Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojanspy.tml.smitfraud.com [resolved]


  • This topic is locked This topic is locked

#16
doug_lord

doug_lord

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
All done:

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:00:33 PM, on 5/9/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\internat.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [wymrvfy] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [hesakcb] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [ydvxcka] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [bspjlog] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [avqdivq] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [hkokhoj] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [ywpenwu] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [sujqtiv] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [eqdolgd] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [kkuqlgl] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [ubmndea] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [oiqdlto] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [erfpphm] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [mpmgqvd] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [wjxowql] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [umyagtg] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [fcbmsce] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [pakynre] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [qvuufop] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [mxmshow] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [nptykyg] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [icmvgda] c:\winnt\ohrxdnu.exe
O4 - HKCU\..\Run: [caqmvwi] c:\winnt\kadtfeo.exe
O4 - HKCU\..\Run: [ikihvdc] c:\winnt\kadtfeo.exe
O4 - HKCU\..\Run: [hewqaos] c:\winnt\kadtfeo.exe
O4 - HKCU\..\Run: [pswrdvo] c:\winnt\kadtfeo.exe
O4 - HKCU\..\Run: [snhfutt] c:\winnt\kadtfeo.exe
O4 - HKCU\..\Run: [jjxgtvm] c:\winnt\kadtfeo.exe
O4 - HKCU\..\Run: [vtpdses] c:\winnt\kadtfeo.exe
O4 - HKCU\..\Run: [bsgjfye] c:\winnt\kadtfeo.exe
O4 - HKCU\..\Run: [udqxvbl] c:\winnt\kadtfeo.exe
O4 - HKCU\..\Run: [hitasut] c:\winnt\cnurihq.exe
O4 - HKCU\..\Run: [jmesujl] c:\winnt\cnurihq.exe
O4 - HKCU\..\Run: [jgutffg] c:\winnt\cnurihq.exe
O4 - HKCU\..\Run: [teltnsp] c:\winnt\cnurihq.exe
O4 - HKCU\..\Run: [owurqis] c:\winnt\cnurihq.exe
O4 - HKCU\..\Run: [qusxoeo] c:\winnt\cnurihq.exe
O4 - HKCU\..\Run: [hkrttta] c:\winnt\cnurihq.exe
O4 - HKCU\..\Run: [qskudot] c:\winnt\cnurihq.exe
O4 - HKCU\..\Run: [pbjitog] c:\winnt\cnurihq.exe
O4 - HKCU\..\Run: [midmbwv] c:\winnt\cnurihq.exe
O4 - HKCU\..\Run: [fhrfkxp] c:\winnt\cnurihq.exe
O4 - HKCU\..\Run: [oaiaedw] c:\winnt\cnurihq.exe
O4 - HKCU\..\Run: [vvdlmjc] c:\winnt\cnurihq.exe
O4 - HKCU\..\Run: [rnvwyba] c:\winnt\cnurihq.exe
O4 - HKCU\..\Run: [ojmpnwk] c:\winnt\cnurihq.exe
O4 - HKCU\..\Run: [hbsfrhw] c:\winnt\cnurihq.exe
O4 - HKCU\..\Run: [gggggxo] c:\winnt\cnurihq.exe
O4 - HKCU\..\Run: [huqcsgj] c:\winnt\cnurihq.exe
O4 - HKCU\..\Run: [irrccpu] c:\winnt\cnurihq.exe
O4 - HKCU\..\Run: [uwjvnln] c:\winnt\cnurihq.exe
O4 - HKCU\..\Run: [epsrjti] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [ffihdnc] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [oohanrj] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [gisvghe] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [jusdyqg] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [ukohfei] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [tupyrsn] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [drasegk] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [tradkou] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [yccsets] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [iwlbnvs] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [vxslbei] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [bitkaqt] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [bwuykvd] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [cfkixgk] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [xsqqpoq] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [thbfpfl] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [kibuwdc] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [fsqowsf] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [evedfyu] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [jlyotdv] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [efvahem] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [owccmuo] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [miivuet] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [wkekaan] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [qgssfdo] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [vcevdfm] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [nxptycu] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [oqsbtmi] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [ppkcjsk] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [qqvqiws] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [hkqefaf] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [dxeoely] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [pnitcho] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [arrgjre] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [ealmrwc] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [cpbglvh] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [sderaly] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [ixuotoq] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [gxxvlnf] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [pdocqpn] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [jdrqpmh] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [irldsix] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [evpbhwi] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [kmukorg] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [yqwjghr] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [tdkibxe] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [uqwcupk] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [fxupxlb] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [ffryjpl] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [aamwhmn] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [vagjdka] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [llqqdhj] c:\winnt\mwiswfo.exe
O4 - HKCU\..\Run: [afcwccw] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [rpekvgf] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [oihmkve] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [gnhpayx] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [whlinpb] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [dsfsofp] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [hijxopg] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [oscuxms] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [lpihaxe] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [vysgsjv] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [nmsgloc] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [qwobeto] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [bhjdena] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [eirpatk] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [mrbqxia] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [hxkiejj] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [pirjqon] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [mdhfpkf] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [wutvhqw] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [hoowwkq] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [eiwodod] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [qhiboty] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [inslqeq] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [jgwkkwj] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [orvtosm] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [wbmhbtg] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [chrohsl] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [amuklml] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [rflurmo] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [vgfgnjm] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [hlrhbao] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [wfsdpsf] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [xmcoxwd] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [jdwxouv] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [xeemdag] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [khkiefh] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [yvtompe] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [tbcflen] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [ysulbxi] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [tpamgwd] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [uoohbgi] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [oboluvm] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [amkqjqn] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [ygxgiid] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [fbcwgnt] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [gwdvyel] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [ulmnxsv] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [uiodpbx] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [jeotdpd] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [oryhxba] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [qhlpjcl] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [ihxynbh] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [ypfgilf] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [denqjrj] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [pcafyfo] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [gfrqsgq] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [njqhyln] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [cgjumje] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [ljdsurf] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [kwrxybb] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [yaxioqp] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [mlkbmhs] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [kysmeto] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [oiqbvwd] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [rntgpqb] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [qvrixmm] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [ajmakbk] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [paavjfn] c:\winnt\imujmni.exe
O4 - HKCU\..\Run: [axeuyjp] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [wpjixev] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [pnwcjom] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [iviavgl] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [ramibwu] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [oxrebmb] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [osonrdl] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [ajpcfpt] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [nbbonej] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [shyrsia] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [ayfgydw] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [shvmuhe] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [ixdtnen] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [njectjw] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [hfvlbjo] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [khhtxlj] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [ramyspf] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [jsjvfef] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [yjfdygd] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [ytlsqwl] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [lrvctym] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [ptacsln] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [wxhtffd] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [ixkggsa] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [eohpqwk] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [gvvhbqu] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [udayxsp] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [dnmsbcw] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [cemsnpb] c:\winnt\bghxjvw.exe
O4 - HKCU\..\Run: [yxnxslo] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [hrggukd] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [dhgwqyp] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [fvasaid] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [hnkqnsd] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [rknevxu] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [nftagqo] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [iiddptl] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [cyefhug] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [nccemra] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [lxnrooy] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [fmcwfkq] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [enqkyeq] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [fjekmkd] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [lwqcotb] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [uqbcovj] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [mgxsvch] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [cvuqaey] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [orvetwg] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [sjudger] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [sjpsouo] c:\winnt\bqeqaso.exe
O4 - HKCU\..\Run: [dtqflrv] c:\winnt\umetjwa.exe
O4 - HKCU\..\Run: [qqpiptd] c:\winnt\wbednct.exe
O4 - HKCU\..\Run: [fvimgni] c:\winnt\ejounne.exe
O4 - HKCU\..\Run: [dfrkged] c:\winnt\umetjwa.exe
O4 - HKCU\..\Run: [djhtbnv] c:\winnt\wbednct.exe
O4 - HKCU\..\Run: [ucjnhnx] c:\winnt\ejounne.exe
O4 - HKCU\..\Run: [qqvrspj] c:\winnt\wbednct.exe
O4 - HKCU\..\Run: [rkkubkc] c:\winnt\umetjwa.exe
O4 - HKCU\..\Run: [rehlsww] c:\winnt\ejounne.exe
O4 - HKCU\..\Run: [nmfhyhl] c:\winnt\wbednct.exe
O4 - HKCU\..\Run: [rlschev] c:\winnt\umetjwa.exe
O4 - HKCU\..\Run: [krfsrhy] c:\winnt\wbednct.exe
O4 - HKCU\..\Run: [xcluqra] c:\winnt\umetjwa.exe
O4 - HKCU\..\Run: [xlwmeij] c:\winnt\wbednct.exe
O4 - HKCU\..\Run: [jgrsahx] c:\winnt\umetjwa.exe
O4 - HKCU\..\Run: [qjfpjbr] c:\winnt\wbednct.exe
O4 - HKCU\..\Run: [iaylofm] c:\winnt\umetjwa.exe
O4 - HKCU\..\Run: [sgsfqaw] c:\winnt\vixwkwk.exe
O4 - HKCU\..\Run: [rjeniur] c:\winnt\vixwkwk.exe
O4 - HKCU\..\Run: [plbiyiv] c:\winnt\vixwkwk.exe
O4 - HKCU\..\Run: [aejqtjp] c:\winnt\vixwkwk.exe
O4 - HKCU\..\Run: [knneiyb] c:\winnt\vixwkwk.exe
O4 - HKCU\..\Run: [fmyeurc] c:\winnt\vixwkwk.exe
O4 - HKCU\..\Run: [dpyujba] c:\winnt\vixwkwk.exe
O4 - HKCU\..\Run: [jhnbqus] c:\winnt\vixwkwk.exe
O4 - HKCU\..\Run: [filddik] c:\winnt\vixwkwk.exe
O4 - HKCU\..\Run: [ayelfgb] c:\winnt\vixwkwk.exe
O4 - HKCU\..\Run: [tqutdfw] c:\winnt\vixwkwk.exe
O4 - HKCU\..\Run: [iygbtor] c:\winnt\vixwkwk.exe
O4 - HKCU\..\Run: [lluvtqb] c:\winnt\vixwkwk.exe
O4 - HKCU\..\Run: [nycaakt] c:\winnt\vixwkwk.exe
O4 - HKCU\..\Run: [gmouinj] c:\winnt\vixwkwk.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: AOL Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33D13E8F-21D5-4185-A37D-C12078C5BC18}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{33D13E8F-21D5-4185-A37D-C12078C5BC18}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




Activescan found but did not remove 5 items:


Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/MediaTickets No disinfected C:\eied_s7.cab
Adware:Adware/BlazeFind No disinfected Windows Registry
Adware:Adware/MediaTickets No disinfected C:\eied_s7.cab
Adware:Adware/MediaTickets No disinfected C:\eied_s7.cab[eied.inf]


My wallpaper has reverted to plain blue (no message) and everything seems to be running very slowly. Feel free to tell me if it is because I have a [bleep] laptop.

Regards

Doug
  • 0

Advertisements


#17
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
It's not your computer. It this infection we're dealing with.

Please use killbox to delete this file on reboot:
C:\eied_s7.cab
Then reboot.

***

Open Notepad.
Copy the text from the box to an empty file.
Save it as ‘export.bat’ to your desktop.
Choose ‘save as all types *.*’

regedit /e runkey.reg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

Close Notepad.

Find ‘export.bat’ on your desktop.
Doubleclick the file. It will create a file on your desktop called ‘runkey.reg’
Copy the entire text and past it to your reply here in this topic.

I don't need a HijackThis log this time.

Let's see if we can get ride of it another way.

Edited by g2i2r4, 09 May 2005 - 02:15 PM.

  • 0

#18
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Also do this please:
Open HijackThis
Go to ‘config’
Go to ‘misc tools’
Press the button ‘open uninstall manager’
Press the button 'save list'. It will open a Notepad file. Place the content of that file here in your answer please.
  • 0

#19
doug_lord

doug_lord

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I didn't get any text when I ran regkey.

HJT Savelist:

Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 6.0.1
AOL Coach Version 1.0(Build:20040229.1 uk)
AOL Connectivity Services
AOL Spyware Protection
AOL UK (Choose which version to remove)
AOL You've Got Pictures Screensaver
Business Contact Manager for Outlook 2003
CC_ccProxyMSI
CC_ccStart
ccCommon
CleanUp!
ewido security suite
FinePixViewer Ver.4.0
FUJIFILM USB Driver
Google Toolbar for Internet Explorer
HijackThis 1.99.1
ImageMixer VCD for FinePix
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft Internet Explorer 6 SP1
Microsoft Office Professional Edition 2003
MicroStaff WINASPI NT
MSRedist
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton WMI Update
OfferAgent
QuickTime
RAW FILE CONVERTER LE
RealPlayer
Registrar Lite 2.00
Spybot - Search & Destroy 1.3
Symantec Script Blocking Installer
Viewpoint Media Player
Windows Media Player 7.1
Windows SR 2.0
WinZip
Yahoo! Internet Mail
  • 0

#20
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Please rightclick the file ‘runkey.reg' and choose 'open with'. Choose Notepad.
Copy the content and paste it here please.
  • 0

#21
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Please remove OfferAgent from your computer.

Open HijackThis
Go to ‘config’
Go to ‘misc tools’
Press the button ‘open uninstall manager’
In the list find:
OfferAgent
Press ‘delete this item’.
Close HijackThis and reboot.

download this tool to your desktop.
Doubleclick FxBlzFnd.exe and let it run.

Reboot again.

Please post me a the content of that runkey.reg and we will move on to the next step.

Edited by g2i2r4, 09 May 2005 - 04:21 PM.

  • 0

#22
doug_lord

doug_lord

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
  • 0

#23
doug_lord

doug_lord

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
FxBlzFnd.exe found nothing.
  • 0

#24
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Please hold, I'll check my collegues for some fresh ideas.
  • 0

#25
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
doug lord,

Open HijackThis.

Put a check to all of these items:

O4 - HKCU\..\Run: [wymrvfy] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [hesakcb] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [ydvxcka] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [bspjlog] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [avqdivq] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [hkokhoj] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [ywpenwu] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [sujqtiv] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [eqdolgd] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [kkuqlgl] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [ubmndea] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [oiqdlto] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [erfpphm] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [mpmgqvd] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [wjxowql] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [umyagtg] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [fcbmsce] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [pakynre] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [qvuufop] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [mxmshow] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [nptykyg] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [icmvgda] c:\winnt\ohrxdnu.exe

O4 - HKCU\..\Run: [caqmvwi] c:\winnt\kadtfeo.exe

O4 - HKCU\..\Run: [ikihvdc] c:\winnt\kadtfeo.exe

O4 - HKCU\..\Run: [hewqaos] c:\winnt\kadtfeo.exe

O4 - HKCU\..\Run: [pswrdvo] c:\winnt\kadtfeo.exe

O4 - HKCU\..\Run: [snhfutt] c:\winnt\kadtfeo.exe

O4 - HKCU\..\Run: [jjxgtvm] c:\winnt\kadtfeo.exe

O4 - HKCU\..\Run: [vtpdses] c:\winnt\kadtfeo.exe

O4 - HKCU\..\Run: [bsgjfye] c:\winnt\kadtfeo.exe

O4 - HKCU\..\Run: [udqxvbl] c:\winnt\kadtfeo.exe

O4 - HKCU\..\Run: [hitasut] c:\winnt\cnurihq.exe

O4 - HKCU\..\Run: [jmesujl] c:\winnt\cnurihq.exe

O4 - HKCU\..\Run: [jgutffg] c:\winnt\cnurihq.exe

O4 - HKCU\..\Run: [teltnsp] c:\winnt\cnurihq.exe

O4 - HKCU\..\Run: [owurqis] c:\winnt\cnurihq.exe

O4 - HKCU\..\Run: [qusxoeo] c:\winnt\cnurihq.exe

O4 - HKCU\..\Run: [hkrttta] c:\winnt\cnurihq.exe

O4 - HKCU\..\Run: [qskudot] c:\winnt\cnurihq.exe

O4 - HKCU\..\Run: [pbjitog] c:\winnt\cnurihq.exe

O4 - HKCU\..\Run: [midmbwv] c:\winnt\cnurihq.exe

O4 - HKCU\..\Run: [fhrfkxp] c:\winnt\cnurihq.exe

O4 - HKCU\..\Run: [oaiaedw] c:\winnt\cnurihq.exe

O4 - HKCU\..\Run: [vvdlmjc] c:\winnt\cnurihq.exe

O4 - HKCU\..\Run: [rnvwyba] c:\winnt\cnurihq.exe

O4 - HKCU\..\Run: [ojmpnwk] c:\winnt\cnurihq.exe

O4 - HKCU\..\Run: [hbsfrhw] c:\winnt\cnurihq.exe

O4 - HKCU\..\Run: [gggggxo] c:\winnt\cnurihq.exe

O4 - HKCU\..\Run: [huqcsgj] c:\winnt\cnurihq.exe

O4 - HKCU\..\Run: [irrccpu] c:\winnt\cnurihq.exe

O4 - HKCU\..\Run: [uwjvnln] c:\winnt\cnurihq.exe

O4 - HKCU\..\Run: [epsrjti] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [ffihdnc] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [oohanrj] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [gisvghe] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [jusdyqg] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [ukohfei] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [tupyrsn] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [drasegk] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [tradkou] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [yccsets] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [iwlbnvs] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [vxslbei] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [bitkaqt] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [bwuykvd] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [cfkixgk] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [xsqqpoq] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [thbfpfl] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [kibuwdc] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [fsqowsf] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [evedfyu] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [jlyotdv] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [efvahem] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [owccmuo] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [miivuet] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [wkekaan] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [qgssfdo] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [vcevdfm] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [nxptycu] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [oqsbtmi] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [ppkcjsk] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [qqvqiws] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [hkqefaf] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [dxeoely] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [pnitcho] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [arrgjre] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [ealmrwc] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [cpbglvh] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [sderaly] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [ixuotoq] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [gxxvlnf] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [pdocqpn] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [jdrqpmh] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [irldsix] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [evpbhwi] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [kmukorg] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [yqwjghr] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [tdkibxe] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [uqwcupk] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [fxupxlb] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [ffryjpl] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [aamwhmn] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [vagjdka] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [llqqdhj] c:\winnt\mwiswfo.exe

O4 - HKCU\..\Run: [afcwccw] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [rpekvgf] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [oihmkve] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [gnhpayx] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [whlinpb] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [dsfsofp] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [hijxopg] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [oscuxms] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [lpihaxe] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [vysgsjv] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [nmsgloc] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [qwobeto] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [bhjdena] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [eirpatk] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [mrbqxia] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [hxkiejj] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [pirjqon] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [mdhfpkf] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [wutvhqw] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [hoowwkq] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [eiwodod] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [qhiboty] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [inslqeq] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [jgwkkwj] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [orvtosm] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [wbmhbtg] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [chrohsl] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [amuklml] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [rflurmo] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [vgfgnjm] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [hlrhbao] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [wfsdpsf] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [xmcoxwd] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [jdwxouv] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [xeemdag] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [khkiefh] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [yvtompe] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [tbcflen] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [ysulbxi] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [tpamgwd] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [uoohbgi] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [oboluvm] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [amkqjqn] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [ygxgiid] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [fbcwgnt] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [gwdvyel] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [ulmnxsv] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [uiodpbx] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [jeotdpd] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [oryhxba] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [qhlpjcl] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [ihxynbh] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [ypfgilf] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [denqjrj] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [pcafyfo] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [gfrqsgq] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [njqhyln] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [cgjumje] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [ljdsurf] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [kwrxybb] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [yaxioqp] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [mlkbmhs] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [kysmeto] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [oiqbvwd] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [rntgpqb] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [qvrixmm] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [ajmakbk] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [paavjfn] c:\winnt\imujmni.exe

O4 - HKCU\..\Run: [axeuyjp] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [wpjixev] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [pnwcjom] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [iviavgl] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [ramibwu] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [oxrebmb] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [osonrdl] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [ajpcfpt] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [nbbonej] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [shyrsia] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [ayfgydw] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [shvmuhe] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [ixdtnen] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [njectjw] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [hfvlbjo] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [khhtxlj] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [ramyspf] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [jsjvfef] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [yjfdygd] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [ytlsqwl] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [lrvctym] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [ptacsln] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [wxhtffd] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [ixkggsa] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [eohpqwk] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [gvvhbqu] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [udayxsp] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [dnmsbcw] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [cemsnpb] c:\winnt\bghxjvw.exe

O4 - HKCU\..\Run: [yxnxslo] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [hrggukd] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [dhgwqyp] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [fvasaid] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [hnkqnsd] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [rknevxu] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [nftagqo] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [iiddptl] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [cyefhug] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [nccemra] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [lxnrooy] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [fmcwfkq] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [enqkyeq] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [fjekmkd] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [lwqcotb] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [uqbcovj] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [mgxsvch] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [cvuqaey] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [orvetwg] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [sjudger] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [sjpsouo] c:\winnt\bqeqaso.exe

O4 - HKCU\..\Run: [dtqflrv] c:\winnt\umetjwa.exe

O4 - HKCU\..\Run: [qqpiptd] c:\winnt\wbednct.exe

O4 - HKCU\..\Run: [fvimgni] c:\winnt\ejounne.exe

O4 - HKCU\..\Run: [dfrkged] c:\winnt\umetjwa.exe

O4 - HKCU\..\Run: [djhtbnv] c:\winnt\wbednct.exe

O4 - HKCU\..\Run: [ucjnhnx] c:\winnt\ejounne.exe

O4 - HKCU\..\Run: [qqvrspj] c:\winnt\wbednct.exe

O4 - HKCU\..\Run: [rkkubkc] c:\winnt\umetjwa.exe

O4 - HKCU\..\Run: [rehlsww] c:\winnt\ejounne.exe

O4 - HKCU\..\Run: [nmfhyhl] c:\winnt\wbednct.exe

O4 - HKCU\..\Run: [rlschev] c:\winnt\umetjwa.exe

O4 - HKCU\..\Run: [krfsrhy] c:\winnt\wbednct.exe

O4 - HKCU\..\Run: [xcluqra] c:\winnt\umetjwa.exe

O4 - HKCU\..\Run: [xlwmeij] c:\winnt\wbednct.exe

O4 - HKCU\..\Run: [jgrsahx] c:\winnt\umetjwa.exe

O4 - HKCU\..\Run: [qjfpjbr] c:\winnt\wbednct.exe

O4 - HKCU\..\Run: [iaylofm] c:\winnt\umetjwa.exe

O4 - HKCU\..\Run: [sgsfqaw] c:\winnt\vixwkwk.exe

O4 - HKCU\..\Run: [rjeniur] c:\winnt\vixwkwk.exe

O4 - HKCU\..\Run: [plbiyiv] c:\winnt\vixwkwk.exe

O4 - HKCU\..\Run: [aejqtjp] c:\winnt\vixwkwk.exe

O4 - HKCU\..\Run: [knneiyb] c:\winnt\vixwkwk.exe

O4 - HKCU\..\Run: [fmyeurc] c:\winnt\vixwkwk.exe

O4 - HKCU\..\Run: [dpyujba] c:\winnt\vixwkwk.exe

O4 - HKCU\..\Run: [jhnbqus] c:\winnt\vixwkwk.exe

O4 - HKCU\..\Run: [filddik] c:\winnt\vixwkwk.exe

O4 - HKCU\..\Run: [ayelfgb] c:\winnt\vixwkwk.exe

O4 - HKCU\..\Run: [tqutdfw] c:\winnt\vixwkwk.exe

O4 - HKCU\..\Run: [iygbtor] c:\winnt\vixwkwk.exe

O4 - HKCU\..\Run: [lluvtqb] c:\winnt\vixwkwk.exe

O4 - HKCU\..\Run: [nycaakt] c:\winnt\vixwkwk.exe

O4 - HKCU\..\Run: [gmouinj] c:\winnt\vixwkwk.exe

Recheck to make sure you got them all.
Then press 'fix checked' and close HijackThis.

Reboot the system.
Please post me a fresh log (keeping fingers crossed :tazz: )

Edited by g2i2r4, 10 May 2005 - 03:40 PM.

  • 0

Advertisements


#26
doug_lord

doug_lord

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:05:48 AM, on 5/12/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\internat.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\HJT\HijackThis.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\AOL 9.0\waol.exe
C:\WINNT\System32\wuauclt.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: AOL Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Fingers are still crosswwede!

Doug
  • 0

#27
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
;) Let's party, you did it! :tazz:

The log is clean. ;)
  • 0

#28
doug_lord

doug_lord

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
:tazz: Oh yeah ;)

Thank you for all of your help and patience.

Truly you are the king of the geeks!

Donation on it's way!


Regards

Doug
  • 0

#29
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware, Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.
Thanks for the donation.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP