post a new log.

#8 mistressbluz

mistressbluz
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:09:29 AM

Posted 21 April 2005 - 08:08 PM

Okie Dokie..Here is the new HJT log...I have done everything you stated in your previous post...I hope when you view this, it all worked! LOL!! Thanks again so very much..Also, I see how I can donate money to this site through paypal, I was wondering if there was another way, because this site is great and I would like to contribute somehow to keep you up and running......Thanks Tam! :thumbsup:



Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ZKRYENC.EXE
C:\WINDOWS\ISEPDLL.EXE
C:\WINDOWS\system32\ivpizi.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AIM\aim.exe
c:\windows\system32\jnbvtxa.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\system32\wuauclt.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: (no name) - {302A3240-4805-4a34-97D7-1645A0B08410} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ybftqh] C:\WINDOWS\system32\sdxjjxax\ybftqh.exe
O4 - HKLM\..\Run: [oaus] C:\WINDOWS\system32\ktam\oaus.exe
O4 - HKLM\..\Run: [wglhr] C:\WINDOWS\system32\tgsumesw\wglhr.exe
O4 - HKLM\..\Run: [ZKRYENC] C:\WINDOWS\ZKRYENC.EXE
O4 - HKLM\..\Run: [ISEPDLL] C:\WINDOWS\ISEPDLL.EXE
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\ivpizi.exe
O4 - HKLM\..\Run: [wqirgu] c:\windows\system32\jnbvtxa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/grab/CLOAct...tallerProj1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partner...ony/install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://download.toontown.com/sv1.0.15.25/ttinst.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejewele...aploader_v7.cab
"What doesn't kill you, Makes you stronger"

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:29 AM

Posted 22 April 2005 - 03:24 PM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: (no name) - {302A3240-4805-4a34-97D7-1645A0B08410} - (no file)
O4 - HKLM\..\Run: [ybftqh] C:\WINDOWS\system32\sdxjjxax\ybftqh.exe
O4 - HKLM\..\Run: [oaus] C:\WINDOWS\system32\ktam\oaus.exe
O4 - HKLM\..\Run: [wglhr] C:\WINDOWS\system32\tgsumesw\wglhr.exe
O4 - HKLM\..\Run: [ZKRYENC] C:\WINDOWS\ZKRYENC.EXE
O4 - HKLM\..\Run: [ISEPDLL] C:\WINDOWS\ISEPDLL.EXE
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\ivpizi.exe
O4 - HKLM\..\Run: [wqirgu] c:\windows\system32\jnbvtxa.exe

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\system32\sdxjjxax\
C:\WINDOWS\system32\ktam\
C:\WINDOWS\system32\tgsumesw\
C:\WINDOWS\ZKRYENC.EXE
C:\WINDOWS\ISEPDLL.EXE
C:\WINDOWS\system32\ivpizi.exe
c:\windows\system32\jnbvtxa.exe

Reboot your computer to go back to normal mode and post a new log.

#10 mistressbluz

mistressbluz
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:09:29 AM

Posted 22 April 2005 - 09:34 PM

:thumbsup: Hiya Grinler, we are becoming good friends here..LOL anyway, I took the actions you left me in the last post, and some of the files you asked me to delete weren't there. I got rid of What I could and here is new HJT log.....Wheww..My computer must have been pretty messed up.......Thanks again!



Logfile of HijackThis v1.98.2
Scan saved at 10:30:56 PM, on 4/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
c:\windows\system32\orzcgm.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rnkr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\AOL Companion\companion.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [rlvigm] c:\windows\system32\orzcgm.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\ivpizi.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/grab/CLOAct...tallerProj1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partner...ony/install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://download.toontown.com/sv1.0.15.25/ttinst.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejewele...aploader_v7.cab
"What doesn't kill you, Makes you stronger"

#11 mistressbluz

mistressbluz
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:09:29 AM

Posted 22 April 2005 - 09:36 PM

Oops I forgot to mention.....sorry in previous post, my new pop up that wont go away is now called AURORA....it keeps popping up over and over and over.....Thanks!
"What doesn't kill you, Makes you stronger"

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:29 AM

Posted 22 April 2005 - 10:35 PM

Yup you got some we call Qoologic

Download FindQoologic-Narrator.zip save it to your Desktop.
http://forums.net-integration.net/index.ph...=post&id=134981

Extract (unzip) the files inside into their own folder called FindQoologic.
Open the FindQoologic folder. Preferable to your desktop.
Locate and double-click the Find-Qoologic.bat file to run it.
wait until a text opens, post it in a reply to your thread.

#13 mistressbluz

mistressbluz
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:09:29 AM

Posted 23 April 2005 - 09:18 PM

Hope I did this right..it was some kind of crazy..LOL....Norton didnt like it at all!!! Anyway let me know if I copied what you needed..if not let me know what you need okies? Again, I dont know how to thank you enough! :thumbsup:


PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» startup files»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»

(fstarts by IMM - test ver. 0.001) NOT using address check -- 0x7c90df5e

Global Startup:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
.
..
America Online 9.0 Tray Icon.lnk
AOL Companion.lnk
desktop.ini
GoBack.lnk
rnkr.exe

User Startup:
C:\Documents and Settings\MATT\Start Menu\Programs\Startup
.
..
desktop.ini

»»»»»»»»»»»»»»»»»»»»»»»» Registry Entries Found »»»»»»»»»»»»»»»»»»»»»»»

! REG.EXE VERSION 3.0

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
<NO NAME> REG_SZ {85BBD920-42A0-1069-A2E4-08002B30309D}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mfnmymkn
<NO NAME> REG_SZ {61f06ed1-0644-4951-8f96-9c05a67275f5}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
<NO NAME> REG_SZ {750fdf0e-2a26-11d1-a3ea-080036587f03}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
<NO NAME> REG_SZ {09799AFB-AD67-11d1-ABCD-00C04FC30936}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
<NO NAME> REG_SZ {A470F8CF-A1E8-4f65-8335-227475AA5C46}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
<NO NAME> REG_SZ {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
<NO NAME> REG_SZ {E0D79304-84BE-11CE-9641-444553540000}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
<NO NAME> REG_SZ {5464D816-CF16-4784-B9F3-75C0DB52B499}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
<NO NAME> REG_SZ Start Menu Pin

»»»»»»»»»»»»»»»»»»»»»»»»» Active setup »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
"What doesn't kill you, Makes you stronger"

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:29 AM

Posted 24 April 2005 - 12:37 AM

Disable norton temporarily and try running it again. Tell me any errors its may give

#15 mistressbluz

mistressbluz
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:09:29 AM

Posted 24 April 2005 - 01:57 PM

Ok I disabled norton like you asked me too and ran it again ,here is the outcome, I kept getting error messages pertaining to MS-DOS so I clicked ignore so I hope I did it right....


LEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» startup files»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»

(fstarts by IMM - test ver. 0.001) NOT using address check -- 0x7c90df5e

Global Startup:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
.
..
America Online 9.0 Tray Icon.lnk
AOL Companion.lnk
desktop.ini
GoBack.lnk
rnkr.exe

User Startup:
C:\Documents and Settings\MATT\Start Menu\Programs\Startup
.
..
desktop.ini

»»»»»»»»»»»»»»»»»»»»»»»» Registry Entries Found »»»»»»»»»»»»»»»»»»»»»»»

! REG.EXE VERSION 3.0

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
<NO NAME> REG_SZ {85BBD920-42A0-1069-A2E4-08002B30309D}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mfnmymkn
<NO NAME> REG_SZ {61f06ed1-0644-4951-8f96-9c05a67275f5}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
<NO NAME> REG_SZ {750fdf0e-2a26-11d1-a3ea-080036587f03}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
<NO NAME> REG_SZ {09799AFB-AD67-11d1-ABCD-00C04FC30936}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
<NO NAME> REG_SZ {A470F8CF-A1E8-4f65-8335-227475AA5C46}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
<NO NAME> REG_SZ {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
<NO NAME> REG_SZ {E0D79304-84BE-11CE-9641-444553540000}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
<NO NAME> REG_SZ {5464D816-CF16-4784-B9F3-75C0DB52B499}

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
<NO NAME> REG_SZ Start Menu Pin

»»»»»»»»»»»»»»»»»»»»»»»»» Active setup »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
"What doesn't kill you, Makes you stronger"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users