1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please Help With My Hijack This Log!!!

Discussion in 'Virus & Other Malware Removal' started by markcanty, Sep 21, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. markcanty

    markcanty Thread Starter

    Joined:
    Sep 21, 2004
    Messages:
    3
    Logfile of HijackThis v1.97.7
    Scan saved at 4:22:50 PM, on 9/21/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
    C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
    C:\Program Files\Network Associates\VirusScan\VsStat.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\lotus\notes\ntmulti.exe
    C:\Program Files\CA\Unicenter Remote Control\rcHost.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\tlntsvr.exe
    C:\PROGRA~1\WinSNTP\winsntps.exe
    C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
    C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\Webscanx.exe
    C:\Program Files\Network Associates\VirusScan\Avconsol.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Windows SyncroAd\SyncroAd.exe
    C:\Documents and Settings\U202011\Application Data\m?dhy.exe
    C:\Program Files\Windows SyncroAd\WinSync.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe
    C:\Program Files\Microsoft Office\Office10\msoffice.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Thomson Financial\Thomson One\ThomsonONE.exe
    C:\PROGRA~1\THOMSO~1\THOMSO~1\SHARED~1.EXE
    C:\PROGRA~1\THOMSO~1\THOMSO~1\RDCDDE~1.EXE
    C:\WINDOWS\DOWNLO~1\ALERTC~1.EXE
    C:\Program Files\lotus\notes\NLNOTES.EXE
    C:\Program Files\lotus\notes\ntaskldr.EXE
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Documents and Settings\U202011\Desktop\Miscellaneous\AboutBuster\AboutBuster\AboutBuster.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Washer\washer.exe
    C:\Program Files\ACT\act.exe
    c:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
    c:\Program Files\Internet Explorer\Iexplore.exe
    C:\Documents and Settings\U202011\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yoursearcher.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://yoursearcher.com/index.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yoursearcher.com/index.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web09201
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yoursearcher.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://yoursearcher.com/index.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=65.160.143.27:3128
    O2 - BHO: (no name) - {DB10DB35-D3E5-1249-9B78-4ABD815D81BC} - C:\WINDOWS\iedh32.dll (file missing)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
    O4 - HKCU\..\Run: [Cuec] C:\Documents and Settings\U202011\Application Data\m?dhy.exe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: winlgn.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {00028CF3-0000-0000-0000-000000000046} (XArray Object) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Xarray32.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {079E8251-3A00-11D3-BF4E-0000832F7CAE} (DS100v32.clsUtility1) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/DS100v32.cab
    O16 - DPF: {07D7A18F-3385-11D2-B6D5-0004ACEEF34A} (TrackDetail.clsDetailConnector) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/pv299v32.cab
    O16 - DPF: {0BA686AA-F7D3-101A-993E-0000C0EF6F5E} (Threed Checkbox Control) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Threed32.cab
    O16 - DPF: {0BA9C3E4-2E08-11D2-8CF7-00008326B9A0} (Enterprise Tabular Data Dll) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/vb840v32.cab
    O16 - DPF: {0D6234D0-DBA2-11D1-B5DF-0060976089D0} (True OLE DBGrid 6 Control) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/todg6.cab
    O16 - DPF: {0D62353B-DBA2-11D1-B5DF-0060976089D0} (APEX XArrayDB Object) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/xarraydb.cab
    O16 - DPF: {18858CA0-AE28-11D1-A40B-0000832F7DAA} (CheckImage.CheckImageControl) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/CheckCtl.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {3A08E130-8F65-11D0-9484-00A0C91110ED} (DataAdapter Object) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/Dbadapt.cab
    O16 - DPF: {3E3EE5DE-EA13-11D3-AC34-0004ACA27A2B} (PV307V32.clsPopulateFrame) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/pv307v32.cab
    O16 - DPF: {4C1A13FC-D7CB-11D6-AF21-00B0D0714AD9} (View Class) - http://bossadvestpa.cs.prusec.com/IEMax.cab
    O16 - DPF: {572E85D5-BCEE-11D1-A3D0-000083277A48} (bc Class) - http://bossadvestpa.cs.prusec.com/bs1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094702715489
    O16 - DPF: {648BDFE3-ED75-11D1-85D7-444553540000} (Community Control) - http://bossadvestpa.cs.prusec.com/funcSTALERT/exe/comm.cab
    O16 - DPF: {6496A905-45EB-11D3-A54B-00008361A802} (ds110v32.Installer) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/Selfinstall110/DS110v32.cab
    O16 - DPF: {661418B0-95B4-11D1-AB75-00A0C91CB2BD} (Virtual Places Base Control) - http://bossadvestpa.cs.prusec.com/funcSTALERT/exe/vpbase.cab
    O16 - DPF: {6D835690-900B-11D0-9484-00A0C91110ED} (StdDataFormat Object) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Msstdfmt.cab
    O16 - DPF: {7E8AF2C1-09AC-11D5-AF01-000629AE9D93} (PV318V32.clsPopulateFrame) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/pv318v32.cab
    O16 - DPF: {89B7BF01-D460-11D1-88E4-00008361DE49} (VB Calendar Control Sample) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Msvbcldr.cab
    O16 - DPF: {89C06158-1CAA-11D5-9BDD-0006290FF99C} (Enterprise Web Control) - http://bossadvestnj.cs.prusec.com/funcdevsuprt/SelfInstall110/Vb500v32.cab
    O16 - DPF: {97CFDE36-37F9-11D4-BE80-006094FB2572} (pv106v32.clsRegCleanup) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/pv106v32.cab
    O16 - DPF: {A0DEBDB1-5BF9-11D4-96E9-0004AC5B21C8} (STAlertCollectionCreator Class) - http://bossadvestpa.cs.prusec.com/funcSTALERT/exe/AlertMessage.cab
    O16 - DPF: {A8BA71E3-BCF0-11D1-945D-00A0C91CB14D} (Om Control) - http://bossadvestpa.cs.prusec.com/funcSTALERT/exe/om.cab
    O16 - DPF: {B038B7F1-D017-11D2-88F9-000083628EAE} (mu862v32.clsPrint) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/mu862v32.cab
    O16 - DPF: {B16553C0-06DB-101B-85B2-0000C009BE81} (SpinButton) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Spin32.cab
    O16 - DPF: {B7DB7E93-CA1A-41AB-AA2E-ACD8B13C80ED} (MSSMO.SoapMessage) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/MSSMO.cab
    O16 - DPF: {BD10A9C1-07CC-11D2-BEFF-00A0C95A6A5C} (ReportExport Class) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/sviewhlp.cab
    O16 - DPF: {BE4F3AC5-AEC9-101A-947B-00DD010F7B46} (Outline Control) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Msoutl32.cab
    O16 - DPF: {BFD50F1D-3459-11D2-82EA-00008361D1E8} (Cm300v32.clsConnector) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/pv100v32.cab
    O16 - DPF: {C34458B8-37A0-11D7-AF6D-0004AC5DE2C8} (Enterprise Authentication Control) - http://lbs04201.advest.mony.com/SiteInfo/AuthControl/vb520v32.cab
    O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Smart Viewer 7) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/crviewer.cab
    O16 - DPF: {C68D2736-2D55-11D2-8CF6-00008326B9A0} (Enterprise Middleware Control) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/vb260v32.cab
    O16 - DPF: {CE1B5137-58EE-11D4-BE8A-006094E5ACA7} (PV107V32.PruServInstall) - http://psiwebnt04.cs.prusec.com/wexserv/pv100v32/self-install/PV107V32.CAB
    O16 - DPF: {D21DD6A9-0295-11D5-AC6E-000629897D5C} (PV108V32.clsBulk) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/pv108v32.cab
    O16 - DPF: {D2FFAA43-074A-11D1-BAA2-444553540000} :)-) VideoSoft vsPrinter3 Control) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Vsview3.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://firstclearing.webex.com/client/v_mywebex/training/ieatgpc.cab
    O16 - DPF: {E80C823B-DE33-11D2-BEEC-00008326B6E8} (Enterprise Tabular Data Dll) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/Ds800v32.cab
    O16 - DPF: {EAF56DC0-6900-11D6-ACE2-0004AC5B6E47} (CM101V32.SoapExecute) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/CM101V32.cab
    O16 - DPF: {F2CA2119-C8D2-11D1-BEBD-00A0C95A6A5C} (WebReportBroker Class) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/swebrs.cab
    O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/ikmenu.cab
    O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/comdlg32.cab
    O16 - DPF: {FDE4A062-69AE-11D6-ACE2-0004AC5B6E47} (CM111V32.Request) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Cm111V32.cab
    O16 - DPF: {FF3B16A4-5C45-11D6-92AD-00B0D0714AE9} (AlertDlg Class) - http://bossadvestpa.cs.prusec.com/funcSTALERT/exe/AlertControl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{18A54EA2-CE60-481C-BF7C-B4E61C2C4BE2}: NameServer = 141.191.128.76,141.191.128.75
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = advest.mony.com,advest.com,mony.com,soc.mony.com,ho.mony.com
    O17 - HKLM\System\CS1\Services\Tcpip\..\{18A54EA2-CE60-481C-BF7C-B4E61C2C4BE2}: NameServer = 141.191.128.76,141.191.128.75
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = advest.mony.com,advest.com,mony.com,soc.mony.com,ho.mony.com
    O17 - HKLM\System\CS2\Services\Tcpip\..\{18A54EA2-CE60-481C-BF7C-B4E61C2C4BE2}: NameServer = 141.191.128.76,141.191.128.75
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = advest.mony.com,advest.com,mony.com,soc.mony.com,ho.mony.com
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
  3. markcanty

    markcanty Thread Starter

    Joined:
    Sep 21, 2004
    Messages:
    3
    Logfile of HijackThis v1.98.2
    Scan saved at 10:08:03 AM, on 9/22/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
    C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\lotus\notes\ntmulti.exe
    C:\Program Files\CA\Unicenter Remote Control\rcHost.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\tlntsvr.exe
    C:\PROGRA~1\WinSNTP\winsntps.exe
    C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
    C:\Program Files\Network Associates\VirusScan\VsStat.exe
    C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
    C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\Webscanx.exe
    C:\Program Files\Network Associates\VirusScan\Avconsol.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Windows SyncroAd\SyncroAd.exe
    C:\Program Files\Windows SyncroAd\WinSync.exe
    C:\Documents and Settings\U202011\Application Data\m?dhy.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe
    C:\Program Files\Microsoft Office\Office10\msoffice.exe
    C:\Program Files\Thomson Financial\Thomson One\ThomsonONE.exe
    C:\PROGRA~1\THOMSO~1\THOMSO~1\SHARED~1.EXE
    C:\PROGRA~1\THOMSO~1\THOMSO~1\RDCDDE~1.EXE
    C:\Program Files\ACT\act.exe
    C:\Program Files\lotus\notes\NLNOTES.EXE
    C:\Program Files\lotus\notes\ntaskldr.EXE
    C:\Program Files\Washer\washer.exe
    C:\Program Files\Washer\washer.exe
    C:\Program Files\Washer\washer.exe
    c:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\DOWNLO~1\ALERTC~1.EXE
    c:\Program Files\Internet Explorer\Iexplore.exe
    C:\Documents and Settings\U202011\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web09201
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web09201
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yoursearcher.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://yoursearcher.com/index.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://yoursearcher.com/sp.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=65.160.143.27:3128
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {DB10DB35-D3E5-1249-9B78-4ABD815D81BC} - C:\WINDOWS\iedh32.dll (file missing)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
    O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "U202011"
    O4 - HKCU\..\Run: [Cuec] C:\Documents and Settings\U202011\Application Data\m?dhy.exe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: winlgn.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {00028CF3-0000-0000-0000-000000000046} (XArray Object) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Xarray32.cab
    O16 - DPF: {079E8251-3A00-11D3-BF4E-0000832F7CAE} (DS100v32.clsUtility1) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/DS100v32.cab
    O16 - DPF: {07D7A18F-3385-11D2-B6D5-0004ACEEF34A} (TrackDetail.clsDetailConnector) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/pv299v32.cab
    O16 - DPF: {0BA686AA-F7D3-101A-993E-0000C0EF6F5E} (Threed Checkbox Control) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Threed32.cab
    O16 - DPF: {0BA9C3E4-2E08-11D2-8CF7-00008326B9A0} (Enterprise Tabular Data Dll) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/vb840v32.cab
    O16 - DPF: {0D6234D0-DBA2-11D1-B5DF-0060976089D0} (True OLE DBGrid 6 Control) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/todg6.cab
    O16 - DPF: {0D62353B-DBA2-11D1-B5DF-0060976089D0} (APEX XArrayDB Object) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/xarraydb.cab
    O16 - DPF: {18858CA0-AE28-11D1-A40B-0000832F7DAA} (CheckImage.CheckImageControl) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/CheckCtl.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {3A08E130-8F65-11D0-9484-00A0C91110ED} (DataAdapter Object) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/Dbadapt.cab
    O16 - DPF: {3E3EE5DE-EA13-11D3-AC34-0004ACA27A2B} (PV307V32.clsPopulateFrame) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/pv307v32.cab
    O16 - DPF: {4C1A13FC-D7CB-11D6-AF21-00B0D0714AD9} (View Class) - http://bossadvestpa.cs.prusec.com/IEMax.cab
    O16 - DPF: {572E85D5-BCEE-11D1-A3D0-000083277A48} (bc Class) - http://bossadvestpa.cs.prusec.com/bs1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094702715489
    O16 - DPF: {648BDFE3-ED75-11D1-85D7-444553540000} (Community Control) - http://bossadvestpa.cs.prusec.com/funcSTALERT/exe/comm.cab
    O16 - DPF: {6496A905-45EB-11D3-A54B-00008361A802} (ds110v32.Installer) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/Selfinstall110/DS110v32.cab
    O16 - DPF: {661418B0-95B4-11D1-AB75-00A0C91CB2BD} (Virtual Places Base Control) - http://bossadvestpa.cs.prusec.com/funcSTALERT/exe/vpbase.cab
    O16 - DPF: {6D835690-900B-11D0-9484-00A0C91110ED} (StdDataFormat Object) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Msstdfmt.cab
    O16 - DPF: {7E8AF2C1-09AC-11D5-AF01-000629AE9D93} (PV318V32.clsPopulateFrame) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/pv318v32.cab
    O16 - DPF: {89B7BF01-D460-11D1-88E4-00008361DE49} (VB Calendar Control Sample) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Msvbcldr.cab
    O16 - DPF: {89C06158-1CAA-11D5-9BDD-0006290FF99C} (Enterprise Web Control) - http://bossadvestnj.cs.prusec.com/funcdevsuprt/SelfInstall110/Vb500v32.cab
    O16 - DPF: {97CFDE36-37F9-11D4-BE80-006094FB2572} (pv106v32.clsRegCleanup) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/pv106v32.cab
    O16 - DPF: {A0DEBDB1-5BF9-11D4-96E9-0004AC5B21C8} (STAlertCollectionCreator Class) - http://bossadvestpa.cs.prusec.com/funcSTALERT/exe/AlertMessage.cab
    O16 - DPF: {A8BA71E3-BCF0-11D1-945D-00A0C91CB14D} (Om Control) - http://bossadvestpa.cs.prusec.com/funcSTALERT/exe/om.cab
    O16 - DPF: {B038B7F1-D017-11D2-88F9-000083628EAE} (mu862v32.clsPrint) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/mu862v32.cab
    O16 - DPF: {B16553C0-06DB-101B-85B2-0000C009BE81} (SpinButton) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Spin32.cab
    O16 - DPF: {B7DB7E93-CA1A-41AB-AA2E-ACD8B13C80ED} (MSSMO.SoapMessage) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/MSSMO.cab
    O16 - DPF: {BD10A9C1-07CC-11D2-BEFF-00A0C95A6A5C} (ReportExport Class) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/sviewhlp.cab
    O16 - DPF: {BE4F3AC5-AEC9-101A-947B-00DD010F7B46} (Outline Control) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Msoutl32.cab
    O16 - DPF: {BFD50F1D-3459-11D2-82EA-00008361D1E8} (Cm300v32.clsConnector) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/pv100v32.cab
    O16 - DPF: {C34458B8-37A0-11D7-AF6D-0004AC5DE2C8} (Enterprise Authentication Control) - http://lbs04201.advest.mony.com/SiteInfo/AuthControl/vb520v32.cab
    O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Smart Viewer 7) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/crviewer.cab
    O16 - DPF: {C68D2736-2D55-11D2-8CF6-00008326B9A0} (Enterprise Middleware Control) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/vb260v32.cab
    O16 - DPF: {CE1B5137-58EE-11D4-BE8A-006094E5ACA7} (PV107V32.PruServInstall) - http://psiwebnt04.cs.prusec.com/wexserv/pv100v32/self-install/PV107V32.CAB
    O16 - DPF: {D21DD6A9-0295-11D5-AC6E-000629897D5C} (PV108V32.clsBulk) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/pv108v32.cab
    O16 - DPF: {D2FFAA43-074A-11D1-BAA2-444553540000} :)-) VideoSoft vsPrinter3 Control) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Vsview3.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://firstclearing.webex.com/client/v_mywebex/training/ieatgpc.cab
    O16 - DPF: {E80C823B-DE33-11D2-BEEC-00008326B6E8} (Enterprise Tabular Data Dll) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/Ds800v32.cab
    O16 - DPF: {EAF56DC0-6900-11D6-ACE2-0004AC5B6E47} (CM101V32.SoapExecute) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/CM101V32.cab
    O16 - DPF: {F2CA2119-C8D2-11D1-BEBD-00A0C95A6A5C} (WebReportBroker Class) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/swebrs.cab
    O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/ikmenu.cab
    O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/comdlg32.cab
    O16 - DPF: {FDE4A062-69AE-11D6-ACE2-0004AC5B6E47} (CM111V32.Request) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Cm111V32.cab
    O16 - DPF: {FF3B16A4-5C45-11D6-92AD-00B0D0714AE9} (AlertDlg Class) - http://bossadvestpa.cs.prusec.com/funcSTALERT/exe/AlertControl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{18A54EA2-CE60-481C-BF7C-B4E61C2C4BE2}: NameServer = 141.191.128.76,141.191.128.75
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = advest.mony.com,advest.com,mony.com,soc.mony.com,ho.mony.com
    O17 - HKLM\System\CS1\Services\Tcpip\..\{18A54EA2-CE60-481C-BF7C-B4E61C2C4BE2}: NameServer = 141.191.128.76,141.191.128.75
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = advest.mony.com,advest.com,mony.com,soc.mony.com,ho.mony.com
    O17 - HKLM\System\CS2\Services\Tcpip\..\{18A54EA2-CE60-481C-BF7C-B4E61C2C4BE2}: NameServer = 141.191.128.76,141.191.128.75
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = advest.mony.com,advest.com,mony.com,soc.mony.com,ho.mony.com
     
  4. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Go to http://computercops.biz/downloads-cat-14.html , and download the latest version of CWShredder by Merijn Bellekom, the creator of HijackThis.
    Before you run it.....check for and download any updates.Press 'Fix', and allow it to fix all it finds.
    And remember to click "Fix" (Not "Scan only")
    After its done its thing hit the"How do i prevent reinfection" tab....
    In particular pay attention to the patches for the operating system regarding the ByteVerify vulnerability which is how you got infected in the 1st place.
    ==============================
    Reboot into safe mode by following instructions here: http://helpdesk.its.bethel.edu/resnet/Documents/Antivirus/Safemode.html
    then as some of the files or folders you need to delete may be hidden do this:
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"
    ================================
    ================================================
    Run hijackthis again and put a checkmark against these entries....double check
    in case you miss anything....
    .....then,close all browser and outlook windows including this one and "fix checked"

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web09201
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web09201
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yoursearcher.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://yoursearcher.com/index.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://yoursearcher.com/sp.htm
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {DB10DB35-D3E5-1249-9B78-4ABD815D81BC} - C:\WINDOWS\iedh32.dll (file missing)
    O4 - HKCU\..\Run: [Cuec] C:\Documents and Settings\U202011\Application Data\m?dhy.exe
    O4 - Global Startup: winlgn.exe


    Locate:C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe...right-click and send to the recycle bin.
    ==============================
    Empty the Recycle Bin.

    Open internet Explorer Click on "Tools">"Internet Options">And delete temp internet files.
    And clean out your %Userprofile%\Local Settings\Temp
    folder. [It's a good idea to do that regularly.]
    ==============================
    Go to Internet Options>Programs
    Click the "Reset Web Settings" Button to reset your prefered home and search pages.
    ==============================
    Turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.
    Restart your computer and show us a new HijackThis log.

    When you are sure you are clean turn it back on and create a restore point.
     
  5. markcanty

    markcanty Thread Starter

    Joined:
    Sep 21, 2004
    Messages:
    3
    I did all the stuff you said, ran HJT and this is my new log.




    Logfile of HijackThis v1.98.2
    Scan saved at 11:23:21 AM, on 9/22/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
    C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\lotus\notes\ntmulti.exe
    C:\Program Files\Network Associates\VirusScan\VsStat.exe
    C:\Program Files\CA\Unicenter Remote Control\rcHost.exe
    C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\tlntsvr.exe
    C:\PROGRA~1\WinSNTP\winsntps.exe
    C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
    C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\Webscanx.exe
    C:\Program Files\Network Associates\VirusScan\Avconsol.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Windows SyncroAd\SyncroAd.exe
    C:\Program Files\Windows SyncroAd\WinSync.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Microsoft Office\Office10\msoffice.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\U202011\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web09201
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web09201
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=65.160.143.27:3128
    O1 - Hosts: 192.209.203.218 HOST_BK1_A
    O1 - Hosts: 192.209.208.218 HOST_BK1_B
    O1 - Hosts: 192.209.203.218 HOST_BPS_A
    O1 - Hosts: 192.209.208.218 HOST_BPS_B
    O1 - Hosts: 192.209.209.219 HOST_BPS_C
    O1 - Hosts: 149.83.8.72 HOST_BPS_D
    O1 - Hosts: 149.83.8.74 HOST_BPS_E
    O1 - Hosts: 149.83.8.82 HOST_BPS_F
    O1 - Hosts: 149.83.8.124 HOST_BPS_G
    O1 - Hosts: 149.83.8.128 HOST_BPS_H
    O1 - Hosts: 149.83.14.130 HOST_BPS_J
    O1 - Hosts: 192.209.203.218 HOST_DST_A
    O1 - Hosts: 192.209.208.218 HOST_DST_B
    O1 - Hosts: 192.209.203.218 HOST_DTC_A
    O1 - Hosts: 192.209.208.218 HOST_DTC_B
    O1 - Hosts: 192.209.203.218 HOST_FST_A
    O1 - Hosts: 192.209.208.218 HOST_FST_B
    O1 - Hosts: 192.209.203.218 HOST_LNT_A
    O1 - Hosts: 192.209.208.218 HOST_LNT_B
    O1 - Hosts: 192.209.203.218 HOST_SIS_A
    O1 - Hosts: 192.209.208.218 HOST_SIS_B
    O1 - Hosts: 192.209.208.212 ADVNOTESAPP
    O1 - Hosts: 198.231.219.210 APP01201
    O1 - Hosts: 198.231.219.222 APP02201
    O1 - Hosts: 192.209.203.222 APP06201
    O1 - Hosts: 192.209.208.231 APP12201 APP12201.ADVEST.COM
    O1 - Hosts: 198.231.254.43 APP26201 APP26201.ADVEST.COM
    O1 - Hosts: 198.231.250.1 AUTEX1
    O1 - Hosts: 198.231.219.240 CDS03201
    O1 - Hosts: 198.231.254.149 LBS04201 LBS04201.Advest.Com
    O1 - Hosts: 192.209.208.203 NTS01201 Tymserve1
    O1 - Hosts: 198.231.224.233 RAS01201
    O1 - Hosts: 198.231.224.235 RAS04201
    O1 - Hosts: 198.231.239.10 SGNT1 Bank-Sungard
    O1 - Hosts: 192.209.208.10 UMS01201
    O1 - Hosts: 192.209.208.229 WEB01201 # formerly 192.209.203.208
    O1 - Hosts: 192.209.208.207 WEB02201
    O1 - Hosts: 192.209.203.245 WEB16201
    O1 - Hosts: 192.209.208.190 WEB17201
    O1 - Hosts: 198.231.221.232 WEB26201
    O1 - Hosts: 198.231.221.233 WEB27201
    O1 - Hosts: 192.209.208.105 XCH03201
    O1 - Hosts: 198.231.134.211 XCH01433
    O1 - Hosts: 198.231.221.248 MDS07201 Hartford-MDS17
    O1 - Hosts: 192.209.209.248 MDS06201 Hartford-MDS16
    O1 - Hosts: 198.231.219.245 MDR01201 Hartford-MDR01
    O1 - Hosts: 198.231.219.246 MDR02201 Hartford-MDR02
    O1 - Hosts: 198.231.212.247 MDR03201 Hartford-MDR03
    O1 - Hosts: 198.231.221.247 MDR04201 Hartford-MDR04
    O1 - Hosts: 198.231.215.249 MDR05201 Hartford-MDR05
    O1 - Hosts: 198.231.219.248 MDR06201 Hartford-MDR06
    O1 - Hosts: 198.231.251.124 MDR01337 Yarmoth-Prt-MDR
    O1 - Hosts: 198.231.205.249 MDR01258 Wst-Hartfrd-MDR
    O1 - Hosts: 198.231.237.108 MDR01190 Wolfeboro-MDR
    O1 - Hosts: 198.231.175.249 MDR01421 Whit-Plains-MDR
    O1 - Hosts: 198.231.136.249 MDR01364 Westport-MDR
    O1 - Hosts: 198.231.144.249 MDR01654 Washngtn-DC-MDR
    O1 - Hosts: 198.231.201.249 MDR01784 Washngtn-CH-MDR
    O1 - Hosts: 198.231.169.249 MDR01674 Warren-MDR
    O1 - Hosts: 198.231.226.249 MDR01177 Vineyard-Haven-MDR
    O1 - Hosts: 198.231.230.249 MDR01742 Upr-Arlngtn-MDR
    O1 - Hosts: 198.231.163.249 MDR01333 Taunton-MDR
    O1 - Hosts: 198.231.227.249 MDR01568 Tampa-MDR
    O1 - Hosts: 198.231.172.249 MDR01445 Syracuse-MDR
    O1 - Hosts: 198.231.190.249 MDR01500 Steubenvill-MDR
    O1 - Hosts: 198.231.187.249 MDR01309 Sprngfld-MA-MDR
    O1 - Hosts: 198.231.173.249 MDR01782 Sprngfld-OH-MDR
    O1 - Hosts: 198.231.246.124 MDR01432 Sth-Hampton-MDR
    O1 - Hosts: 198.231.247.249 MDR01338 Sth-Easton-MDR
    O1 - Hosts: 198.231.177.249 MDR01673 St-Marys-MDR
    O1 - Hosts: 198.231.137.249 MDR01262 Rosemont-MDR
    O1 - Hosts: 198.231.179.249 MDR01434 Rockville-MDR
    O1 - Hosts: 198.231.134.249 MDR01433 Rockflr-Pl-MDR1
    O1 - Hosts: 198.231.134.247 MDR02433 Rockflr-Pl-MDR2
    O1 - Hosts: 198.231.134.246 MDR03433 Rockflr-Pl-MDR3
    O1 - Hosts: 198.231.174.249 MDR01448 Rochester-MDR
    O1 - Hosts: 198.231.139.249 MDR01642 Richmond-MDR
    O1 - Hosts: 141.191.140.249 MDR01290 Rector-St-MDR1
    O1 - Hosts: 198.231.140.248 MDR02290 Rector-St-MDR2
    O1 - Hosts: 198.231.176.249 MDR01323 Providence-MDR
    O1 - Hosts: 198.231.251.188 MDR01330 Portsmouth-MDR
    O1 - Hosts: 198.231.200.249 MDR01312 Portland-BL-MDR
    O1 - Hosts: 198.231.199.249 MDR01321 Portland-MDR
    O1 - Hosts: 198.231.240.188 MDR01552 PonteVedra-MDR
    O1 - Hosts: 198.231.241.249 MDR01137 Pomfret-MDR
    O1 - Hosts: 198.231.138.247 MDR01662 Pittsburgh-MDR1
    O1 - Hosts: 198.231.138.248 MDR02662 Pittsburgh-MDR2
    O1 - Hosts: 198.231.248.188 MDR01254 Philadelphia-MDR
    O1 - Hosts: 198.231.244.124 MDR01326 Osterville-MDR
    O1 - Hosts: 198.231.248.124 MDR01550 Ocala-MDR
    O1 - Hosts: 198.231.243.249 MDR01336 Norwell-MDR
    O1 - Hosts: 198.231.195.249 MDR01252 Northfield-MDR
    O1 - Hosts: 198.231.133.249 MDR01205 New-London-MDR
    O1 - Hosts: 198.231.255.249 MDR01557 Naples-MDR
    O1 - Hosts: 198.231.202.249 MDR01204 Mystic-MDR
    O1 - Hosts: 198.231.130.249 MDR01203 Middletown-MDR
    O1 - Hosts: 198.231.131.249 MDR01250 Marlton-MDR
    O1 - Hosts: 198.231.135.249 MDR01322 Manchester-MDR
    O1 - Hosts: 198.231.193.249 MDR01659 Lutherville-MDR
    O1 - Hosts: 198.231.240.60 MDR01512 Louisville-MDR
    O1 - Hosts: 198.231.192.249 MDR01499 Locst-Vally-MDR
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
    O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "U202011"
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {00028CF3-0000-0000-0000-000000000046} (XArray Object) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Xarray32.cab
    O16 - DPF: {079E8251-3A00-11D3-BF4E-0000832F7CAE} (DS100v32.clsUtility1) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/DS100v32.cab
    O16 - DPF: {07D7A18F-3385-11D2-B6D5-0004ACEEF34A} (TrackDetail.clsDetailConnector) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/pv299v32.cab
    O16 - DPF: {0BA686AA-F7D3-101A-993E-0000C0EF6F5E} (Threed Checkbox Control) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Threed32.cab
    O16 - DPF: {0BA9C3E4-2E08-11D2-8CF7-00008326B9A0} (Enterprise Tabular Data Dll) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/vb840v32.cab
    O16 - DPF: {0D6234D0-DBA2-11D1-B5DF-0060976089D0} (True OLE DBGrid 6 Control) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/todg6.cab
    O16 - DPF: {0D62353B-DBA2-11D1-B5DF-0060976089D0} (APEX XArrayDB Object) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/xarraydb.cab
    O16 - DPF: {18858CA0-AE28-11D1-A40B-0000832F7DAA} (CheckImage.CheckImageControl) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/CheckCtl.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {3A08E130-8F65-11D0-9484-00A0C91110ED} (DataAdapter Object) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/Dbadapt.cab
    O16 - DPF: {3E3EE5DE-EA13-11D3-AC34-0004ACA27A2B} (PV307V32.clsPopulateFrame) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/pv307v32.cab
    O16 - DPF: {4C1A13FC-D7CB-11D6-AF21-00B0D0714AD9} (View Class) - http://bossadvestpa.cs.prusec.com/IEMax.cab
    O16 - DPF: {572E85D5-BCEE-11D1-A3D0-000083277A48} (bc Class) - http://bossadvestpa.cs.prusec.com/bs1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094702715489
    O16 - DPF: {648BDFE3-ED75-11D1-85D7-444553540000} (Community Control) - http://bossadvestpa.cs.prusec.com/funcSTALERT/exe/comm.cab
    O16 - DPF: {6496A905-45EB-11D3-A54B-00008361A802} (ds110v32.Installer) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/Selfinstall110/DS110v32.cab
    O16 - DPF: {661418B0-95B4-11D1-AB75-00A0C91CB2BD} (Virtual Places Base Control) - http://bossadvestpa.cs.prusec.com/funcSTALERT/exe/vpbase.cab
    O16 - DPF: {6D835690-900B-11D0-9484-00A0C91110ED} (StdDataFormat Object) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Msstdfmt.cab
    O16 - DPF: {7E8AF2C1-09AC-11D5-AF01-000629AE9D93} (PV318V32.clsPopulateFrame) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/pv318v32.cab
    O16 - DPF: {89B7BF01-D460-11D1-88E4-00008361DE49} (VB Calendar Control Sample) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Msvbcldr.cab
    O16 - DPF: {89C06158-1CAA-11D5-9BDD-0006290FF99C} (Enterprise Web Control) - http://bossadvestnj.cs.prusec.com/funcdevsuprt/SelfInstall110/Vb500v32.cab
    O16 - DPF: {97CFDE36-37F9-11D4-BE80-006094FB2572} (pv106v32.clsRegCleanup) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/pv106v32.cab
    O16 - DPF: {A0DEBDB1-5BF9-11D4-96E9-0004AC5B21C8} (STAlertCollectionCreator Class) - http://bossadvestpa.cs.prusec.com/funcSTALERT/exe/AlertMessage.cab
    O16 - DPF: {A8BA71E3-BCF0-11D1-945D-00A0C91CB14D} (Om Control) - http://bossadvestpa.cs.prusec.com/funcSTALERT/exe/om.cab
    O16 - DPF: {B038B7F1-D017-11D2-88F9-000083628EAE} (mu862v32.clsPrint) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/mu862v32.cab
    O16 - DPF: {B16553C0-06DB-101B-85B2-0000C009BE81} (SpinButton) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Spin32.cab
    O16 - DPF: {B7DB7E93-CA1A-41AB-AA2E-ACD8B13C80ED} (MSSMO.SoapMessage) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/MSSMO.cab
    O16 - DPF: {BD10A9C1-07CC-11D2-BEFF-00A0C95A6A5C} (ReportExport Class) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/sviewhlp.cab
    O16 - DPF: {BE4F3AC5-AEC9-101A-947B-00DD010F7B46} (Outline Control) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Msoutl32.cab
    O16 - DPF: {BFD50F1D-3459-11D2-82EA-00008361D1E8} (Cm300v32.clsConnector) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/pv100v32.cab
    O16 - DPF: {C34458B8-37A0-11D7-AF6D-0004AC5DE2C8} (Enterprise Authentication Control) - http://lbs04201.advest.mony.com/SiteInfo/AuthControl/vb520v32.cab
    O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Smart Viewer 7) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/crviewer.cab
    O16 - DPF: {C68D2736-2D55-11D2-8CF6-00008326B9A0} (Enterprise Middleware Control) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/vb260v32.cab
    O16 - DPF: {CE1B5137-58EE-11D4-BE8A-006094E5ACA7} (PV107V32.PruServInstall) - http://psiwebnt04.cs.prusec.com/wexserv/pv100v32/self-install/PV107V32.CAB
    O16 - DPF: {D21DD6A9-0295-11D5-AC6E-000629897D5C} (PV108V32.clsBulk) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/pv108v32.cab
    O16 - DPF: {D2FFAA43-074A-11D1-BAA2-444553540000} :)-) VideoSoft vsPrinter3 Control) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Vsview3.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://firstclearing.webex.com/client/v_mywebex/training/ieatgpc.cab
    O16 - DPF: {E80C823B-DE33-11D2-BEEC-00008326B6E8} (Enterprise Tabular Data Dll) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/Ds800v32.cab
    O16 - DPF: {EAF56DC0-6900-11D6-ACE2-0004AC5B6E47} (CM101V32.SoapExecute) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/CM101V32.cab
    O16 - DPF: {F2CA2119-C8D2-11D1-BEBD-00A0C95A6A5C} (WebReportBroker Class) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/swebrs.cab
    O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://bossadvestpa.cs.prusec.com/funcdevsuprt/SelfInstall110/ikmenu.cab
    O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/comdlg32.cab
    O16 - DPF: {FDE4A062-69AE-11D6-ACE2-0004AC5B6E47} (CM111V32.Request) - http://psiwebnt04.cs.prusec.com/funcdevsuprt/selfinstall110/Cm111V32.cab
    O16 - DPF: {FF3B16A4-5C45-11D6-92AD-00B0D0714AE9} (AlertDlg Class) - http://bossadvestpa.cs.prusec.com/funcSTALERT/exe/AlertControl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{18A54EA2-CE60-481C-BF7C-B4E61C2C4BE2}: NameServer = 141.191.128.76,141.191.128.75
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = advest.mony.com,advest.com,mony.com,soc.mony.com,ho.mony.com
    O17 - HKLM\System\CS1\Services\Tcpip\..\{18A54EA2-CE60-481C-BF7C-B4E61C2C4BE2}: NameServer = 141.191.128.76,141.191.128.75
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = advest.mony.com,advest.com,mony.com,soc.mony.com,ho.mony.com
    O17 - HKLM\System\CS2\Services\Tcpip\..\{18A54EA2-CE60-481C-BF7C-B4E61C2C4BE2}: NameServer = 141.191.128.76,141.191.128.75
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = advest.mony.com,advest.com,mony.com,soc.mony.com,ho.mony.com
     
  6. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Do you recognise any of these?
    O16 - DPF: {079E8251-3A00-11D3-BF4E-0000832F7CAE} (DS100v32.clsUtility1) - http://bossadvestpa.cs.prusec.com/f...10/DS100v32.cab
    O16 - DPF: {07D7A18F-3385-11D2-B6D5-0004ACEEF34A} (TrackDetail.clsDetailConnector) - http://psiwebnt04.cs.prusec.com/fun...10/pv299v32.cab
    O16 - DPF: {0BA686AA-F7D3-101A-993E-0000C0EF6F5E} (Threed Checkbox Control) - http://psiwebnt04.cs.prusec.com/fun...10/Threed32.cab
    O16 - DPF: {0BA9C3E4-2E08-11D2-8CF7-00008326B9A0} (Enterprise Tabular Data Dll) - http://bossadvestpa.cs.prusec.com/f...10/vb840v32.cab
    O16 - DPF: {0D6234D0-DBA2-11D1-B5DF-0060976089D0} (True OLE DBGrid 6 Control) - http://bossadvestpa.cs.prusec.com/f...ll110/todg6.cab
     
  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Methinks you have some association with certain financial institutions or outfits, such as:

    http://www.advest.com/ or "MONY" of New York?
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/276553

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice