When this first happened, the desktop kept sprouting a bunch of "sex" icons - I've managed to stop that happening (and to stop pop-ups which kept directing me to the Smart Security website), but I'm desperate to get my PC back to how it was. This is my Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 20:23:22, on 06/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\winsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: C:\WINDOWS\system32\atmpvc.dll - {7DBA5E61-9C51-4365-ACD2-DE684E133F8C} - C:\WINDOWS\system32\atmpvc.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Fkm] C:\WINDOWS\system32\Lcs.exe
O4 - HKLM\..\Run: [Dum] C:\WINDOWS\system32\Bdk.exe
O4 - HKLM\..\Run: [Meo] C:\WINDOWS\Mka.exe
O4 - HKLM\..\Run: [Hai] C:\WINDOWS\system32\Utk.exe
O4 - HKLM\..\Run: [Suo] C:\WINDOWS\Ptn.exe
O4 - HKLM\..\Run: [Lpi] C:\WINDOWS\system32\Iso.exe
O4 - HKLM\..\Run: [Mba] C:\WINDOWS\system32\Ado.exe
O4 - HKLM\..\Run: [Tvm] C:\WINDOWS\system32\Hdm.exe
O4 - HKLM\..\Run: [Ski] C:\WINDOWS\system32\Fnj.exe
O4 - HKLM\..\Run: [Vai] C:\WINDOWS\system32\Poi.exe
O4 - HKLM\..\Run: [Ptp] C:\WINDOWS\Oct.exe
O4 - HKLM\..\Run: [Hks] C:\WINDOWS\system32\Lrd.exe
O4 - HKLM\..\Run: [Rig] C:\WINDOWS\system32\Rec.exe
O4 - HKLM\..\Run: [Kuc] C:\WINDOWS\Mdm.exe
O4 - HKLM\..\Run: [Hgd] C:\WINDOWS\system32\Shn.exe
O4 - HKLM\..\Run: [Eva] C:\WINDOWS\Qlc.exe
O4 - HKLM\..\Run: [Ehf] C:\WINDOWS\Tjm.exe
O4 - HKLM\..\Run: [Aef] C:\WINDOWS\system32\Ssg.exe
O4 - HKLM\..\Run: [Uko] C:\WINDOWS\system32\Bdg.exe
O4 - HKLM\..\Run: [Isb] C:\WINDOWS\system32\Aut.exe
O4 - HKLM\..\Run: [Guf] C:\WINDOWS\Ccd.exe
O4 - HKLM\..\Run: [Jgq] C:\WINDOWS\Nud.exe
O4 - HKLM\..\Run: [Nej] C:\WINDOWS\system32\Jpf.exe
O4 - HKLM\..\Run: [Shg] C:\WINDOWS\Vpi.exe
O4 - HKLM\..\Run: [Rte] C:\WINDOWS\Ifm.exe
O4 - HKLM\..\Run: [Qvl] C:\WINDOWS\Atd.exe
O4 - HKLM\..\Run: [Mmd] C:\WINDOWS\system32\Hgh.exe
O4 - HKLM\..\Run: [Aei] C:\WINDOWS\system32\Fha.exe
O4 - HKLM\..\Run: [Ihu] C:\WINDOWS\Tqj.exe
O4 - HKLM\..\Run: [Kme] C:\WINDOWS\Qpq.exe
O4 - HKLM\..\Run: [Hol] C:\WINDOWS\Jfc.exe
O4 - HKLM\..\Run: [Ukk] C:\WINDOWS\Jde.exe
O4 - HKLM\..\Run: [Kau] C:\WINDOWS\Bsa.exe
O4 - HKLM\..\Run: [Ttn] C:\WINDOWS\Tck.exe
O4 - HKLM\..\Run: [Lgh] C:\WINDOWS\system32\Ncc.exe
O4 - HKLM\..\Run: [Btm] C:\WINDOWS\Vgo.exe
O4 - HKLM\..\Run: [Rhl] C:\WINDOWS\system32\Qrh.exe
O4 - HKLM\..\Run: [Jsm] C:\WINDOWS\Umm.exe
O4 - HKLM\..\Run: [Jnu] C:\WINDOWS\system32\Nec.exe
O4 - HKLM\..\Run: [Vqu] C:\WINDOWS\Cgj.exe
O4 - HKLM\..\Run: [Scf] C:\WINDOWS\Ahb.exe
O4 - HKLM\..\Run: [Qco] C:\WINDOWS\Mkm.exe
O4 - HKLM\..\Run: [Lcu] C:\WINDOWS\system32\Cql.exe
O4 - HKLM\..\Run: [Pog] C:\WINDOWS\Mqe.exe
O4 - HKLM\..\Run: [Tpi] C:\WINDOWS\system32\Egc.exe
O4 - HKLM\..\Run: [Urq] C:\WINDOWS\Vjc.exe
O4 - HKLM\..\Run: [Djo] C:\WINDOWS\system32\Tbp.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Fkm] C:\WINDOWS\system32\Lcs.exe
O4 - HKCU\..\Run: [Dum] C:\WINDOWS\system32\Bdk.exe
O4 - HKCU\..\Run: [Meo] C:\WINDOWS\Mka.exe
O4 - HKCU\..\Run: [Hai] C:\WINDOWS\system32\Utk.exe
O4 - HKCU\..\Run: [Suo] C:\WINDOWS\Ptn.exe
O4 - HKCU\..\Run: [Lpi] C:\WINDOWS\system32\Iso.exe
O4 - HKCU\..\Run: [Mba] C:\WINDOWS\system32\Ado.exe
O4 - HKCU\..\Run: [Tvm] C:\WINDOWS\system32\Hdm.exe
O4 - HKCU\..\Run: [Ski] C:\WINDOWS\system32\Fnj.exe
O4 - HKCU\..\Run: [Vai] C:\WINDOWS\system32\Poi.exe
O4 - HKCU\..\Run: [Ptp] C:\WINDOWS\Oct.exe
O4 - HKCU\..\Run: [Hks] C:\WINDOWS\system32\Lrd.exe
O4 - HKCU\..\Run: [Rig] C:\WINDOWS\system32\Rec.exe
O4 - HKCU\..\Run: [Kuc] C:\WINDOWS\Mdm.exe
O4 - HKCU\..\Run: [Hgd] C:\WINDOWS\system32\Shn.exe
O4 - HKCU\..\Run: [Eva] C:\WINDOWS\Qlc.exe
O4 - HKCU\..\Run: [Ehf] C:\WINDOWS\Tjm.exe
O4 - HKCU\..\Run: [Aef] C:\WINDOWS\system32\Ssg.exe
O4 - HKCU\..\Run: [Uko] C:\WINDOWS\system32\Bdg.exe
O4 - HKCU\..\Run: [Isb] C:\WINDOWS\system32\Aut.exe
O4 - HKCU\..\Run: [Guf] C:\WINDOWS\Ccd.exe
O4 - HKCU\..\Run: [Jgq] C:\WINDOWS\Nud.exe
O4 - HKCU\..\Run: [Nej] C:\WINDOWS\system32\Jpf.exe
O4 - HKCU\..\Run: [Shg] C:\WINDOWS\Vpi.exe
O4 - HKCU\..\Run: [Rte] C:\WINDOWS\Ifm.exe
O4 - HKCU\..\Run: [Qvl] C:\WINDOWS\Atd.exe
O4 - HKCU\..\Run: [Mmd] C:\WINDOWS\system32\Hgh.exe
O4 - HKCU\..\Run: [Aei] C:\WINDOWS\system32\Fha.exe
O4 - HKCU\..\Run: [Ihu] C:\WINDOWS\Tqj.exe
O4 - HKCU\..\Run: [Kme] C:\WINDOWS\Qpq.exe
O4 - HKCU\..\Run: [Hol] C:\WINDOWS\Jfc.exe
O4 - HKCU\..\Run: [Ukk] C:\WINDOWS\Jde.exe
O4 - HKCU\..\Run: [Kau] C:\WINDOWS\Bsa.exe
O4 - HKCU\..\Run: [Ttn] C:\WINDOWS\Tck.exe
O4 - HKCU\..\Run: [Lgh] C:\WINDOWS\system32\Ncc.exe
O4 - HKCU\..\Run: [Btm] C:\WINDOWS\Vgo.exe
O4 - HKCU\..\Run: [Rhl] C:\WINDOWS\system32\Qrh.exe
O4 - HKCU\..\Run: [Jsm] C:\WINDOWS\Umm.exe
O4 - HKCU\..\Run: [Jnu] C:\WINDOWS\system32\Nec.exe
O4 - HKCU\..\Run: [Vqu] C:\WINDOWS\Cgj.exe
O4 - HKCU\..\Run: [Scf] C:\WINDOWS\Ahb.exe
O4 - HKCU\..\Run: [Qco] C:\WINDOWS\Mkm.exe
O4 - HKCU\..\Run: [Lcu] C:\WINDOWS\system32\Cql.exe
O4 - HKCU\..\Run: [Pog] C:\WINDOWS\Mqe.exe
O4 - HKCU\..\Run: [Tpi] C:\WINDOWS\system32\Egc.exe
O4 - HKCU\..\Run: [Urq] C:\WINDOWS\Vjc.exe
O4 - HKCU\..\Run: [Djo] C:\WINDOWS\system32\Tbp.exe
O4 - Startup: winupdate07252093[1].exe
O4 - Startup: winupdate68613071[1].exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc....kup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9EF3E1D-6ABC-4332-BEDF-73032250D192}: NameServer = 205.188.146.145
O20 - Winlogon Notify: eventss - C:\WINDOWS\system32\atmpvc.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Windows update Service (updater) - Unknown owner - C:\WINDOWS\system32\winsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Can anyone out there help? Please?
Edited by Efwis, 18 April 2005 - 05:41 AM.