Tech Support Forum - View Single Post

Vikesrock8411 · 06-20-2006, 03:44 PM

HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\System32\x3cqp0.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O4 - HKLM\..\Run: [2a0c93d9.exe] C:\WINDOWS\System32\2a0c93d9.exe
O4 - HKLM\..\Run: [{B1-1B-BD-DD-ZN}] C:\windows\system32\ppdsregp.exe GID003
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [nsdajwp] C:\WINDOWS\nsdajwp.exe
O4 - HKLM\..\Run: [newname] C:\\newname25.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\System32\ssn6tuu.exe"
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\System32\mptft.exe
O4 - HKLM\..\Run: [defender] C:\\defender23a.exe
O4 - HKLM\..\Run: [DCOM Server] C:\WINDOWS\System32\dxvwgqyt.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\pwinqqez.exe GID003
O4 - HKLM\..\Run: [0PaAbB9] C:\WINDOWS\rkncx.exe
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKCU\..\Run: [2a0c93d9.exe] C:\Documents and Settings\DAWN\Local Settings\Application Data\2a0c93d9.exe

Please remember to close all other windows, including browsers then click Fix checked.

Services
Click Start->Run - type SERVICES.MSC & then click on the OK button

Locate the service - Microsoft ASPI Manager
Double-click on it to open the Properties dialog.
- Stop the service by using the Stop button.
- Change the Startup type to Disabled & then click on the OK button
Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
In the popup box that appears, type in aspi113210 & then click on the OK button

Reboot your computer

Delete the following file:
C:\WINDOWS\System32\aspi161566.exe

Then run a new scan with Hijackthis and post the log here.

06-20-2006, 03:44 PM	#7 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	HijackThis! Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\System32\x3cqp0.dll (file missing) O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file) O4 - HKLM\..\Run: [2a0c93d9.exe] C:\WINDOWS\System32\2a0c93d9.exe O4 - HKLM\..\Run: [{B1-1B-BD-DD-ZN}] C:\windows\system32\ppdsregp.exe GID003 O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKLM\..\Run: [nsdajwp] C:\WINDOWS\nsdajwp.exe O4 - HKLM\..\Run: [newname] C:\\newname25.exe O4 - HKLM\..\Run: [MyWebSearch Email Plugin] O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\System32\ssn6tuu.exe" O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\System32\mptft.exe O4 - HKLM\..\Run: [defender] C:\\defender23a.exe O4 - HKLM\..\Run: [DCOM Server] C:\WINDOWS\System32\dxvwgqyt.exe O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\pwinqqez.exe GID003 O4 - HKLM\..\Run: [0PaAbB9] C:\WINDOWS\rkncx.exe O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe O4 - HKCU\..\Run: [2a0c93d9.exe] C:\Documents and Settings\DAWN\Local Settings\Application Data\2a0c93d9.exe Please remember to close all other windows, including browsers then click Fix checked. Services Click Start->Run - type SERVICES.MSC & then click on the OK button Locate the service - Microsoft ASPI Manager Double-click on it to open the Properties dialog. Stop the service by using the Stop button. Change the Startup type to Disabled & then click on the OK button Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service... In the popup box that appears, type in aspi113210 & then click on the OK button Reboot your computer Delete the following file: C:\WINDOWS\System32\aspi161566.exe Then run a new scan with Hijackthis and post the log here. __________________