Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malformed Archive (Virus? Trojan?) [RESOLVED]

Started by MGritts22 , Dec 04 2005 08:08 PM

  • This topic is locked This topic is locked

#1
MGritts22
Posted 04 December 2005 - 08:08 PM

MGritts22

    Member

  • Member
  • PipPip
  • 30 posts
Hello. I have read the thread about what to do if you suspect an infection on your PC. I have read everything. I scanned with all the reccommended programs. The only one that brought anything to my attention was the Microsoft AntiSpy, where I got this.

(attachment #1, JPG)

I removed, restarted, rescanned, and it said it was gone. It was still slow. I scanned with eWido and TrojanHunter, still nothing, until I get a McAfee popup telling me the same thing as a couple days ago...

(attachment #2, JPG)

The thing is, the .exe file name has changed, and the location as well. This is why I'm thinking its not something else, but the same file that really hadn't been removed. Clean, Quarantine, and Delete will not work. I boot in safe mode and scan McAfee for this file, but then it does not come up in the results.

Here is my HijackThis Log.

Logfile of HijackThis v1.99.1
Scan saved at 8:07:08 PM, on 12/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\TrojanHunter 4.2\TrojanHunter.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe
C:\WINDOWS\system32\mspaint.exe
C:\Documents and Settings\Mike\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\gebyx.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EC72B2C-F39E-42FC-8337-EA7A99625717}: NameServer = 206.141.192.60 206.141.193.55
O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll
O20 - Winlogon Notify: pmkhg - pmkhg.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe




Anything? THANKS SO MUCH IN ADVANCE! I WANT MY GOOD PC BACK!

With Much Gratitude,
Mike



*EDIT*
Right after I finished posting, I got another Mcafee popup saying the same thing, but the file's name is now Ech.exe. I am almost sure this is the same trojan.
alrighty thanks

Attached Thumbnails

  • trojanfound.JPG
  • mcafee01.JPG

Edited by MGritts22, 04 December 2005 - 08:09 PM.

  • 0

Advertisements

#2
MGritts22
Posted 04 December 2005 - 09:24 PM

MGritts22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hello. I have read the thread about what to do if you suspect an infection on your PC. I have read everything. I scanned with all the reccommended programs. The only one that brought anything to my attention was the Microsoft AntiSpy, where I got this.

(attachment #1, JPG)

I removed, restarted, rescanned, and it said it was gone. It was still slow. I scanned with eWido and TrojanHunter, still nothing, until I get a McAfee popup telling me the same thing as a couple days ago...

(attachment #2, JPG)

The thing is, the .exe file name has changed, and the location as well. This is why I'm thinking its not something else, but the same file that really hadn't been removed. Clean, Quarantine, and Delete will not work. I boot in safe mode and scan McAfee for this file, but then it does not come up in the results.

Here is my HijackThis Log.

Logfile of HijackThis v1.99.1
Scan saved at 8:07:08 PM, on 12/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\TrojanHunter 4.2\TrojanHunter.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe
C:\WINDOWS\system32\mspaint.exe
C:\Documents and Settings\Mike\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\gebyx.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EC72B2C-F39E-42FC-8337-EA7A99625717}: NameServer = 206.141.192.60 206.141.193.55
O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll
O20 - Winlogon Notify: pmkhg - pmkhg.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe




Anything? THANKS SO MUCH IN ADVANCE! I WANT MY GOOD PC BACK!

With Much Gratitude,
Mike



*EDIT*
Right after I finished posting, I got another Mcafee popup saying the same thing, but the file's name is now Ech.exe. I am almost sure this is the same trojan.
alrighty thanks

(sorry i posted this message again i posted it in the wrong room earlier)


Attached thumbnail(s)
Attached Image Attached Image

Shoot it looks like my pics didn't work here's the link to my first post to see them (don't bother reading it it's the same thing)
http://www.geekstogo...jan-t82781.html

Edited by MGritts22, 04 December 2005 - 09:28 PM.

  • 0

#3
Crustyoldbloke
Posted 05 December 2005 - 05:19 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello Mike and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!

You have either the dreaded Virtumonde (Vundo B) infection or possibly ConHook (the Vundo downloader). Let’s see what we can do with the first sweep.

Do you recognise this name and address: Ameritech Electronic Commerce 2701 W 15th ST Plano TX 75075 US ?

I note that you are running HijackThis from Desktop; please create a new folder for it (for example C:\Program Files\Hijackthis\Hijackthis.exe) and move the programme into it. It is very important you do this before anything else since backup files can be deleted if they are not within their own folder!

Click My Computer, then C:\ and then Program Files.
In the menu bar, go to File>New>Folder. That will create a folder named New Folder, which you can right-click on and rename to HJT or HijackThis. Now you have C:\Program Files\HijackThis. Cut ‘n’ Paste your HijackThis.exe into it.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter once.
  • Next you will see:

    Please Type in the filepath as instructed by the forum staff
    and then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\gebyx.dll
  • Press Enter to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum
    staff then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!): C:\WINDOWS\system32\xybeg.*
  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED: O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\gebyx.dll
    O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll
    O20 - Winlogon Notify: pmkhg - pmkhg.dll (file missing)
  • After you have fixed these items, close Hijackthis.
  • Press enter to exit the programme then manually reboot your computer.
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programmes menu).
Set the programme up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the programme.

It may ask you to reboot at the end, click YES.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log from normal mode and the vundofix.txt file from the vundofix folder into this topic.
  • 0

#4
MGritts22
Posted 05 December 2005 - 05:33 PM

MGritts22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Alright, thanks for the help.

No, I don't recognize Ameritech Electronic Commerce 2701 W 15th ST Plano TX 75075 US. What's it for?

Everything went accordingly..
My new HijackThis Log...

Logfile of HijackThis v1.99.1
Scan saved at 5:28:51 PM, on 12/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\gebyx.dll (file missing)
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EC72B2C-F39E-42FC-8337-EA7A99625717}: NameServer = 206.141.192.60 206.141.193.55
O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll (file missing)
O20 - Winlogon Notify: pmkhg - pmkhg.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


Vundofix Log...
VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------

Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------

killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt

--------------------------------------------------------------------------------------

Filepaths entered
--------------------------------------------------------------------------------------

The filepath entered was C:\WINDOWS\system32\gebyx.dll

The second filepath entered was C:\WINDOWS\system32\xybeg.*

--------------------------------------------------------------------------------------

Log from Process
--------------------------------------------------------------------------------------


Killing PID 220 'smss.exe'

Killing PID 836 'explorer.exe'
Killing PID 836 'explorer.exe'


Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 'winlogon.exe'
Killing PID 292 '

Attached Thumbnails

  • activescan_results.JPG

  • 0

#5
Crustyoldbloke
Posted 05 December 2005 - 06:28 PM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again Mike

The question about your ISP relates to the entry @ 017 in the HJT log. The IP address is the company mentioned. I have to decide if that entry is OK or bad. Some ISP's buy time on others servers. I have to be cautious here.

It would appear from the logs that the infection was ConHook and not Vundo. I was hedging my bets with Vundo since it is worse than ConHook.

Here is the fix:

Rescan with HijackThis. Close all programmes leaving only HijackThis running. Place a checkmark or tick against the following:

O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\gebyx.dll (file missing)
O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll (file missing)

Click on Fix Checked when finished and exit HijackThis.

Please give it a few hours ( 12 perhaps) after the fix before replying.

How is the PC behaving now?

Edited by Crustyoldbloke, 05 December 2005 - 06:32 PM.

  • 0

#6
MGritts22
Posted 11 December 2005 - 02:22 PM

MGritts22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Well, I gave it plenty of time (a week) because I have been busy, my PC is behaving very well, although still a little slow due to maybe the fact it has so much on it. One more question. Have you heard of the program file uwik.exe? It's in my startup menu, and I'm not sure what it is, and have searched for it before and had no results. If I should open another thread, just tell me.

Thanks for all your help. I could have never done it without you and I'd probably still have this problem if it wasnt for you.

Thanks again!

Mike
  • 0

#7
Crustyoldbloke
Posted 11 December 2005 - 06:41 PM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello Mike

The file you mentioned is bad. Let me see a fresh HJT log and I'll take care of it.
  • 0

#8
MGritts22
Posted 11 December 2005 - 09:04 PM

MGritts22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
NEW HIJACKTHIS LOG:
Logfile of HijackThis v1.99.1
Scan saved at 9:02:42 PM, on 12/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EC72B2C-F39E-42FC-8337-EA7A99625717}: NameServer = 206.141.192.60 206.141.193.55
O20 - Winlogon Notify: pmkhg - pmkhg.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Thank You!
  • 0

#9
Crustyoldbloke
Posted 12 December 2005 - 06:34 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

Rescan with HijackThis. Close all programmes leaving only HijackThis running. Place a checkmark or tick against the following:

O20 - Winlogon Notify: pmkhg - pmkhg.dll (file missing)

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Please set your system to show all files;
please see here if you're unsure how to do this.

Using Windows Explorer, locate the following file, and delete it:

use search to find it: uwik.exe

Post back a fresh HijackThis log, from normal mode, and I will take another look.
  • 0

#10
Crustyoldbloke
Posted 22 December 2005 - 03:09 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP