Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected Computer


  • Please log in to reply

#1
kgolfin

kgolfin

    Member

  • Member
  • PipPip
  • 13 posts
My parents got a new Gateway computer and in a few short months have gotten it totally messed up with spyware. I have tried adaware and spy bot but still have problems. One weird this is the system folder is winnt and not windows.... could the spyware have done that? Please help, I didn't want to have to reload.

Thanks
  • 0

Advertisements


#2
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
no, some people install windows to winnt....shoot, I do

please visit the forum in my signature and follow the instructions at the top
  • 0

#3
kgolfin

kgolfin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 9:06:43 PM, on 4/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\System32\hphmon06.exe
C:\WINNT\System32\Jcl.exe
C:\WINNT\SM1BG.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\winupdate72981096[1].exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp7D.tmp
C:\WINNT\System32\HPZipm12.exe
C:\WINNT\System32\open32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINNT\frennk.dll
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINNT\System32\DSMANA~1.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINNT\System32\hphmon06.exe
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [Vrb] C:\WINNT\System32\Jcl.exe
O4 - HKLM\..\Run: [Voa] C:\WINNT\Fun.exe
O4 - HKLM\..\Run: [Vmm] C:\WINNT\System32\Vqa.exe
O4 - HKLM\..\Run: [Vmc] C:\WINNT\Kja.exe
O4 - HKLM\..\Run: [Vli] C:\WINNT\System32\Hoj.exe
O4 - HKLM\..\Run: [Viu] C:\WINNT\System32\Jcr.exe
O4 - HKLM\..\Run: [Vho] C:\WINNT\Inj.exe
O4 - HKLM\..\Run: [Vfv] C:\WINNT\System32\Dmf.exe
O4 - HKLM\..\Run: [Vfe] C:\WINNT\System32\Odd.exe
O4 - HKLM\..\Run: [Vda] C:\WINNT\System32\Arf.exe
O4 - HKLM\..\Run: [Vco] C:\WINNT\System32\Lsn.exe
O4 - HKLM\..\Run: [Urr] C:\WINNT\Nbr.exe
O4 - HKLM\..\Run: [Uji] C:\WINNT\Coq.exe
O4 - HKLM\..\Run: [Uhd] C:\WINNT\System32\Qbt.exe
O4 - HKLM\..\Run: [Udp] C:\WINNT\System32\Nkm.exe
O4 - HKLM\..\Run: [Udm] C:\WINNT\Jdf.exe
O4 - HKLM\..\Run: [Tsu] C:\WINNT\System32\Gbf.exe
O4 - HKLM\..\Run: [Tpn] C:\WINNT\Fgq.exe
O4 - HKLM\..\Run: [Thh] C:\WINNT\Vgi.exe
O4 - HKLM\..\Run: [Tgb] C:\WINNT\System32\Gqf.exe
O4 - HKLM\..\Run: [Tep] C:\WINNT\System32\Jaj.exe
O4 - HKLM\..\Run: [Tdo] C:\WINNT\System32\Vin.exe
O4 - HKLM\..\Run: [Tap] C:\WINNT\Ftj.exe
O4 - HKLM\..\Run: [Spj] C:\WINNT\System32\Fpt.exe
O4 - HKLM\..\Run: [Spa] C:\WINNT\System32\Buv.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Sjq] C:\WINNT\Jfj.exe
O4 - HKLM\..\Run: [Shd] C:\WINNT\System32\Tcr.exe
O4 - HKLM\..\Run: [Sgs] C:\WINNT\Elb.exe
O4 - HKLM\..\Run: [Sft] C:\WINNT\Nid.exe
O4 - HKLM\..\Run: [Sec] C:\WINNT\Lqn.exe
O4 - HKLM\..\Run: [Sbd] C:\WINNT\System32\Mqq.exe
O4 - HKLM\..\Run: [Rvo] C:\WINNT\System32\Hqh.exe
O4 - HKLM\..\Run: [Rve] C:\WINNT\Cvv.exe
O4 - HKLM\..\Run: [Ruv] C:\WINNT\Pdf.exe
O4 - HKLM\..\Run: [Rrv] C:\WINNT\System32\Hei.exe
O4 - HKLM\..\Run: [Rrs] C:\WINNT\System32\Und.exe
O4 - HKLM\..\Run: [Rrg] C:\WINNT\System32\Tto.exe
O4 - HKLM\..\Run: [Rqm] C:\WINNT\System32\Uab.exe
O4 - HKLM\..\Run: [Rnh] C:\WINNT\System32\Odb.exe
O4 - HKLM\..\Run: [Rmc] C:\WINNT\System32\Agb.exe
O4 - HKLM\..\Run: [Rlq] C:\WINNT\System32\Mhf.exe
O4 - HKLM\..\Run: [Rkv] C:\WINNT\System32\Bhg.exe
O4 - HKLM\..\Run: [Rir] C:\WINNT\System32\Lmc.exe
O4 - HKLM\..\Run: [Rga] C:\WINNT\Bnk.exe
O4 - HKLM\..\Run: [Reb] C:\WINNT\System32\Amg.exe
O4 - HKLM\..\Run: [Rde] C:\WINNT\Jno.exe
O4 - HKLM\..\Run: [Rcn] C:\WINNT\System32\Aah.exe
O4 - HKLM\..\Run: [Rbo] C:\WINNT\System32\Dde.exe
O4 - HKLM\..\Run: [Rbg] C:\WINNT\System32\Qsl.exe
O4 - HKLM\..\Run: [Qqk] C:\WINNT\System32\Ebb.exe
O4 - HKLM\..\Run: [Qph] C:\WINNT\Rrm.exe
O4 - HKLM\..\Run: [Qns] C:\WINNT\Ota.exe
O4 - HKLM\..\Run: [Qni] C:\WINNT\Mah.exe
O4 - HKLM\..\Run: [Qkv] C:\WINNT\Eep.exe
O4 - HKLM\..\Run: [Qik] C:\WINNT\System32\Qsg.exe
O4 - HKLM\..\Run: [Qgl] C:\WINNT\System32\Fln.exe
O4 - HKLM\..\Run: [Qes] C:\WINNT\System32\Rvp.exe
O4 - HKLM\..\Run: [Qas] C:\WINNT\System32\Pds.exe
O4 - HKLM\..\Run: [Qao] C:\WINNT\Deg.exe
O4 - HKLM\..\Run: [Qad] C:\WINNT\System32\Vsa.exe
O4 - HKLM\..\Run: [Pvq] C:\WINNT\System32\Aus.exe
O4 - HKLM\..\Run: [Psh] C:\WINNT\Faf.exe
O4 - HKLM\..\Run: [Pos] C:\WINNT\Mma.exe
O4 - HKLM\..\Run: [Pog] C:\WINNT\System32\Qih.exe
O4 - HKLM\..\Run: [Plc] C:\WINNT\Hgk.exe
O4 - HKLM\..\Run: [Pjn] C:\WINNT\System32\Ibv.exe
O4 - HKLM\..\Run: [Pjg] C:\WINNT\Mdg.exe
O4 - HKLM\..\Run: [Pip] C:\WINNT\Ecg.exe
O4 - HKLM\..\Run: [Pco] C:\WINNT\Vki.exe
O4 - HKLM\..\Run: [Pau] C:\WINNT\System32\Sbf.exe
O4 - HKLM\..\Run: [Paa] C:\WINNT\System32\She.exe
O4 - HKLM\..\Run: [Ous] C:\WINNT\Ddm.exe
O4 - HKLM\..\Run: [Oss] C:\WINNT\Adb.exe
O4 - HKLM\..\Run: [Opt] C:\WINNT\Ilc.exe
O4 - HKLM\..\Run: [Okg] C:\WINNT\Gro.exe
O4 - HKLM\..\Run: [Ohs] C:\WINNT\System32\Liu.exe
O4 - HKLM\..\Run: [Odq] C:\WINNT\Fuv.exe
O4 - HKLM\..\Run: [Oaj] C:\WINNT\System32\Eld.exe
O4 - HKLM\..\Run: [Ntu] C:\WINNT\Iir.exe
O4 - HKLM\..\Run: [Nsg] C:\WINNT\Mlg.exe
O4 - HKLM\..\Run: [Nro] C:\WINNT\System32\Qve.exe
O4 - HKLM\..\Run: [Nrk] C:\WINNT\Iab.exe
O4 - HKLM\..\Run: [Nrc] C:\WINNT\Qnq.exe
O4 - HKLM\..\Run: [Noa] C:\WINNT\System32\Qps.exe
O4 - HKLM\..\Run: [Nmq] C:\WINNT\Fkt.exe
O4 - HKLM\..\Run: [Nge] C:\WINNT\System32\Hjo.exe
O4 - HKLM\..\Run: [Ndq] C:\WINNT\Gtm.exe
O4 - HKLM\..\Run: [Muh] C:\WINNT\Hld.exe
O4 - HKLM\..\Run: [Mri] C:\WINNT\System32\Vje.exe
O4 - HKLM\..\Run: [Mpc] C:\WINNT\System32\Tdd.exe
O4 - HKLM\..\Run: [Mnf] C:\WINNT\System32\Qpj.exe
O4 - HKLM\..\Run: [Mmu] C:\WINNT\Igm.exe
O4 - HKLM\..\Run: [Mmi] C:\WINNT\Qtb.exe
O4 - HKLM\..\Run: [Mlj] C:\WINNT\Vtk.exe
O4 - HKLM\..\Run: [Miv] C:\WINNT\System32\Fvb.exe
O4 - HKLM\..\Run: [Mie] C:\WINNT\System32\Bpf.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Mht] C:\WINNT\System32\Jqs.exe
O4 - HKLM\..\Run: [Meo] C:\WINNT\System32\Hqc.exe
O4 - HKLM\..\Run: [Mdu] C:\WINNT\Bcv.exe
O4 - HKLM\..\Run: [Mbo] C:\WINNT\Ceg.exe
O4 - HKLM\..\Run: [Mbn] C:\WINNT\System32\Hfv.exe
O4 - HKLM\..\Run: [Lvm] C:\WINNT\System32\Osl.exe
O4 - HKLM\..\Run: [Lru] C:\WINNT\System32\Acp.exe
O4 - HKLM\..\Run: [Loh] C:\WINNT\Kjr.exe
O4 - HKLM\..\Run: [Ljn] C:\WINNT\System32\Ial.exe
O4 - HKLM\..\Run: [Lid] C:\WINNT\System32\Lor.exe
O4 - HKLM\..\Run: [Kvi] C:\WINNT\Kek.exe
O4 - HKLM\..\Run: [Kra] C:\WINNT\System32\Idq.exe
O4 - HKLM\..\Run: [Kns] C:\WINNT\Tla.exe
O4 - HKLM\..\Run: [Kiv] C:\WINNT\Khr.exe
O4 - HKLM\..\Run: [Kio] C:\WINNT\System32\Ggi.exe
O4 - HKLM\..\Run: [Kie] C:\WINNT\System32\Hfl.exe
O4 - HKLM\..\Run: [Khd] C:\WINNT\System32\Phn.exe
O4 - HKLM\..\Run: [Kgk] C:\WINNT\System32\Ont.exe
O4 - HKLM\..\Run: [Kfv] C:\WINNT\System32\Cjo.exe
O4 - HKLM\..\Run: [Juh] C:\WINNT\Jdi.exe
O4 - HKLM\..\Run: [Jqd] C:\WINNT\Fve.exe
O4 - HKLM\..\Run: [Jpi] C:\WINNT\System32\Tud.exe
O4 - HKLM\..\Run: [Jld] C:\WINNT\Bft.exe
O4 - HKLM\..\Run: [Jkm] C:\WINNT\Rbm.exe
O4 - HKLM\..\Run: [Jhe] C:\WINNT\System32\Umu.exe
O4 - HKLM\..\Run: [Jeq] C:\WINNT\Tev.exe
O4 - HKLM\..\Run: [Jbs] C:\WINNT\Rsp.exe
O4 - HKLM\..\Run: [Jbc] C:\WINNT\System32\Aqc.exe
O4 - HKLM\..\Run: [Iuu] C:\WINNT\System32\Tec.exe
O4 - HKLM\..\Run: [Iuj] C:\WINNT\System32\Nfp.exe
O4 - HKLM\..\Run: [Isu] C:\WINNT\System32\Ljh.exe
O4 - HKLM\..\Run: [Ior] C:\WINNT\System32\Qaf.exe
O4 - HKLM\..\Run: [Ikj] C:\WINNT\Svl.exe
O4 - HKLM\..\Run: [Igm] C:\WINNT\System32\Onh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [Ifr] C:\WINNT\Bqk.exe
O4 - HKLM\..\Run: [Ifd] C:\WINNT\System32\Sem.exe
O4 - HKLM\..\Run: [Icf] C:\WINNT\Kda.exe
O4 - HKLM\..\Run: [Hra] C:\WINNT\System32\Ibu.exe
O4 - HKLM\..\Run: [Hqh] C:\WINNT\System32\Quo.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hnn] C:\WINNT\Roe.exe
O4 - HKLM\..\Run: [Hme] C:\WINNT\System32\Vhk.exe
O4 - HKLM\..\Run: [Hkk] C:\WINNT\System32\Dep.exe
O4 - HKLM\..\Run: [Hge] C:\WINNT\System32\Hom.exe
O4 - HKLM\..\Run: [Hdh] C:\WINNT\System32\Src.exe
O4 - HKLM\..\Run: [Hbp] C:\WINNT\System32\Hko.exe
O4 - HKLM\..\Run: [Hbm] C:\WINNT\Unu.exe
O4 - HKLM\..\Run: [Hbl] C:\WINNT\Ijc.exe
O4 - HKLM\..\Run: [Hap] C:\WINNT\Fee.exe
O4 - HKLM\..\Run: [Guo] C:\WINNT\Duu.exe
O4 - HKLM\..\Run: [Gtn] C:\WINNT\System32\Plc.exe
O4 - HKLM\..\Run: [Gst] C:\WINNT\Fif.exe
O4 - HKLM\..\Run: [Gsk] C:\WINNT\Aet.exe
O4 - HKLM\..\Run: [Gsj] C:\WINNT\Qdr.exe
O4 - HKLM\..\Run: [Gsg] C:\WINNT\System32\Gdt.exe
O4 - HKLM\..\Run: [Grp] C:\WINNT\System32\Tgf.exe
O4 - HKLM\..\Run: [Gqk] C:\WINNT\System32\Din.exe
O4 - HKLM\..\Run: [Goi] C:\WINNT\System32\Sij.exe
O4 - HKLM\..\Run: [Gmi] C:\WINNT\System32\Feq.exe
O4 - HKLM\..\Run: [Gls] C:\WINNT\System32\Cvn.exe
O4 - HKLM\..\Run: [Glf] C:\WINNT\Hnj.exe
O4 - HKLM\..\Run: [Ghe] C:\WINNT\Kiu.exe
O4 - HKLM\..\Run: [Gfc] C:\WINNT\Hdb.exe
O4 - HKLM\..\Run: [Gdn] C:\WINNT\System32\Nfq.exe
O4 - HKLM\..\Run: [Fsr] C:\WINNT\Lfh.exe
O4 - HKLM\..\Run: [Fsd] C:\WINNT\Ovc.exe
O4 - HKLM\..\Run: [Frq] C:\WINNT\System32\Lqh.exe
O4 - HKLM\..\Run: [Fqj] C:\WINNT\Ntt.exe
O4 - HKLM\..\Run: [Flh] C:\WINNT\System32\Bdb.exe
O4 - HKLM\..\Run: [Fkm] C:\WINNT\System32\Hrv.exe
O4 - HKLM\..\Run: [Fhi] C:\WINNT\Nto.exe
O4 - HKLM\..\Run: [Fga] C:\WINNT\Rph.exe
O4 - HKLM\..\Run: [Ffp] C:\WINNT\System32\Tgc.exe
O4 - HKLM\..\Run: [Fdm] C:\WINNT\Svv.exe
O4 - HKLM\..\Run: [Fbg] C:\WINNT\System32\Kbg.exe
O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe
O4 - HKLM\..\Run: [Fan] C:\WINNT\System32\Dhl.exe
O4 - HKLM\..\Run: [Evo] C:\WINNT\System32\Euk.exe
O4 - HKLM\..\Run: [Ett] C:\WINNT\System32\Jhv.exe
O4 - HKLM\..\Run: [Ern] C:\WINNT\Oda.exe
O4 - HKLM\..\Run: [Erg] C:\WINNT\System32\Ick.exe
O4 - HKLM\..\Run: [Eos] C:\WINNT\Oge.exe
O4 - HKLM\..\Run: [Ent] C:\WINNT\Vfe.exe
O4 - HKLM\..\Run: [Ehv] C:\WINNT\System32\Fol.exe
O4 - HKLM\..\Run: [Egs] C:\WINNT\System32\Rif.exe
O4 - HKLM\..\Run: [Efq] C:\WINNT\Hfk.exe
O4 - HKLM\..\Run: [Ect] C:\WINNT\Juu.exe
O4 - HKLM\..\Run: [Ecf] C:\WINNT\System32\Rdo.exe
O4 - HKLM\..\Run: [Dvn] C:\WINNT\Gcf.exe
O4 - HKLM\..\Run: [Dtt] C:\WINNT\System32\Fiq.exe
O4 - HKLM\..\Run: [Dti] C:\WINNT\Qnc.exe
O4 - HKLM\..\Run: [Dks] C:\WINNT\Jlj.exe
O4 - HKLM\..\Run: [Djn] C:\WINNT\System32\Nva.exe
O4 - HKLM\..\Run: [Dah] C:\WINNT\Vsd.exe
O4 - HKLM\..\Run: [Cqk] C:\WINNT\System32\Gob.exe
O4 - HKLM\..\Run: [Cqb] C:\WINNT\Ibf.exe
O4 - HKLM\..\Run: [Cep] C:\WINNT\Rdh.exe
O4 - HKLM\..\Run: [Cdq] C:\WINNT\System32\Grl.exe
O4 - HKLM\..\Run: [Bsu] C:\WINNT\System32\Kdo.exe
O4 - HKLM\..\Run: [Brg] C:\WINNT\Bgg.exe
O4 - HKLM\..\Run: [Brc] C:\WINNT\System32\Urd.exe
O4 - HKLM\..\Run: [Bmm] C:\WINNT\System32\Pod.exe
O4 - HKLM\..\Run: [Bks] C:\WINNT\Vha.exe
O4 - HKLM\..\Run: [Bje] C:\WINNT\Ijm.exe
O4 - HKLM\..\Run: [Bfg] C:\WINNT\System32\Gsv.exe
O4 - HKLM\..\Run: [Bda] C:\WINNT\Obm.exe
O4 - HKLM\..\Run: [Apn] C:\WINNT\System32\Kvc.exe
O4 - HKLM\..\Run: [Acr] C:\WINNT\System32\Hgh.exe
O4 - HKLM\..\Run: [Acn] C:\WINNT\System32\Acs.exe
O4 - HKLM\..\Run: [Abo] C:\WINNT\Afv.exe
O4 - HKLM\..\Run: [Aav] C:\WINNT\System32\Afj.exe
O4 - HKLM\..\Run: [Tme] C:\WINNT\Uqj.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tme] C:\WINNT\Uqj.exe
O4 - Startup: winupdate72981096[1].exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\fltmgr.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\fltmgr.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\fltmgr.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

#4
Murray S.

Murray S.

    Trusted Tech

  • Member
  • PipPipPipPipPipPipPip
  • 4,513 posts
  • MVP
Howdy:

If you had followed the instructions, you would have read that you post the HJT log in the Malware forum.. not here!! :tazz:

Murray
  • 0

#5
kgolfin

kgolfin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sorry, I have posted it correctly. I have never done this before.
  • 0

#6
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
don't worry kgolfin....happens all the time :tazz:

The process works best if you go to the malware forum in my signature and read the instructions because you eliminate about 60percent of most malware.

Then the malware specialists can focus on the hard, more recently developed malware.

Plus, at the end of the process you gain a better understanding of what is going on and how to protect yourself.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP