Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hi, im new to this. here is my log

Started by Cass944 , Oct 02 2005 05:22 PM

  • This topic is locked This topic is locked

#1
Cass944
Posted 02 October 2005 - 05:22 PM

Cass944

    New Member

  • Member
  • Pip
  • 4 posts
Hi I recently got the spysheriff program and its driving me nuts. I have the blue screen with the message saying my system is infected as a background. If i go into preferances i can not change my background.

also another strange thing is that whan i ctrl alt delete I can not access the tasks list. the button is greyed out.

here are my log files
Logfile of HijackThis v1.99.1
Scan saved at 6:20:30 PM, on 10/2/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Quetec\pctwpasv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\kernels32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\kernels32.exe
C:\Program Files\dowi\suua.exe
C:\WINDOWS\System32\??chost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\split.exe
C:\WINDOWS\System32\vxgame4.exe
C:\WINDOWS\System32\vxgame4.exe
C:\WINDOWS\System32\split.exe
C:\WINDOWS\System32\vxgame4.exe
C:\WINDOWS\System32\vxgame4.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\WINDOWS\blank.mht
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {40538458-13E0-6631-BA43-6E4482C4FFBB} - C:\WINDOWS\System32\pwlq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9C5875B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\performent011.dll
O2 - BHO: (no name) - {A855E41E-29F7-2390-A80F-AC75E0D5698C} - C:\WINDOWS\System32\CdmFiles\oxsqgtwcbj.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKCU\..\Run: [Rwds] "C:\Program Files\dowi\suua.exe" -vt mt
O4 - HKCU\..\Run: [Vsgwd] C:\WINDOWS\System32\??chost.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O21 - SSODL: Adobe Photoshop 7.0 - {B79055DE-F49D-6C71-6A09-E45A1BBEE67C} - c:\program files\adobe\photoshop 7.0\winqgotim32.dll (file missing)
O21 - SSODL: EICDJDAI - {180C4220-53F9-6FDF-62C8-45707DC03CA1} - C:\WINDOWS\System32\Olmfkf32.dll (file missing)
O21 - SSODL: mtkle - {32E66748-C146-4BB6-9498-7AFF5413A28E} - C:\WINDOWS\System32\jkpej32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Quetec\pctwpasv.exe






---------------------------------------------------------
ewido security suite - Process report
---------------------------------------------------------

+ Created on: 6:14:43 PM, 10/2/2005
+ Report-Checksum: 313C113E

0: System Process
4: System Process
252: C:\WINDOWS\System32\kernels32.exe
324: C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
336: C:\Program Files\iTunes\iTunesHelper.exe
356: C:\Program Files\QuickTime\qttask.exe
376: C:\WINDOWS\System32\kernels32.exe
452: C:\Program Files\dowi\suua.exe
464: C:\WINDOWS\System32\ѕνchost.exe
544: \SystemRoot\System32\smss.exe
592: C:\Program Files\iPod\bin\iPodService.exe
604: \??\C:\WINDOWS\system32\csrss.exe
628: \??\C:\WINDOWS\system32\winlogon.exe
672: C:\WINDOWS\system32\services.exe
684: C:\WINDOWS\system32\lsass.exe
848: C:\WINDOWS\system32\svchost.exe
872: C:\WINDOWS\System32\svchost.exe
904: C:\Program Files\Messenger\msmsgs.exe
996: C:\WINDOWS\System32\svchost.exe
1064: C:\WINDOWS\System32\svchost.exe
1180: C:\WINDOWS\system32\spoolsv.exe
1520: C:\Program Files\ewido\security suite\ewidoctrl.exe
1544: C:\Program Files\Quetec\pctwpasv.exe
1584: C:\WINDOWS\System32\svchost.exe
2004: C:\WINDOWS\Explorer.exe
2384: C:\WINDOWS\System32\split.exe
3688: C:\WINDOWS\System32\vxgame4.exe
3704: C:\WINDOWS\System32\vxgame4.exe
4376: C:\WINDOWS\System32\vxgame4.exe
4400: C:\WINDOWS\System32\vxgame4.exe
5124: C:\WINDOWS\System32\split.exe
8952: C:\Program Files\ewido\security suite\SecuritySuite.exe
23088: C:\Program Files\Mozilla Firefox\firefox.exe



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:05:06 PM, 10/2/2005
+ Report-Checksum: E84E791C

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}\TypeLib\\ -> Spyware.SimpleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B75F75B8-93F3-429D-FF34-660B206D897A} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\TypeLib\\ -> Spyware.SimpleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501} -> Spyware.SimpleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\TypeLib\\ -> Spyware.SimpleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39}\TypeLib\\ -> Spyware.SimpleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}\TypeLib\\ -> Spyware.SimpleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77} -> Spyware.SimpleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator\CLSID -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator\CLSID\\ -> Spyware.ZToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator\CurVer -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator.1 -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator.1\CLSID\\ -> Spyware.ZToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr\CLSID -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr\CurVer -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr.1 -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar\CLSID -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar\CLSID\\ -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar\CurVer -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar.1 -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar.1\CLSID\\ -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\ClickSpring -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\CLSID -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B75F75B8-93F3-429D-FF34-660B206D897A} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/MediaTicketsInstaller.ocx\\.Owner -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/MediaTicketsInstaller.ocx\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx\\.Owner -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Best Search Engine!!! -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaTickets -> Spyware.PurityScan : Cleaned with backup
[2004] C:\WINDOWS\System\svchost.dll -> Trojan.Small : Cleaned with backup
[408] C:\WINDOWS\System32\vxh8jkdq2.exe -> Spyware.Hijacker.Generic : Cleaned with backup
[420] C:\WINDOWS\System32\efsdfgxg.exe -> TrojanDownloader.Small.biq : Cleaned with backup
[496] C:\WINDOWS\System32\vxh8jkdq2.exe -> Spyware.Hijacker.Generic : Error during cleaning
[1104] C:\winstall.exe -> Spyware.Hijacker.Generic : Cleaned with backup
[1308] C:\WINDOWS\System32\vxh8jkdq2.exe -> Spyware.Hijacker.Generic : Error during cleaning
[2392] C:\WINDOWS\System32\vxgamet3.exe -> Trojan.LowZones.y : Cleaned with backup
[2740] C:\WINDOWS\System32\sysvcs.exe -> Trojan.Crypt.l : Cleaned with backup
[3668] C:\WINDOWS\System32\vxgame2.exe -> TrojanProxy.Lager.x : Cleaned with backup
[3676] C:\WINDOWS\System32\vxgame3.exe -> TrojanDownloader.Small.biq : Cleaned with backup
[5144] C:\WINDOWS\System32\633130.exe -> Spyware.Hijacker.Generic : Error during cleaning
[5064] C:\WINDOWS\System32\vxgamet3.exe -> Trojan.LowZones.y : Error during cleaning
[4120] C:\WINDOWS\System32\vxgame3.exe -> TrojanDownloader.Small.biq : Error during cleaning
:mozilla.58:C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\ar25yja9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\ar25yja9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\ar25yja9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\ar25yja9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\ar25yja9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\ar25yja9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Brett\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Brett\Desktop\backups\backup-20051002-170802-289.dll -> Spyware.Zbar : Cleaned with backup
C:\Documents and Settings\Brett\Local Settings\Temp\1.qtdfmp -> TrojanDownloader.Small.bho : Cleaned with backup
C:\Documents and Settings\Brett\Local Settings\Temp\2.qtdfmp -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Brett\Local Settings\Temp\6.qtdfmp -> TrojanDownloader.Small.bon : Cleaned with backup
C:\Documents and Settings\Brett\Local Settings\Temp\kwsoarl7.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\Brett\Local Settings\Temp\vx2.game -> TrojanProxy.Lager.x : Cleaned with backup
C:\Documents and Settings\Brett\Local Settings\Temp\vx3.game -> TrojanDownloader.Small.biq : Cleaned with backup
C:\Documents and Settings\Brett\Local Settings\Temp\vx6.game -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Brett\Local Settings\Temp\vxt2.game -> Backdoor.Agent.iw : Cleaned with backup
C:\Documents and Settings\Brett\Local Settings\Temp\vxt3.game -> Trojan.LowZones.y : Cleaned with backup
C:\Documents and Settings\Brett\Local Settings\Temporary Internet Files\Content.IE5\QH1UJ6TO\mtrslib2[1].js -> TrojanDownloader.Small.ag : Cleaned with backup
C:\Documents and Settings\Brett\Local Settings\Temporary Internet Files\Content.IE5\QH1UJ6TO\mtrslib2[3].js -> TrojanDownloader.Small.ag : Cleaned with backup
C:\RECYCLER\S-1-5-21-1229272821-1078145449-1343024091-1003\Dc2034\IESecurity.dll -> Spyware.SpywareNo : Cleaned with backup
C:\RECYCLER\S-1-5-21-1229272821-1078145449-1343024091-1003\Dc2034\ProcMon.dll -> Adware.SpySheriff : Cleaned with backup
C:\RECYCLER\S-1-5-21-1229272821-1078145449-1343024091-1003\Dc2034\Uninstall.exe -> Adware.SpySheriff : Cleaned with backup
C:\WINDOWS\desktop.html -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system\svchost.dll -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\633771.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\birdihuy32.dll -> TrojanProxy.Small.ct : Cleaned with backup
C:\WINDOWS\system32\efsdfgxg.exe -> TrojanDownloader.Small.biq : Cleaned with backup
C:\WINDOWS\system32\latest.exe -> Trojan.Crypt.l : Cleaned with backup
C:\WINDOWS\system32\sysvcs.exe -> Trojan.Crypt.l : Cleaned with backup
C:\WINDOWS\system32\vx.tll -> Adware.SpySheriff : Cleaned with backup
C:\WINDOWS\system32\vxgame1.exe -> TrojanDropper.Small.acg : Cleaned with backup
C:\WINDOWS\system32\vxgame2.exe -> TrojanProxy.Lager.x : Cleaned with backup
C:\WINDOWS\system32\vxgame3.exe -> TrojanDownloader.Small.biq : Cleaned with backup
C:\WINDOWS\system32\vxgamet2.exe -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\system32\vxgamet3.exe -> Trojan.LowZones.y : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq1.exe -> TrojanDownloader.Small.bho : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq2.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq5.exe -> TrojanDownloader.Agent.tx : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq6.exe -> TrojanDownloader.Small.bon : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq7.exe -> TrojanDownloader.Small.atl : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq8.exe -> TrojanDownloader.Small.bho : Cleaned with backup
C:\WINDOWS\system32\ztoolb011.dll -> Spyware.Zbar : Cleaned with backup
C:\WINDOWS\system32\ztoolbar.bmp -> Spyware.TNS-Search : Cleaned with backup
C:\WINDOWS\system32\~update.exe -> Trojan.Crypt.l : Cleaned with backup
C:\winstall.exe -> Spyware.Hijacker.Generic : Cleaned with backup


::Report End




---------------------------------------------------------
ewido security suite - Startup report
---------------------------------------------------------

+ Created on: 6:15:07 PM, 10/2/2005
+ Report-Checksum: 174150AD

Reg\HKLM\Run SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
Shell\CommonStartup Adobe Gamma Loader.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
File\SystemIni stem32\kernels32.exe Explorer.exe C:\WINDOWS\System32\kernels32.exe
Reg\HKLM\Run iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Reg\HKLM\Run System C:\WINDOWS\System32\kernels32.exe
Reg\HKLM\Run WindowsUpdate C:\WINDOWS\System\svchost.exe /s
Reg\HKCU\Run Rwds "C:\Program Files\dowi\suua.exe" -vt mt
Reg\HKCU\Run Vsgwd C:\WINDOWS\System32\ѕνchost.exe


thanks in advance

also im new to some of these programs but i am far from a newb. but either way take it easy on me
  • 0

Advertisements

#2
Trevuren
Posted 02 October 2005 - 05:29 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi Cass944, welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your problem.

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. DO NOT UPGRADE TO SP2 AT THIS TIME
  • Click HERE for the update.
  • Apply the update.
  • REBOOT YOUR SYSTEM
  • Post a fresh Hijack This log
Regards,

Trevuren.
  • 0

#3
Trevuren
Posted 06 October 2005 - 02:32 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
While we understand that you may not have been aware, your copy of Windows is not legitimate. Unfortunately, we are unable to help you any further on this site, as we have a strict policy we adhere to in only helping people who have legitmate copies of Windows. Thank you for understanding


Trevuren
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP