Thread: I believe I have the black worm
View Single Post
Old 03-31-2006, 04:35 PM   #1 (permalink)
kikithesilly
Registered User
 
Join Date: Mar 2006
Posts: 4
OS: xp


I believe I have the black worm
I keep getting pop up ads, saying that I have the black worm virus and that I need to "click here" to get rid of it. I have gone through the five steps listed that users are supposed to go through before posting a HJT log, but I'm still receiving pop-ups. If someone could help me resolve this I will donate to the cause. I appreciate it.

Logfile of HijackThis v1.99.1
Scan saved at 6:34:28 PM, on 3/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\a la mode\Sched\eSched.exe
C:\windows\mousepad7.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kellee\Desktop\Jason Working\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [The Assistant] "C:\Program Files\a la mode\Sched\eSched.exe"
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname7.exe
O4 - HKLM\..\Run: [q8lg] "C:\WINNT\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [w002115a.dll] RUNDLL32.EXE w002115a.dll,I2 0000207c0002115a
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINNT\system32\rwinnrag.exe CORN001
O4 - HKLM\..\Run: [w503d47a.dll] RUNDLL32.EXE w503d47a.dll,I2 0000207c0503d47a
O4 - HKLM\..\Run: [w000e4ec.dll] RUNDLL32.EXE w000e4ec.dll,I2 0000207c0000e4ec
O4 - HKLM\..\Run: [w000e8fd.dll] RUNDLL32.EXE w000e8fd.dll,I2 0000207c0000e8fd
O4 - HKLM\..\Run: [w0011817.dll] RUNDLL32.EXE w0011817.dll,I2 0000207c00011817
O4 - HKCU\..\Run: [a la mode Scheduler Tool] C:\Program Files\a la mode\sched\eSched.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - Startup: Zeno.lnk = C:\WINNT\system32\rwinnrag.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {2C15848B-21C0-406A-9902-56C8D90684F3} (alaWeb.clsGetStats) - file://C:\WIN2000\CONTENT\cabs\alaWeb.CAB
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webma...rtload185a.exe
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mreis.mlxchange.com/Control/M...ctComboBox.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1098706294940
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mreis.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://dem.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/si...reeInstall.cab
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINNT\system32\w9seq.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINNT\system32\syclient.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINNT\system32\mwang.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
kikithesilly is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here