Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan [CLOSED]


  • This topic is locked This topic is locked

#1
birder&bander

birder&bander

    New Member

  • Member
  • Pip
  • 2 posts
I have run CCleaner, Ad-Aware SE, CW Shredder, Spybot Search and Destroy and AVG Antivirus in an attempt to fix my system. I'm not sure if it's one thing or several.
I then ran HiJackThis and here's the scan log:

Logfile of HijackThis v1.99.1
Scan saved at 7:05:47 PM, on 2005-06-08
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\NALNTSRV.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Norton SystemWorks\Norton Speed Disk\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\TcdMon.exe
C:\WINNT\SYSTEM32\THOTKEY.EXE
C:\Program Files\TOSHIBA\TME\Tmesrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wm.exe
C:\NOVELL\ZENRC\WUOLService.exe
C:\NOVELL\ZENRC\wuser32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\msole32.exe
C:\WINNT\System32\shnlog.exe
C:\WINNT\dslaunch.exe
C:\WINNT\System32\TPWRTRAY.EXE
C:\WINNT\system32\ntvdm.exe
C:\WINNT\System32\intmon.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\System32\Tdevdetect.exe
C:\WINNT\System32\NWTRAY.EXE
C:\WINNT\System32\S3tray.exe
C:\WINNT\System32\Tfunckey.exe
C:\WINNT\System32\Tpwricon.exe
C:\WINNT\System32\TspdIcon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\$wc0\HIJACK~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.updatesearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesea...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINNT\System32\hp92EC.tmp
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] C:\WINNT\dslaunch.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TDspOff] Tdspoff.exe B
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [S3TRAY] S3tray.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINNT\System32\msmsgs.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: TMExLogon.lnk = D:\Program Files\TOSHIBA\TME\TMESRV.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:tsk.mht!http://69.50.166.110....chm::/file.exe
O20 - AppInit_DLLs: apitrap.dll c:\winnt\system32\hk.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\WINNT\System32\NALNTSRV.EXE
O23 - Service: Remote management (Novell WUser Agent) - Novell, Inc. - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Speed Disk\nopdb.exe
O23 - Service: Toshiba CD-ROM Monitor (TcdMon) - Unknown owner - C:\WINNT\system32\TcdMon.exe
O23 - Service: THotkey (THOTKEY) - TOSHIBA Corp. - C:\WINNT\SYSTEM32\THOTKEY.EXE
O23 - Service: Tmesrv - Unknown owner - C:\Program Files\TOSHIBA\TME\Tmesrv.exe" /Service (file missing)
O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINNT\System32\wm.exe
O23 - Service: WUOLservice (WUOLService) - Novell, Inc. - C:\NOVELL\ZENRC\WUOLService.exe
  • 0

Advertisements


#2
Guest_usetobe_*

Guest_usetobe_*
  • Guest
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
birder&bander

birder&bander

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I have installed service pack 4
Here is the Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 10:01:08 PM, on 2005-06-15
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\NALNTSRV.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Norton SystemWorks\Norton Speed Disk\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\TcdMon.exe
C:\WINNT\SYSTEM32\THOTKEY.EXE
C:\Program Files\TOSHIBA\TME\Tmesrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wm.exe
C:\WINNT\system32\svchost.exe
C:\NOVELL\ZENRC\WUOLService.exe
C:\NOVELL\ZENRC\wuser32.exe
C:\WINNT\system32\shnlog.exe
C:\WINNT\system32\intmonp.exe
C:\WINNT\system32\intmon.exe
C:\WINNT\dslaunch.exe
C:\WINNT\system32\TPWRTRAY.EXE
C:\WINNT\system32\ntvdm.exe
C:\WINNT\System32\Tdevdetect.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\System32\Tfunckey.exe
C:\WINNT\System32\Tpwricon.exe
C:\WINNT\System32\TspdIcon.exe
C:\WINNT\system32\NWTRAY.EXE
C:\WINNT\system32\S3tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\popuper.exe
C:\Program Files\TotalCommander\TOTALCMD.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\$wc0\HIJACK~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.updatesearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesea...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINNT\System32\hp8101.tmp (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] C:\WINNT\dslaunch.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TDspOff] Tdspoff.exe B
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [S3TRAY] S3tray.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINNT\System32\msmsgs.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: TMExLogon.lnk = D:\Program Files\TOSHIBA\TME\TMESRV.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {049C0528-12E8-4AB5-AAC3-D682A266C72A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {049C0528-12E8-4AB5-AAC3-D682A266C72A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {E7882508-99E5-4019-A8CA-9E15B436ED83} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E7882508-99E5-4019-A8CA-9E15B436ED83} - (no file) (HKCU)
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:tsk.mht!http://69.50.166.110....chm::/file.exe
O20 - AppInit_DLLs: apitrap.dll c:\winnt\system32\hk.dll
O20 - Winlogon Notify: style2 - C:\WINNT\q259192_disk.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\WINNT\System32\NALNTSRV.EXE
O23 - Service: Remote management (Novell WUser Agent) - Novell, Inc. - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Speed Disk\nopdb.exe
O23 - Service: Toshiba CD-ROM Monitor (TcdMon) - Unknown owner - C:\WINNT\system32\TcdMon.exe
O23 - Service: THotkey (THOTKEY) - TOSHIBA Corp. - C:\WINNT\SYSTEM32\THOTKEY.EXE
O23 - Service: Tmesrv - Unknown owner - C:\Program Files\TOSHIBA\TME\Tmesrv.exe" /Service (file missing)
O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINNT\System32\wm.exe
O23 - Service: WUOLservice (WUOLService) - Novell, Inc. - C:\NOVELL\ZENRC\WUOLService.exe
  • 0

#4
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Please print out a copy of this to make it easier to follow as you will need to reboot your PC several times.

Please disable Spybot S&D Teatimer as it will interfere with what we need to do.

Please right-click: HERE and go to Save As (in Internet Explorer it's "Save Target As") in order to download Grinler's reg file. Save it to your desktop.

Locate "smitfraud.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the "merged successfully" prompt then follow the rest of the instructions below.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid


Exit Add/Remove Programs.

I need you to copy all of the Killbox file paths below and paste them into Notepad.

C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmon.exe
C:\Windows\System32\shnlog.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\system32\msole32.exe
C:\Windows\System32\ole32vbs.exe


* Please download the Killbox*In the event you already have Killbox, this is a new version that I need you to download.

* Save it to your desktop.

* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Open the Notepad file where you saved the file paths earlier and copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

We will need to download a few MORE tools that will help us in the removal of your problem.

Download and install CleanUp! Here

Download a free 14 day trial of ewido from the link below. Install it and start it up. Follow the prompts to upgrade it, then close it down.

ewido

Set PC to show hidden files (click link if you do not know how)LINK

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Using Windows Explorer, delete the following, if found, (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard

Now run Ewido. click on the Scanner button, Select drives if you have more than one and then start. grab a cup of coffee, sandwiches, book as this may take some time. Once the first problem is detected ensure you tick the box for all (bottom left) and allow it to continue.

At the end of the scan, it may ask if you would like to delete anything found in archive or zipped files, OK that request, then click on save report. SAVE to the default location, it will then generate a text file. Copy that to post in this thread.

Make sure all programs and windows are closed. Run HiJackThis and place a check next to the following items, if found

[/b]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.updatesearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesea...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINNT\System32\hp8101.tmp (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {049C0528-12E8-4AB5-AAC3-D682A266C72A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {049C0528-12E8-4AB5-AAC3-D682A266C72A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {E7882508-99E5-4019-A8CA-9E15B436ED83} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E7882508-99E5-4019-A8CA-9E15B436ED83} - (no file) (HKCU)
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:tsk.mht!http://69.50.166.110....chm::/file.exe
O20 - AppInit_DLLs: apitrap.dll c:\winnt\system32\hk.dll
O20 - Winlogon Notify: style2 - C:\WINNT\q259192_disk.dll (file missing)[/b]

Ensure no windows open except HJT and click fix checked.

Now using windows explorer, locate and delete the following files/folders if found

C:\WINNT\System32\hp8101.tmp
C:\WINNT\web\related.htm
c:\winnt\system32\hk.dll
C:\WINNT\q259192_disk.dll


Now run cleanup to clear out junk and temp files.

Reboot normally, rescan with HJT and post the log back in this thread
  • 0

#5
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP