Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected Computer

Started by kgolfin , Apr 26 2005 05:11 PM

  • Please log in to reply

#1
kgolfin
Posted 26 April 2005 - 05:11 PM

kgolfin

    Member

  • Member
  • PipPip
  • 13 posts
My parents got a new Gateway computer and in a few short months have gotten it totally messed up with spyware. I have tried adaware and spy bot but still have problems. One weird this is the system folder is winnt and not windows.... could the spyware have done that? Please help, I didn't want to have to reload.

Thanks
  • 0

Advertisements

#2
gerryf
Posted 26 April 2005 - 06:45 PM

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
no, some people install windows to winnt....shoot, I do

please visit the forum in my signature and follow the instructions at the top
  • 0

#3
kgolfin
Posted 26 April 2005 - 08:18 PM

kgolfin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 9:06:43 PM, on 4/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\System32\hphmon06.exe
C:\WINNT\System32\Jcl.exe
C:\WINNT\SM1BG.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\winupdate72981096[1].exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp7D.tmp
C:\WINNT\System32\HPZipm12.exe
C:\WINNT\System32\open32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINNT\frennk.dll
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINNT\System32\DSMANA~1.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINNT\System32\hphmon06.exe
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [Vrb] C:\WINNT\System32\Jcl.exe
O4 - HKLM\..\Run: [Voa] C:\WINNT\Fun.exe
O4 - HKLM\..\Run: [Vmm] C:\WINNT\System32\Vqa.exe
O4 - HKLM\..\Run: [Vmc] C:\WINNT\Kja.exe
O4 - HKLM\..\Run: [Vli] C:\WINNT\System32\Hoj.exe
O4 - HKLM\..\Run: [Viu] C:\WINNT\System32\Jcr.exe
O4 - HKLM\..\Run: [Vho] C:\WINNT\Inj.exe
O4 - HKLM\..\Run: [Vfv] C:\WINNT\System32\Dmf.exe
O4 - HKLM\..\Run: [Vfe] C:\WINNT\System32\Odd.exe
O4 - HKLM\..\Run: [Vda] C:\WINNT\System32\Arf.exe
O4 - HKLM\..\Run: [Vco] C:\WINNT\System32\Lsn.exe
O4 - HKLM\..\Run: [Urr] C:\WINNT\Nbr.exe
O4 - HKLM\..\Run: [Uji] C:\WINNT\Coq.exe
O4 - HKLM\..\Run: [Uhd] C:\WINNT\System32\Qbt.exe
O4 - HKLM\..\Run: [Udp] C:\WINNT\System32\Nkm.exe
O4 - HKLM\..\Run: [Udm] C:\WINNT\Jdf.exe
O4 - HKLM\..\Run: [Tsu] C:\WINNT\System32\Gbf.exe
O4 - HKLM\..\Run: [Tpn] C:\WINNT\Fgq.exe
O4 - HKLM\..\Run: [Thh] C:\WINNT\Vgi.exe
O4 - HKLM\..\Run: [Tgb] C:\WINNT\System32\Gqf.exe
O4 - HKLM\..\Run: [Tep] C:\WINNT\System32\Jaj.exe
O4 - HKLM\..\Run: [Tdo] C:\WINNT\System32\Vin.exe
O4 - HKLM\..\Run: [Tap] C:\WINNT\Ftj.exe
O4 - HKLM\..\Run: [Spj] C:\WINNT\System32\Fpt.exe
O4 - HKLM\..\Run: [Spa] C:\WINNT\System32\Buv.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Sjq] C:\WINNT\Jfj.exe
O4 - HKLM\..\Run: [Shd] C:\WINNT\System32\Tcr.exe
O4 - HKLM\..\Run: [Sgs] C:\WINNT\Elb.exe
O4 - HKLM\..\Run: [Sft] C:\WINNT\Nid.exe
O4 - HKLM\..\Run: [Sec] C:\WINNT\Lqn.exe
O4 - HKLM\..\Run: [Sbd] C:\WINNT\System32\Mqq.exe
O4 - HKLM\..\Run: [Rvo] C:\WINNT\System32\Hqh.exe
O4 - HKLM\..\Run: [Rve] C:\WINNT\Cvv.exe
O4 - HKLM\..\Run: [Ruv] C:\WINNT\Pdf.exe
O4 - HKLM\..\Run: [Rrv] C:\WINNT\System32\Hei.exe
O4 - HKLM\..\Run: [Rrs] C:\WINNT\System32\Und.exe
O4 - HKLM\..\Run: [Rrg] C:\WINNT\System32\Tto.exe
O4 - HKLM\..\Run: [Rqm] C:\WINNT\System32\Uab.exe
O4 - HKLM\..\Run: [Rnh] C:\WINNT\System32\Odb.exe
O4 - HKLM\..\Run: [Rmc] C:\WINNT\System32\Agb.exe
O4 - HKLM\..\Run: [Rlq] C:\WINNT\System32\Mhf.exe
O4 - HKLM\..\Run: [Rkv] C:\WINNT\System32\Bhg.exe
O4 - HKLM\..\Run: [Rir] C:\WINNT\System32\Lmc.exe
O4 - HKLM\..\Run: [Rga] C:\WINNT\Bnk.exe
O4 - HKLM\..\Run: [Reb] C:\WINNT\System32\Amg.exe
O4 - HKLM\..\Run: [Rde] C:\WINNT\Jno.exe
O4 - HKLM\..\Run: [Rcn] C:\WINNT\System32\Aah.exe
O4 - HKLM\..\Run: [Rbo] C:\WINNT\System32\Dde.exe
O4 - HKLM\..\Run: [Rbg] C:\WINNT\System32\Qsl.exe
O4 - HKLM\..\Run: [Qqk] C:\WINNT\System32\Ebb.exe
O4 - HKLM\..\Run: [Qph] C:\WINNT\Rrm.exe
O4 - HKLM\..\Run: [Qns] C:\WINNT\Ota.exe
O4 - HKLM\..\Run: [Qni] C:\WINNT\Mah.exe
O4 - HKLM\..\Run: [Qkv] C:\WINNT\Eep.exe
O4 - HKLM\..\Run: [Qik] C:\WINNT\System32\Qsg.exe
O4 - HKLM\..\Run: [Qgl] C:\WINNT\System32\Fln.exe
O4 - HKLM\..\Run: [Qes] C:\WINNT\System32\Rvp.exe
O4 - HKLM\..\Run: [Qas] C:\WINNT\System32\Pds.exe
O4 - HKLM\..\Run: [Qao] C:\WINNT\Deg.exe
O4 - HKLM\..\Run: [Qad] C:\WINNT\System32\Vsa.exe
O4 - HKLM\..\Run: [Pvq] C:\WINNT\System32\Aus.exe
O4 - HKLM\..\Run: [Psh] C:\WINNT\Faf.exe
O4 - HKLM\..\Run: [Pos] C:\WINNT\Mma.exe
O4 - HKLM\..\Run: [Pog] C:\WINNT\System32\Qih.exe
O4 - HKLM\..\Run: [Plc] C:\WINNT\Hgk.exe
O4 - HKLM\..\Run: [Pjn] C:\WINNT\System32\Ibv.exe
O4 - HKLM\..\Run: [Pjg] C:\WINNT\Mdg.exe
O4 - HKLM\..\Run: [Pip] C:\WINNT\Ecg.exe
O4 - HKLM\..\Run: [Pco] C:\WINNT\Vki.exe
O4 - HKLM\..\Run: [Pau] C:\WINNT\System32\Sbf.exe
O4 - HKLM\..\Run: [Paa] C:\WINNT\System32\She.exe
O4 - HKLM\..\Run: [Ous] C:\WINNT\Ddm.exe
O4 - HKLM\..\Run: [Oss] C:\WINNT\Adb.exe
O4 - HKLM\..\Run: [Opt] C:\WINNT\Ilc.exe
O4 - HKLM\..\Run: [Okg] C:\WINNT\Gro.exe
O4 - HKLM\..\Run: [Ohs] C:\WINNT\System32\Liu.exe
O4 - HKLM\..\Run: [Odq] C:\WINNT\Fuv.exe
O4 - HKLM\..\Run: [Oaj] C:\WINNT\System32\Eld.exe
O4 - HKLM\..\Run: [Ntu] C:\WINNT\Iir.exe
O4 - HKLM\..\Run: [Nsg] C:\WINNT\Mlg.exe
O4 - HKLM\..\Run: [Nro] C:\WINNT\System32\Qve.exe
O4 - HKLM\..\Run: [Nrk] C:\WINNT\Iab.exe
O4 - HKLM\..\Run: [Nrc] C:\WINNT\Qnq.exe
O4 - HKLM\..\Run: [Noa] C:\WINNT\System32\Qps.exe
O4 - HKLM\..\Run: [Nmq] C:\WINNT\Fkt.exe
O4 - HKLM\..\Run: [Nge] C:\WINNT\System32\Hjo.exe
O4 - HKLM\..\Run: [Ndq] C:\WINNT\Gtm.exe
O4 - HKLM\..\Run: [Muh] C:\WINNT\Hld.exe
O4 - HKLM\..\Run: [Mri] C:\WINNT\System32\Vje.exe
O4 - HKLM\..\Run: [Mpc] C:\WINNT\System32\Tdd.exe
O4 - HKLM\..\Run: [Mnf] C:\WINNT\System32\Qpj.exe
O4 - HKLM\..\Run: [Mmu] C:\WINNT\Igm.exe
O4 - HKLM\..\Run: [Mmi] C:\WINNT\Qtb.exe
O4 - HKLM\..\Run: [Mlj] C:\WINNT\Vtk.exe
O4 - HKLM\..\Run: [Miv] C:\WINNT\System32\Fvb.exe
O4 - HKLM\..\Run: [Mie] C:\WINNT\System32\Bpf.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Mht] C:\WINNT\System32\Jqs.exe
O4 - HKLM\..\Run: [Meo] C:\WINNT\System32\Hqc.exe
O4 - HKLM\..\Run: [Mdu] C:\WINNT\Bcv.exe
O4 - HKLM\..\Run: [Mbo] C:\WINNT\Ceg.exe
O4 - HKLM\..\Run: [Mbn] C:\WINNT\System32\Hfv.exe
O4 - HKLM\..\Run: [Lvm] C:\WINNT\System32\Osl.exe
O4 - HKLM\..\Run: [Lru] C:\WINNT\System32\Acp.exe
O4 - HKLM\..\Run: [Loh] C:\WINNT\Kjr.exe
O4 - HKLM\..\Run: [Ljn] C:\WINNT\System32\Ial.exe
O4 - HKLM\..\Run: [Lid] C:\WINNT\System32\Lor.exe
O4 - HKLM\..\Run: [Kvi] C:\WINNT\Kek.exe
O4 - HKLM\..\Run: [Kra] C:\WINNT\System32\Idq.exe
O4 - HKLM\..\Run: [Kns] C:\WINNT\Tla.exe
O4 - HKLM\..\Run: [Kiv] C:\WINNT\Khr.exe
O4 - HKLM\..\Run: [Kio] C:\WINNT\System32\Ggi.exe
O4 - HKLM\..\Run: [Kie] C:\WINNT\System32\Hfl.exe
O4 - HKLM\..\Run: [Khd] C:\WINNT\System32\Phn.exe
O4 - HKLM\..\Run: [Kgk] C:\WINNT\System32\Ont.exe
O4 - HKLM\..\Run: [Kfv] C:\WINNT\System32\Cjo.exe
O4 - HKLM\..\Run: [Juh] C:\WINNT\Jdi.exe
O4 - HKLM\..\Run: [Jqd] C:\WINNT\Fve.exe
O4 - HKLM\..\Run: [Jpi] C:\WINNT\System32\Tud.exe
O4 - HKLM\..\Run: [Jld] C:\WINNT\Bft.exe
O4 - HKLM\..\Run: [Jkm] C:\WINNT\Rbm.exe
O4 - HKLM\..\Run: [Jhe] C:\WINNT\System32\Umu.exe
O4 - HKLM\..\Run: [Jeq] C:\WINNT\Tev.exe
O4 - HKLM\..\Run: [Jbs] C:\WINNT\Rsp.exe
O4 - HKLM\..\Run: [Jbc] C:\WINNT\System32\Aqc.exe
O4 - HKLM\..\Run: [Iuu] C:\WINNT\System32\Tec.exe
O4 - HKLM\..\Run: [Iuj] C:\WINNT\System32\Nfp.exe
O4 - HKLM\..\Run: [Isu] C:\WINNT\System32\Ljh.exe
O4 - HKLM\..\Run: [Ior] C:\WINNT\System32\Qaf.exe
O4 - HKLM\..\Run: [Ikj] C:\WINNT\Svl.exe
O4 - HKLM\..\Run: [Igm] C:\WINNT\System32\Onh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [Ifr] C:\WINNT\Bqk.exe
O4 - HKLM\..\Run: [Ifd] C:\WINNT\System32\Sem.exe
O4 - HKLM\..\Run: [Icf] C:\WINNT\Kda.exe
O4 - HKLM\..\Run: [Hra] C:\WINNT\System32\Ibu.exe
O4 - HKLM\..\Run: [Hqh] C:\WINNT\System32\Quo.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hnn] C:\WINNT\Roe.exe
O4 - HKLM\..\Run: [Hme] C:\WINNT\System32\Vhk.exe
O4 - HKLM\..\Run: [Hkk] C:\WINNT\System32\Dep.exe
O4 - HKLM\..\Run: [Hge] C:\WINNT\System32\Hom.exe
O4 - HKLM\..\Run: [Hdh] C:\WINNT\System32\Src.exe
O4 - HKLM\..\Run: [Hbp] C:\WINNT\System32\Hko.exe
O4 - HKLM\..\Run: [Hbm] C:\WINNT\Unu.exe
O4 - HKLM\..\Run: [Hbl] C:\WINNT\Ijc.exe
O4 - HKLM\..\Run: [Hap] C:\WINNT\Fee.exe
O4 - HKLM\..\Run: [Guo] C:\WINNT\Duu.exe
O4 - HKLM\..\Run: [Gtn] C:\WINNT\System32\Plc.exe
O4 - HKLM\..\Run: [Gst] C:\WINNT\Fif.exe
O4 - HKLM\..\Run: [Gsk] C:\WINNT\Aet.exe
O4 - HKLM\..\Run: [Gsj] C:\WINNT\Qdr.exe
O4 - HKLM\..\Run: [Gsg] C:\WINNT\System32\Gdt.exe
O4 - HKLM\..\Run: [Grp] C:\WINNT\System32\Tgf.exe
O4 - HKLM\..\Run: [Gqk] C:\WINNT\System32\Din.exe
O4 - HKLM\..\Run: [Goi] C:\WINNT\System32\Sij.exe
O4 - HKLM\..\Run: [Gmi] C:\WINNT\System32\Feq.exe
O4 - HKLM\..\Run: [Gls] C:\WINNT\System32\Cvn.exe
O4 - HKLM\..\Run: [Glf] C:\WINNT\Hnj.exe
O4 - HKLM\..\Run: [Ghe] C:\WINNT\Kiu.exe
O4 - HKLM\..\Run: [Gfc] C:\WINNT\Hdb.exe
O4 - HKLM\..\Run: [Gdn] C:\WINNT\System32\Nfq.exe
O4 - HKLM\..\Run: [Fsr] C:\WINNT\Lfh.exe
O4 - HKLM\..\Run: [Fsd] C:\WINNT\Ovc.exe
O4 - HKLM\..\Run: [Frq] C:\WINNT\System32\Lqh.exe
O4 - HKLM\..\Run: [Fqj] C:\WINNT\Ntt.exe
O4 - HKLM\..\Run: [Flh] C:\WINNT\System32\Bdb.exe
O4 - HKLM\..\Run: [Fkm] C:\WINNT\System32\Hrv.exe
O4 - HKLM\..\Run: [Fhi] C:\WINNT\Nto.exe
O4 - HKLM\..\Run: [Fga] C:\WINNT\Rph.exe
O4 - HKLM\..\Run: [Ffp] C:\WINNT\System32\Tgc.exe
O4 - HKLM\..\Run: [Fdm] C:\WINNT\Svv.exe
O4 - HKLM\..\Run: [Fbg] C:\WINNT\System32\Kbg.exe
O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe
O4 - HKLM\..\Run: [Fan] C:\WINNT\System32\Dhl.exe
O4 - HKLM\..\Run: [Evo] C:\WINNT\System32\Euk.exe
O4 - HKLM\..\Run: [Ett] C:\WINNT\System32\Jhv.exe
O4 - HKLM\..\Run: [Ern] C:\WINNT\Oda.exe
O4 - HKLM\..\Run: [Erg] C:\WINNT\System32\Ick.exe
O4 - HKLM\..\Run: [Eos] C:\WINNT\Oge.exe
O4 - HKLM\..\Run: [Ent] C:\WINNT\Vfe.exe
O4 - HKLM\..\Run: [Ehv] C:\WINNT\System32\Fol.exe
O4 - HKLM\..\Run: [Egs] C:\WINNT\System32\Rif.exe
O4 - HKLM\..\Run: [Efq] C:\WINNT\Hfk.exe
O4 - HKLM\..\Run: [Ect] C:\WINNT\Juu.exe
O4 - HKLM\..\Run: [Ecf] C:\WINNT\System32\Rdo.exe
O4 - HKLM\..\Run: [Dvn] C:\WINNT\Gcf.exe
O4 - HKLM\..\Run: [Dtt] C:\WINNT\System32\Fiq.exe
O4 - HKLM\..\Run: [Dti] C:\WINNT\Qnc.exe
O4 - HKLM\..\Run: [Dks] C:\WINNT\Jlj.exe
O4 - HKLM\..\Run: [Djn] C:\WINNT\System32\Nva.exe
O4 - HKLM\..\Run: [Dah] C:\WINNT\Vsd.exe
O4 - HKLM\..\Run: [Cqk] C:\WINNT\System32\Gob.exe
O4 - HKLM\..\Run: [Cqb] C:\WINNT\Ibf.exe
O4 - HKLM\..\Run: [Cep] C:\WINNT\Rdh.exe
O4 - HKLM\..\Run: [Cdq] C:\WINNT\System32\Grl.exe
O4 - HKLM\..\Run: [Bsu] C:\WINNT\System32\Kdo.exe
O4 - HKLM\..\Run: [Brg] C:\WINNT\Bgg.exe
O4 - HKLM\..\Run: [Brc] C:\WINNT\System32\Urd.exe
O4 - HKLM\..\Run: [Bmm] C:\WINNT\System32\Pod.exe
O4 - HKLM\..\Run: [Bks] C:\WINNT\Vha.exe
O4 - HKLM\..\Run: [Bje] C:\WINNT\Ijm.exe
O4 - HKLM\..\Run: [Bfg] C:\WINNT\System32\Gsv.exe
O4 - HKLM\..\Run: [Bda] C:\WINNT\Obm.exe
O4 - HKLM\..\Run: [Apn] C:\WINNT\System32\Kvc.exe
O4 - HKLM\..\Run: [Acr] C:\WINNT\System32\Hgh.exe
O4 - HKLM\..\Run: [Acn] C:\WINNT\System32\Acs.exe
O4 - HKLM\..\Run: [Abo] C:\WINNT\Afv.exe
O4 - HKLM\..\Run: [Aav] C:\WINNT\System32\Afj.exe
O4 - HKLM\..\Run: [Tme] C:\WINNT\Uqj.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tme] C:\WINNT\Uqj.exe
O4 - Startup: winupdate72981096[1].exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\fltmgr.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\fltmgr.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\fltmgr.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

#4
Murray S.
Posted 26 April 2005 - 08:20 PM

Murray S.

    Trusted Tech

  • Member
  • PipPipPipPipPipPipPip
  • 4,513 posts
  • MVP
Howdy:

If you had followed the instructions, you would have read that you post the HJT log in the Malware forum.. not here!! :tazz:

Murray
  • 0

#5
kgolfin
Posted 27 April 2005 - 08:36 AM

kgolfin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sorry, I have posted it correctly. I have never done this before.
  • 0

#6
gerryf
Posted 27 April 2005 - 09:24 AM

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
don't worry kgolfin....happens all the time :tazz:

The process works best if you go to the malware forum in my signature and read the instructions because you eliminate about 60percent of most malware.

Then the malware specialists can focus on the hard, more recently developed malware.

Plus, at the end of the process you gain a better understanding of what is going on and how to protect yourself.
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP