Bloodhound.Morphine Virus, help please!!!

Welcome Guest ( Log In | Register )

AT Forums > « Internet ,Security and Design» > Adware, Spyware & Hijacks

Forum Posting Rules

Please do not add your HJT logs to a topic started by someone else - start a new topic so that it may receive proper attention. Please reply back to your helper as soon as possible. Please DO NOT start multiple topics.
****************Only authorized members are allowed to help with HijackThis logs****************

Bloodhound.Morphine Virus, help please!!!

Options

jeronimo1052 View Member Profile	Jun 8 2006, 11:25 PM Post #1
Group: Members Posts: 25 Joined: 13-April 04 Member No.: 2302	Symantec antivirus has detected a threat on my computer called Bloodhound.Morphine. It is in the file ile: C:\WINDOWS\SYSTEM32\strqyvk.dll Location: C:\WINDOWS\SYSTEM32 It says the Clean failed, and Quarantine failed. Please, if you can help at all I could greatly appreciate it!!!!

bmarv View Member Profile	Jun 9 2006, 12:21 AM Post #2
Group: Senior Moderator Posts: 3126 Joined: 18-April 02 From: California Member No.: 366	Hi and welcome to our help forums, Try doing a online virus/tojan scan Here let it download a active x so it can run. Let it fix all that it can and let us know if there is anything that it can't fix. If that don't fix it download the hijackthis file and post the log in the spyware/hijacks forum. Please download this self extracting file to your My Downloads folder or My Received Files (dependent on your Operating System): http://www.merijn.org/files/hijackthis_sfx.exe Click the "Save" button. Navigate to My Documents>Chose My Downloads or My Received Files folder once inside that folder click "Save". Now go to the folder you saved HijackThis_sfx.exe in. Double click HijackThis_sfx.exe and selectUnzip. When done click "OK". Close the WinZip self Extractor window. Navigate to C:\Program Files\HijackThis and double click HijackThis.exe , and hit "Scan" . When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, Ctrl-A to Select All, and paste Ctrl-V its contents here [Add Reply]. Most of what it lists will be harmless or even essential, don't fix anything yet. ~bmarv~ -------------------- Please Do not email mods or admins with problems. You will get as quick or quicker results by posting in the appropriate forum Spybot S&D--- HijackThis --- CoolWebShredder 2.19

Wizcrafts View Member Profile	Jun 9 2006, 01:17 AM Post #3
Group: Moderator Posts: 238 Joined: 4-January 02 From: Flint, Michigan, USA Member No.: 214	QUOTE(jeronimo1052 @ Jun 8 2006, 07:25 PM) Symantec antivirus has detected a threat on my computer called Bloodhound.Morphine. It is in the file ile: C:\WINDOWS\SYSTEM32\strqyvk.dll Location: C:\WINDOWS\SYSTEM32 It says the Clean failed, and Quarantine failed. Please, if you can help at all I could greatly appreciate it!!!! Try the instructions here: http://securityresponse.symantec.com/avcen...d.morphine.html -------------------- Posted by Wiz Feinberg, AmazingTechs Moderator. Wizcrafts Computer Services - Computer Troubleshooting; Computer, Email and Website Security and Webmaster Services. Home Page \| Webmaster Services \| My Blog \| FAQs \| Security Alerts \| Networking Fundamentals \| Website Hosting Explained \| MailWasher Pro Details \| MailWasher Anti-Spam Filters \| Exploited Servers Blocklist \| Nigerian Blocklist \| Iptables Blocklists \|

jeronimo1052 View Member Profile	Jun 9 2006, 02:09 PM Post #4
Group: Members Posts: 25 Joined: 13-April 04 Member No.: 2302	Hi, thank you so much for your help. Bitdefender got rid of several viruses, but i do not think it got all of them. Here are the results: Scanned File Status C:\Program Files\rdso\eetu.exe Infected with: Trojan.Startup.Nameshifter.Aida.B C:\Program Files\rdso\eetu.exe Disinfection failed C:\Program Files\rdso\eetu.exe Deleted C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0025070.exe Infected with: Trojan.Startup.Nameshifter.Aida.B C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0025070.exe Disinfection failed C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0025070.exe Deleted C:\WINDOWS\bdgivr.exe Infected with: Trojan.Spybi C:\WINDOWS\bdgivr.exe Disinfection failed C:\WINDOWS\bdgivr.exe Deleted C:\WINDOWS\pss\ncdr.exeCommon Startup Infected with: Trojan.Downloader.Qoologic.AC C:\WINDOWS\pss\ncdr.exeCommon Startup Disinfection failed C:\WINDOWS\pss\ncdr.exeCommon Startup Deleted C:\WINDOWS\SYSTEM32\azaml3311.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\azaml3311.dll Disinfection failed C:\WINDOWS\SYSTEM32\azaml3311.dll Deleted C:\WINDOWS\SYSTEM32\biU.exe Infected with: Trojan.PWS.Bispy C:\WINDOWS\SYSTEM32\biU.exe Disinfection failed C:\WINDOWS\SYSTEM32\biU.exe Deleted C:\WINDOWS\SYSTEM32\c41bUs.dll Infected with: Trojan.Dropper.Agent.OF C:\WINDOWS\SYSTEM32\c41bUs.dll Disinfection failed C:\WINDOWS\SYSTEM32\c41bUs.dll Deleted C:\WINDOWS\SYSTEM32\c6000gdme60a0.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\c6000gdme60a0.dll Disinfection failed C:\WINDOWS\SYSTEM32\c6000gdme60a0.dll Deleted C:\WINDOWS\SYSTEM32\c800lidm180a.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\c800lidm180a.dll Disinfection failed C:\WINDOWS\SYSTEM32\c800lidm180a.dll Deleted C:\WINDOWS\SYSTEM32\d0j02a1mgd.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\d0j02a1mgd.dll Disinfection failed C:\WINDOWS\SYSTEM32\d0j02a1mgd.dll Deleted C:\WINDOWS\SYSTEM32\d40mled11h0.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\d40mled11h0.dll Disinfection failed C:\WINDOWS\SYSTEM32\d40mled11h0.dll Deleted C:\WINDOWS\SYSTEM32\dcmsvinn.dLL Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\dcmsvinn.dLL Disinfection failed C:\WINDOWS\SYSTEM32\dcmsvinn.dLL Deleted C:\WINDOWS\SYSTEM32\dn4801hue.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\dn4801hue.dll Disinfection failed C:\WINDOWS\SYSTEM32\dn4801hue.dll Deleted C:\WINDOWS\SYSTEM32\dnjs0117e.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\dnjs0117e.dll Disinfection failed C:\WINDOWS\SYSTEM32\dnjs0117e.dll Deleted C:\WINDOWS\SYSTEM32\DNMAP.DLL Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\DNMAP.DLL Disinfection failed C:\WINDOWS\SYSTEM32\DNMAP.DLL Deleted C:\WINDOWS\SYSTEM32\dnr2019oe.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\dnr2019oe.dll Disinfection failed C:\WINDOWS\SYSTEM32\dnr2019oe.dll Deleted C:\WINDOWS\SYSTEM32\drnlobby.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\drnlobby.dll Disinfection failed C:\WINDOWS\SYSTEM32\drnlobby.dll Deleted C:\WINDOWS\SYSTEM32\e8jm0i11e8.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\e8jm0i11e8.dll Disinfection failed C:\WINDOWS\SYSTEM32\e8jm0i11e8.dll Deleted C:\WINDOWS\SYSTEM32\en2ml1f11.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\en2ml1f11.dll Disinfection failed C:\WINDOWS\SYSTEM32\en2ml1f11.dll Deleted C:\WINDOWS\SYSTEM32\enl2l13o1.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\enl2l13o1.dll Disinfection failed C:\WINDOWS\SYSTEM32\enl2l13o1.dll Deleted C:\WINDOWS\SYSTEM32\enlml1311.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\enlml1311.dll Disinfection failed C:\WINDOWS\SYSTEM32\enlml1311.dll Deleted C:\WINDOWS\SYSTEM32\enpml1711.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\enpml1711.dll Disinfection failed C:\WINDOWS\SYSTEM32\enpml1711.dll Deleted C:\WINDOWS\SYSTEM32\f42m0ef1eh2.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\f42m0ef1eh2.dll Disinfection failed C:\WINDOWS\SYSTEM32\f42m0ef1eh2.dll Deleted C:\WINDOWS\SYSTEM32\fp8403lqe.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\fp8403lqe.dll Disinfection failed C:\WINDOWS\SYSTEM32\fp8403lqe.dll Deleted C:\WINDOWS\SYSTEM32\g804lidq180e.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\g804lidq180e.dll Disinfection failed C:\WINDOWS\SYSTEM32\g804lidq180e.dll Deleted C:\WINDOWS\SYSTEM32\golden513.dll Infected with: Trojan.Dropper.Miewer.F C:\WINDOWS\SYSTEM32\golden513.dll Disinfection failed C:\WINDOWS\SYSTEM32\golden513.dll Deleted C:\WINDOWS\SYSTEM32\golden621.dll Infected with: Trojan.Dropper.Miewer.F C:\WINDOWS\SYSTEM32\golden621.dll Disinfection failed C:\WINDOWS\SYSTEM32\golden621.dll Deleted C:\WINDOWS\SYSTEM32\gplml3311.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\gplml3311.dll Disinfection failed C:\WINDOWS\SYSTEM32\gplml3311.dll Deleted C:\WINDOWS\SYSTEM32\gpnol3531.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\gpnol3531.dll Disinfection failed C:\WINDOWS\SYSTEM32\gpnol3531.dll Deleted C:\WINDOWS\SYSTEM32\h24m0ch1ef4.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\h24m0ch1ef4.dll Disinfection failed C:\WINDOWS\SYSTEM32\h24m0ch1ef4.dll Deleted C:\WINDOWS\SYSTEM32\h24mlch11f4.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\h24mlch11f4.dll Disinfection failed C:\WINDOWS\SYSTEM32\h24mlch11f4.dll Deleted C:\WINDOWS\SYSTEM32\HOL.DLL Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\HOL.DLL Disinfection failed C:\WINDOWS\SYSTEM32\HOL.DLL Deleted C:\WINDOWS\SYSTEM32\hrls0537e.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\hrls0537e.dll Disinfection failed C:\WINDOWS\SYSTEM32\hrls0537e.dll Deleted C:\WINDOWS\SYSTEM32\i660lgjm16oa.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\i660lgjm16oa.dll Disinfection failed C:\WINDOWS\SYSTEM32\i660lgjm16oa.dll Deleted C:\WINDOWS\SYSTEM32\install_ID9.exe Infected with: Dropped:Trojan.Downloader.Small.ABD C:\WINDOWS\SYSTEM32\install_ID9.exe Disinfection failed C:\WINDOWS\SYSTEM32\install_ID9.exe Deleted C:\WINDOWS\SYSTEM32\ir62l5jo1.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\ir62l5jo1.dll Disinfection failed C:\WINDOWS\SYSTEM32\ir62l5jo1.dll Deleted C:\WINDOWS\SYSTEM32\j2l4lc3q1f.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\j2l4lc3q1f.dll Disinfection failed C:\WINDOWS\SYSTEM32\j2l4lc3q1f.dll Deleted C:\WINDOWS\SYSTEM32\j6n2lg5o16.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\j6n2lg5o16.dll Disinfection failed C:\WINDOWS\SYSTEM32\j6n2lg5o16.dll Deleted C:\WINDOWS\SYSTEM32\jt6u07j9e.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\jt6u07j9e.dll Disinfection failed C:\WINDOWS\SYSTEM32\jt6u07j9e.dll Deleted C:\WINDOWS\SYSTEM32\k2lqlc351f.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\k2lqlc351f.dll Disinfection failed C:\WINDOWS\SYSTEM32\k2lqlc351f.dll Deleted C:\WINDOWS\SYSTEM32\k662lgjo16oc.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\k662lgjo16oc.dll Disinfection failed C:\WINDOWS\SYSTEM32\k662lgjo16oc.dll Deleted C:\WINDOWS\SYSTEM32\k844lihq184e.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\k844lihq184e.dll Disinfection failed C:\WINDOWS\SYSTEM32\k844lihq184e.dll Deleted C:\WINDOWS\SYSTEM32\kddfo.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\kddfo.dll Disinfection failed C:\WINDOWS\SYSTEM32\kddfo.dll Deleted C:\WINDOWS\SYSTEM32\l84qlih5184.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\l84qlih5184.dll Disinfection failed C:\WINDOWS\SYSTEM32\l84qlih5184.dll Deleted C:\WINDOWS\SYSTEM32\lv0009dme.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\lv0009dme.dll Disinfection failed C:\WINDOWS\SYSTEM32\lv0009dme.dll Deleted C:\WINDOWS\SYSTEM32\lv2009fme.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\lv2009fme.dll Disinfection failed C:\WINDOWS\SYSTEM32\lv2009fme.dll Deleted C:\WINDOWS\SYSTEM32\lv4o09h3e.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\lv4o09h3e.dll Disinfection failed C:\WINDOWS\SYSTEM32\lv4o09h3e.dll Deleted C:\WINDOWS\SYSTEM32\lvj4091qe.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\lvj4091qe.dll Disinfection failed C:\WINDOWS\SYSTEM32\lvj4091qe.dll Deleted C:\WINDOWS\SYSTEM32\lvl2093oe.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\lvl2093oe.dll Disinfection failed C:\WINDOWS\SYSTEM32\lvl2093oe.dll Deleted C:\WINDOWS\SYSTEM32\lvls0937e.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\lvls0937e.dll Disinfection failed C:\WINDOWS\SYSTEM32\lvls0937e.dll Deleted C:\WINDOWS\SYSTEM32\m882lilo18qc.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\m882lilo18qc.dll Disinfection failed C:\WINDOWS\SYSTEM32\m882lilo18qc.dll Deleted C:\WINDOWS\SYSTEM32\mv48l9hu1.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\mv48l9hu1.dll Disinfection failed C:\WINDOWS\SYSTEM32\mv48l9hu1.dll Deleted C:\WINDOWS\SYSTEM32\mvnul9591.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\mvnul9591.dll Disinfection failed C:\WINDOWS\SYSTEM32\mvnul9591.dll Deleted C:\WINDOWS\SYSTEM32\n6p4lg7q16.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\n6p4lg7q16.dll Disinfection failed C:\WINDOWS\SYSTEM32\n6p4lg7q16.dll Deleted C:\WINDOWS\SYSTEM32\o0lu0a39ed.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\o0lu0a39ed.dll Disinfection failed C:\WINDOWS\SYSTEM32\o0lu0a39ed.dll Deleted C:\WINDOWS\SYSTEM32\o2lulc391f.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\o2lulc391f.dll Disinfection failed C:\WINDOWS\SYSTEM32\o2lulc391f.dll Deleted C:\WINDOWS\SYSTEM32\o4nsle571h.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\o4nsle571h.dll Disinfection failed C:\WINDOWS\SYSTEM32\o4nsle571h.dll Deleted C:\WINDOWS\SYSTEM32\q6nu0g59e6.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\q6nu0g59e6.dll Disinfection failed C:\WINDOWS\SYSTEM32\q6nu0g59e6.dll Deleted C:\WINDOWS\SYSTEM32\rwmotepg.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\rwmotepg.dll Disinfection failed C:\WINDOWS\SYSTEM32\rwmotepg.dll Deleted C:\WINDOWS\SYSTEM32\See04152005.exe Infected with: MemScan:Trojan.Downloader.Agent.IH C:\WINDOWS\SYSTEM32\See04152005.exe Deleted C:\WINDOWS\SYSTEM32\SJCBASE.DLL Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\SJCBASE.DLL Disinfection failed C:\WINDOWS\SYSTEM32\SJCBASE.DLL Deleted C:\WINDOWS\SYSTEM32\tarmmgr.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\tarmmgr.dll Disinfection failed C:\WINDOWS\SYSTEM32\tarmmgr.dll Deleted C:\WINDOWS\SYSTEM32\xfsp3res.dll Detected with: Adware.Look2me.AB C:\WINDOWS\SYSTEM32\xfsp3res.dll Disinfection failed C:\WINDOWS\SYSTEM32\xfsp3res.dll Deleted Now for the HijackThis log:Logfile of HijackThis v1.99.1 Scan saved at 8:31:08 AM, on 6/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\mmrqin.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dviui.exe C:\WINDOWS\system32\dviui.exe C:\WINDOWS\system32\dviui.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\AIM\aim.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\dviui.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,nrpyssy.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [meviil] C:\WINDOWS\system32\mmrqin.exe reg_run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ibdjj] C:\WINDOWS\system32\mmrqin.exe reg_run O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: ftero.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.com/app/ST/ActiveX.ocx O16 - DPF: {42D16401-BA4E-4034-BEC7-17585C756622} - https://www.sightspeed.com/files/automated_setup.exe O16 - DPF: {4380EFC0-D85A-11D9-8CD5-0800200C9A66} - http://www.ouchvideo.com/newmmviewer_ic13.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.com/buds...budsinc1001.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125442568250 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147038342103 O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab O16 - DPF: {C7193660-C736-11D9-9669-0800200C9A66} - http://www.ouchvideo.com/newemg13.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0014.exe O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_4_0.cab O20 - AppInit_DLLs: mad.dll O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\jt6o07j3e.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\qbgrprxy.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing) O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe QUOTE(bmarv @ Jun 9 2006, 12:21 AM) Hi and welcome to our help forums, Try doing a online virus/tojan scan Here let it download a active x so it can run. Let it fix all that it can and let us know if there is anything that it can't fix. If that don't fix it download the hijackthis file and post the log in the spyware/hijacks forum. Please download this self extracting file to your My Downloads folder or My Received Files (dependent on your Operating System): http://www.merijn.org/files/hijackthis_sfx.exe Click the "Save" button. Navigate to My Documents>Chose My Downloads or My Received Files folder once inside that folder click "Save". Now go to the folder you saved HijackThis_sfx.exe in. Double click HijackThis_sfx.exe and selectUnzip. When done click "OK". Close the WinZip self Extractor window. Navigate to C:\Program Files\HijackThis and double click HijackThis.exe , and hit "Scan" . When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, Ctrl-A to Select All, and paste Ctrl-V its contents here [Add Reply]. Most of what it lists will be harmless or even essential, don't fix anything yet. ~bmarv~

njustice View Member Profile	Jun 12 2006, 11:03 AM Post #5
Blue Collar Man Group: Senior Administrator Posts: 8126 Joined: 18-February 02 Member No.: 265	Hello, Please perform the next steps in exactly the same order without missing any step! It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then. Download Brute Force Uninstaller to your C:\ Unzip it to a folder of its own (C:\BFU). So the BFU-folder should be on your root. In most cases this is C:\ Download qoofix.bat (rightclick on this link and choose save as) Place qoofix.bat in your C:\BFU - folder. (Important!) Doubleclick qooFix.bat, Close all browsers and explorer folders. Choose option 1 (Qoolfix autofix) and follow the prompts. Please be patient, it will take about five minutes. It will ask to reboot your computer, so please allow it to reboot. After reboot, Open notepad and copy and paste the contents in the quotebox below: (don't forget to copy and paste REGEDIT4) QUOTE REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="mad.dllxxx" Save this as fix.reg Choose to save as all files and place it on your desktop. Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok. Reboot once again! Important!* * Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following: R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\dviui.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,nrpyssy.exe O4 - HKLM\..\Run: [meviil] C:\WINDOWS\system32\mmrqin.exe reg_run O4 - HKCU\..\Run: [ibdjj] C:\WINDOWS\system32\mmrqin.exe reg_run O4 - Global Startup: ftero.exe O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {42D16401-BA4E-4034-BEC7-17585C756622} - https://www.sightspeed.com/files/automated_setup.exe O16 - DPF: {4380EFC0-D85A-11D9-8CD5-0800200C9A66} - http://www.ouchvideo.com/newmmviewer_ic13.cab O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.com/buds...budsinc1001.cab O16 - DPF: {C7193660-C736-11D9-9669-0800200C9A66} - http://www.ouchvideo.com/newemg13.cab O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0014.exe O20 - AppInit_DLLs: mad.dll O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\jt6o07j3e.dll O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\qbgrprxy.dll (file missing) O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing) O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing) * Click on Fix Checked when finished and exit HijackThis. Make sure your Internet Explorer is closed when you click Fix Checked! Ignore the error you'll get while fixing the O20 - this is normal. * Reboot into Safe Mode`: ( without networking support !) °To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key. * Using Windows Explorer, locate the following files in red, and delete them if still present: C:\WINDOWS\system32\dviui.exe C:\WINDOWS\system32\nrpyssy.exe C:\WINDOWS\system32\mmrqin.exe C:\WINDOWS\system32\ftero.exe C:\Windows\system32\mad.dll C:\WINDOWS\system32\jt6o07j3e.dll C:\WINDOWS\system32\qbgrprxy.dll * Clean your Cache and Cookies in IE: Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tab Click the "Delete Cookies" button Next to it, Click the "Delete Files" button When prompted, place a check in: "Delete all offline content", click OK * Clean your Cache and Cookies in Firefox (In case you also have Firefox installed): Go to Tools > Options. Click Privacy in the menu on the left side of the Options window. Click the Clear button located to the right of each option (History, Cookies, Cache). Click OK to close the Options window Alternatively, you can clear all information stored while browsing by clicking Clear All. A confirmation dialog box will be shown before clearing the information. * Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked. Press OK to remove them. Reboot back to normal mode and post a new hijackthis log in your next reply. --------------------

« Next Oldest · Adware, Spyware & Hijacks · Next Newest »

2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 9th February 2010 - 04:37 AM

Licensed to: www.amazingtechs.com