• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
davepili

Infected: res://brsoq.dll/index.html#37049

2 posts in this topic

I am infected with a pretty tough and typical (based on the posts) spyware infections. Despite change my home page, my browser always launches to another page of links with an address of " res://brsoq.dll/index.html#37049" along with a collection of spyware ads. I have tried a collection of fixes ncluding "Buster" frist in the normal WinXP mode then in the safe mode. But it appears that everytime I nuke various program files, they are just replaced - as if another program monitors the spyware files and as soon as they are erased they are replaced. Please assist me with this issue

 

 

 

StartupList report, 07/25/2004, 6:28:58 PM

StartupList version: 1.52

Started from : C:\Documents and Settings\Debbie\Local Settings\Temp\Temporary Directory 2 for startuplist.zip\StartupList.EXE

Detected: Windows XP SP1 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ntrm.exe

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\System32\TFNF5.exe

C:\WINDOWS\System32\TPWRTRAY.EXE

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Common files\updater\wupdater.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\toshiba\ivp\ism\ivpsvmgr.exe

C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\atlon.exe

C:\Documents and Settings\Debbie\Local Settings\Temp\Temporary Directory 2 for startuplist.zip\StartupList.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe

hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

officejet 6100.lnk = ?

Personal Coach.lnk = ?

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

00THotkey = C:\WINDOWS\System32\00THotkey.exe

000StTHK = 000StTHK.exe

IgfxTray = C:\WINDOWS\System32\igfxtray.exe

HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe

PmProxy = C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

LtMoh = C:\Program Files\ltmoh\Ltmoh.exe

AGRSMMSG = AGRSMMSG.exe

Apoint = C:\Program Files\Apoint2K\Apoint.exe

TFNF5 = TFNF5.exe

Tpwrtray = TPWRTRAY.EXE

TouchED = C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

NDSTray.exe = "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"

ezShieldProtector for Px = C:\WINDOWS\System32\ezSP_Px.exe

ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

(Default) =

Pinger = c:\toshiba\ivp\ism\pinger.exe /run

TSysSMon = c:\toshiba\sysstability\tsyssmon.exe /detect

RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

updater = C:\Program Files\Common files\updater\wupdater.exe

MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe

MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

_AntiSpyware = C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe

Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

atlon.exe = C:\WINDOWS\system32\atlon.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

ntrm.exe = C:\WINDOWS\system32\ntrm.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

sendcmsg = C:\WINDOWS\System32\sendcmsg.exe

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\System32\sspipes.scr

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

 

Enumerating Browser Helper Objects:

 

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\WINDOWS\system32\mfcnb32.dll - {8424CC0C-62AB-C4C4-1B03-13D0644858C3}

(no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

McAfee.com Update Check (LAPTOP-Debbie).job

Norton AntiVirus - Scan my computer.job

Symantec NetDetect.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[YInstStarter Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll

CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab

 

[Office Update Installation Engine]

InProcServer32 = C:\WINDOWS\opuc.dll

CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

 

[OPUCatalog Class]

InProcServer32 = C:\WINDOWS\System32\opuc.dll

CODEBASE = http://office.microsoft.com/productupdates...t/opuc/opuc.cab

 

[McAfee.com Operating System Class]

InProcServer32 = C:\WINDOWS\System32\mcinsctl.dll

CODEBASE = http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

 

[OPUCatalog Class]

InProcServer32 = C:\WINDOWS\System32\opuc.dll

CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab

 

[DwnldGroupMgr Class]

InProcServer32 = C:\WINDOWS\System32\McGDMgr.dll

CODEBASE = http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

 

--------------------------------------------------

End of report, 8,332 bytes

Report generated in 0.170 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Share this post


Link to post
Share on other sites

Please post a HijackThis log (that's a StartupList).

Make sure you have the latest HijackThis 1.98.

 

Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0