Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I also need help getting rid of smart security


  • This topic is locked This topic is locked

#1
sis

sis

    New Member

  • Member
  • Pip
  • 1 posts
help! can not get rid of the red warning back ground for smart security in desperate need of help. cant right clip or change the background, get to task manager was hijacking my interent and taking it to about: blank though now I have been able to keep it on googles.



I tried checking and deleting some things with hijackthis before i found this page and also used avast, spy bot, mcafree and panda.

here are my current hijackthis log.




Logfile of HijackThis v1.99.1
Scan saved at 1:06:41 PM, on 4/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\Fiq.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.dll/sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Tre] C:\WINDOWS\System32\Fiq.exe
O4 - HKLM\..\Run: [Ejk] C:\WINDOWS\System32\Rpi.exe
O4 - HKLM\..\Run: [Ciq] C:\WINDOWS\Lsu.exe
O4 - HKLM\..\Run: [Jde] C:\WINDOWS\Fsu.exe
O4 - HKLM\..\Run: [Fmh] C:\WINDOWS\Bmn.exe
O4 - HKLM\..\Run: [Nch] C:\WINDOWS\Klf.exe
O4 - HKLM\..\Run: [Bld] C:\WINDOWS\Vun.exe
O4 - HKLM\..\Run: [Srq] C:\WINDOWS\System32\Gqs.exe
O4 - HKLM\..\Run: [Ivb] C:\WINDOWS\Gmp.exe
O4 - HKLM\..\Run: [Mps] C:\WINDOWS\Ldj.exe
O4 - HKLM\..\Run: [Cln] C:\WINDOWS\Tkn.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Vhp] C:\WINDOWS\System32\Qpv.exe
O4 - HKLM\..\Run: [Bic] C:\WINDOWS\Bna.exe
O4 - HKLM\..\Run: [Nbp] C:\WINDOWS\Jsd.exe
O4 - HKLM\..\Run: [Fgh] C:\WINDOWS\Pvg.exe
O4 - HKLM\..\Run: [Obh] C:\WINDOWS\System32\Isg.exe
O4 - HKLM\..\Run: [Kvo] C:\WINDOWS\System32\Nvh.exe
O4 - HKLM\..\Run: [Foi] C:\WINDOWS\System32\Eia.exe
O4 - HKLM\..\Run: [Opp] C:\WINDOWS\Anh.exe
O4 - HKLM\..\Run: [Usd] C:\WINDOWS\Sea.exe
O4 - HKLM\..\Run: [Jqt] C:\WINDOWS\Lgv.exe
O4 - HKLM\..\Run: [Icp] C:\WINDOWS\Tqk.exe
O4 - HKLM\..\Run: [Hqe] C:\WINDOWS\Pid.exe
O4 - HKLM\..\Run: [Erv] C:\WINDOWS\System32\Lkn.exe
O4 - HKLM\..\Run: [Pek] C:\WINDOWS\System32\Ckf.exe
O4 - HKLM\..\Run: [Jfu] C:\WINDOWS\System32\Enm.exe
O4 - HKLM\..\Run: [Cim] C:\WINDOWS\System32\Jbc.exe
O4 - HKLM\..\Run: [Nej] C:\WINDOWS\System32\Mqj.exe
O4 - HKLM\..\Run: [Mkp] C:\WINDOWS\Jfp.exe
O4 - HKLM\..\Run: [Lnt] C:\WINDOWS\System32\Abh.exe
O4 - HKLM\..\Run: [Lcg] C:\WINDOWS\System32\Ngu.exe
O4 - HKLM\..\Run: [Lli] C:\WINDOWS\Dov.exe
O4 - HKLM\..\Run: [Est] C:\WINDOWS\Aof.exe
O4 - HKLM\..\Run: [Mvs] C:\WINDOWS\Smo.exe
O4 - HKLM\..\Run: [Oul] C:\WINDOWS\System32\Kbv.exe
O4 - HKLM\..\Run: [Ihe] C:\WINDOWS\Hph.exe
O4 - HKLM\..\Run: [Fjq] C:\WINDOWS\System32\Qbh.exe
O4 - HKLM\..\Run: [Enh] C:\WINDOWS\System32\Oou.exe
O4 - HKLM\..\Run: [Frl] C:\WINDOWS\System32\Hpl.exe
O4 - HKLM\..\Run: [Oho] C:\WINDOWS\System32\Fmq.exe
O4 - HKLM\..\Run: [Uco] C:\WINDOWS\Mtn.exe
O4 - HKLM\..\Run: [Oip] C:\WINDOWS\System32\Nmv.exe
O4 - HKLM\..\Run: [Olq] C:\WINDOWS\System32\Amj.exe
O4 - HKLM\..\Run: [Ako] C:\WINDOWS\System32\Vpr.exe
O4 - HKLM\..\Run: [Dhp] C:\WINDOWS\Pav.exe
O4 - HKLM\..\Run: [Rnl] C:\WINDOWS\Ask.exe
O4 - HKLM\..\Run: [Nkr] C:\WINDOWS\Bbr.exe
O4 - HKLM\..\Run: [Qgc] C:\WINDOWS\Gtq.exe
O4 - HKLM\..\Run: [Bla] C:\WINDOWS\Goe.exe
O4 - HKLM\..\Run: [Mhb] C:\WINDOWS\Pph.exe
O4 - HKLM\..\Run: [Aee] C:\WINDOWS\Qtd.exe
O4 - HKLM\..\Run: [Mhh] C:\WINDOWS\System32\Smm.exe
O4 - HKLM\..\Run: [Npq] C:\WINDOWS\Pkb.exe
O4 - HKLM\..\Run: [Inv] C:\WINDOWS\System32\Isu.exe
O4 - HKLM\..\Run: [Bsd] C:\WINDOWS\Vkq.exe
O4 - HKLM\..\Run: [Vtu] C:\WINDOWS\System32\Pnl.exe
O4 - HKLM\..\Run: [Dck] C:\WINDOWS\Gju.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Pdj] C:\WINDOWS\Lvo.exe
O4 - HKLM\..\Run: [Cob] C:\WINDOWS\Chh.exe
O4 - HKLM\..\Run: [Oto] C:\WINDOWS\System32\Jun.exe
O4 - HKLM\..\Run: [Nrb] C:\WINDOWS\System32\Are.exe
O4 - HKCU\..\Run: [Tre] C:\WINDOWS\System32\Fiq.exe
O4 - HKCU\..\Run: [Ejk] C:\WINDOWS\System32\Rpi.exe
O4 - HKCU\..\Run: [Ciq] C:\WINDOWS\Lsu.exe
O4 - HKCU\..\Run: [Jde] C:\WINDOWS\Fsu.exe
O4 - HKCU\..\Run: [Fmh] C:\WINDOWS\Bmn.exe
O4 - HKCU\..\Run: [Nch] C:\WINDOWS\Klf.exe
O4 - HKCU\..\Run: [Bld] C:\WINDOWS\Vun.exe
O4 - HKCU\..\Run: [Srq] C:\WINDOWS\System32\Gqs.exe
O4 - HKCU\..\Run: [Ivb] C:\WINDOWS\Gmp.exe
O4 - HKCU\..\Run: [Mps] C:\WINDOWS\Ldj.exe
O4 - HKCU\..\Run: [Cln] C:\WINDOWS\Tkn.exe
O4 - HKCU\..\Run: [Vhp] C:\WINDOWS\System32\Qpv.exe
O4 - HKCU\..\Run: [Bic] C:\WINDOWS\Bna.exe
O4 - HKCU\..\Run: [Nbp] C:\WINDOWS\Jsd.exe
O4 - HKCU\..\Run: [Fgh] C:\WINDOWS\Pvg.exe
O4 - HKCU\..\Run: [Obh] C:\WINDOWS\System32\Isg.exe
O4 - HKCU\..\Run: [Kvo] C:\WINDOWS\System32\Nvh.exe
O4 - HKCU\..\Run: [Foi] C:\WINDOWS\System32\Eia.exe
O4 - HKCU\..\Run: [Opp] C:\WINDOWS\Anh.exe
O4 - HKCU\..\Run: [Usd] C:\WINDOWS\Sea.exe
O4 - HKCU\..\Run: [Jqt] C:\WINDOWS\Lgv.exe
O4 - HKCU\..\Run: [Icp] C:\WINDOWS\Tqk.exe
O4 - HKCU\..\Run: [Hqe] C:\WINDOWS\Pid.exe
O4 - HKCU\..\Run: [Erv] C:\WINDOWS\System32\Lkn.exe
O4 - HKCU\..\Run: [Pek] C:\WINDOWS\System32\Ckf.exe
O4 - HKCU\..\Run: [Jfu] C:\WINDOWS\System32\Enm.exe
O4 - HKCU\..\Run: [Cim] C:\WINDOWS\System32\Jbc.exe
O4 - HKCU\..\Run: [Nej] C:\WINDOWS\System32\Mqj.exe
O4 - HKCU\..\Run: [Mkp] C:\WINDOWS\Jfp.exe
O4 - HKCU\..\Run: [Lnt] C:\WINDOWS\System32\Abh.exe
O4 - HKCU\..\Run: [Lcg] C:\WINDOWS\System32\Ngu.exe
O4 - HKCU\..\Run: [Lli] C:\WINDOWS\Dov.exe
O4 - HKCU\..\Run: [Est] C:\WINDOWS\Aof.exe
O4 - HKCU\..\Run: [Mvs] C:\WINDOWS\Smo.exe
O4 - HKCU\..\Run: [Oul] C:\WINDOWS\System32\Kbv.exe
O4 - HKCU\..\Run: [Ihe] C:\WINDOWS\Hph.exe
O4 - HKCU\..\Run: [Fjq] C:\WINDOWS\System32\Qbh.exe
O4 - HKCU\..\Run: [Enh] C:\WINDOWS\System32\Oou.exe
O4 - HKCU\..\Run: [Frl] C:\WINDOWS\System32\Hpl.exe
O4 - HKCU\..\Run: [Oho] C:\WINDOWS\System32\Fmq.exe
O4 - HKCU\..\Run: [Uco] C:\WINDOWS\Mtn.exe
O4 - HKCU\..\Run: [Oip] C:\WINDOWS\System32\Nmv.exe
O4 - HKCU\..\Run: [Olq] C:\WINDOWS\System32\Amj.exe
O4 - HKCU\..\Run: [Ako] C:\WINDOWS\System32\Vpr.exe
O4 - HKCU\..\Run: [Dhp] C:\WINDOWS\Pav.exe
O4 - HKCU\..\Run: [Rnl] C:\WINDOWS\Ask.exe
O4 - HKCU\..\Run: [Nkr] C:\WINDOWS\Bbr.exe
O4 - HKCU\..\Run: [Qgc] C:\WINDOWS\Gtq.exe
O4 - HKCU\..\Run: [Bla] C:\WINDOWS\Goe.exe
O4 - HKCU\..\Run: [Mhb] C:\WINDOWS\Pph.exe
O4 - HKCU\..\Run: [Aee] C:\WINDOWS\Qtd.exe
O4 - HKCU\..\Run: [Mhh] C:\WINDOWS\System32\Smm.exe
O4 - HKCU\..\Run: [Npq] C:\WINDOWS\Pkb.exe
O4 - HKCU\..\Run: [Inv] C:\WINDOWS\System32\Isu.exe
O4 - HKCU\..\Run: [Bsd] C:\WINDOWS\Vkq.exe
O4 - HKCU\..\Run: [Vtu] C:\WINDOWS\System32\Pnl.exe
O4 - HKCU\..\Run: [Dck] C:\WINDOWS\Gju.exe
O4 - HKCU\..\Run: [Pdj] C:\WINDOWS\Lvo.exe
O4 - HKCU\..\Run: [Cob] C:\WINDOWS\Chh.exe
O4 - HKCU\..\Run: [Oto] C:\WINDOWS\System32\Jun.exe
O4 - HKCU\..\Run: [Nrb] C:\WINDOWS\System32\Are.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.vxiframe.biz
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.vxiframe.biz (HKLM)
O15 - Trusted IP range: 66.197.161.149
O15 - Trusted IP range: 66.197.161.149 (HKLM)
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Filter: text/html - {457796C5-64C4-44A5-AB82-AD7D6C414847} - (no file)
O18 - Filter: text/plain - {457796C5-64C4-44A5-AB82-AD7D6C414847} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
  • 0

Advertisements


#2
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome sis to Geeks to Go!

Thanks you for your patience, the forums are very busy.

I recommend you print this advice.

Download and save Spywadfix.

It will automatically extract to c:\spywad where it needs to be to run and will automatically open the remove spywad.vbs script for you ready to paste in the line mentioned below.
If you have script blocking enabled you will get a warning about a malicious script wanting to run. Please allow this script to run.

It is not malicious.
It will open an Input box. Paste this line into the box
C:\WINDOWS\System32\Fiq.exe

The script will kill that process, backup and then delete any matching files in System32 and your Windows Directory. It will create a log of all files deleted. This log file will be named Spywad.txt and be located inside the C:\Spywad Folder. The backups will also be located in two subfolders there. One named Systems and the other named Window.

The script will search the Windows Directory and delete desktop.html and popup.html if they exist. It will add entries to the log if these files are found and deleted.

It will then kill Explorer. You will lose your taskbar and desktop. It will repair the registry entries returning your windows default desktop and context menu functions.
It will restart Explorer.

** Script Does not remove the orphaned run entries.

Finally, it will Run hijackthis so that you can remove the orphaned run entries and anything else as posted in my next post.

If hijackthis doesn't start, run it manually.

Place a check against each of the following, making sure you get them all and not any others by mistake:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.dll/sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4.hpwis.com/
O4 - HKLM\..\Run: [Tre] C:\WINDOWS\System32\Fiq.exe
O4 - HKLM\..\Run: [Ejk] C:\WINDOWS\System32\Rpi.exe
O4 - HKLM\..\Run: [Ciq] C:\WINDOWS\Lsu.exe
O4 - HKLM\..\Run: [Jde] C:\WINDOWS\Fsu.exe
O4 - HKLM\..\Run: [Fmh] C:\WINDOWS\Bmn.exe
O4 - HKLM\..\Run: [Nch] C:\WINDOWS\Klf.exe
O4 - HKLM\..\Run: [Bld] C:\WINDOWS\Vun.exe
O4 - HKLM\..\Run: [Srq] C:\WINDOWS\System32\Gqs.exe
O4 - HKLM\..\Run: [Ivb] C:\WINDOWS\Gmp.exe
O4 - HKLM\..\Run: [Mps] C:\WINDOWS\Ldj.exe
O4 - HKLM\..\Run: [Cln] C:\WINDOWS\Tkn.exe
O4 - HKLM\..\Run: [Vhp] C:\WINDOWS\System32\Qpv.exe
O4 - HKLM\..\Run: [Bic] C:\WINDOWS\Bna.exe
O4 - HKLM\..\Run: [Nbp] C:\WINDOWS\Jsd.exe
O4 - HKLM\..\Run: [Fgh] C:\WINDOWS\Pvg.exe
O4 - HKLM\..\Run: [Obh] C:\WINDOWS\System32\Isg.exe
O4 - HKLM\..\Run: [Kvo] C:\WINDOWS\System32\Nvh.exe
O4 - HKLM\..\Run: [Foi] C:\WINDOWS\System32\Eia.exe
O4 - HKLM\..\Run: [Opp] C:\WINDOWS\Anh.exe
O4 - HKLM\..\Run: [Usd] C:\WINDOWS\Sea.exe
O4 - HKLM\..\Run: [Jqt] C:\WINDOWS\Lgv.exe
O4 - HKLM\..\Run: [Icp] C:\WINDOWS\Tqk.exe
O4 - HKLM\..\Run: [Hqe] C:\WINDOWS\Pid.exe
O4 - HKLM\..\Run: [Erv] C:\WINDOWS\System32\Lkn.exe
O4 - HKLM\..\Run: [Pek] C:\WINDOWS\System32\Ckf.exe
O4 - HKLM\..\Run: [Jfu] C:\WINDOWS\System32\Enm.exe
O4 - HKLM\..\Run: [Cim] C:\WINDOWS\System32\Jbc.exe
O4 - HKLM\..\Run: [Nej] C:\WINDOWS\System32\Mqj.exe
O4 - HKLM\..\Run: [Mkp] C:\WINDOWS\Jfp.exe
O4 - HKLM\..\Run: [Lnt] C:\WINDOWS\System32\Abh.exe
O4 - HKLM\..\Run: [Lcg] C:\WINDOWS\System32\Ngu.exe
O4 - HKLM\..\Run: [Lli] C:\WINDOWS\Dov.exe
O4 - HKLM\..\Run: [Est] C:\WINDOWS\Aof.exe
O4 - HKLM\..\Run: [Mvs] C:\WINDOWS\Smo.exe
O4 - HKLM\..\Run: [Oul] C:\WINDOWS\System32\Kbv.exe
O4 - HKLM\..\Run: [Ihe] C:\WINDOWS\Hph.exe
O4 - HKLM\..\Run: [Fjq] C:\WINDOWS\System32\Qbh.exe
O4 - HKLM\..\Run: [Enh] C:\WINDOWS\System32\Oou.exe
O4 - HKLM\..\Run: [Frl] C:\WINDOWS\System32\Hpl.exe
O4 - HKLM\..\Run: [Oho] C:\WINDOWS\System32\Fmq.exe
O4 - HKLM\..\Run: [Uco] C:\WINDOWS\Mtn.exe
O4 - HKLM\..\Run: [Oip] C:\WINDOWS\System32\Nmv.exe
O4 - HKLM\..\Run: [Olq] C:\WINDOWS\System32\Amj.exe
O4 - HKLM\..\Run: [Ako] C:\WINDOWS\System32\Vpr.exe
O4 - HKLM\..\Run: [Dhp] C:\WINDOWS\Pav.exe
O4 - HKLM\..\Run: [Rnl] C:\WINDOWS\Ask.exe
O4 - HKLM\..\Run: [Nkr] C:\WINDOWS\Bbr.exe
O4 - HKLM\..\Run: [Qgc] C:\WINDOWS\Gtq.exe
O4 - HKLM\..\Run: [Bla] C:\WINDOWS\Goe.exe
O4 - HKLM\..\Run: [Mhb] C:\WINDOWS\Pph.exe
O4 - HKLM\..\Run: [Aee] C:\WINDOWS\Qtd.exe
O4 - HKLM\..\Run: [Mhh] C:\WINDOWS\System32\Smm.exe
O4 - HKLM\..\Run: [Npq] C:\WINDOWS\Pkb.exe
O4 - HKLM\..\Run: [Inv] C:\WINDOWS\System32\Isu.exe
O4 - HKLM\..\Run: [Bsd] C:\WINDOWS\Vkq.exe
O4 - HKLM\..\Run: [Vtu] C:\WINDOWS\System32\Pnl.exe
O4 - HKLM\..\Run: [Dck] C:\WINDOWS\Gju.exe
O4 - HKLM\..\Run: [Pdj] C:\WINDOWS\Lvo.exe
O4 - HKLM\..\Run: [Cob] C:\WINDOWS\Chh.exe
O4 - HKLM\..\Run: [Oto] C:\WINDOWS\System32\Jun.exe
O4 - HKLM\..\Run: [Nrb] C:\WINDOWS\System32\Are.exe
O4 - HKCU\..\Run: [Tre] C:\WINDOWS\System32\Fiq.exe
O4 - HKCU\..\Run: [Ejk] C:\WINDOWS\System32\Rpi.exe
O4 - HKCU\..\Run: [Ciq] C:\WINDOWS\Lsu.exe
O4 - HKCU\..\Run: [Jde] C:\WINDOWS\Fsu.exe
O4 - HKCU\..\Run: [Fmh] C:\WINDOWS\Bmn.exe
O4 - HKCU\..\Run: [Nch] C:\WINDOWS\Klf.exe
O4 - HKCU\..\Run: [Bld] C:\WINDOWS\Vun.exe
O4 - HKCU\..\Run: [Srq] C:\WINDOWS\System32\Gqs.exe
O4 - HKCU\..\Run: [Ivb] C:\WINDOWS\Gmp.exe
O4 - HKCU\..\Run: [Mps] C:\WINDOWS\Ldj.exe
O4 - HKCU\..\Run: [Cln] C:\WINDOWS\Tkn.exe
O4 - HKCU\..\Run: [Vhp] C:\WINDOWS\System32\Qpv.exe
O4 - HKCU\..\Run: [Bic] C:\WINDOWS\Bna.exe
O4 - HKCU\..\Run: [Nbp] C:\WINDOWS\Jsd.exe
O4 - HKCU\..\Run: [Fgh] C:\WINDOWS\Pvg.exe
O4 - HKCU\..\Run: [Obh] C:\WINDOWS\System32\Isg.exe
O4 - HKCU\..\Run: [Kvo] C:\WINDOWS\System32\Nvh.exe
O4 - HKCU\..\Run: [Foi] C:\WINDOWS\System32\Eia.exe
O4 - HKCU\..\Run: [Opp] C:\WINDOWS\Anh.exe
O4 - HKCU\..\Run: [Usd] C:\WINDOWS\Sea.exe
O4 - HKCU\..\Run: [Jqt] C:\WINDOWS\Lgv.exe
O4 - HKCU\..\Run: [Icp] C:\WINDOWS\Tqk.exe
O4 - HKCU\..\Run: [Hqe] C:\WINDOWS\Pid.exe
O4 - HKCU\..\Run: [Erv] C:\WINDOWS\System32\Lkn.exe
O4 - HKCU\..\Run: [Pek] C:\WINDOWS\System32\Ckf.exe
O4 - HKCU\..\Run: [Jfu] C:\WINDOWS\System32\Enm.exe
O4 - HKCU\..\Run: [Cim] C:\WINDOWS\System32\Jbc.exe
O4 - HKCU\..\Run: [Nej] C:\WINDOWS\System32\Mqj.exe
O4 - HKCU\..\Run: [Mkp] C:\WINDOWS\Jfp.exe
O4 - HKCU\..\Run: [Lnt] C:\WINDOWS\System32\Abh.exe
O4 - HKCU\..\Run: [Lcg] C:\WINDOWS\System32\Ngu.exe
O4 - HKCU\..\Run: [Lli] C:\WINDOWS\Dov.exe
O4 - HKCU\..\Run: [Est] C:\WINDOWS\Aof.exe
O4 - HKCU\..\Run: [Mvs] C:\WINDOWS\Smo.exe
O4 - HKCU\..\Run: [Oul] C:\WINDOWS\System32\Kbv.exe
O4 - HKCU\..\Run: [Ihe] C:\WINDOWS\Hph.exe
O4 - HKCU\..\Run: [Fjq] C:\WINDOWS\System32\Qbh.exe
O4 - HKCU\..\Run: [Enh] C:\WINDOWS\System32\Oou.exe
O4 - HKCU\..\Run: [Frl] C:\WINDOWS\System32\Hpl.exe
O4 - HKCU\..\Run: [Oho] C:\WINDOWS\System32\Fmq.exe
O4 - HKCU\..\Run: [Uco] C:\WINDOWS\Mtn.exe
O4 - HKCU\..\Run: [Oip] C:\WINDOWS\System32\Nmv.exe
O4 - HKCU\..\Run: [Olq] C:\WINDOWS\System32\Amj.exe
O4 - HKCU\..\Run: [Ako] C:\WINDOWS\System32\Vpr.exe
O4 - HKCU\..\Run: [Dhp] C:\WINDOWS\Pav.exe
O4 - HKCU\..\Run: [Rnl] C:\WINDOWS\Ask.exe
O4 - HKCU\..\Run: [Nkr] C:\WINDOWS\Bbr.exe
O4 - HKCU\..\Run: [Qgc] C:\WINDOWS\Gtq.exe
O4 - HKCU\..\Run: [Bla] C:\WINDOWS\Goe.exe
O4 - HKCU\..\Run: [Mhb] C:\WINDOWS\Pph.exe
O4 - HKCU\..\Run: [Aee] C:\WINDOWS\Qtd.exe
O4 - HKCU\..\Run: [Mhh] C:\WINDOWS\System32\Smm.exe
O4 - HKCU\..\Run: [Npq] C:\WINDOWS\Pkb.exe
O4 - HKCU\..\Run: [Inv] C:\WINDOWS\System32\Isu.exe
O4 - HKCU\..\Run: [Bsd] C:\WINDOWS\Vkq.exe
O4 - HKCU\..\Run: [Vtu] C:\WINDOWS\System32\Pnl.exe
O4 - HKCU\..\Run: [Dck] C:\WINDOWS\Gju.exe
O4 - HKCU\..\Run: [Pdj] C:\WINDOWS\Lvo.exe
O4 - HKCU\..\Run: [Cob] C:\WINDOWS\Chh.exe
O4 - HKCU\..\Run: [Oto] C:\WINDOWS\System32\Jun.exe
O4 - HKCU\..\Run: [Nrb] C:\WINDOWS\System32\Are.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.vxiframe.biz
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.vxiframe.biz (HKLM)
O15 - Trusted IP range: 66.197.161.149
O15 - Trusted IP range: 66.197.161.149 (HKLM)
O18 - Filter: text/html - {457796C5-64C4-44A5-AB82-AD7D6C414847} - (no file)
O18 - Filter: text/plain - {457796C5-64C4-44A5-AB82-AD7D6C414847} - (no file)

Click on Fix Checked when finished and exit HijackThis

--------------------------

When finished, post the contents of Spywad.txt and a new Hijackthis log.

If the files deleted are all found to be part of the infection and nothing important has been deleted, you will be instructed to delete the entire Spywad Folder after you have cleaned up all other User Profiles on that system.


Once you have performed the big cleanup, each of the other Users on the System needs to be signed in to clean up their desktop and regain the right click.

I have included another vbs to do this. It is named Other Profiles Regfix.vbs

Have each User sign in and run Other Profiles Regfix.vbs
Open C:\ (Go to Start>Run and type C: Press enter) and Open the C:\Spywad folder. Double click on Other Profiles Regfix.vbs

Explorer will be ended and that user's active desktop registry entries will be repaired. Explorer will be restarted.

Then run hijackthis and remove the entries as directed.

You will need to do this step for every user account

To reset your wallpaper, open Display Properties > Desktop Tab. Choose a Wallpaper and apply. Close Display Properties. To see the change, click on the desktop and press F5.




No reply was posted for more than two weeks.

This topic is now closed. If you are the topicowner and still need assistance, please send me a PM.

Edited by g2i2r4, 01 May 2005 - 11:08 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP