Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

about:blank ?


  • This topic is locked This topic is locked

#1
rdlacy

rdlacy

    Member

  • Member
  • PipPip
  • 12 posts
Spybot and adaware will only run in safe mode. Search companion will not run.
A file is not found which search companion needs. I reloaded search companion
as per ms, but that did not fix that problem. Also spybot and adaware still will not
run in normal mode.

Here is a listing of hijack this.

Logfile of HijackThis v1.99.1
Scan saved at 2:01:04 AM, on 05/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\cmdtel.exe
C:\WINDOWS\System32\ahtun.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\belsca\gigxkrrg.exe
C:\WINDOWS\System32\shwmtpu\hrrqbj.exe
C:\WINDOWS\System32\Services\{34626FA6-08AF-460A-B84F-938A215B5F62}\SVCHOST.EXE
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\hubhm\ufyomofk.exe
C:\WINDOWS\System32\hqmwolgc\uhcewc.exe
C:\WINDOWS\System32\ajhmt\ynspew.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\ecdflgpe\jthrs.exe
C:\WINDOWS\system32\hahkv\qbkdhhif.exe
C:\WINDOWS\system32\jobcpa\xcfyqc.exe
C:\WINDOWS\system32\ehybbd\pfwwgp.exe
C:\WINDOWS\system32\ptty\juqu.exe
C:\WINDOWS\System32\??oolsv.exe
C:\WINDOWS\system32\dmbview.exe
C:\Documents and Settings\Alexis\Application Data\eetu.exe
C:\windows\wtussdw.exe
C:\WINDOWS\System32\cugibnjl\orwqao.exe
C:\Documents and Settings\Alexis\Desktop\DrTemp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Alexis\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://daosearch.com...5&said=nicket_a
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {412CE6C5-72C7-001B-E7A9-E43B07B497B0} - C:\WINDOWS\System32\bymmeyem\uvkdpxdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {703134F1-6D32-4A56-911B-56F648C9A86E} - C:\WINDOWS\System32\lmdo.dll (file missing)
O2 - BHO: (no name) - {831CCCC3-AF35-0EB4-39E2-7ED1E45BB53D} - C:\WINDOWS\ojvm.dll
O2 - BHO: (no name) - {85F90C5D-5BA7-0A58-D737-CE3D8B5BA747} - C:\WINDOWS\System32\dqfugnyl\llcydciu.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nsa400.dll
O2 - BHO: (no name) - {C2E7CA28-F085-ECBE-12EE-89FD31343DC4} - C:\WINDOWS\System32\wndourfi\hmpsamrq.dll
O2 - BHO: (no name) - {E1FEB623-F352-B87D-F114-03ACF20DB318} - C:\WINDOWS\System32\iqxbrrhg\hxmjnwpq.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [qiiedftu] C:\WINDOWS\System32\gifmcmlv\qiiedftu.exe
O4 - HKLM\..\Run: [euqid] C:\WINDOWS\System32\lixsvry\euqid.exe
O4 - HKLM\..\Run: [jhmralu] C:\WINDOWS\System32\jmedg\jhmralu.exe
O4 - HKLM\..\Run: [tyoehprh] C:\WINDOWS\System32\qlmwj\tyoehprh.exe
O4 - HKLM\..\Run: [gigxkrrg] C:\WINDOWS\System32\belsca\gigxkrrg.exe
O4 - HKLM\..\Run: [okcick] C:\WINDOWS\System32\qnsshapa\okcick.exe
O4 - HKLM\..\Run: [mgjxv] C:\WINDOWS\System32\xfkxuogj\mgjxv.exe
O4 - HKLM\..\Run: [aolhy] C:\WINDOWS\System32\dqtytu\aolhy.exe
O4 - HKLM\..\Run: [qmdsqt] C:\WINDOWS\System32\apog\qmdsqt.exe
O4 - HKLM\..\Run: [ugyklxv] C:\WINDOWS\System32\fjbefiq\ugyklxv.exe
O4 - HKLM\..\Run: [rjig] C:\WINDOWS\System32\tomeus\rjig.exe
O4 - HKLM\..\Run: [stfkbv] C:\WINDOWS\System32\hticcqi\stfkbv.exe
O4 - HKLM\..\Run: [rfymmj] C:\WINDOWS\System32\vsjekyby\rfymmj.exe
O4 - HKLM\..\Run: [hgnnfk] C:\WINDOWS\System32\cpawpu\hgnnfk.exe
O4 - HKLM\..\Run: [qnhrvrc] C:\WINDOWS\System32\xilr\qnhrvrc.exe
O4 - HKLM\..\Run: [fdgk] C:\WINDOWS\System32\toqngtm\fdgk.exe
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bptre.exe"
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [gcloyuw] C:\WINDOWS\System32\kemniimi\gcloyuw.exe
O4 - HKLM\..\Run: [olhphj] C:\WINDOWS\System32\fkouu\olhphj.exe
O4 - HKLM\..\Run: [nqrdr] C:\WINDOWS\System32\sqcsru\nqrdr.exe
O4 - HKLM\..\Run: [bhgest] C:\WINDOWS\System32\spubfmv\bhgest.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{34626FA6-08AF-460A-B84F-938A215B5F62}\SVCHOST.EXE
O4 - HKCU\..\Run: [Ravmpycq] C:\WINDOWS\System32\??oolsv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [e07qROc9U] dmbview.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Alexis\Application Data\eetu.exe
O4 - HKCU\..\Run: [luxlqdw] c:\windows\emxiaul.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: NTDBGTOOL - {F95622C4-4A78-43E3-9036-6FD75A333D66} - C:\WINDOWS\System32\autoxclu.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: euqidlixsvry - Unknown owner - C:\WINDOWS\System32\lixsvry\euqid.exe
O23 - Service: gmaxxgdngdxeq - Unknown owner - C:\WINDOWS\system32\dngdxeq\gmaxxg.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\System32\cmdtel.exe
O23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\System32\ahtun.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: orwqaocugibnjl - Unknown owner - C:\WINDOWS\System32\cugibnjl\orwqao.exe
O23 - Service: qmdsqtapog - Unknown owner - C:\WINDOWS\System32\apog\qmdsqt.exe
O23 - Service: rfymmjvsjekyby - Unknown owner - C:\WINDOWS\System32\vsjekyby\rfymmj.exe
O23 - Service: rjigtomeus - Unknown owner - C:\WINDOWS\System32\tomeus\rjig.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: tfwpcusolrm - Unknown owner - C:\WINDOWS\System32\cusolrm\tfwp.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks in advance for any help.

This is my first post, so please excuse any errors.

Roger
  • 0

Advertisements


#2
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Wow! You are extremely infected, I suggest first actually installing an Anti-Virus program and then scanning with it. Next try a couple of online scans.

http://housecall/antivirus.com
http://jonnyrotten.geekstogo.com and click the Panda Active Scan in the top left of the screen. Also click on the AVG Antivirus link under it to install AVG and scan with that also.

Also download "The Cleaner", it's a trojan scanner. It's a 30 day free trial, get it here:
http://www.moosoft.com Make sure to update if first.

-=jonnyrotten=- :tazz:
  • 0

#3
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Hi Roger and welcome to GeeksToGo! Jonny and I have been discussing your log, and I am going to help you get fixed up. He may jump in from time to time, so don't worry if you see one or the other of us! :tazz:

BEFORE you do the online scans, it is very important to do this step FIRST.

A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.

1. Please download LSPFix from here.
2. Run the LSPFix.exe that you have just finished downloading.
3. Check the I know what I'm doing box.
4. In the Keep box you should see one or more instances of flsmngr.dll
5. Select every instance of flsmngr.dll and move each one to the Remove box by clicking the >> button.
6. When you are done click Finish>>.

After you have done this, go ahead and run the scans Jonny suggested. Those will help us get a start on getting you cleaned up.

After those, please run one other scan for me:

Scan the computer here:
http://www.ewido.net/en/
Let it do a full run, than copy the log. Past it to a blank Notepad file and save it to post here.

after you have done the above, please reply here to your thread, and post to me the results of the scans. It would be easiest for me to read if you would make a separate post for each scan result. Then, the last thing I need right now is a fresh HijackThis log taken AFTER all of the above.

As Jonny said, you do have *several* different types of infections. If we work together, and you follow instructions, we'll get you cleaned up and back on the go in no time. If you have ANY questions during any step of the process, feel free to stop where you are in the fix and ask here, ok?
  • 0

#4
rdlacy

rdlacy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I downloaded LSPFix and transfered it to the infected computer. When It ran , one
dll file was removed. The infected computer's modem is not working, so I
cannot do any online scans. But I will be getting a new modem today. I also downloaded and transfered ewido but it needs to be updated so I will have to wait for the modem to run that. I will be putting an anti-virus and firewall on this infected computer. This infected computer is my neighbor's computer, so I'm helping him clean it up. Are there any other programs I can download and transfer by cd to the infected
computer , without needing a modem ?? I downloaded transfered and ran the cleaner
and it found no trojans.

Thanks

Roger
  • 0

#5
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
One thing that makes me very curious here. "How did this computer get so infected if it cannot access the internet?"

-=jonnyrotten=- :tazz:
  • 0

#6
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Hi again Roger! There are actually a few other programs we're going to need downloaded to get this fixed up! Let me list them here now, along with the update instructions. Let me know once you have done the first steps, as well as gotten these updated and installed and we'll move on!

Click here to download Pocket Killbox by Option^Explicit. (will NOT need updated)

Please download the latest version of Ad-aware(Ad-aware SE 1.05) If you're using an older version (or don’t have AdAware yet), download Ad-aware SE Personal 1.05 and install it.

Before scanning with Ad-aware SE Free:
Run a FULL adaware scan using the following configuration below
  • Update[list]
  • Select Check for updates.
  • Then Connect and download SE1R28 16.02.2005 .
Download and Install Spybot S&D, accepting the Default Settings
(Please ensure you have version 1.3 final.)
Home - The home of Spybot-S&D!: http://www.safer-networking.org/
Here is a nice Tutorial http://www.safer-net...p?page=tutorial
[list]
[*]Go to Start > Programs >Spybot Search & Destroy and choose 'Spybot S&D'
[*]Close ALL windows except Spybot S&D
[*]Click the button 'Search for Updates' and download and install the Updates


Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here


Go ahead and run Spybot and AdAware also when you do the virus scans mentioned. Then, post me a copy of the Ewido log, and a fresh HJT log, and we'll get finished up!
  • 0

#7
rdlacy

rdlacy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I had downloaded and run adaware se se1r42 28.04.2005 found 572 critical objects yesterday and another 91 today. COULD ONLY RUN IN SAFE MODE. Ran spybot
but could not download updates, but found 186 problems in safe mode. The modem is an external one and he dropped it off today. Before counnecting the modem I loaded
zone alarm but it too would not run after installation
While downloading the ewido updates I kept getting an error (A file that is required to run search companion cannot be found you need to run setup ). the download of the updates errored out 3 times, so I cannot run ewido to get a listing. Here is an updated hijack list.


Logfile of HijackThis v1.99.1
Scan saved at 6:40:51 PM, on 05/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Alexis\Desktop\DrTemp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Alexis\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {412CE6C5-72C7-001B-E7A9-E43B07B497B0} - C:\WINDOWS\System32\bymmeyem\uvkdpxdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {703134F1-6D32-4A56-911B-56F648C9A86E} - C:\WINDOWS\System32\lmdo.dll (file missing)
O2 - BHO: (no name) - {831CCCC3-AF35-0EB4-39E2-7ED1E45BB53D} - C:\WINDOWS\ojvm.dll
O2 - BHO: (no name) - {85F90C5D-5BA7-0A58-D737-CE3D8B5BA747} - C:\WINDOWS\System32\dqfugnyl\llcydciu.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nsa400.dll
O2 - BHO: (no name) - {C2E7CA28-F085-ECBE-12EE-89FD31343DC4} - C:\WINDOWS\System32\wndourfi\hmpsamrq.dll
O2 - BHO: (no name) - {E1FEB623-F352-B87D-F114-03ACF20DB318} - C:\WINDOWS\System32\iqxbrrhg\hxmjnwpq.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [qiiedftu] C:\WINDOWS\System32\gifmcmlv\qiiedftu.exe
O4 - HKLM\..\Run: [euqid] C:\WINDOWS\System32\lixsvry\euqid.exe
O4 - HKLM\..\Run: [jhmralu] C:\WINDOWS\System32\jmedg\jhmralu.exe
O4 - HKLM\..\Run: [tyoehprh] C:\WINDOWS\System32\qlmwj\tyoehprh.exe
O4 - HKLM\..\Run: [gigxkrrg] C:\WINDOWS\System32\belsca\gigxkrrg.exe
O4 - HKLM\..\Run: [okcick] C:\WINDOWS\System32\qnsshapa\okcick.exe
O4 - HKLM\..\Run: [mgjxv] C:\WINDOWS\System32\xfkxuogj\mgjxv.exe
O4 - HKLM\..\Run: [aolhy] C:\WINDOWS\System32\dqtytu\aolhy.exe
O4 - HKLM\..\Run: [qmdsqt] C:\WINDOWS\System32\apog\qmdsqt.exe
O4 - HKLM\..\Run: [ugyklxv] C:\WINDOWS\System32\fjbefiq\ugyklxv.exe
O4 - HKLM\..\Run: [rjig] C:\WINDOWS\System32\tomeus\rjig.exe
O4 - HKLM\..\Run: [stfkbv] C:\WINDOWS\System32\hticcqi\stfkbv.exe
O4 - HKLM\..\Run: [rfymmj] C:\WINDOWS\System32\vsjekyby\rfymmj.exe
O4 - HKLM\..\Run: [hgnnfk] C:\WINDOWS\System32\cpawpu\hgnnfk.exe
O4 - HKLM\..\Run: [qnhrvrc] C:\WINDOWS\System32\xilr\qnhrvrc.exe
O4 - HKLM\..\Run: [fdgk] C:\WINDOWS\System32\toqngtm\fdgk.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [gcloyuw] C:\WINDOWS\System32\kemniimi\gcloyuw.exe
O4 - HKLM\..\Run: [olhphj] C:\WINDOWS\System32\fkouu\olhphj.exe
O4 - HKLM\..\Run: [nqrdr] C:\WINDOWS\System32\sqcsru\nqrdr.exe
O4 - HKLM\..\Run: [bhgest] C:\WINDOWS\System32\spubfmv\bhgest.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{34626FA6-08AF-460A-B84F-938A215B5F62}\SVCHOST.EXE
O4 - HKLM\..\Run: [Agent Player] C:\WINDOWS\system32\mscover.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vwbc] C:\WINDOWS\System32\nsndtn\vwbc.exe
O4 - HKLM\..\Run: [qirbusy] C:\WINDOWS\System32\mhusyhuf\qirbusy.exe
O4 - HKLM\..\Run: [tfwp] C:\WINDOWS\System32\cusolrm\tfwp.exe
O4 - HKLM\..\Run: [edlmu] C:\WINDOWS\System32\uhndvbh\edlmu.exe
O4 - HKLM\..\Run: [xabutoq] C:\WINDOWS\System32\qeovaxlx\xabutoq.exe
O4 - HKLM\..\Run: [fgemd] C:\WINDOWS\System32\nowtbn\fgemd.exe
O4 - HKLM\..\Run: [osyrw] C:\WINDOWS\System32\udrnhwkg\osyrw.exe
O4 - HKLM\..\Run: [orwqao] C:\WINDOWS\System32\cugibnjl\orwqao.exe
O4 - HKLM\..\Run: [tlahy] C:\WINDOWS\System32\fgvhw\tlahy.exe
O4 - HKLM\..\Run: [ufyomofk] C:\WINDOWS\System32\hubhm\ufyomofk.exe
O4 - HKLM\..\Run: [hrrqbj] C:\WINDOWS\System32\shwmtpu\hrrqbj.exe
O4 - HKLM\..\Run: [ynspew] C:\WINDOWS\System32\ajhmt\ynspew.exe
O4 - HKLM\..\Run: [owhydvs] C:\WINDOWS\System32\yjwgahil\owhydvs.exe
O4 - HKLM\..\Run: [fdels] C:\WINDOWS\System32\konynw\fdels.exe
O4 - HKLM\..\Run: [rfhmykfh] C:\WINDOWS\System32\uouxdb\rfhmykfh.exe
O4 - HKLM\..\Run: [bupramr] C:\WINDOWS\System32\chyhv\bupramr.exe
O4 - HKLM\..\Run: [ifqcqcio] C:\WINDOWS\System32\elfsg\ifqcqcio.exe
O4 - HKLM\..\Run: [uhcewc] C:\WINDOWS\System32\hqmwolgc\uhcewc.exe
O4 - HKLM\..\Run: [hzimzw] c:\windows\system32\drgzldl.exe
O4 - HKLM\..\Run: [einnutbi] C:\WINDOWS\System32\aigyio\einnutbi.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [gmaxxg] C:\WINDOWS\system32\dngdxeq\gmaxxg.exe
O4 - HKLM\..\Run: [jthrs] C:\WINDOWS\system32\ecdflgpe\jthrs.exe
O4 - HKLM\..\Run: [qbkdhhif] C:\WINDOWS\system32\hahkv\qbkdhhif.exe
O4 - HKLM\..\Run: [xcfyqc] C:\WINDOWS\system32\jobcpa\xcfyqc.exe
O4 - HKLM\..\Run: [pfwwgp] C:\WINDOWS\system32\ehybbd\pfwwgp.exe
O4 - HKLM\..\Run: [juqu] C:\WINDOWS\system32\ptty\juqu.exe
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Alexis\LOCALS~1\Temp\200552174156_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [Ravmpycq] C:\WINDOWS\System32\??oolsv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [e07qROc9U] dmbview.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Alexis\Application Data\eetu.exe
O4 - HKCU\..\Run: [nsyfall] c:\windows\csfqwfw.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: NTDBGTOOL - {F95622C4-4A78-43E3-9036-6FD75A333D66} - C:\WINDOWS\System32\autoxclu.dll
O21 - SSODL: Terminal Windows - {09011FEC-BFC1-45CF-90C8-6E4C0F8E4C34} - C:\WINDOWS\system32\avifdmod.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: euqidlixsvry - Unknown owner - C:\WINDOWS\System32\lixsvry\euqid.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: gmaxxgdngdxeq - Unknown owner - C:\WINDOWS\system32\dngdxeq\gmaxxg.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\System32\cmdtel.exe
O23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\System32\ahtun.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: orwqaocugibnjl - Unknown owner - C:\WINDOWS\System32\cugibnjl\orwqao.exe
O23 - Service: qmdsqtapog - Unknown owner - C:\WINDOWS\System32\apog\qmdsqt.exe
O23 - Service: rfymmjvsjekyby - Unknown owner - C:\WINDOWS\System32\vsjekyby\rfymmj.exe
O23 - Service: rjigtomeus - Unknown owner - C:\WINDOWS\System32\tomeus\rjig.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: tfwpcusolrm - Unknown owner - C:\WINDOWS\System32\cusolrm\tfwp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#8
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
There are a lot of random viruses in here that really need to be cleaned out. Go ahead and run Ewido as it is and let's see how much of it will clean out for us.
  • 0

#9
rdlacy

rdlacy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ewido will not run without the update., and I cannot down the update to run it.

Thanks

Roger
  • 0

#10
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here

Did you get those downloaded? Let me know, and if so, we'll get the about.blank infection cleaned up. After that, we can manually remove all of those viruses. I'm game if you are. :tazz:

Edited by ~Kat~, 02 May 2005 - 08:02 PM.

  • 0

Advertisements


#11
rdlacy

rdlacy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
hijack fix found # not infected #

cleanup deleted 8634 files 257mb

cwshredder found cws.1engine

buster no ads found on system

Thanks

Roger
  • 0

#12
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
ahhhh I just needed to know if you had downloaded them yet. Let me post the way they were supposed to be run. If this isn't how you did them, then please re-do them and then post a fresh HJT log and we will manually clean the viruses next.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files.Reboot your computer into normal windows.

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.
  • 0

#13
rdlacy

rdlacy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Ran items on your list as per instructions.
no updates were available for cwshredder.
unable to run any opf the online scans. (the three you listed).
Here are the lists you requested

Scanned at: 10:54:10 PM on: 05/02/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 0

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 0

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!




(5/2/05 10:32:13 PM) SPSeHjFix started v1.1.2
(5/2/05 10:32:13 PM) OS: WinXP Service Pack 2 (5.1.2600)
(5/2/05 10:32:13 PM) Language: english
(5/2/05 10:32:13 PM) Win-Path: C:\WINDOWS
(5/2/05 10:32:13 PM) System-Path: C:\WINDOWS\system32
(5/2/05 10:32:13 PM) Temp-Path: C:\DOCUME~1\Alexis\LOCALS~1\Temp\


(5/2/05 11:03:55 PM) SPSeHjFix started v1.1.2
(5/2/05 11:03:55 PM) OS: WinXP Service Pack 2 (5.1.2600)
(5/2/05 11:03:55 PM) Language: english
(5/2/05 11:03:55 PM) Win-Path: C:\WINDOWS
(5/2/05 11:03:55 PM) System-Path: C:\WINDOWS\system32
(5/2/05 11:03:55 PM) Temp-Path: C:\DOCUME~1\Alexis\LOCALS~1\Temp\
(5/2/05 11:04:17 PM) Disinfection started
(5/2/05 11:04:17 PM) UBF: 7 - UBB: 13 - UBR: 70
(5/2/05 11:04:17 PM) UBF: 7 - UBB: 13 - UBR: 70
(5/2/05 11:04:17 PM) Bad IE-pages:
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank


Logfile of HijackThis v1.99.1
Scan saved at 11:43:29 PM, on 05/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\cmdtel.exe
C:\WINDOWS\System32\ahtun.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\belsca\gigxkrrg.exe
C:\WINDOWS\System32\hubhm\ufyomofk.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\hqmwolgc\uhcewc.exe
C:\WINDOWS\System32\ajhmt\ynspew.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\??oolsv.exe
C:\WINDOWS\system32\dmbview.exe
C:\Documents and Settings\Alexis\Application Data\eetu.exe
C:\windows\hrsvief.exe
C:\WINDOWS\System32\cugibnjl\orwqao.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\shwmtpu\hrrqbj.exe
C:\Documents and Settings\Alexis\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Alexis\LOCALS~1\Temp\se.dll/spage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {412CE6C5-72C7-001B-E7A9-E43B07B497B0} - C:\WINDOWS\System32\bymmeyem\uvkdpxdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {703134F1-6D32-4A56-911B-56F648C9A86E} - C:\WINDOWS\System32\lmdo.dll (file missing)
O2 - BHO: (no name) - {831CCCC3-AF35-0EB4-39E2-7ED1E45BB53D} - C:\WINDOWS\ojvm.dll
O2 - BHO: (no name) - {85F90C5D-5BA7-0A58-D737-CE3D8B5BA747} - C:\WINDOWS\System32\dqfugnyl\llcydciu.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nsa400.dll
O2 - BHO: (no name) - {C2E7CA28-F085-ECBE-12EE-89FD31343DC4} - C:\WINDOWS\System32\wndourfi\hmpsamrq.dll
O2 - BHO: (no name) - {E1FEB623-F352-B87D-F114-03ACF20DB318} - C:\WINDOWS\System32\iqxbrrhg\hxmjnwpq.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [qiiedftu] C:\WINDOWS\System32\gifmcmlv\qiiedftu.exe
O4 - HKLM\..\Run: [euqid] C:\WINDOWS\System32\lixsvry\euqid.exe
O4 - HKLM\..\Run: [jhmralu] C:\WINDOWS\System32\jmedg\jhmralu.exe
O4 - HKLM\..\Run: [tyoehprh] C:\WINDOWS\System32\qlmwj\tyoehprh.exe
O4 - HKLM\..\Run: [gigxkrrg] C:\WINDOWS\System32\belsca\gigxkrrg.exe
O4 - HKLM\..\Run: [okcick] C:\WINDOWS\System32\qnsshapa\okcick.exe
O4 - HKLM\..\Run: [mgjxv] C:\WINDOWS\System32\xfkxuogj\mgjxv.exe
O4 - HKLM\..\Run: [aolhy] C:\WINDOWS\System32\dqtytu\aolhy.exe
O4 - HKLM\..\Run: [qmdsqt] C:\WINDOWS\System32\apog\qmdsqt.exe
O4 - HKLM\..\Run: [ugyklxv] C:\WINDOWS\System32\fjbefiq\ugyklxv.exe
O4 - HKLM\..\Run: [rjig] C:\WINDOWS\System32\tomeus\rjig.exe
O4 - HKLM\..\Run: [stfkbv] C:\WINDOWS\System32\hticcqi\stfkbv.exe
O4 - HKLM\..\Run: [rfymmj] C:\WINDOWS\System32\vsjekyby\rfymmj.exe
O4 - HKLM\..\Run: [hgnnfk] C:\WINDOWS\System32\cpawpu\hgnnfk.exe
O4 - HKLM\..\Run: [qnhrvrc] C:\WINDOWS\System32\xilr\qnhrvrc.exe
O4 - HKLM\..\Run: [fdgk] C:\WINDOWS\System32\toqngtm\fdgk.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [gcloyuw] C:\WINDOWS\System32\kemniimi\gcloyuw.exe
O4 - HKLM\..\Run: [olhphj] C:\WINDOWS\System32\fkouu\olhphj.exe
O4 - HKLM\..\Run: [nqrdr] C:\WINDOWS\System32\sqcsru\nqrdr.exe
O4 - HKLM\..\Run: [bhgest] C:\WINDOWS\System32\spubfmv\bhgest.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{34626FA6-08AF-460A-B84F-938A215B5F62}\SVCHOST.EXE
O4 - HKCU\..\Run: [Ravmpycq] C:\WINDOWS\System32\??oolsv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [e07qROc9U] dmbview.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Alexis\Application Data\eetu.exe
O4 - HKCU\..\Run: [agqedmk] c:\windows\sbmldav.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: NTDBGTOOL - {F95622C4-4A78-43E3-9036-6FD75A333D66} - C:\WINDOWS\System32\autoxclu.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: euqidlixsvry - Unknown owner - C:\WINDOWS\System32\lixsvry\euqid.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: gmaxxgdngdxeq - Unknown owner - C:\WINDOWS\system32\dngdxeq\gmaxxg.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\System32\cmdtel.exe
O23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\System32\ahtun.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: orwqaocugibnjl - Unknown owner - C:\WINDOWS\System32\cugibnjl\orwqao.exe
O23 - Service: qmdsqtapog - Unknown owner - C:\WINDOWS\System32\apog\qmdsqt.exe
O23 - Service: rfymmjvsjekyby - Unknown owner - C:\WINDOWS\System32\vsjekyby\rfymmj.exe
O23 - Service: rjigtomeus - Unknown owner - C:\WINDOWS\System32\tomeus\rjig.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: tfwpcusolrm - Unknown owner - C:\WINDOWS\System32\cusolrm\tfwp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


Thanks for your help and patience

Roger
  • 0

#14
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Ok, we’re going to try to clean up most of it using HijackThis now, and we’ll manually Killbox whatever may be left over. First, go to Start>Control Panel> Add / Remove Programs and uninstall the following if found:


ShopNav
WinTools
Ebates_MoeMoneyMaker


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Alexis\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://daosearch.com...5&said=nicket_a
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing)
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {412CE6C5-72C7-001B-E7A9-E43B07B497B0} - C:\WINDOWS\System32\bymmeyem\uvkdpxdv.dll
O2 - BHO: (no name) - {703134F1-6D32-4A56-911B-56F648C9A86E} - C:\WINDOWS\System32\lmdo.dll (file missing)
O2 - BHO: (no name) - {831CCCC3-AF35-0EB4-39E2-7ED1E45BB53D} - C:\WINDOWS\ojvm.dll
O2 - BHO: (no name) - {85F90C5D-5BA7-0A58-D737-CE3D8B5BA747} - C:\WINDOWS\System32\dqfugnyl\llcydciu.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nsa400.dll
O2 - BHO: (no name) - {C2E7CA28-F085-ECBE-12EE-89FD31343DC4} - C:\WINDOWS\System32\wndourfi\hmpsamrq.dll
O2 - BHO: (no name) - {E1FEB623-F352-B87D-F114-03ACF20DB318} - C:\WINDOWS\System32\iqxbrrhg\hxmjnwpq.dll

O4 - HKLM\..\Run: [qiiedftu] C:\WINDOWS\System32\gifmcmlv\qiiedftu.exe
O4 - HKLM\..\Run: [euqid] C:\WINDOWS\System32\lixsvry\euqid.exe
O4 - HKLM\..\Run: [jhmralu] C:\WINDOWS\System32\jmedg\jhmralu.exe
O4 - HKLM\..\Run: [tyoehprh] C:\WINDOWS\System32\qlmwj\tyoehprh.exe
O4 - HKLM\..\Run: [gigxkrrg] C:\WINDOWS\System32\belsca\gigxkrrg.exe
O4 - HKLM\..\Run: [okcick] C:\WINDOWS\System32\qnsshapa\okcick.exe
O4 - HKLM\..\Run: [mgjxv] C:\WINDOWS\System32\xfkxuogj\mgjxv.exe
O4 - HKLM\..\Run: [aolhy] C:\WINDOWS\System32\dqtytu\aolhy.exe
O4 - HKLM\..\Run: [qmdsqt] C:\WINDOWS\System32\apog\qmdsqt.exe
O4 - HKLM\..\Run: [ugyklxv] C:\WINDOWS\System32\fjbefiq\ugyklxv.exe
O4 - HKLM\..\Run: [rjig] C:\WINDOWS\System32\tomeus\rjig.exe
O4 - HKLM\..\Run: [stfkbv] C:\WINDOWS\System32\hticcqi\stfkbv.exe
O4 - HKLM\..\Run: [rfymmj] C:\WINDOWS\System32\vsjekyby\rfymmj.exe
O4 - HKLM\..\Run: [hgnnfk] C:\WINDOWS\System32\cpawpu\hgnnfk.exe
O4 - HKLM\..\Run: [qnhrvrc] C:\WINDOWS\System32\xilr\qnhrvrc.exe
O4 - HKLM\..\Run: [fdgk] C:\WINDOWS\System32\toqngtm\fdgk.exe
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bptre.exe"
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [gcloyuw] C:\WINDOWS\System32\kemniimi\gcloyuw.exe
O4 - HKLM\..\Run: [olhphj] C:\WINDOWS\System32\fkouu\olhphj.exe
O4 - HKLM\..\Run: [nqrdr] C:\WINDOWS\System32\sqcsru\nqrdr.exe
O4 - HKLM\..\Run: [bhgest] C:\WINDOWS\System32\spubfmv\bhgest.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{34626FA6-08AF-460A-B84F-938A215B5F62}\SVCHOST.EXE
O4 - HKCU\..\Run: [Ravmpycq] C:\WINDOWS\System32\??oolsv.exe
O4 - HKCU\..\Run: [e07qROc9U] dmbview.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Alexis\Application Data\eetu.exe
O4 - HKCU\..\Run: [luxlqdw] c:\windows\emxiaul.exe

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O21 - SSODL: NTDBGTOOL - {F95622C4-4A78-43E3-9036-6FD75A333D66} - C:\WINDOWS\System32\autoxclu.dll

O23 - Service: euqidlixsvry - Unknown owner - C:\WINDOWS\System32\lixsvry\euqid.exe
O23 - Service: gmaxxgdngdxeq - Unknown owner - C:\WINDOWS\system32\dngdxeq\gmaxxg.exe
O23 - Service: orwqaocugibnjl - Unknown owner - C:\WINDOWS\System32\cugibnjl\orwqao.exe
O23 - Service: qmdsqtapog - Unknown owner - C:\WINDOWS\System32\apog\qmdsqt.exe
O23 - Service: rfymmjvsjekyby - Unknown owner - C:\WINDOWS\System32\vsjekyby\rfymmj.exe
O23 - Service: rjigtomeus - Unknown owner - C:\WINDOWS\System32\tomeus\rjig.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: tfwpcusolrm - Unknown owner - C:\WINDOWS\System32\cusolrm\tfwp.exe

Now close all windows and programs other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please delete these files using Windows Explorer(if present):
C:\WINDOWS\System32\cmdtel.exe
C:\WINDOWS\System32\ahtun.exe
C:\WINDOWS\System32\belsca
C:\WINDOWS\System32\hubhm\
C:\WINDOWS\System32\hqmwolgc\
C:\WINDOWS\System32\ajhmt
C:\WINDOWS\System32\??oolsv.exe << make sure you ONLY delete the one with the ?? in the name, not the legit spoolsv.exe file
C:\WINDOWS\system32\dmbview.exe
C:\Documents and Settings\Alexis\Application Data\eetu.exe
C:\windows\hrsvief.exe
C:\WINDOWS\System32\cugibnjl
C:\WINDOWS\System32\shwmtpu
C:\WINDOWS\System32\gifmcmlv
C:\WINDOWS\System32\lixsvry\
C:\WINDOWS\System32\jmedg
C:\WINDOWS\System32\qlmwj
C:\WINDOWS\System32\belsca
C:\WINDOWS\System32\qnsshapa
C:\WINDOWS\System32\xfkxuogj
C:\WINDOWS\System32\dqtytu
C:\WINDOWS\System32\apog
C:\WINDOWS\System32\fjbefiq
C:\WINDOWS\System32\tomeus
C:\WINDOWS\System32\hticcqi
C:\WINDOWS\System32\vsjekyby
C:\WINDOWS\System32\cpawpu
C:\WINDOWS\System32\xilr
C:\WINDOWS\System32\toqngtm
C:\WINDOWS\System32\wsxsvc
C:\WINDOWS\System32\kemniimi
C:\WINDOWS\System32\fkouu
C:\WINDOWS\System32\sqcsru
C:\WINDOWS\System32\spubfmv
C:\WINDOWS\System32\Services\{34626FA6-08AF-460A-B84F-938A215B5F62}
C:\Documents and Settings\Alexis\Application Data\eetu.exe
c:\windows\sbmldav.exe
C:\WINDOWS\System32\autoxclu.dll
C:\WINDOWS\System32\lixsvry
C:\WINDOWS\system32\dngdxeq
C:\WINDOWS\System32\cugibnjl
C:\WINDOWS\System32\apog
C:\WINDOWS\System32\vsjekyby\
C:\WINDOWS\System32\tomeus
C:\WINDOWS\svcproc.exe
C:\WINDOWS\System32\cusolrm


After that, Reboot and post a fresh HJT log here in a reply.
  • 0

#15
rdlacy

rdlacy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Followed your instructions and here is a copy of the last hijack file

Logfile of HijackThis v1.99.1
Scan saved at 10:20:45 AM, on 05/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\qeovaxlx\xabutoq.exe
C:\WINDOWS\System32\hubhm\ufyomofk.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\chyhv\bupramr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\ajhmt\ynspew.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\shwmtpu\hrrqbj.exe
C:\Documents and Settings\Alexis\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [fowendl] c:\windows\ymjjsqf.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\System32\cmdtel.exe (file missing)
O23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\System32\ahtun.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: orwqaocugibnjl - Unknown owner - C:\WINDOWS\System32\cugibnjl\orwqao.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks

Roger
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP