Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected Computer

Started by kgolfin , Apr 27 2005 08:19 AM

  • Please log in to reply

#1
kgolfin
Posted 27 April 2005 - 08:19 AM

kgolfin

    Member

  • Member
  • PipPip
  • 13 posts
Can you please help.

Logfile of HijackThis v1.99.1
Scan saved at 9:06:43 PM, on 4/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\System32\hphmon06.exe
C:\WINNT\System32\Jcl.exe
C:\WINNT\SM1BG.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\winupdate72981096[1].exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp7D.tmp
C:\WINNT\System32\HPZipm12.exe
C:\WINNT\System32\open32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINNT\frennk.dll
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINNT\System32\DSMANA~1.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINNT\System32\hphmon06.exe
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [Vrb] C:\WINNT\System32\Jcl.exe
O4 - HKLM\..\Run: [Voa] C:\WINNT\Fun.exe
O4 - HKLM\..\Run: [Vmm] C:\WINNT\System32\Vqa.exe
O4 - HKLM\..\Run: [Vmc] C:\WINNT\Kja.exe
O4 - HKLM\..\Run: [Vli] C:\WINNT\System32\Hoj.exe
O4 - HKLM\..\Run: [Viu] C:\WINNT\System32\Jcr.exe
O4 - HKLM\..\Run: [Vho] C:\WINNT\Inj.exe
O4 - HKLM\..\Run: [Vfv] C:\WINNT\System32\Dmf.exe
O4 - HKLM\..\Run: [Vfe] C:\WINNT\System32\Odd.exe
O4 - HKLM\..\Run: [Vda] C:\WINNT\System32\Arf.exe
O4 - HKLM\..\Run: [Vco] C:\WINNT\System32\Lsn.exe
O4 - HKLM\..\Run: [Urr] C:\WINNT\Nbr.exe
O4 - HKLM\..\Run: [Uji] C:\WINNT\Coq.exe
O4 - HKLM\..\Run: [Uhd] C:\WINNT\System32\Qbt.exe
O4 - HKLM\..\Run: [Udp] C:\WINNT\System32\Nkm.exe
O4 - HKLM\..\Run: [Udm] C:\WINNT\Jdf.exe
O4 - HKLM\..\Run: [Tsu] C:\WINNT\System32\Gbf.exe
O4 - HKLM\..\Run: [Tpn] C:\WINNT\Fgq.exe
O4 - HKLM\..\Run: [Thh] C:\WINNT\Vgi.exe
O4 - HKLM\..\Run: [Tgb] C:\WINNT\System32\Gqf.exe
O4 - HKLM\..\Run: [Tep] C:\WINNT\System32\Jaj.exe
O4 - HKLM\..\Run: [Tdo] C:\WINNT\System32\Vin.exe
O4 - HKLM\..\Run: [Tap] C:\WINNT\Ftj.exe
O4 - HKLM\..\Run: [Spj] C:\WINNT\System32\Fpt.exe
O4 - HKLM\..\Run: [Spa] C:\WINNT\System32\Buv.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Sjq] C:\WINNT\Jfj.exe
O4 - HKLM\..\Run: [Shd] C:\WINNT\System32\Tcr.exe
O4 - HKLM\..\Run: [Sgs] C:\WINNT\Elb.exe
O4 - HKLM\..\Run: [Sft] C:\WINNT\Nid.exe
O4 - HKLM\..\Run: [Sec] C:\WINNT\Lqn.exe
O4 - HKLM\..\Run: [Sbd] C:\WINNT\System32\Mqq.exe
O4 - HKLM\..\Run: [Rvo] C:\WINNT\System32\Hqh.exe
O4 - HKLM\..\Run: [Rve] C:\WINNT\Cvv.exe
O4 - HKLM\..\Run: [Ruv] C:\WINNT\Pdf.exe
O4 - HKLM\..\Run: [Rrv] C:\WINNT\System32\Hei.exe
O4 - HKLM\..\Run: [Rrs] C:\WINNT\System32\Und.exe
O4 - HKLM\..\Run: [Rrg] C:\WINNT\System32\Tto.exe
O4 - HKLM\..\Run: [Rqm] C:\WINNT\System32\Uab.exe
O4 - HKLM\..\Run: [Rnh] C:\WINNT\System32\Odb.exe
O4 - HKLM\..\Run: [Rmc] C:\WINNT\System32\Agb.exe
O4 - HKLM\..\Run: [Rlq] C:\WINNT\System32\Mhf.exe
O4 - HKLM\..\Run: [Rkv] C:\WINNT\System32\Bhg.exe
O4 - HKLM\..\Run: [Rir] C:\WINNT\System32\Lmc.exe
O4 - HKLM\..\Run: [Rga] C:\WINNT\Bnk.exe
O4 - HKLM\..\Run: [Reb] C:\WINNT\System32\Amg.exe
O4 - HKLM\..\Run: [Rde] C:\WINNT\Jno.exe
O4 - HKLM\..\Run: [Rcn] C:\WINNT\System32\Aah.exe
O4 - HKLM\..\Run: [Rbo] C:\WINNT\System32\Dde.exe
O4 - HKLM\..\Run: [Rbg] C:\WINNT\System32\Qsl.exe
O4 - HKLM\..\Run: [Qqk] C:\WINNT\System32\Ebb.exe
O4 - HKLM\..\Run: [Qph] C:\WINNT\Rrm.exe
O4 - HKLM\..\Run: [Qns] C:\WINNT\Ota.exe
O4 - HKLM\..\Run: [Qni] C:\WINNT\Mah.exe
O4 - HKLM\..\Run: [Qkv] C:\WINNT\Eep.exe
O4 - HKLM\..\Run: [Qik] C:\WINNT\System32\Qsg.exe
O4 - HKLM\..\Run: [Qgl] C:\WINNT\System32\Fln.exe
O4 - HKLM\..\Run: [Qes] C:\WINNT\System32\Rvp.exe
O4 - HKLM\..\Run: [Qas] C:\WINNT\System32\Pds.exe
O4 - HKLM\..\Run: [Qao] C:\WINNT\Deg.exe
O4 - HKLM\..\Run: [Qad] C:\WINNT\System32\Vsa.exe
O4 - HKLM\..\Run: [Pvq] C:\WINNT\System32\Aus.exe
O4 - HKLM\..\Run: [Psh] C:\WINNT\Faf.exe
O4 - HKLM\..\Run: [Pos] C:\WINNT\Mma.exe
O4 - HKLM\..\Run: [Pog] C:\WINNT\System32\Qih.exe
O4 - HKLM\..\Run: [Plc] C:\WINNT\Hgk.exe
O4 - HKLM\..\Run: [Pjn] C:\WINNT\System32\Ibv.exe
O4 - HKLM\..\Run: [Pjg] C:\WINNT\Mdg.exe
O4 - HKLM\..\Run: [Pip] C:\WINNT\Ecg.exe
O4 - HKLM\..\Run: [Pco] C:\WINNT\Vki.exe
O4 - HKLM\..\Run: [Pau] C:\WINNT\System32\Sbf.exe
O4 - HKLM\..\Run: [Paa] C:\WINNT\System32\She.exe
O4 - HKLM\..\Run: [Ous] C:\WINNT\Ddm.exe
O4 - HKLM\..\Run: [Oss] C:\WINNT\Adb.exe
O4 - HKLM\..\Run: [Opt] C:\WINNT\Ilc.exe
O4 - HKLM\..\Run: [Okg] C:\WINNT\Gro.exe
O4 - HKLM\..\Run: [Ohs] C:\WINNT\System32\Liu.exe
O4 - HKLM\..\Run: [Odq] C:\WINNT\Fuv.exe
O4 - HKLM\..\Run: [Oaj] C:\WINNT\System32\Eld.exe
O4 - HKLM\..\Run: [Ntu] C:\WINNT\Iir.exe
O4 - HKLM\..\Run: [Nsg] C:\WINNT\Mlg.exe
O4 - HKLM\..\Run: [Nro] C:\WINNT\System32\Qve.exe
O4 - HKLM\..\Run: [Nrk] C:\WINNT\Iab.exe
O4 - HKLM\..\Run: [Nrc] C:\WINNT\Qnq.exe
O4 - HKLM\..\Run: [Noa] C:\WINNT\System32\Qps.exe
O4 - HKLM\..\Run: [Nmq] C:\WINNT\Fkt.exe
O4 - HKLM\..\Run: [Nge] C:\WINNT\System32\Hjo.exe
O4 - HKLM\..\Run: [Ndq] C:\WINNT\Gtm.exe
O4 - HKLM\..\Run: [Muh] C:\WINNT\Hld.exe
O4 - HKLM\..\Run: [Mri] C:\WINNT\System32\Vje.exe
O4 - HKLM\..\Run: [Mpc] C:\WINNT\System32\Tdd.exe
O4 - HKLM\..\Run: [Mnf] C:\WINNT\System32\Qpj.exe
O4 - HKLM\..\Run: [Mmu] C:\WINNT\Igm.exe
O4 - HKLM\..\Run: [Mmi] C:\WINNT\Qtb.exe
O4 - HKLM\..\Run: [Mlj] C:\WINNT\Vtk.exe
O4 - HKLM\..\Run: [Miv] C:\WINNT\System32\Fvb.exe
O4 - HKLM\..\Run: [Mie] C:\WINNT\System32\Bpf.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Mht] C:\WINNT\System32\Jqs.exe
O4 - HKLM\..\Run: [Meo] C:\WINNT\System32\Hqc.exe
O4 - HKLM\..\Run: [Mdu] C:\WINNT\Bcv.exe
O4 - HKLM\..\Run: [Mbo] C:\WINNT\Ceg.exe
O4 - HKLM\..\Run: [Mbn] C:\WINNT\System32\Hfv.exe
O4 - HKLM\..\Run: [Lvm] C:\WINNT\System32\Osl.exe
O4 - HKLM\..\Run: [Lru] C:\WINNT\System32\Acp.exe
O4 - HKLM\..\Run: [Loh] C:\WINNT\Kjr.exe
O4 - HKLM\..\Run: [Ljn] C:\WINNT\System32\Ial.exe
O4 - HKLM\..\Run: [Lid] C:\WINNT\System32\Lor.exe
O4 - HKLM\..\Run: [Kvi] C:\WINNT\Kek.exe
O4 - HKLM\..\Run: [Kra] C:\WINNT\System32\Idq.exe
O4 - HKLM\..\Run: [Kns] C:\WINNT\Tla.exe
O4 - HKLM\..\Run: [Kiv] C:\WINNT\Khr.exe
O4 - HKLM\..\Run: [Kio] C:\WINNT\System32\Ggi.exe
O4 - HKLM\..\Run: [Kie] C:\WINNT\System32\Hfl.exe
O4 - HKLM\..\Run: [Khd] C:\WINNT\System32\Phn.exe
O4 - HKLM\..\Run: [Kgk] C:\WINNT\System32\Ont.exe
O4 - HKLM\..\Run: [Kfv] C:\WINNT\System32\Cjo.exe
O4 - HKLM\..\Run: [Juh] C:\WINNT\Jdi.exe
O4 - HKLM\..\Run: [Jqd] C:\WINNT\Fve.exe
O4 - HKLM\..\Run: [Jpi] C:\WINNT\System32\Tud.exe
O4 - HKLM\..\Run: [Jld] C:\WINNT\Bft.exe
O4 - HKLM\..\Run: [Jkm] C:\WINNT\Rbm.exe
O4 - HKLM\..\Run: [Jhe] C:\WINNT\System32\Umu.exe
O4 - HKLM\..\Run: [Jeq] C:\WINNT\Tev.exe
O4 - HKLM\..\Run: [Jbs] C:\WINNT\Rsp.exe
O4 - HKLM\..\Run: [Jbc] C:\WINNT\System32\Aqc.exe
O4 - HKLM\..\Run: [Iuu] C:\WINNT\System32\Tec.exe
O4 - HKLM\..\Run: [Iuj] C:\WINNT\System32\Nfp.exe
O4 - HKLM\..\Run: [Isu] C:\WINNT\System32\Ljh.exe
O4 - HKLM\..\Run: [Ior] C:\WINNT\System32\Qaf.exe
O4 - HKLM\..\Run: [Ikj] C:\WINNT\Svl.exe
O4 - HKLM\..\Run: [Igm] C:\WINNT\System32\Onh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [Ifr] C:\WINNT\Bqk.exe
O4 - HKLM\..\Run: [Ifd] C:\WINNT\System32\Sem.exe
O4 - HKLM\..\Run: [Icf] C:\WINNT\Kda.exe
O4 - HKLM\..\Run: [Hra] C:\WINNT\System32\Ibu.exe
O4 - HKLM\..\Run: [Hqh] C:\WINNT\System32\Quo.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hnn] C:\WINNT\Roe.exe
O4 - HKLM\..\Run: [Hme] C:\WINNT\System32\Vhk.exe
O4 - HKLM\..\Run: [Hkk] C:\WINNT\System32\Dep.exe
O4 - HKLM\..\Run: [Hge] C:\WINNT\System32\Hom.exe
O4 - HKLM\..\Run: [Hdh] C:\WINNT\System32\Src.exe
O4 - HKLM\..\Run: [Hbp] C:\WINNT\System32\Hko.exe
O4 - HKLM\..\Run: [Hbm] C:\WINNT\Unu.exe
O4 - HKLM\..\Run: [Hbl] C:\WINNT\Ijc.exe
O4 - HKLM\..\Run: [Hap] C:\WINNT\Fee.exe
O4 - HKLM\..\Run: [Guo] C:\WINNT\Duu.exe
O4 - HKLM\..\Run: [Gtn] C:\WINNT\System32\Plc.exe
O4 - HKLM\..\Run: [Gst] C:\WINNT\Fif.exe
O4 - HKLM\..\Run: [Gsk] C:\WINNT\Aet.exe
O4 - HKLM\..\Run: [Gsj] C:\WINNT\Qdr.exe
O4 - HKLM\..\Run: [Gsg] C:\WINNT\System32\Gdt.exe
O4 - HKLM\..\Run: [Grp] C:\WINNT\System32\Tgf.exe
O4 - HKLM\..\Run: [Gqk] C:\WINNT\System32\Din.exe
O4 - HKLM\..\Run: [Goi] C:\WINNT\System32\Sij.exe
O4 - HKLM\..\Run: [Gmi] C:\WINNT\System32\Feq.exe
O4 - HKLM\..\Run: [Gls] C:\WINNT\System32\Cvn.exe
O4 - HKLM\..\Run: [Glf] C:\WINNT\Hnj.exe
O4 - HKLM\..\Run: [Ghe] C:\WINNT\Kiu.exe
O4 - HKLM\..\Run: [Gfc] C:\WINNT\Hdb.exe
O4 - HKLM\..\Run: [Gdn] C:\WINNT\System32\Nfq.exe
O4 - HKLM\..\Run: [Fsr] C:\WINNT\Lfh.exe
O4 - HKLM\..\Run: [Fsd] C:\WINNT\Ovc.exe
O4 - HKLM\..\Run: [Frq] C:\WINNT\System32\Lqh.exe
O4 - HKLM\..\Run: [Fqj] C:\WINNT\Ntt.exe
O4 - HKLM\..\Run: [Flh] C:\WINNT\System32\Bdb.exe
O4 - HKLM\..\Run: [Fkm] C:\WINNT\System32\Hrv.exe
O4 - HKLM\..\Run: [Fhi] C:\WINNT\Nto.exe
O4 - HKLM\..\Run: [Fga] C:\WINNT\Rph.exe
O4 - HKLM\..\Run: [Ffp] C:\WINNT\System32\Tgc.exe
O4 - HKLM\..\Run: [Fdm] C:\WINNT\Svv.exe
O4 - HKLM\..\Run: [Fbg] C:\WINNT\System32\Kbg.exe
O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe
O4 - HKLM\..\Run: [Fan] C:\WINNT\System32\Dhl.exe
O4 - HKLM\..\Run: [Evo] C:\WINNT\System32\Euk.exe
O4 - HKLM\..\Run: [Ett] C:\WINNT\System32\Jhv.exe
O4 - HKLM\..\Run: [Ern] C:\WINNT\Oda.exe
O4 - HKLM\..\Run: [Erg] C:\WINNT\System32\Ick.exe
O4 - HKLM\..\Run: [Eos] C:\WINNT\Oge.exe
O4 - HKLM\..\Run: [Ent] C:\WINNT\Vfe.exe
O4 - HKLM\..\Run: [Ehv] C:\WINNT\System32\Fol.exe
O4 - HKLM\..\Run: [Egs] C:\WINNT\System32\Rif.exe
O4 - HKLM\..\Run: [Efq] C:\WINNT\Hfk.exe
O4 - HKLM\..\Run: [Ect] C:\WINNT\Juu.exe
O4 - HKLM\..\Run: [Ecf] C:\WINNT\System32\Rdo.exe
O4 - HKLM\..\Run: [Dvn] C:\WINNT\Gcf.exe
O4 - HKLM\..\Run: [Dtt] C:\WINNT\System32\Fiq.exe
O4 - HKLM\..\Run: [Dti] C:\WINNT\Qnc.exe
O4 - HKLM\..\Run: [Dks] C:\WINNT\Jlj.exe
O4 - HKLM\..\Run: [Djn] C:\WINNT\System32\Nva.exe
O4 - HKLM\..\Run: [Dah] C:\WINNT\Vsd.exe
O4 - HKLM\..\Run: [Cqk] C:\WINNT\System32\Gob.exe
O4 - HKLM\..\Run: [Cqb] C:\WINNT\Ibf.exe
O4 - HKLM\..\Run: [Cep] C:\WINNT\Rdh.exe
O4 - HKLM\..\Run: [Cdq] C:\WINNT\System32\Grl.exe
O4 - HKLM\..\Run: [Bsu] C:\WINNT\System32\Kdo.exe
O4 - HKLM\..\Run: [Brg] C:\WINNT\Bgg.exe
O4 - HKLM\..\Run: [Brc] C:\WINNT\System32\Urd.exe
O4 - HKLM\..\Run: [Bmm] C:\WINNT\System32\Pod.exe
O4 - HKLM\..\Run: [Bks] C:\WINNT\Vha.exe
O4 - HKLM\..\Run: [Bje] C:\WINNT\Ijm.exe
O4 - HKLM\..\Run: [Bfg] C:\WINNT\System32\Gsv.exe
O4 - HKLM\..\Run: [Bda] C:\WINNT\Obm.exe
O4 - HKLM\..\Run: [Apn] C:\WINNT\System32\Kvc.exe
O4 - HKLM\..\Run: [Acr] C:\WINNT\System32\Hgh.exe
O4 - HKLM\..\Run: [Acn] C:\WINNT\System32\Acs.exe
O4 - HKLM\..\Run: [Abo] C:\WINNT\Afv.exe
O4 - HKLM\..\Run: [Aav] C:\WINNT\System32\Afj.exe
O4 - HKLM\..\Run: [Tme] C:\WINNT\Uqj.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tme] C:\WINNT\Uqj.exe
O4 - Startup: winupdate72981096[1].exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\fltmgr.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\fltmgr.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\fltmgr.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

Advertisements

#2
kgolfin
Posted 27 April 2005 - 08:34 AM

kgolfin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Computer is several problems. Windows poping up. Search Engine poping up. Can't run windows update. Icon's created. Thanks for any help, sorry for being a new and confused user.
  • 0

#3
Metallica
Posted 27 April 2005 - 08:59 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hi kgolfin,

Two things I'd like you to do to make the log a bit more readable (and your life a bit less miserable):

Download LSPfix here: http://www.cexx.org/lspfix.htm
Launch the application, and click the "I know what I'm doing" checkbox.
Check all instances of fltmgr.dll (and nothing else), and move them to the "Remove" pane.
Then click Finish.

Download and save Spywadfix to your computer from this link:
http://www.thespykil...s/spywadfix.exe

It will automatically extract to c:\spywad where it needs to be to run and will automatically open the remove spywad.vbs script for you ready to paste in the line mentioned below.
If you have script blocking enabled you will get a warning about a malicious script wanting to run. Please allow this script to run.

It is not malicious.
It will open an Input box. Paste this line into the box

C:\WINNT\System32\Jcl.exe

The script will kill that process, backup and then delete any matching files in System32 and your Windows Directory. It will create a log of all files deleted. This log file will be named Spywad.txt and be located inside the C:\Spywad Folder. The backups will also be located in two subfolders there. One named Systems and the other named Window.

The script will search the Windows Directory and delete desktop.html and popup.html if they exist. It will add entries to the log if these files are found and deleted.

It will then kill Explorer. You will lose your taskbar and desktop. It will repair the registry entries returning your windows default desktop and context menu functions.
It will restart Explorer.

** Script Does not remove the orphaned run entries.

Finally, it will Run hijackthis so that you can remove the orphaned run entries and anything else as instructed by your Advisor on the forums.

If hijackthis doesn't start, run it manually.

--------------------------
When finished, post the contents of Spywad.txt and a new Hijackthis log.

If the files deleted are all found to be part of the infection and nothing important has been deleted, you will be instructed to delete the entire Spywad Folder after you have cleaned up all other User Profiles on that system.


Once you have performed the big cleanup, each of the other Users on the System needs to be signed in to clean up their desktop and regain the right click.

I have included another vbs to do this. It is named Other Profiles Regfix.vbs

Have each User sign in and run Other Profiles Regfix.vbs
Open C:\ (Go to Start>Run and type C: Press enter) and Open the C:\Spywad folder. Double click on Other Profiles Regfix.vbs

Explorer will be ended and that user's active desktop registry entries will be repaired. Explorer will be restarted.

Then run hijackthis and remove the entries as directed by your Forum Advisor.

You will need to do this step for every user account

To reset your wallpaper, open Display Properties > Desktop Tab. Choose a Wallpaper and apply. Close Display Properties. To see the change, click on the desktop and press F5.

Regards,
  • 0

#4
kgolfin
Posted 27 April 2005 - 06:29 PM

kgolfin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks in advance.

Here is the spywad log:
4/27/2005 7:23:03 PM
C:\WINNT\system32\Aah.exe
C:\WINNT\system32\Acp.exe
C:\WINNT\system32\Acs.exe
C:\WINNT\system32\Afj.exe
C:\WINNT\system32\Agb.exe
C:\WINNT\system32\Amg.exe
C:\WINNT\system32\Aqc.exe
C:\WINNT\system32\Arf.exe
C:\WINNT\system32\Aus.exe
C:\WINNT\system32\Bdb.exe
C:\WINNT\system32\Bhg.exe
C:\WINNT\system32\Bpf.exe
C:\WINNT\system32\Buv.exe
C:\WINNT\system32\Cjo.exe
C:\WINNT\system32\Cvn.exe
C:\WINNT\system32\Dde.exe
C:\WINNT\system32\Dep.exe
C:\WINNT\system32\Dhl.exe
C:\WINNT\system32\Din.exe
C:\WINNT\system32\Dmf.exe
C:\WINNT\system32\Ebb.exe
C:\WINNT\system32\Eld.exe
C:\WINNT\system32\Euk.exe
C:\WINNT\system32\Feq.exe
C:\WINNT\system32\Fiq.exe
C:\WINNT\system32\Fln.exe
C:\WINNT\system32\Fol.exe
C:\WINNT\system32\Fpt.exe
C:\WINNT\system32\Fvb.exe
C:\WINNT\system32\Gbf.exe
C:\WINNT\system32\Gdt.exe
C:\WINNT\system32\Ggi.exe
C:\WINNT\system32\Gob.exe
C:\WINNT\system32\Gqf.exe
C:\WINNT\system32\Grl.exe
C:\WINNT\system32\Gsv.exe
C:\WINNT\system32\Hei.exe
C:\WINNT\system32\Hfl.exe
C:\WINNT\system32\Hfv.exe
C:\WINNT\system32\Hgh.exe
C:\WINNT\system32\Hjo.exe
C:\WINNT\system32\Hko.exe
C:\WINNT\system32\Hoj.exe
C:\WINNT\system32\Hom.exe
C:\WINNT\system32\Hpo.exe
C:\WINNT\system32\Hqc.exe
C:\WINNT\system32\Hqh.exe
C:\WINNT\system32\Hrv.exe
C:\WINNT\system32\Ial.exe
C:\WINNT\system32\Ibu.exe
C:\WINNT\system32\Ibv.exe
C:\WINNT\system32\Ick.exe
C:\WINNT\system32\Idq.exe
C:\WINNT\system32\Jaj.exe
C:\WINNT\system32\Jcl.exe
C:\WINNT\system32\Jcr.exe
C:\WINNT\system32\Jhv.exe
C:\WINNT\system32\Jqs.exe
C:\WINNT\system32\Kbg.exe
C:\WINNT\system32\Kdo.exe
C:\WINNT\system32\Kvc.exe
C:\WINNT\system32\Las.exe
C:\WINNT\system32\Liu.exe
C:\WINNT\system32\Ljh.exe
C:\WINNT\system32\Lmc.exe
C:\WINNT\system32\Lor.exe
C:\WINNT\system32\Lqh.exe
C:\WINNT\system32\Lsn.exe
C:\WINNT\system32\Mhf.exe
C:\WINNT\system32\Mqq.exe
C:\WINNT\system32\Nfp.exe
C:\WINNT\system32\Nfq.exe
C:\WINNT\system32\Nkm.exe
C:\WINNT\system32\Nva.exe
C:\WINNT\system32\Odb.exe
C:\WINNT\system32\Odd.exe
C:\WINNT\system32\Onh.exe
C:\WINNT\system32\Ont.exe
C:\WINNT\system32\Osl.exe
C:\WINNT\system32\Pds.exe
C:\WINNT\system32\Phn.exe
C:\WINNT\system32\Plc.exe
C:\WINNT\system32\Pod.exe
C:\WINNT\system32\Qaf.exe
C:\WINNT\system32\Qbt.exe
C:\WINNT\system32\Qih.exe
C:\WINNT\system32\Qor.exe
C:\WINNT\system32\Qpj.exe
C:\WINNT\system32\Qps.exe
C:\WINNT\system32\Qsg.exe
C:\WINNT\system32\Qsl.exe
C:\WINNT\system32\Quo.exe
C:\WINNT\system32\Qve.exe
C:\WINNT\system32\Rdo.exe
C:\WINNT\system32\Rif.exe
C:\WINNT\system32\Ron.exe
C:\WINNT\system32\Rvp.exe
C:\WINNT\system32\Sbf.exe
C:\WINNT\system32\Sem.exe
C:\WINNT\system32\She.exe
C:\WINNT\system32\Sij.exe
C:\WINNT\system32\Src.exe
C:\WINNT\system32\Tcr.exe
C:\WINNT\system32\Tdd.exe
C:\WINNT\system32\Tec.exe
C:\WINNT\system32\Tgc.exe
C:\WINNT\system32\Tgf.exe
C:\WINNT\system32\Tto.exe
C:\WINNT\system32\Tud.exe
C:\WINNT\system32\Uab.exe
C:\WINNT\system32\Umu.exe
C:\WINNT\system32\Und.exe
C:\WINNT\system32\Urd.exe
C:\WINNT\system32\Vhk.exe
C:\WINNT\system32\Vin.exe
C:\WINNT\system32\Vje.exe
C:\WINNT\system32\Vqa.exe
C:\WINNT\system32\Vsa.exe
C:\WINNT\Adb.exe
C:\WINNT\Aet.exe
C:\WINNT\Afv.exe
C:\WINNT\Bcv.exe
C:\WINNT\Bft.exe
C:\WINNT\Bgg.exe
C:\WINNT\Bnk.exe
C:\WINNT\Bqk.exe
C:\WINNT\Ceg.exe
C:\WINNT\Coq.exe
C:\WINNT\Crs.exe
C:\WINNT\Cse.exe
C:\WINNT\Cvv.exe
C:\WINNT\Ddm.exe
C:\WINNT\Deg.exe
C:\WINNT\Duu.exe
C:\WINNT\Ecg.exe
C:\WINNT\Eep.exe
C:\WINNT\Elb.exe
C:\WINNT\Faf.exe
C:\WINNT\Fee.exe
C:\WINNT\Fgq.exe
C:\WINNT\Fif.exe
C:\WINNT\Fki.exe
C:\WINNT\Fkt.exe
C:\WINNT\Ftj.exe
C:\WINNT\Fun.exe
C:\WINNT\Fuv.exe
C:\WINNT\Fve.exe
C:\WINNT\Gcf.exe
C:\WINNT\Gro.exe
C:\WINNT\Gtm.exe
C:\WINNT\Hdb.exe
C:\WINNT\Hfk.exe
C:\WINNT\Hgk.exe
C:\WINNT\Hld.exe
C:\WINNT\Hnj.exe
C:\WINNT\Iab.exe
C:\WINNT\Ibf.exe
C:\WINNT\Igm.exe
C:\WINNT\Iir.exe
C:\WINNT\Ijc.exe
C:\WINNT\Ijm.exe
C:\WINNT\Ilc.exe
C:\WINNT\Inj.exe
C:\WINNT\Jdf.exe
C:\WINNT\Jdi.exe
C:\WINNT\Jfj.exe
C:\WINNT\Jlj.exe
C:\WINNT\Jno.exe
C:\WINNT\Juu.exe
C:\WINNT\Kda.exe
C:\WINNT\Kek.exe
C:\WINNT\Khr.exe
C:\WINNT\Kiu.exe
C:\WINNT\Kja.exe
C:\WINNT\Kjr.exe
C:\WINNT\Lfh.exe
C:\WINNT\Lqn.exe
C:\WINNT\Mah.exe
C:\WINNT\Mdg.exe
C:\WINNT\Mlg.exe
C:\WINNT\Mma.exe
C:\WINNT\Nbr.exe
C:\WINNT\Nid.exe
C:\WINNT\Nto.exe
C:\WINNT\Ntt.exe
C:\WINNT\Obm.exe
C:\WINNT\Oda.exe
C:\WINNT\Oge.exe
C:\WINNT\Ota.exe
C:\WINNT\Ovc.exe
C:\WINNT\Pdf.exe
C:\WINNT\Psr.exe
C:\WINNT\Qdr.exe
C:\WINNT\Qnc.exe
C:\WINNT\Qnq.exe
C:\WINNT\Qtb.exe
C:\WINNT\Rbm.exe
C:\WINNT\Rdh.exe
C:\WINNT\Roe.exe
C:\WINNT\Rph.exe
C:\WINNT\Rrm.exe
C:\WINNT\Rsp.exe
C:\WINNT\Svl.exe
C:\WINNT\Svv.exe
C:\WINNT\Tev.exe
C:\WINNT\Tla.exe
C:\WINNT\Unu.exe
C:\WINNT\Uoh.exe
C:\WINNT\Uqj.exe
C:\WINNT\Vfe.exe
C:\WINNT\Vgi.exe
C:\WINNT\Vha.exe
C:\WINNT\Vki.exe
C:\WINNT\Vsd.exe
C:\WINNT\Vtk.exe
desktop.html found and deleted.

Here is the HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 7:25:48 PM, on 4/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\System32\hphmon06.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINNT\SM1BG.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\winupdate72981096[1].exe
C:\WINNT\System32\HPZipm12.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp3B.tmp
C:\WINNT\System32\open32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Owner\Desktop\hijackthis.exe
C:\WINNT\explorer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINNT\System32\DSMANA~1.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINNT\System32\hphmon06.exe
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [Vrb] C:\WINNT\System32\Jcl.exe
O4 - HKLM\..\Run: [Voa] C:\WINNT\Fun.exe
O4 - HKLM\..\Run: [Vmm] C:\WINNT\System32\Vqa.exe
O4 - HKLM\..\Run: [Vmc] C:\WINNT\Kja.exe
O4 - HKLM\..\Run: [Vli] C:\WINNT\System32\Hoj.exe
O4 - HKLM\..\Run: [Viu] C:\WINNT\System32\Jcr.exe
O4 - HKLM\..\Run: [Vho] C:\WINNT\Inj.exe
O4 - HKLM\..\Run: [Vfv] C:\WINNT\System32\Dmf.exe
O4 - HKLM\..\Run: [Vfe] C:\WINNT\System32\Odd.exe
O4 - HKLM\..\Run: [Vda] C:\WINNT\System32\Arf.exe
O4 - HKLM\..\Run: [Vco] C:\WINNT\System32\Lsn.exe
O4 - HKLM\..\Run: [Urr] C:\WINNT\Nbr.exe
O4 - HKLM\..\Run: [Uji] C:\WINNT\Coq.exe
O4 - HKLM\..\Run: [Uhd] C:\WINNT\System32\Qbt.exe
O4 - HKLM\..\Run: [Udp] C:\WINNT\System32\Nkm.exe
O4 - HKLM\..\Run: [Udm] C:\WINNT\Jdf.exe
O4 - HKLM\..\Run: [Tsu] C:\WINNT\System32\Gbf.exe
O4 - HKLM\..\Run: [Tpn] C:\WINNT\Fgq.exe
O4 - HKLM\..\Run: [Thh] C:\WINNT\Vgi.exe
O4 - HKLM\..\Run: [Tgb] C:\WINNT\System32\Gqf.exe
O4 - HKLM\..\Run: [Tep] C:\WINNT\System32\Jaj.exe
O4 - HKLM\..\Run: [Tdo] C:\WINNT\System32\Vin.exe
O4 - HKLM\..\Run: [Tap] C:\WINNT\Ftj.exe
O4 - HKLM\..\Run: [Spj] C:\WINNT\System32\Fpt.exe
O4 - HKLM\..\Run: [Spa] C:\WINNT\System32\Buv.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Sjq] C:\WINNT\Jfj.exe
O4 - HKLM\..\Run: [Shd] C:\WINNT\System32\Tcr.exe
O4 - HKLM\..\Run: [Sgs] C:\WINNT\Elb.exe
O4 - HKLM\..\Run: [Sft] C:\WINNT\Nid.exe
O4 - HKLM\..\Run: [Sec] C:\WINNT\Lqn.exe
O4 - HKLM\..\Run: [Sbd] C:\WINNT\System32\Mqq.exe
O4 - HKLM\..\Run: [Rvo] C:\WINNT\System32\Hqh.exe
O4 - HKLM\..\Run: [Rve] C:\WINNT\Cvv.exe
O4 - HKLM\..\Run: [Ruv] C:\WINNT\Pdf.exe
O4 - HKLM\..\Run: [Rrv] C:\WINNT\System32\Hei.exe
O4 - HKLM\..\Run: [Rrs] C:\WINNT\System32\Und.exe
O4 - HKLM\..\Run: [Rrg] C:\WINNT\System32\Tto.exe
O4 - HKLM\..\Run: [Rqm] C:\WINNT\System32\Uab.exe
O4 - HKLM\..\Run: [Rnh] C:\WINNT\System32\Odb.exe
O4 - HKLM\..\Run: [Rmc] C:\WINNT\System32\Agb.exe
O4 - HKLM\..\Run: [Rlq] C:\WINNT\System32\Mhf.exe
O4 - HKLM\..\Run: [Rkv] C:\WINNT\System32\Bhg.exe
O4 - HKLM\..\Run: [Rir] C:\WINNT\System32\Lmc.exe
O4 - HKLM\..\Run: [Rga] C:\WINNT\Bnk.exe
O4 - HKLM\..\Run: [Reb] C:\WINNT\System32\Amg.exe
O4 - HKLM\..\Run: [Rde] C:\WINNT\Jno.exe
O4 - HKLM\..\Run: [Rcn] C:\WINNT\System32\Aah.exe
O4 - HKLM\..\Run: [Rbo] C:\WINNT\System32\Dde.exe
O4 - HKLM\..\Run: [Rbg] C:\WINNT\System32\Qsl.exe
O4 - HKLM\..\Run: [Qqk] C:\WINNT\System32\Ebb.exe
O4 - HKLM\..\Run: [Qph] C:\WINNT\Rrm.exe
O4 - HKLM\..\Run: [Qns] C:\WINNT\Ota.exe
O4 - HKLM\..\Run: [Qni] C:\WINNT\Mah.exe
O4 - HKLM\..\Run: [Qkv] C:\WINNT\Eep.exe
O4 - HKLM\..\Run: [Qik] C:\WINNT\System32\Qsg.exe
O4 - HKLM\..\Run: [Qgl] C:\WINNT\System32\Fln.exe
O4 - HKLM\..\Run: [Qes] C:\WINNT\System32\Rvp.exe
O4 - HKLM\..\Run: [Qas] C:\WINNT\System32\Pds.exe
O4 - HKLM\..\Run: [Qao] C:\WINNT\Deg.exe
O4 - HKLM\..\Run: [Qad] C:\WINNT\System32\Vsa.exe
O4 - HKLM\..\Run: [Pvq] C:\WINNT\System32\Aus.exe
O4 - HKLM\..\Run: [Psh] C:\WINNT\Faf.exe
O4 - HKLM\..\Run: [Pos] C:\WINNT\Mma.exe
O4 - HKLM\..\Run: [Pog] C:\WINNT\System32\Qih.exe
O4 - HKLM\..\Run: [Plc] C:\WINNT\Hgk.exe
O4 - HKLM\..\Run: [Pjn] C:\WINNT\System32\Ibv.exe
O4 - HKLM\..\Run: [Pjg] C:\WINNT\Mdg.exe
O4 - HKLM\..\Run: [Pip] C:\WINNT\Ecg.exe
O4 - HKLM\..\Run: [Pco] C:\WINNT\Vki.exe
O4 - HKLM\..\Run: [Pau] C:\WINNT\System32\Sbf.exe
O4 - HKLM\..\Run: [Paa] C:\WINNT\System32\She.exe
O4 - HKLM\..\Run: [Ous] C:\WINNT\Ddm.exe
O4 - HKLM\..\Run: [Oss] C:\WINNT\Adb.exe
O4 - HKLM\..\Run: [Opt] C:\WINNT\Ilc.exe
O4 - HKLM\..\Run: [Okg] C:\WINNT\Gro.exe
O4 - HKLM\..\Run: [Ohs] C:\WINNT\System32\Liu.exe
O4 - HKLM\..\Run: [Odq] C:\WINNT\Fuv.exe
O4 - HKLM\..\Run: [Oaj] C:\WINNT\System32\Eld.exe
O4 - HKLM\..\Run: [Ntu] C:\WINNT\Iir.exe
O4 - HKLM\..\Run: [Nsg] C:\WINNT\Mlg.exe
O4 - HKLM\..\Run: [Nro] C:\WINNT\System32\Qve.exe
O4 - HKLM\..\Run: [Nrk] C:\WINNT\Iab.exe
O4 - HKLM\..\Run: [Nrc] C:\WINNT\Qnq.exe
O4 - HKLM\..\Run: [Noa] C:\WINNT\System32\Qps.exe
O4 - HKLM\..\Run: [Nmq] C:\WINNT\Fkt.exe
O4 - HKLM\..\Run: [Nge] C:\WINNT\System32\Hjo.exe
O4 - HKLM\..\Run: [Ndq] C:\WINNT\Gtm.exe
O4 - HKLM\..\Run: [Muh] C:\WINNT\Hld.exe
O4 - HKLM\..\Run: [Mri] C:\WINNT\System32\Vje.exe
O4 - HKLM\..\Run: [Mpc] C:\WINNT\System32\Tdd.exe
O4 - HKLM\..\Run: [Mnf] C:\WINNT\System32\Qpj.exe
O4 - HKLM\..\Run: [Mmu] C:\WINNT\Igm.exe
O4 - HKLM\..\Run: [Mmi] C:\WINNT\Qtb.exe
O4 - HKLM\..\Run: [Mlj] C:\WINNT\Vtk.exe
O4 - HKLM\..\Run: [Miv] C:\WINNT\System32\Fvb.exe
O4 - HKLM\..\Run: [Mie] C:\WINNT\System32\Bpf.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Mht] C:\WINNT\System32\Jqs.exe
O4 - HKLM\..\Run: [Meo] C:\WINNT\System32\Hqc.exe
O4 - HKLM\..\Run: [Mdu] C:\WINNT\Bcv.exe
O4 - HKLM\..\Run: [Mbo] C:\WINNT\Ceg.exe
O4 - HKLM\..\Run: [Mbn] C:\WINNT\System32\Hfv.exe
O4 - HKLM\..\Run: [Lvm] C:\WINNT\System32\Osl.exe
O4 - HKLM\..\Run: [Lru] C:\WINNT\System32\Acp.exe
O4 - HKLM\..\Run: [Loh] C:\WINNT\Kjr.exe
O4 - HKLM\..\Run: [Ljn] C:\WINNT\System32\Ial.exe
O4 - HKLM\..\Run: [Lid] C:\WINNT\System32\Lor.exe
O4 - HKLM\..\Run: [Kvi] C:\WINNT\Kek.exe
O4 - HKLM\..\Run: [Kra] C:\WINNT\System32\Idq.exe
O4 - HKLM\..\Run: [Kns] C:\WINNT\Tla.exe
O4 - HKLM\..\Run: [Kiv] C:\WINNT\Khr.exe
O4 - HKLM\..\Run: [Kio] C:\WINNT\System32\Ggi.exe
O4 - HKLM\..\Run: [Kie] C:\WINNT\System32\Hfl.exe
O4 - HKLM\..\Run: [Khd] C:\WINNT\System32\Phn.exe
O4 - HKLM\..\Run: [Kgk] C:\WINNT\System32\Ont.exe
O4 - HKLM\..\Run: [Kfv] C:\WINNT\System32\Cjo.exe
O4 - HKLM\..\Run: [Juh] C:\WINNT\Jdi.exe
O4 - HKLM\..\Run: [Jqd] C:\WINNT\Fve.exe
O4 - HKLM\..\Run: [Jpi] C:\WINNT\System32\Tud.exe
O4 - HKLM\..\Run: [Jld] C:\WINNT\Bft.exe
O4 - HKLM\..\Run: [Jkm] C:\WINNT\Rbm.exe
O4 - HKLM\..\Run: [Jhe] C:\WINNT\System32\Umu.exe
O4 - HKLM\..\Run: [Jeq] C:\WINNT\Tev.exe
O4 - HKLM\..\Run: [Jbs] C:\WINNT\Rsp.exe
O4 - HKLM\..\Run: [Jbc] C:\WINNT\System32\Aqc.exe
O4 - HKLM\..\Run: [Iuu] C:\WINNT\System32\Tec.exe
O4 - HKLM\..\Run: [Iuj] C:\WINNT\System32\Nfp.exe
O4 - HKLM\..\Run: [Isu] C:\WINNT\System32\Ljh.exe
O4 - HKLM\..\Run: [Ior] C:\WINNT\System32\Qaf.exe
O4 - HKLM\..\Run: [Ikj] C:\WINNT\Svl.exe
O4 - HKLM\..\Run: [Igm] C:\WINNT\System32\Onh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [Ifr] C:\WINNT\Bqk.exe
O4 - HKLM\..\Run: [Ifd] C:\WINNT\System32\Sem.exe
O4 - HKLM\..\Run: [Icf] C:\WINNT\Kda.exe
O4 - HKLM\..\Run: [Hra] C:\WINNT\System32\Ibu.exe
O4 - HKLM\..\Run: [Hqh] C:\WINNT\System32\Quo.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hnn] C:\WINNT\Roe.exe
O4 - HKLM\..\Run: [Hme] C:\WINNT\System32\Vhk.exe
O4 - HKLM\..\Run: [Hkk] C:\WINNT\System32\Dep.exe
O4 - HKLM\..\Run: [Hge] C:\WINNT\System32\Hom.exe
O4 - HKLM\..\Run: [Hdh] C:\WINNT\System32\Src.exe
O4 - HKLM\..\Run: [Hbp] C:\WINNT\System32\Hko.exe
O4 - HKLM\..\Run: [Hbm] C:\WINNT\Unu.exe
O4 - HKLM\..\Run: [Hbl] C:\WINNT\Ijc.exe
O4 - HKLM\..\Run: [Hap] C:\WINNT\Fee.exe
O4 - HKLM\..\Run: [Guo] C:\WINNT\Duu.exe
O4 - HKLM\..\Run: [Gtn] C:\WINNT\System32\Plc.exe
O4 - HKLM\..\Run: [Gst] C:\WINNT\Fif.exe
O4 - HKLM\..\Run: [Gsk] C:\WINNT\Aet.exe
O4 - HKLM\..\Run: [Gsj] C:\WINNT\Qdr.exe
O4 - HKLM\..\Run: [Gsg] C:\WINNT\System32\Gdt.exe
O4 - HKLM\..\Run: [Grp] C:\WINNT\System32\Tgf.exe
O4 - HKLM\..\Run: [Gqk] C:\WINNT\System32\Din.exe
O4 - HKLM\..\Run: [Goi] C:\WINNT\System32\Sij.exe
O4 - HKLM\..\Run: [Gmi] C:\WINNT\System32\Feq.exe
O4 - HKLM\..\Run: [Gls] C:\WINNT\System32\Cvn.exe
O4 - HKLM\..\Run: [Glf] C:\WINNT\Hnj.exe
O4 - HKLM\..\Run: [Ghe] C:\WINNT\Kiu.exe
O4 - HKLM\..\Run: [Gfc] C:\WINNT\Hdb.exe
O4 - HKLM\..\Run: [Gdn] C:\WINNT\System32\Nfq.exe
O4 - HKLM\..\Run: [Fsr] C:\WINNT\Lfh.exe
O4 - HKLM\..\Run: [Fsd] C:\WINNT\Ovc.exe
O4 - HKLM\..\Run: [Frq] C:\WINNT\System32\Lqh.exe
O4 - HKLM\..\Run: [Fqj] C:\WINNT\Ntt.exe
O4 - HKLM\..\Run: [Flh] C:\WINNT\System32\Bdb.exe
O4 - HKLM\..\Run: [Fkm] C:\WINNT\System32\Hrv.exe
O4 - HKLM\..\Run: [Fhi] C:\WINNT\Nto.exe
O4 - HKLM\..\Run: [Fga] C:\WINNT\Rph.exe
O4 - HKLM\..\Run: [Ffp] C:\WINNT\System32\Tgc.exe
O4 - HKLM\..\Run: [Fdm] C:\WINNT\Svv.exe
O4 - HKLM\..\Run: [Fbg] C:\WINNT\System32\Kbg.exe
O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe
O4 - HKLM\..\Run: [Fan] C:\WINNT\System32\Dhl.exe
O4 - HKLM\..\Run: [Evo] C:\WINNT\System32\Euk.exe
O4 - HKLM\..\Run: [Ett] C:\WINNT\System32\Jhv.exe
O4 - HKLM\..\Run: [Ern] C:\WINNT\Oda.exe
O4 - HKLM\..\Run: [Erg] C:\WINNT\System32\Ick.exe
O4 - HKLM\..\Run: [Eos] C:\WINNT\Oge.exe
O4 - HKLM\..\Run: [Ent] C:\WINNT\Vfe.exe
O4 - HKLM\..\Run: [Ehv] C:\WINNT\System32\Fol.exe
O4 - HKLM\..\Run: [Egs] C:\WINNT\System32\Rif.exe
O4 - HKLM\..\Run: [Efq] C:\WINNT\Hfk.exe
O4 - HKLM\..\Run: [Ect] C:\WINNT\Juu.exe
O4 - HKLM\..\Run: [Ecf] C:\WINNT\System32\Rdo.exe
O4 - HKLM\..\Run: [Dvn] C:\WINNT\Gcf.exe
O4 - HKLM\..\Run: [Dtt] C:\WINNT\System32\Fiq.exe
O4 - HKLM\..\Run: [Dti] C:\WINNT\Qnc.exe
O4 - HKLM\..\Run: [Dks] C:\WINNT\Jlj.exe
O4 - HKLM\..\Run: [Djn] C:\WINNT\System32\Nva.exe
O4 - HKLM\..\Run: [Dah] C:\WINNT\Vsd.exe
O4 - HKLM\..\Run: [Cqk] C:\WINNT\System32\Gob.exe
O4 - HKLM\..\Run: [Cqb] C:\WINNT\Ibf.exe
O4 - HKLM\..\Run: [Cep] C:\WINNT\Rdh.exe
O4 - HKLM\..\Run: [Cdq] C:\WINNT\System32\Grl.exe
O4 - HKLM\..\Run: [Bsu] C:\WINNT\System32\Kdo.exe
O4 - HKLM\..\Run: [Brg] C:\WINNT\Bgg.exe
O4 - HKLM\..\Run: [Brc] C:\WINNT\System32\Urd.exe
O4 - HKLM\..\Run: [Bmm] C:\WINNT\System32\Pod.exe
O4 - HKLM\..\Run: [Bks] C:\WINNT\Vha.exe
O4 - HKLM\..\Run: [Bje] C:\WINNT\Ijm.exe
O4 - HKLM\..\Run: [Bfg] C:\WINNT\System32\Gsv.exe
O4 - HKLM\..\Run: [Bda] C:\WINNT\Obm.exe
O4 - HKLM\..\Run: [Apn] C:\WINNT\System32\Kvc.exe
O4 - HKLM\..\Run: [Acr] C:\WINNT\System32\Hgh.exe
O4 - HKLM\..\Run: [Acn] C:\WINNT\System32\Acs.exe
O4 - HKLM\..\Run: [Abo] C:\WINNT\Afv.exe
O4 - HKLM\..\Run: [Aav] C:\WINNT\System32\Afj.exe
O4 - HKLM\..\Run: [Tme] C:\WINNT\Uqj.exe
O4 - HKLM\..\Run: [Afu] C:\WINNT\Fki.exe
O4 - HKLM\..\Run: [Bkh] C:\WINNT\Psr.exe
O4 - HKLM\..\Run: [Vlp] C:\WINNT\Crs.exe
O4 - HKLM\..\Run: [Boo] C:\WINNT\System32\Ron.exe
O4 - HKLM\..\Run: [Dgc] C:\WINNT\System32\Hpo.exe
O4 - HKLM\..\Run: [Hnv] C:\WINNT\Cse.exe
O4 - HKLM\..\Run: [Ino] C:\WINNT\System32\Las.exe
O4 - HKLM\..\Run: [Mpl] C:\WINNT\System32\Qor.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tme] C:\WINNT\Uqj.exe
O4 - HKCU\..\Run: [Afu] C:\WINNT\Fki.exe
O4 - HKCU\..\Run: [Bkh] C:\WINNT\Psr.exe
O4 - HKCU\..\Run: [Vlp] C:\WINNT\Crs.exe
O4 - HKCU\..\Run: [Boo] C:\WINNT\System32\Ron.exe
O4 - HKCU\..\Run: [Dgc] C:\WINNT\System32\Hpo.exe
O4 - HKCU\..\Run: [Hnv] C:\WINNT\Cse.exe
O4 - HKCU\..\Run: [Ino] C:\WINNT\System32\Las.exe
O4 - HKCU\..\Run: [Mpl] C:\WINNT\System32\Qor.exe
O4 - Startup: winupdate72981096[1].exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

#5
Hemal
Posted 27 April 2005 - 06:46 PM

Hemal

    Founding Fart

  • Technician
  • 1,470 posts
Did you follow the recomendations here?

if not please do so- then reboot your computer and post back with a new complete log including the top part- it is important to us :tazz:
  • 0

#6
kgolfin
Posted 27 April 2005 - 07:00 PM

kgolfin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Yes, I did it the first time and then followed the 2nd set of instructions. Do I need to do that again?
  • 0

#7
Metallica
Posted 28 April 2005 - 05:11 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Let's make that log a lot shorter first. :tazz:

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)

O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINNT\System32\DSMANA~1.DLL

O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [Vrb] C:\WINNT\System32\Jcl.exe
O4 - HKLM\..\Run: [Voa] C:\WINNT\Fun.exe
O4 - HKLM\..\Run: [Vmm] C:\WINNT\System32\Vqa.exe
O4 - HKLM\..\Run: [Vmc] C:\WINNT\Kja.exe
O4 - HKLM\..\Run: [Vli] C:\WINNT\System32\Hoj.exe
O4 - HKLM\..\Run: [Viu] C:\WINNT\System32\Jcr.exe
O4 - HKLM\..\Run: [Vho] C:\WINNT\Inj.exe
O4 - HKLM\..\Run: [Vfv] C:\WINNT\System32\Dmf.exe
O4 - HKLM\..\Run: [Vfe] C:\WINNT\System32\Odd.exe
O4 - HKLM\..\Run: [Vda] C:\WINNT\System32\Arf.exe
O4 - HKLM\..\Run: [Vco] C:\WINNT\System32\Lsn.exe
O4 - HKLM\..\Run: [Urr] C:\WINNT\Nbr.exe
O4 - HKLM\..\Run: [Uji] C:\WINNT\Coq.exe
O4 - HKLM\..\Run: [Uhd] C:\WINNT\System32\Qbt.exe
O4 - HKLM\..\Run: [Udp] C:\WINNT\System32\Nkm.exe
O4 - HKLM\..\Run: [Udm] C:\WINNT\Jdf.exe
O4 - HKLM\..\Run: [Tsu] C:\WINNT\System32\Gbf.exe
O4 - HKLM\..\Run: [Tpn] C:\WINNT\Fgq.exe
O4 - HKLM\..\Run: [Thh] C:\WINNT\Vgi.exe
O4 - HKLM\..\Run: [Tgb] C:\WINNT\System32\Gqf.exe
O4 - HKLM\..\Run: [Tep] C:\WINNT\System32\Jaj.exe
O4 - HKLM\..\Run: [Tdo] C:\WINNT\System32\Vin.exe
O4 - HKLM\..\Run: [Tap] C:\WINNT\Ftj.exe
O4 - HKLM\..\Run: [Spj] C:\WINNT\System32\Fpt.exe
O4 - HKLM\..\Run: [Spa] C:\WINNT\System32\Buv.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Sjq] C:\WINNT\Jfj.exe
O4 - HKLM\..\Run: [Shd] C:\WINNT\System32\Tcr.exe
O4 - HKLM\..\Run: [Sgs] C:\WINNT\Elb.exe
O4 - HKLM\..\Run: [Sft] C:\WINNT\Nid.exe
O4 - HKLM\..\Run: [Sec] C:\WINNT\Lqn.exe
O4 - HKLM\..\Run: [Sbd] C:\WINNT\System32\Mqq.exe
O4 - HKLM\..\Run: [Rvo] C:\WINNT\System32\Hqh.exe
O4 - HKLM\..\Run: [Rve] C:\WINNT\Cvv.exe
O4 - HKLM\..\Run: [Ruv] C:\WINNT\Pdf.exe
O4 - HKLM\..\Run: [Rrv] C:\WINNT\System32\Hei.exe
O4 - HKLM\..\Run: [Rrs] C:\WINNT\System32\Und.exe
O4 - HKLM\..\Run: [Rrg] C:\WINNT\System32\Tto.exe
O4 - HKLM\..\Run: [Rqm] C:\WINNT\System32\Uab.exe
O4 - HKLM\..\Run: [Rnh] C:\WINNT\System32\Odb.exe
O4 - HKLM\..\Run: [Rmc] C:\WINNT\System32\Agb.exe
O4 - HKLM\..\Run: [Rlq] C:\WINNT\System32\Mhf.exe
O4 - HKLM\..\Run: [Rkv] C:\WINNT\System32\Bhg.exe
O4 - HKLM\..\Run: [Rir] C:\WINNT\System32\Lmc.exe
O4 - HKLM\..\Run: [Rga] C:\WINNT\Bnk.exe
O4 - HKLM\..\Run: [Reb] C:\WINNT\System32\Amg.exe
O4 - HKLM\..\Run: [Rde] C:\WINNT\Jno.exe
O4 - HKLM\..\Run: [Rcn] C:\WINNT\System32\Aah.exe
O4 - HKLM\..\Run: [Rbo] C:\WINNT\System32\Dde.exe
O4 - HKLM\..\Run: [Rbg] C:\WINNT\System32\Qsl.exe
O4 - HKLM\..\Run: [Qqk] C:\WINNT\System32\Ebb.exe
O4 - HKLM\..\Run: [Qph] C:\WINNT\Rrm.exe
O4 - HKLM\..\Run: [Qns] C:\WINNT\Ota.exe
O4 - HKLM\..\Run: [Qni] C:\WINNT\Mah.exe
O4 - HKLM\..\Run: [Qkv] C:\WINNT\Eep.exe
O4 - HKLM\..\Run: [Qik] C:\WINNT\System32\Qsg.exe
O4 - HKLM\..\Run: [Qgl] C:\WINNT\System32\Fln.exe
O4 - HKLM\..\Run: [Qes] C:\WINNT\System32\Rvp.exe
O4 - HKLM\..\Run: [Qas] C:\WINNT\System32\Pds.exe
O4 - HKLM\..\Run: [Qao] C:\WINNT\Deg.exe
O4 - HKLM\..\Run: [Qad] C:\WINNT\System32\Vsa.exe
O4 - HKLM\..\Run: [Pvq] C:\WINNT\System32\Aus.exe
O4 - HKLM\..\Run: [Psh] C:\WINNT\Faf.exe
O4 - HKLM\..\Run: [Pos] C:\WINNT\Mma.exe
O4 - HKLM\..\Run: [Pog] C:\WINNT\System32\Qih.exe
O4 - HKLM\..\Run: [Plc] C:\WINNT\Hgk.exe
O4 - HKLM\..\Run: [Pjn] C:\WINNT\System32\Ibv.exe
O4 - HKLM\..\Run: [Pjg] C:\WINNT\Mdg.exe
O4 - HKLM\..\Run: [Pip] C:\WINNT\Ecg.exe
O4 - HKLM\..\Run: [Pco] C:\WINNT\Vki.exe
O4 - HKLM\..\Run: [Pau] C:\WINNT\System32\Sbf.exe
O4 - HKLM\..\Run: [Paa] C:\WINNT\System32\She.exe
O4 - HKLM\..\Run: [Ous] C:\WINNT\Ddm.exe
O4 - HKLM\..\Run: [Oss] C:\WINNT\Adb.exe
O4 - HKLM\..\Run: [Opt] C:\WINNT\Ilc.exe
O4 - HKLM\..\Run: [Okg] C:\WINNT\Gro.exe
O4 - HKLM\..\Run: [Ohs] C:\WINNT\System32\Liu.exe
O4 - HKLM\..\Run: [Odq] C:\WINNT\Fuv.exe
O4 - HKLM\..\Run: [Oaj] C:\WINNT\System32\Eld.exe
O4 - HKLM\..\Run: [Ntu] C:\WINNT\Iir.exe
O4 - HKLM\..\Run: [Nsg] C:\WINNT\Mlg.exe
O4 - HKLM\..\Run: [Nro] C:\WINNT\System32\Qve.exe
O4 - HKLM\..\Run: [Nrk] C:\WINNT\Iab.exe
O4 - HKLM\..\Run: [Nrc] C:\WINNT\Qnq.exe
O4 - HKLM\..\Run: [Noa] C:\WINNT\System32\Qps.exe
O4 - HKLM\..\Run: [Nmq] C:\WINNT\Fkt.exe
O4 - HKLM\..\Run: [Nge] C:\WINNT\System32\Hjo.exe
O4 - HKLM\..\Run: [Ndq] C:\WINNT\Gtm.exe
O4 - HKLM\..\Run: [Muh] C:\WINNT\Hld.exe
O4 - HKLM\..\Run: [Mri] C:\WINNT\System32\Vje.exe
O4 - HKLM\..\Run: [Mpc] C:\WINNT\System32\Tdd.exe
O4 - HKLM\..\Run: [Mnf] C:\WINNT\System32\Qpj.exe
O4 - HKLM\..\Run: [Mmu] C:\WINNT\Igm.exe
O4 - HKLM\..\Run: [Mmi] C:\WINNT\Qtb.exe
O4 - HKLM\..\Run: [Mlj] C:\WINNT\Vtk.exe
O4 - HKLM\..\Run: [Miv] C:\WINNT\System32\Fvb.exe
O4 - HKLM\..\Run: [Mie] C:\WINNT\System32\Bpf.exe

O4 - HKLM\..\Run: [Mht] C:\WINNT\System32\Jqs.exe
O4 - HKLM\..\Run: [Meo] C:\WINNT\System32\Hqc.exe
O4 - HKLM\..\Run: [Mdu] C:\WINNT\Bcv.exe
O4 - HKLM\..\Run: [Mbo] C:\WINNT\Ceg.exe
O4 - HKLM\..\Run: [Mbn] C:\WINNT\System32\Hfv.exe
O4 - HKLM\..\Run: [Lvm] C:\WINNT\System32\Osl.exe
O4 - HKLM\..\Run: [Lru] C:\WINNT\System32\Acp.exe
O4 - HKLM\..\Run: [Loh] C:\WINNT\Kjr.exe
O4 - HKLM\..\Run: [Ljn] C:\WINNT\System32\Ial.exe
O4 - HKLM\..\Run: [Lid] C:\WINNT\System32\Lor.exe
O4 - HKLM\..\Run: [Kvi] C:\WINNT\Kek.exe
O4 - HKLM\..\Run: [Kra] C:\WINNT\System32\Idq.exe
O4 - HKLM\..\Run: [Kns] C:\WINNT\Tla.exe
O4 - HKLM\..\Run: [Kiv] C:\WINNT\Khr.exe
O4 - HKLM\..\Run: [Kio] C:\WINNT\System32\Ggi.exe
O4 - HKLM\..\Run: [Kie] C:\WINNT\System32\Hfl.exe
O4 - HKLM\..\Run: [Khd] C:\WINNT\System32\Phn.exe
O4 - HKLM\..\Run: [Kgk] C:\WINNT\System32\Ont.exe
O4 - HKLM\..\Run: [Kfv] C:\WINNT\System32\Cjo.exe
O4 - HKLM\..\Run: [Juh] C:\WINNT\Jdi.exe
O4 - HKLM\..\Run: [Jqd] C:\WINNT\Fve.exe
O4 - HKLM\..\Run: [Jpi] C:\WINNT\System32\Tud.exe
O4 - HKLM\..\Run: [Jld] C:\WINNT\Bft.exe
O4 - HKLM\..\Run: [Jkm] C:\WINNT\Rbm.exe
O4 - HKLM\..\Run: [Jhe] C:\WINNT\System32\Umu.exe
O4 - HKLM\..\Run: [Jeq] C:\WINNT\Tev.exe
O4 - HKLM\..\Run: [Jbs] C:\WINNT\Rsp.exe
O4 - HKLM\..\Run: [Jbc] C:\WINNT\System32\Aqc.exe
O4 - HKLM\..\Run: [Iuu] C:\WINNT\System32\Tec.exe
O4 - HKLM\..\Run: [Iuj] C:\WINNT\System32\Nfp.exe
O4 - HKLM\..\Run: [Isu] C:\WINNT\System32\Ljh.exe
O4 - HKLM\..\Run: [Ior] C:\WINNT\System32\Qaf.exe
O4 - HKLM\..\Run: [Ikj] C:\WINNT\Svl.exe
O4 - HKLM\..\Run: [Igm] C:\WINNT\System32\Onh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [Ifr] C:\WINNT\Bqk.exe
O4 - HKLM\..\Run: [Ifd] C:\WINNT\System32\Sem.exe
O4 - HKLM\..\Run: [Icf] C:\WINNT\Kda.exe
O4 - HKLM\..\Run: [Hra] C:\WINNT\System32\Ibu.exe
O4 - HKLM\..\Run: [Hqh] C:\WINNT\System32\Quo.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hnn] C:\WINNT\Roe.exe
O4 - HKLM\..\Run: [Hme] C:\WINNT\System32\Vhk.exe
O4 - HKLM\..\Run: [Hkk] C:\WINNT\System32\Dep.exe
O4 - HKLM\..\Run: [Hge] C:\WINNT\System32\Hom.exe
O4 - HKLM\..\Run: [Hdh] C:\WINNT\System32\Src.exe
O4 - HKLM\..\Run: [Hbp] C:\WINNT\System32\Hko.exe
O4 - HKLM\..\Run: [Hbm] C:\WINNT\Unu.exe
O4 - HKLM\..\Run: [Hbl] C:\WINNT\Ijc.exe
O4 - HKLM\..\Run: [Hap] C:\WINNT\Fee.exe
O4 - HKLM\..\Run: [Guo] C:\WINNT\Duu.exe
O4 - HKLM\..\Run: [Gtn] C:\WINNT\System32\Plc.exe
O4 - HKLM\..\Run: [Gst] C:\WINNT\Fif.exe
O4 - HKLM\..\Run: [Gsk] C:\WINNT\Aet.exe
O4 - HKLM\..\Run: [Gsj] C:\WINNT\Qdr.exe
O4 - HKLM\..\Run: [Gsg] C:\WINNT\System32\Gdt.exe
O4 - HKLM\..\Run: [Grp] C:\WINNT\System32\Tgf.exe
O4 - HKLM\..\Run: [Gqk] C:\WINNT\System32\Din.exe
O4 - HKLM\..\Run: [Goi] C:\WINNT\System32\Sij.exe
O4 - HKLM\..\Run: [Gmi] C:\WINNT\System32\Feq.exe
O4 - HKLM\..\Run: [Gls] C:\WINNT\System32\Cvn.exe
O4 - HKLM\..\Run: [Glf] C:\WINNT\Hnj.exe
O4 - HKLM\..\Run: [Ghe] C:\WINNT\Kiu.exe
O4 - HKLM\..\Run: [Gfc] C:\WINNT\Hdb.exe
O4 - HKLM\..\Run: [Gdn] C:\WINNT\System32\Nfq.exe
O4 - HKLM\..\Run: [Fsr] C:\WINNT\Lfh.exe
O4 - HKLM\..\Run: [Fsd] C:\WINNT\Ovc.exe
O4 - HKLM\..\Run: [Frq] C:\WINNT\System32\Lqh.exe
O4 - HKLM\..\Run: [Fqj] C:\WINNT\Ntt.exe
O4 - HKLM\..\Run: [Flh] C:\WINNT\System32\Bdb.exe
O4 - HKLM\..\Run: [Fkm] C:\WINNT\System32\Hrv.exe
O4 - HKLM\..\Run: [Fhi] C:\WINNT\Nto.exe
O4 - HKLM\..\Run: [Fga] C:\WINNT\Rph.exe
O4 - HKLM\..\Run: [Ffp] C:\WINNT\System32\Tgc.exe
O4 - HKLM\..\Run: [Fdm] C:\WINNT\Svv.exe
O4 - HKLM\..\Run: [Fbg] C:\WINNT\System32\Kbg.exe
O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe
O4 - HKLM\..\Run: [Fan] C:\WINNT\System32\Dhl.exe
O4 - HKLM\..\Run: [Evo] C:\WINNT\System32\Euk.exe
O4 - HKLM\..\Run: [Ett] C:\WINNT\System32\Jhv.exe
O4 - HKLM\..\Run: [Ern] C:\WINNT\Oda.exe
O4 - HKLM\..\Run: [Erg] C:\WINNT\System32\Ick.exe
O4 - HKLM\..\Run: [Eos] C:\WINNT\Oge.exe
O4 - HKLM\..\Run: [Ent] C:\WINNT\Vfe.exe
O4 - HKLM\..\Run: [Ehv] C:\WINNT\System32\Fol.exe
O4 - HKLM\..\Run: [Egs] C:\WINNT\System32\Rif.exe
O4 - HKLM\..\Run: [Efq] C:\WINNT\Hfk.exe
O4 - HKLM\..\Run: [Ect] C:\WINNT\Juu.exe
O4 - HKLM\..\Run: [Ecf] C:\WINNT\System32\Rdo.exe
O4 - HKLM\..\Run: [Dvn] C:\WINNT\Gcf.exe
O4 - HKLM\..\Run: [Dtt] C:\WINNT\System32\Fiq.exe
O4 - HKLM\..\Run: [Dti] C:\WINNT\Qnc.exe
O4 - HKLM\..\Run: [Dks] C:\WINNT\Jlj.exe
O4 - HKLM\..\Run: [Djn] C:\WINNT\System32\Nva.exe
O4 - HKLM\..\Run: [Dah] C:\WINNT\Vsd.exe
O4 - HKLM\..\Run: [Cqk] C:\WINNT\System32\Gob.exe
O4 - HKLM\..\Run: [Cqb] C:\WINNT\Ibf.exe
O4 - HKLM\..\Run: [Cep] C:\WINNT\Rdh.exe
O4 - HKLM\..\Run: [Cdq] C:\WINNT\System32\Grl.exe
O4 - HKLM\..\Run: [Bsu] C:\WINNT\System32\Kdo.exe
O4 - HKLM\..\Run: [Brg] C:\WINNT\Bgg.exe
O4 - HKLM\..\Run: [Brc] C:\WINNT\System32\Urd.exe
O4 - HKLM\..\Run: [Bmm] C:\WINNT\System32\Pod.exe
O4 - HKLM\..\Run: [Bks] C:\WINNT\Vha.exe
O4 - HKLM\..\Run: [Bje] C:\WINNT\Ijm.exe
O4 - HKLM\..\Run: [Bfg] C:\WINNT\System32\Gsv.exe
O4 - HKLM\..\Run: [Bda] C:\WINNT\Obm.exe
O4 - HKLM\..\Run: [Apn] C:\WINNT\System32\Kvc.exe
O4 - HKLM\..\Run: [Acr] C:\WINNT\System32\Hgh.exe
O4 - HKLM\..\Run: [Acn] C:\WINNT\System32\Acs.exe
O4 - HKLM\..\Run: [Abo] C:\WINNT\Afv.exe
O4 - HKLM\..\Run: [Aav] C:\WINNT\System32\Afj.exe
O4 - HKLM\..\Run: [Tme] C:\WINNT\Uqj.exe
O4 - HKLM\..\Run: [Afu] C:\WINNT\Fki.exe
O4 - HKLM\..\Run: [Bkh] C:\WINNT\Psr.exe
O4 - HKLM\..\Run: [Vlp] C:\WINNT\Crs.exe
O4 - HKLM\..\Run: [Boo] C:\WINNT\System32\Ron.exe
O4 - HKLM\..\Run: [Dgc] C:\WINNT\System32\Hpo.exe
O4 - HKLM\..\Run: [Hnv] C:\WINNT\Cse.exe
O4 - HKLM\..\Run: [Ino] C:\WINNT\System32\Las.exe
O4 - HKLM\..\Run: [Mpl] C:\WINNT\System32\Qor.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tme] C:\WINNT\Uqj.exe
O4 - HKCU\..\Run: [Afu] C:\WINNT\Fki.exe
O4 - HKCU\..\Run: [Bkh] C:\WINNT\Psr.exe
O4 - HKCU\..\Run: [Vlp] C:\WINNT\Crs.exe
O4 - HKCU\..\Run: [Boo] C:\WINNT\System32\Ron.exe
O4 - HKCU\..\Run: [Dgc] C:\WINNT\System32\Hpo.exe
O4 - HKCU\..\Run: [Hnv] C:\WINNT\Cse.exe
O4 - HKCU\..\Run: [Ino] C:\WINNT\System32\Las.exe
O4 - HKCU\..\Run: [Mpl] C:\WINNT\System32\Qor.exe
O4 - Startup: winupdate72981096[1].exe

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

Then reboot and post a new (complete) HijackThis log.

Regards,

Pieter
  • 0

#8
kgolfin
Posted 28 April 2005 - 04:19 PM

kgolfin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok, how's this? Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 5:16:06 PM, on 4/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\System32\hphmon06.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\temp25.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\HPZipm12.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINNT\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {B73F75B8-93F3-429D-FF34-660B206D897A} - C:\WINNT\System32\pifn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINNT\System32\hphmon06.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Systemos Restart] Rundll32.exe pifn.dll, DllRegisterServer
O4 - HKCU\..\Run: [xservice] C:\DOCUME~1\Owner\LOCALS~1\Temp\temp25.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

#9
Metallica
Posted 29 April 2005 - 12:25 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Much better. :tazz:

Now I can see what I'm doing in one glance.

Download and unzip:
http://www.downloads...org/KillBox.exe
Run killbox and paste each of these lines into the box, select delete on reboot then press the red X button, when it says reboot now, say yes.

C:\WINNT\System32\pifn.dll

After the reboot, fix these lines.

O2 - BHO: (no name) - {B73F75B8-93F3-429D-FF34-660B206D897A} - C:\WINNT\System32\pifn.dll

O4 - HKLM\..\Run: [Systemos Restart] Rundll32.exe pifn.dll, DllRegisterServer

Then reboot into safe mode and use the Disk Cleanup Utility to empty all your Temp folders.

Then run HijackThis and fix:

O4 - HKCU\..\Run: [xservice] C:\DOCUME~1\Owner\LOCALS~1\Temp\temp25.exe

Boot normally and post a new log.

Regards,
  • 0

#10
kgolfin
Posted 29 April 2005 - 03:08 PM

kgolfin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok, here's the next one. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 4:06:58 PM, on 4/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\System32\hphmon06.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\winnt\system32\mgympm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\HPZipm12.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINNT\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\Nail.exe
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINNT\Bolger.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINNT\System32\hphmon06.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gbilpcs] c:\winnt\system32\mgympm.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

Advertisements

#11
Metallica
Posted 29 April 2005 - 03:46 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Where did that F2 come from :tazz: ;) ;)

Click Start > Run > type cmd > OK

The command prompt will open.
Usually it does this in C:\Documents and settings\{username}
Type the command cd .. until only the C:\> is left

then type the following commands:
cd Windows
Nail.exe /Fullremove

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\Nail.exe

O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINNT\Bolger.dll

O4 - HKLM\..\Run: [gbilpcs] c:\winnt\system32\mgympm.exe

Then reboot and post a new HijackThis log.

Regards,
  • 0

#12
kgolfin
Posted 29 April 2005 - 06:24 PM

kgolfin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I did what you said except nail.exe was in c:\winnt. I did do the fix.

Logfile of HijackThis v1.99.1
Scan saved at 7:21:30 PM, on 4/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\System32\hphmon06.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\winnt\system32\cyoyknn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\HPZipm12.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINNT\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\Nail.exe
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINNT\Bolger.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINNT\System32\hphmon06.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [godlysz] c:\winnt\system32\cyoyknn.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

#13
Metallica
Posted 30 April 2005 - 02:54 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Good. :tazz:

Download ewido security suite from here… http://www.ewido.net/en/download/

Update it’s database from here.. http://www.ewido.net...wnload/updates/
Run a scan and let it clean the PC. Post a new hijackthis log when complete.

Regards,
  • 0

#14
kgolfin
Posted 30 April 2005 - 07:32 AM

kgolfin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here's the latest.

Logfile of HijackThis v1.99.1
Scan saved at 8:30:40 AM, on 4/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\System32\hphmon06.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\HPZipm12.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINNT\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINNT\System32\hphmon06.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

#15
Metallica
Posted 30 April 2005 - 08:21 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Looks good to me. :tazz:

Is your computer behaving as it should?

Regards,
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP