Jump to content
Sign in to follow this  
cwilk2004

Hijack This Log

Recommended Posts

So why can't I seem to get rid of the trojan downloader.qoologic then?? I don't understand it. AVG finds it, heals it but then it always comes back when I reboot and I can't shake the darn thing. I don't know what I did but my computer is acting some better except for that darn trojan and also I keep getting popups even with popup blocker. Anyways, I did go into safe mode and deleted most of everything in my temp folder except for some files that were in there..... why they are in there I don't know, but I didn't know if I should delete them, they say if I delete those files that windows will not work properly and Lord knows I don't want that. For some reason Hijack this.exe was in there too and I tried to move it but all it did was make a shortcut and I don't know how else to move it completely without deleting it and re-installing it. What a pain. There is another program in there called clony.exe I have no clue what that is. I hope this hijack this log helps. Here it is.

 

Oh.... I did run the vbs of silent runners too.

 

Hijack this

Logfile of HijackThis v1.99.0

Scan saved at 4:34:26 PM, on 01/27/2005

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\ATICWD32.EXE

C:\WINDOWS\SYSTEM\ATITASK.EXE

C:\WINDOWS\STARTER.EXE

C:\WINDOWS\GWHOTKEY.EXE

C:\WINDOWS\SYSTEM\HPSJVXD.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\CAERE\OMNIPAGEPRO80\OPWARE32.EXE

C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE

C:\PROGRAM FILES\CAERE\OMNIPAGEPRO80\opware16.exe

C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE

C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCUPDATE.EXE

C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE

C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE

C:\PROGRAM FILES\COMMON FILES\KODAK\KODAK_DR\KODAKCCS.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE

C:\WINDOWS\GKROGW.EXE

C:\WINDOWS\RunDLL.exe

C:\MONEY\SYSTEM\REMINDER.EXE

C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE

C:\PROGRAM FILES\IOMEGA\TOOLS\IOWATCH.EXE

C:\GREETING\GWREMIND.EXE

C:\MSOFFICE\OFFICE\OSA.EXE

C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE

C:\PROGRAM FILES\THE HELPSPOT!\FAWGRD32.EXE

C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE

C:\WINDOWS\FSSCRCTL.EXE

C:\SIERRA\PLANNER\PLNRNOTE.EXE

C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE

C:\PROGRAM FILES\THE HELPSPOT!\FA_GD32.EXE

C:\PROGRAM FILES\THE HELPSPOT!\RTFIXM32.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\WINZIP\WINZIP32.EXE

C:\WINDOWS\TEMP\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe

O4 - HKLM\..\Run: [AtiKey] Atitask.exe

O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe

O4 - HKLM\..\Run: [HPSCANMonitor] c:\windows\SYSTEM\hpsjvxd.exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro80\opware32.exe

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE

O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE

O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask

O4 - HKLM\..\Run: [KodakCCS] C:\Program Files\Common Files\KODAK\KODAK_DR\KodakCCS.exe --pdr: "C:\Program Files\Common Files\KODAK\KODAK_DR\dcmnter.pdr"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE

O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

O4 - HKLM\..\Run: [Narrator] C:\WINDOWS\gkrogw.exe

O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service

O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [Reminder] C:\Money\System\reminder.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"

O4 - Startup: Iomega Watch.lnk = C:\Program Files\Iomega\Tools\IOWATCH.EXE

O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.exe

O4 - Startup: Greetings Workshop Reminders.lnk = C:\Greeting\GWREMIND.EXE

O4 - Startup: Office Startup.lnk = C:\MSOffice\Office\OSA.EXE

O4 - Startup: Zip Disk Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.exe

O4 - Startup: Windows Guardian.lnk = C:\Program Files\the HelpSpot!\Fawgrd32.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe

O4 - Startup: intpih.exe

O4 - Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\Planner\PLNRnote.exe

O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE

O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://home.microsoft.com/search/lobby/searchsettings.cab

O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://vivo.real.com/dldv2/vvweb.cab

O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://activex.microsoft.com/activex/contr...eb/ikcntrls.cab

O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab

O16 - DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} (Surround Video Control Object) - http://www.pleasantholidays.com/downloads/plugins/svideo.cab

O16 - DPF: Serome Web2Phone - http://dialpad.com/applet/vscp.cab

O16 - DPF: {86F622BC-EF88-458C-9E74-E2574B6875A5} (ChrtCtl Class) - http://fdl.msn.com/public/investor/v8/0326/investor.cab

O16 - DPF: {0C98419E-324F-11D3-9A23-00C04FF40D52} - http://download.mcafee.com/molbin/clinic/v...an/mgavinst.cab

O16 - DPF: {55DCF357-7B34-11D2-8119-20ABFD000000} (eCHARGE ActiveX Shell Control) - ftp://ftp.echarge.com/pub/ec32_english_us_200.cab

O16 - DPF: {99B42120-6EC7-11CF-A6C7-00AA00A47DD2} (Label Object) - http://activex.microsoft.com/controls/iexp...x86/ielabel.cab

O16 - DPF: {340A0150-9DC7-11D3-9A01-005004677EF4} (Mcafee PC Clinic Edisk Class) - http://download.mcafee.com/molbin/Clinic/Edisk/edisk.cab

O16 - DPF: {4AE3239D-18C5-11D3-9634-0060080A3AB6} (McAfee PC Clinic System Information Class) - http://download.mcafee.com/molbin/Clinic/sysinfo/sicomp.cab

O16 - DPF: {23047A90-8511-11D2-87A5-20C252C10000} (McAfee Clinic TreeView Class) - http://download.mcafee.com/molbin/Shared/MGTree.cab

O16 - DPF: {D30CAFF0-087B-11D3-82D8-006094695CEC} (McAfee PC Clinic FaManager Class) - http://download.mcafee.com/molbin/Clinic/F...eck/mgfactl.cab

O16 - DPF: {6C636F50-7EB2-11D2-883C-CA8C113EA37E} (McAfee Clinic QuickClean Class) - http://download.mcafee.com/molbin/Clinic/C...ean/MGqcctl.cab

O16 - DPF: {1C854D5E-66D9-11D3-81DD-00A0C9B62983} (TestX Class) - http://www.expressit.com/Plugin/3DGreetings/PlayerX.CAB

O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nm1228.cab

O16 - DPF: {CDB74794-A3BA-4733-B6F6-59BF16D6C15A} (McAfee Smart Shop - Update Class) - http://download.mcafee.com/molbin/mcaeng/mcsmtshp.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {09C1A291-8E2A-11D0-BB0B-00AA001F4283} (Pinger Class) - http://www.pcpitstop.com/Ping.cab

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {C97AF44D-92C4-11D3-A53B-005004678019} (McAfee Clinic Cleaner Control Class) - http://download.mcafee.com/molbin/Clinic/c...ore/clnctrl.cab

O16 - DPF: {41453CC4-288E-11D3-A53B-005004678019} (McAfee AppClean Appclean Class) - http://download.mcafee.com/molbin/Clinic/c...an/appclean.cab

O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Ctp Class) - http://www.americangreetings.com/create/Install/AxCtp.cab

O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...83/mcinsctl.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,20/mcgdmgr.cab

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1435/ftp...23/cpbrkpie.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

Share this post


Link to post
Share on other sites

My ad-ware seems to lock up on me when I scan it, so it shuts down then when I rescan it doesn't find things. It did say that GKROGW.EXE and Nabune.DLL had malware. I see that GKROGW.EXE is on my startup. Could that be causing me some of this headache?

Share this post


Link to post
Share on other sites

I tried to download and run the silentrunners.vbs file again, it downloaded but then when I went to open it, it was strange... there was a box that came up and it said adding file: C:\My Documents\

then it has a box to click below it that says new or open. I click on open and nothing is there, I can't find the silentrunners.vbs so I don't know what that is about. There is a box of add, cancel and help off to the right of the screen. Does this sound familiar or did I do something wrong.????

Share this post


Link to post
Share on other sites

clony.exe appears to be burning software. http://www.google.com.au/search?hl=en&q=cl...le+Search&meta=

 

Better move hijackthis into a permanent folder, or download this self extracting version.

 

The GKROGW.EXE is definitely the qoologic trojan.

 

Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.

 

O4 - HKLM\..\Run: [Narrator] C:\WINDOWS\gkrogw.exe

O4 - Startup: intpih.exe

 

Run Pocket Killbox again and paste the full file path of each of the below files in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you enter each file (see the files below).

 

C:\WINDOWS\gkrogw.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\intpih.exe (The full path may be different in 98, so make certain of the path to the startup folder)

 

Reboot afterwards if the files are successfully deleted.

 

If all files are not deleted, do not reboot yet. Run Pocket Killbox again and paste the full file path in the box and click on Delete on Reboot. Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?" Click "Yes" to reboot only after the last file you enter.

 

Post another log please.

Share this post


Link to post
Share on other sites

I still have the downloader qoologic K on my computer, AVG came up and found it but I don't think I have the downloader qoologic J. I was able to delete the intpih.exe file with hijack this because I couldn't find it with killbox. If it is still there I don't know where, I looked everywhere. Also I don't know where the qoologic K is hiding but it is still there. The gkrogw.exe file is gone too. My computer acted up a bit after I ran killbox. The explorer bar was gone and so I had to reboot by hitting Ctrl+Alt+delete. Here is my hijack this log.

Logfile of HijackThis v1.99.0

Scan saved at 3:46:12 PM, on 01/28/2005

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\ATICWD32.EXE

C:\WINDOWS\SYSTEM\ATITASK.EXE

C:\WINDOWS\STARTER.EXE

C:\WINDOWS\GWHOTKEY.EXE

C:\WINDOWS\SYSTEM\HPSJVXD.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\CAERE\OMNIPAGEPRO80\OPWARE32.EXE

C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE

C:\PROGRAM FILES\CAERE\OMNIPAGEPRO80\opware16.exe

C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE

C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE

C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE

C:\PROGRAM FILES\COMMON FILES\KODAK\KODAK_DR\KODAKCCS.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE

C:\WINDOWS\RunDLL.exe

C:\MONEY\SYSTEM\REMINDER.EXE

C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE

C:\PROGRAM FILES\IOMEGA\TOOLS\IOWATCH.EXE

C:\GREETING\GWREMIND.EXE

C:\MSOFFICE\OFFICE\OSA.EXE

C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE

C:\PROGRAM FILES\THE HELPSPOT!\FAWGRD32.EXE

C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE

C:\WINDOWS\FSSCRCTL.EXE

C:\SIERRA\PLANNER\PLNRNOTE.EXE

C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE

C:\PROGRAM FILES\THE HELPSPOT!\FA_GD32.EXE

C:\PROGRAM FILES\THE HELPSPOT!\RTFIXM32.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\WINZIP\WINZIP32.EXE

C:\WINDOWS\TEMP\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe

O4 - HKLM\..\Run: [AtiKey] Atitask.exe

O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe

O4 - HKLM\..\Run: [HPSCANMonitor] c:\windows\SYSTEM\hpsjvxd.exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro80\opware32.exe

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE

O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE

O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask

O4 - HKLM\..\Run: [KodakCCS] C:\Program Files\Common Files\KODAK\KODAK_DR\KodakCCS.exe --pdr: "C:\Program Files\Common Files\KODAK\KODAK_DR\dcmnter.pdr"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE

O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service

O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [Reminder] C:\Money\System\reminder.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"

O4 - Startup: Iomega Watch.lnk = C:\Program Files\Iomega\Tools\IOWATCH.EXE

O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.exe

O4 - Startup: Greetings Workshop Reminders.lnk = C:\Greeting\GWREMIND.EXE

O4 - Startup: Office Startup.lnk = C:\MSOffice\Office\OSA.EXE

O4 - Startup: Zip Disk Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.exe

O4 - Startup: Windows Guardian.lnk = C:\Program Files\the HelpSpot!\Fawgrd32.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe

O4 - Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\Planner\PLNRnote.exe

O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE

O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://home.microsoft.com/search/lobby/searchsettings.cab

O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://vivo.real.com/dldv2/vvweb.cab

O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://activex.microsoft.com/activex/contr...eb/ikcntrls.cab

O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab

O16 - DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} (Surround Video Control Object) - http://www.pleasantholidays.com/downloads/plugins/svideo.cab

O16 - DPF: Serome Web2Phone - http://dialpad.com/applet/vscp.cab

O16 - DPF: {86F622BC-EF88-458C-9E74-E2574B6875A5} (ChrtCtl Class) - http://fdl.msn.com/public/investor/v8/0326/investor.cab

O16 - DPF: {0C98419E-324F-11D3-9A23-00C04FF40D52} - http://download.mcafee.com/molbin/clinic/v...an/mgavinst.cab

O16 - DPF: {55DCF357-7B34-11D2-8119-20ABFD000000} (eCHARGE ActiveX Shell Control) - ftp://ftp.echarge.com/pub/ec32_english_us_200.cab

O16 - DPF: {99B42120-6EC7-11CF-A6C7-00AA00A47DD2} (Label Object) - http://activex.microsoft.com/controls/iexp...x86/ielabel.cab

O16 - DPF: {340A0150-9DC7-11D3-9A01-005004677EF4} (Mcafee PC Clinic Edisk Class) - http://download.mcafee.com/molbin/Clinic/Edisk/edisk.cab

O16 - DPF: {4AE3239D-18C5-11D3-9634-0060080A3AB6} (McAfee PC Clinic System Information Class) - http://download.mcafee.com/molbin/Clinic/sysinfo/sicomp.cab

O16 - DPF: {23047A90-8511-11D2-87A5-20C252C10000} (McAfee Clinic TreeView Class) - http://download.mcafee.com/molbin/Shared/MGTree.cab

O16 - DPF: {D30CAFF0-087B-11D3-82D8-006094695CEC} (McAfee PC Clinic FaManager Class) - http://download.mcafee.com/molbin/Clinic/F...eck/mgfactl.cab

O16 - DPF: {6C636F50-7EB2-11D2-883C-CA8C113EA37E} (McAfee Clinic QuickClean Class) - http://download.mcafee.com/molbin/Clinic/C...ean/MGqcctl.cab

O16 - DPF: {1C854D5E-66D9-11D3-81DD-00A0C9B62983} (TestX Class) - http://www.expressit.com/Plugin/3DGreetings/PlayerX.CAB

O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nm1228.cab

O16 - DPF: {CDB74794-A3BA-4733-B6F6-59BF16D6C15A} (McAfee Smart Shop - Update Class) - http://download.mcafee.com/molbin/mcaeng/mcsmtshp.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {09C1A291-8E2A-11D0-BB0B-00AA001F4283} (Pinger Class) - http://www.pcpitstop.com/Ping.cab

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {C97AF44D-92C4-11D3-A53B-005004678019} (McAfee Clinic Cleaner Control Class) - http://download.mcafee.com/molbin/Clinic/c...ore/clnctrl.cab

O16 - DPF: {41453CC4-288E-11D3-A53B-005004678019} (McAfee AppClean Appclean Class) - http://download.mcafee.com/molbin/Clinic/c...an/appclean.cab

O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Ctp Class) - http://www.americangreetings.com/create/Install/AxCtp.cab

O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...83/mcinsctl.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,20/mcgdmgr.cab

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1435/ftp...23/cpbrkpie.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

Share this post


Link to post
Share on other sites

It seems that the qoologic J and qoologic K are now gone, I scanned with AVG and it detected a Qoologic L in my wtemp files so I rebooted into safe mode and deleted that file that was in my temp folder. :( Plus I deleted some other programs in there, I didn't want to chance that they were infected too. I deleted that clony.exe one too that was in there. Then I rescanned my computer in regular mode with AVG and it found Qoologic L and a dropper small of some sort on my computer in windows. The file infected is Nabune.dll that was the other file that ad-aware can't get rid of either that it detected. I healed them with AVG but I am sure it will be back just like the other qoologic files... I will wait for you to look at my hijack this log and see what you think. Oh and the other file that was infected with qoologic was hijackthis.exe in my temp folder but when I went to delete it out of there it was already gone... :( don't know where it went. Hope you can still help me with this one.

Share this post


Link to post
Share on other sites

To be honest, without being able to see the files in the log, I don't know what to mark for deletion :(.

Although your hijackthis.exe is still in the Temp folder, (C:\WINDOWS\TEMP\HIJACKTHIS.EXE) I see no other problems with it.

Do you want to do a couple of online scans and see what they come up with now?

Maybe rather than have AVG heal them, can you delete them manually yourself?

Maybe you can also download the free AV that I use, update it then scan your PC.

http://www.free-av.com/

Share this post


Link to post
Share on other sites

I did run my AVG and deleted the files instead of healing them. Then my computer froze up and I had to reboot. I downloaded your version of your virus scan and it didn't detect anything. I hope that means I am clean. I am going to run AVG again and also ad-aware, then spybot. I will let you know if I find any more trojans or have problems. Do you have any more recommendations for me so that this doesn't happen again to me? I have zone alarm, I don't know if I should keep McAfee or not, the stupid thing didn't catch any of these trojans and I'm not very satisfied with their program. Period. I bought a two year subscription almost two years ago so it is about to run out, but I am really disappointed with them. I have popup blocker, and I redid my IE settings as suggested. I will keep deleting my temp and temp internet files folder and keeping cookies off my computer. But what else should I do? It is a bad computer world out there with all these trojans, they make internet surfing miserable anymore. Thanks crunchie.

Share this post


Link to post
Share on other sites

My primary advice would be to change browsers. Either Opera or FireFox. Both are excellent browsers that are far more secure than IE. Opera comes with a frame for ads in the toolbar unless you register it. Very unobtrusive though.

Haven't used Macafee, so have no input for you there.

You can try the (almost) new M$ antispyware product. By all accounts it is doing a good job. It does still have a few false positives and is also a Beta version, meaning it's not a finished product yet.

Also run a couple of online scans regularly.

Keeping my fingers crossed for you :).

Share this post


Link to post
Share on other sites

Thanks alot crunchie for all your help, I sincerely appreciate you taking the time to help me out and it really did help!!! :) I am confused as to how to switch internet browsers and how do I go about getting rid of internet explorer and switching to Mozilla/Firefox. I have heard a lot lately about Firefox and that it is more secure than Internet Explorer. Do you have any tips for me on this subject? Also I did scan my computer with AVG and it didn't find any virus's or trojans either... Yippie :) I am going to do an Ad-Aware scan now and see what it finds... hopefully nothing.

Thanks again for helping with this... I was at my wits end.

Share this post


Link to post
Share on other sites

You are welcome :D. Sometimes these nasties do not want to leave. They find a new shiny home, move in a couple of mates and then just want to party on :mrgreen::woot:.

 

Download FireFox from http://www.mozilla.org/products/firefox/releases/ and then basically once installed, you're up and away. You still need IE for your M$ updates.

I have FF on my PC and am much impressed, although Opera IMHO is a much better browser.

Use FF for a while to get the feel of it, then set it as your default. You will not go back to IE I think :).

Share this post


Link to post
Share on other sites
Sign in to follow this  

×