Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My hijackthis log done just 10 mins ago plz help


  • Please log in to reply

#31
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
thakid, please refrain from trying to post 'help' in other people's threads. The advice you were giving was incomplete, and even incorrect. Stick to your thread, and let rock get your issues resolved. then, if you wish to try and learn to help others, you can join GeekU to begin training!
Thanks
  • 0

Advertisements


#32
thakid

thakid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
ok n sorry
  • 0

#33
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
1. Press Ctrl + Alt + Delete on your keyboard and select task manager select the process and end task it GLB6.tmp Then go to C:\Documents and Settings\JERIMI~1\Local Settings\Temp\ and delete GLB6.tmp or you can delete all files there.

2. Right click the folder C:\Program Files\usqwsptx and make sure its not read only, archive and hidden then delete the folder.

3. Then open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis leaving Hijackthis the only program open.

O4 - HKLM\..\Run: [QYVHYkEx] C:\PROGRA~1\usqwsptx\GMgCA4BN.exe

4. Then post a new Hijackthis log here in a reply.
  • 0

#34
thakid

thakid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
there is no GLB6.tmp in the process area
  • 0

#35
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Ok see if you can find the file and delete it.
  • 0

#36
thakid

thakid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
I got rid of everything in my temp folder and it is not there I did a computer search for it

Edited by thakid, 13 May 2005 - 02:01 PM.

  • 0

#37
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Ok do the other steps i said then post a new log.
  • 0

#38
thakid

thakid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
ok well I tryed to get rid of the "q" folder but it said I cant so here is a new hjt log and a slience runner log -----



Logfile of HijackThis v1.99.1
Scan saved at 4:01:01 PM, on 5/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\America Online 9.0c\shellmon.exe
C:\Documents and Settings\jerimie piccola\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [QYVHYkEx] C:\PROGRA~1\usqwsptx\GMgCA4BN.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOL Spyware Protection] C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\regmech.exe /S
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0c\AOL.EXE" -b
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\jerimie piccola\Desktop\HijackThis.exe /startupscan
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\Messenger\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\Messenger\YPager.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadt...pcpowerscan.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...484/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe




--------------------------------------------------------------------------------------------------
"Silent Runners.vbs", revision 36, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
"AOL Fast Start" = ""C:\Program Files\America Online 9.0c\AOL.EXE" -b" ["America Online, Inc."]
"HijackThis startup scan" = "C:\Documents and Settings\jerimie piccola\Desktop\HijackThis.exe /startupscan" ["Soeperman Enterprises Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"QYVHYkEx" = "C:\PROGRA~1\usqwsptx\GMgCA4BN.exe" [file not found]
"MCUpdateExe" = "c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" ["McAfee, Inc"]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\McAgent.exe" ["McAfee, Inc"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"AOL Spyware Protection" = "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [null data]
"RegistryMechanic" = "C:\Program Files\Registry Mechanic\regmech.exe /S" ["PCTools"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "*b" (unwritable string) [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow! Plus\shlext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{80B24180-4EFB-11D3-A99A-00A024DDB436}" = "iolo Incinerator Properties Pages"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\incinerator.dll" ["iolo technologies, LLC"]
"{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37}" = "iolo Context Defrag"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\iolo\System Mechanic 5\CONTEXTDEFRAG.DLL" ["iolo technologies, LLC"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssflwbox.scr" [MS]


Enabled Wallpaper and Active Desktop:
-------------------------------------

Active Desktop is disabled.

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\jerimie piccola\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"


Enabled Scheduled Tasks:
------------------------

"McAfee.com Update Check (D6HW2R61-Owner)" -> launches: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"McAfee.com Update Check (HOME-jerimie piccola)" -> launches: "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"McAfee.com Update Check (HOME-tharock)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"XoftSpy" -> launches: "C:\Program Files\XoftSpy\XoftSpy.exe -t" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {CLSID}\(Default) = "Yahoo! Toolbar"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {CLSID}\(Default) = "Yahoo! Toolbar"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\
"ButtonText" = "Yahoo! Messenger"
"MenuText" = "Yahoo! Messenger"
"Exec" = "C:\PROGRA~1\Yahoo!\Messenger\YPager.exe" ["Yahoo! Inc."]


HOSTS file
----------

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
HIJACK WARNING! "DataBasePath" = "%SystemRoot%\System32\drivers\etc"


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AOL Connectivity Service, AOL ACS, ""C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"" ["America Online"]
AOL TopSpeed Monitor, AOL TopSpeedMonitor, "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" ["America Online, Inc"]
McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee Corporation"]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["Network Associates, Inc."]
McAfee.com VirusScan Online Realtime Engine, MCVSRte, "c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding" ["Networks Associates Technology, Inc"]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------
  • 0

#39
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Find the folder C:\Program Files\usqwsptx right click on it and tell me the propertise if its read only or not etc.
  • 0

#40
thakid

thakid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
it is a .exe and a dat. file and it is locked as a read only

Edited by thakid, 13 May 2005 - 02:43 PM.

  • 0

Advertisements


#41
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
1. Send all of them files in an attachment to submit here then right click them files and remove the read only part then delete the hole folder.

2. Then open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

O4 - HKLM\..\Run: [QYVHYkEx] C:\PROGRA~1\usqwsptx\GMgCA4BN.exe

3. Then post a new Hijackthis log here in a reply.
  • 0

#42
thakid

thakid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
I gotcha now took a min sorry lol

Edited by thakid, 13 May 2005 - 03:00 PM.

  • 0

#43
thakid

thakid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
ok I sent it to the sumbit here e-mail addy that you told me to------
when I try to get rid of it it says " make sure it is not write protected or in use "

Edited by thakid, 13 May 2005 - 03:04 PM.

  • 0

#44
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Let try this then I need you to go here:
The Spy Killer Forum

*Click on "New Topic"
*Put your name, e-mail address, and this as the title: "C:\Program Files\usqwsptx\GMgCA4BN.exe
"
*Put a link to this geeks to go topic in the description box.
*Then next to the file box. at the bottom, click the "browse" button, then navigate to this file:

C:\Program Files\usqwsptx\GMgCA4BN.exe

*Press "Open".
*Click "Post".
  • 0

#45
thakid

thakid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
ok done
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP