• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
pineappletyrant

Dysonn33, Ggumbu, misc. ad programs

8 posts in this topic

Hey all,

 

My computer had an infestation of spyware a couple months back, which I cleaned out pretty easily with Spybot and Adaware, and updated SpywareBlaster just for good measure. There's still a few programs, however, that keep downloading into my computer and that I can't locate no matter what I do to search for them.

 

After booting up, amongst the regular programs running in taskmanager will be two of the following: Ggumbu, Dysonn3, Hjwmu62, Pvxq, Snurdcq5, Tyvbv, and every once in a while, a program called Adinstallwin32.exe reappears. It's always only two of that group of programs, and if IE is open when they are running, then pop-ups begin appearing no matter what site we're on at the moment. I'm not sure if they're normal programs that are supposed to be running, but I assume not, since I don't remember seeing them before a few months ago.

 

Here's my most recent Hijackthislog:

 

Logfile of HijackThis v1.97.7

Scan saved at 11:21:39 PM, on 6/14/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v5.50 (5.50.4134.0100)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE

C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE

C:\WINDOWS\EXPLORER.EXE

C:\OPLIMIT\OCRAWARE.EXE

C:\OPLIMIT\OCRAWR32.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\E_S4I2K1.EXE

C:\WINDOWS\TEMP\EBB.EXE

C:\WINDOWS\RunDLL.exe

C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.1.EXE

C:\PROGRAM FILES\IOMEGA\TOOLS\IOWATCH.EXE

C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1969Q3R8\HIJACKTHIS[1].EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://zw.com.tw:3128@DF809JOW4WJ2304LFD0S....BIZ/search.htm (obfuscated)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ams-server*

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://default-homepage-network.com/start.cgi?new-hkcu

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

F1 - win.ini: load=c:\oplimit\ocraware.exe

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [sTBWEBTV] c:\WINDOWS\SYSTEM\STBWEBTV.EXE

O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe

O4 - HKLM\..\Run: [Mount Safe & Sound] C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\SAFE & SOUND\FBMOUNT.EXE

O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Vshwin32EXE] C:\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

O4 - HKLM\..\Run: [DKT] C:\WINDOWS\DKT.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [PCWZXD] C:\WINDOWS\PCWZXD.exe

O4 - HKLM\..\Run: [NEULCSJ] C:\WINDOWS\NEULCSJ.exe

O4 - HKLM\..\Run: [DGJMQTW] C:\WINDOWS\DGJMQTW.exe

O4 - HKLM\..\Run: [CFVFJM] C:\WINDOWS\CFVFJM.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\SYSTEM\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O7 "EPUSB1:" /M "Stylus Photo RX500"

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\SYSTEM\idctup20.exe

O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - HKLM\..\Run: [EBB] C:\WINDOWS\TEMP\EBB.EXE

O4 - HKLM\..\Run: [4FC3XBN3L5LZM6] C:\WINDOWS\SYSTEM\Ykf3.exe

O4 - HKLM\..\Run: [HBEHKORUY] C:\WINDOWS\HBEHKORUY.exe

O4 - HKLM\..\Run: [sjenqx] C:\WINDOWS\sjenqx.exe

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - HKLM\..\RunServices: [V128IID] Rundll32.exe C:\WINDOWS\SYSTEM\v128iitw.dll,STB_InitTweak

O4 - HKLM\..\RunServices: [VidSvr]

O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe

O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized

O4 - HKCU\..\Run: [Caua] C:\WINDOWS\Application Data\lreo.exe

O4 - HKCU\..\Run: [WINT] C:\WINDOWS\SYSTEM\wcpcc.exe

O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe

O4 - Startup: Iomega Watch.lnk = C:\Program Files\Iomega\Tools\IOWATCH.EXE

O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.exe

O4 - Startup: Zip Disk Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.exe

O4 - Startup: Refresh.lnk = C:\Program Files\Iomega\Tools\refresh.exe

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O13 - WWW. Prefix: http://ehttp.cc/?

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: GraphicalChat Application - http://www.onchat.com/ChatWorld/chat-signed-ie.cab

O16 - DPF: UploadAppletIE - http://www.iclips.com/BrowserEnc/UploadAppletIE.cab

O16 - DPF: {DA04CC86-07A5-11D5-A700-0001031AD955} (TP_live Control) - http://www.homestead.com/~site/InstallFile...ive/TP_live.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://208.158.118.13/AxisCamControl.ocx

O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/viz...N-US/msorun.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7866.9502777778

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/148119a...all/xscan53.cab

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab

O19 - User stylesheet: (file missing)

 

I know I need to download IE6, and have been trying to for some time, but that's another story...for some reason it never finishes the download from windows update.

 

Anyways, any help that can be given would be much appreciated...thanks so much for providing this forum and your guys' time, by the way.

Share this post


Link to post
Share on other sites

BUMP

 

 

Everything still the same...what does the letter icon that has a small blue circle in it mean? It's not listed in the key down below?

Share this post


Link to post
Share on other sites

Some of these entries may have been removed by CWShredder, but everything that remains.

 

You have the Peper trojan, which requires special treatment to put it out of your misery!

Please download and run this uninstaller.

 

Click on the peperfix link, and download the program. Then go off line, and run the program. It will remove the files, leaving one orphaned entry to be cleaned up with Hijack this.

 

Have Hijack This fix all of the following by placing a check in the appropriate boxes and

 

hitting fix checked. Make sure all browser and all Windows Explorer windows are closed

 

before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://zw.com.tw:3128@DF809JOW4WJ2304LFD0S....BIZ/search.htm (obfuscated)

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://default-homepage-network.com/start.cgi?new-hkcu

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL

 

O4 - HKLM\..\Run: [DKT] C:\WINDOWS\DKT.exe

O4 - HKLM\..\Run: [PCWZXD] C:\WINDOWS\PCWZXD.exe

O4 - HKLM\..\Run: [NEULCSJ] C:\WINDOWS\NEULCSJ.exe

O4 - HKLM\..\Run: [DGJMQTW] C:\WINDOWS\DGJMQTW.exe

O4 - HKLM\..\Run: [CFVFJM] C:\WINDOWS\CFVFJM.exe

O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\SYSTEM\idctup20.exe

O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - HKLM\..\Run: [EBB] C:\WINDOWS\TEMP\EBB.EXE

O4 - HKLM\..\Run: [4FC3XBN3L5LZM6] C:\WINDOWS\SYSTEM\Ykf3.exe

O4 - HKLM\..\Run: [HBEHKORUY] C:\WINDOWS\HBEHKORUY.exe

O4 - HKLM\..\Run: [sjenqx] C:\WINDOWS\sjenqx.exe

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - HKLM\..\RunServices: [VidSvr]

O4 - HKCU\..\Run: [Caua] C:\WINDOWS\Application Data\lreo.exe

O4 - HKCU\..\Run: [WINT] C:\WINDOWS\SYSTEM\wcpcc.exe

O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

 

O13 - WWW. Prefix: http://ehttp.cc/?

 

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab

 

O19 - User stylesheet: (file missing)

Reboot, and delete

 

files

C:\WINDOWS\DKT.exe

C:\WINDOWS\PCWZXD.exe

C:\WINDOWS\NEULCSJ.exe

C:\WINDOWS\DGJMQTW.exe

C:\WINDOWS\CFVFJM.exe

C:\WINDOWS\SYSTEM\idctup20.exe

C:\WINDOWS\TEMP\EBB.EXE

C:\WINDOWS\SYSTEM\Ykf3.exe

C:\WINDOWS\HBEHKORUY.exe

C:\WINDOWS\sjenqx.exe

C:\WINDOWS\Application Data\lreo.exe

C:\WINDOWS\SYSTEM\wcpcc.exe

 

folders

C:\PROGRAM FILES\TV MEDIA

C:\Program Files\webHancer

 

These may be hidden files. See

 

HERE for how to show hidden files.

 

Please post a followup Hijack this log, and say if your problems persist.

Share this post


Link to post
Share on other sites

Okay, so I ran a virus scan using Housecall, I believe it's called, from Trend Micro, and it found a number of viruses and all the weird ad programs....but here's my HijackThis report, since I'm not sure if it got everything.

 

Logfile of HijackThis v1.97.7

Scan saved at 6:57:12 PM, on 6/16/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v5.50 (5.50.4134.0100)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE

C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE

C:\WINDOWS\EXPLORER.EXE

C:\OPLIMIT\OCRAWARE.EXE

C:\OPLIMIT\OCRAWR32.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\E_S4I2K1.EXE

C:\WINDOWS\RunDLL.exe

C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.1.EXE

C:\PROGRAM FILES\IOMEGA\TOOLS\IOWATCH.EXE

C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE

C:\UNZIPPED\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ams-server*

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

F1 - win.ini: load=c:\oplimit\ocraware.exe

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [sTBWEBTV] c:\WINDOWS\SYSTEM\STBWEBTV.EXE

O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe

O4 - HKLM\..\Run: [Mount Safe & Sound] C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\SAFE & SOUND\FBMOUNT.EXE

O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Vshwin32EXE] C:\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

O4 - HKLM\..\Run: [DKT] C:\WINDOWS\DKT.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [PCWZXD] C:\WINDOWS\PCWZXD.exe

O4 - HKLM\..\Run: [NEULCSJ] C:\WINDOWS\NEULCSJ.exe

O4 - HKLM\..\Run: [DGJMQTW] C:\WINDOWS\DGJMQTW.exe

O4 - HKLM\..\Run: [CFVFJM] C:\WINDOWS\CFVFJM.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\SYSTEM\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O7 "EPUSB1:" /M "Stylus Photo RX500"

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\SYSTEM\idctup20.exe

O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - HKLM\..\Run: [EBB] C:\WINDOWS\TEMP\EBB.EXE

O4 - HKLM\..\Run: [HBEHKORUY] C:\WINDOWS\HBEHKORUY.exe

O4 - HKLM\..\Run: [sjenqx] C:\WINDOWS\sjenqx.exe

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - HKLM\..\RunServices: [V128IID] Rundll32.exe C:\WINDOWS\SYSTEM\v128iitw.dll,STB_InitTweak

O4 - HKLM\..\RunServices: [VidSvr]

O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe

O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized

O4 - HKCU\..\Run: [Caua] C:\WINDOWS\Application Data\lreo.exe

O4 - HKCU\..\Run: [WINT] C:\WINDOWS\SYSTEM\wcpcc.exe

O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe

O4 - Startup: Iomega Watch.lnk = C:\Program Files\Iomega\Tools\IOWATCH.EXE

O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.exe

O4 - Startup: Zip Disk Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.exe

O4 - Startup: Refresh.lnk = C:\Program Files\Iomega\Tools\refresh.exe

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: GraphicalChat Application - http://www.onchat.com/ChatWorld/chat-signed-ie.cab

O16 - DPF: UploadAppletIE - http://www.iclips.com/BrowserEnc/UploadAppletIE.cab

O16 - DPF: {DA04CC86-07A5-11D5-A700-0001031AD955} (TP_live Control) - http://www.homestead.com/~site/InstallFile...ive/TP_live.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://208.158.118.13/AxisCamControl.ocx

O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/viz...N-US/msorun.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7866.9502777778

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab

O19 - User stylesheet: (file missing)

 

Is the Peper Trojan still on there? And what needs to be fixed now?

:alarm:

Share this post


Link to post
Share on other sites

Hey there,

 

Thanks for the help! I cleared out everything you mentioned via Hijack THis, and delete the extras.

 

Here's my new HijackThis report...look okay now?

 

Logfile of HijackThis v1.97.7

Scan saved at 2:55:01 AM, on 6/17/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v5.50 (5.50.4134.0100)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE

C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE

C:\WINDOWS\EXPLORER.EXE

C:\OPLIMIT\OCRAWARE.EXE

C:\OPLIMIT\OCRAWR32.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\E_S4I2K1.EXE

C:\WINDOWS\RunDLL.exe

C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.1.EXE

C:\PROGRAM FILES\IOMEGA\TOOLS\IOWATCH.EXE

C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE

C:\UNZIPPED\HIJACKTHIS.EXE

 

F1 - win.ini: load=c:\oplimit\ocraware.exe

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [sTBWEBTV] c:\WINDOWS\SYSTEM\STBWEBTV.EXE

O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe

O4 - HKLM\..\Run: [Mount Safe & Sound] C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\SAFE & SOUND\FBMOUNT.EXE

O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Vshwin32EXE] C:\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\SYSTEM\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O7 "EPUSB1:" /M "Stylus Photo RX500"

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\RunServices: [V128IID] Rundll32.exe C:\WINDOWS\SYSTEM\v128iitw.dll,STB_InitTweak

O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe

O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe

O4 - Startup: Iomega Watch.lnk = C:\Program Files\Iomega\Tools\IOWATCH.EXE

O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.exe

O4 - Startup: Zip Disk Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.exe

O4 - Startup: Refresh.lnk = C:\Program Files\Iomega\Tools\refresh.exe

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: GraphicalChat Application - http://www.onchat.com/ChatWorld/chat-signed-ie.cab

O16 - DPF: UploadAppletIE - http://www.iclips.com/BrowserEnc/UploadAppletIE.cab

O16 - DPF: {DA04CC86-07A5-11D5-A700-0001031AD955} (TP_live Control) - http://www.homestead.com/~site/InstallFile...ive/TP_live.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://208.158.118.13/AxisCamControl.ocx

O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/viz...N-US/msorun.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7866.9502777778

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

 

Thanks!

Share this post


Link to post
Share on other sites

Looking good! Well done. Are you still having problems?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0