Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unremovable log entry:


  • Please log in to reply

#1
Bagpuss

Bagpuss

    New Member

  • Member
  • Pip
  • 6 posts
Logfile of HijackThis v1.99.0
Scan saved at 15:15:48, on 18/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\Xqsye.exe
C:\WINDOWS\System32\Xqsye.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\RegProt\rpadmin.exe
C:\RegProt\regprot.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Niall\Desktop\RegClean\hijackthis\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [2ZQLKP#2WLSCTL] C:\WINDOWS\System32\Qcm02Z2H.exe

Hijackthis acts like it removes O4 above; nonetheless, when I scan again, it returns bold as brass. I know it's something sinister. Please help!
  • 0

Advertisements


#2
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Please post the entire log.

-=jonnyrotten=- :tazz:
  • 0

#3
Bagpuss

Bagpuss

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
That is the entire log--honest!
  • 0

#4
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
You have the Pepper Trojan.

Download this file, run, and let terminate (it'll just blink briefly on your screen and won't appeared to have done much--this is normal):
http://www.geekstogo...=download&id=18

Reboot and post a new log.

-=jonnyrotten=-:tazz:
  • 0

#5
Bagpuss

Bagpuss

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
All better now--bloody limewire. Thanks again!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP