Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Spyware message on desktop..(HJT log)
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 05-21-2005, 02:46 PM   #1 (permalink)
Registered User
 
Join Date: Dec 2004
Posts: 29
OS: XP


Spyware message on desktop..(HJT log)
Hi, got home on to my parents place this w/e and they seem to have a spyware problem, the desktop has turned black with a link saying

' WARNING!
YOU'RE IN DANGER!
ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK. WHEN YOU VISIT SITES, SEND EMAILS... ALL YOUR ACTIONS ARE LOGGED. AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDARD TOOLS. YOUR DATA IS STILL AVAILABLE FOR FORENSICS. AND IN SOME CASES FOR YOUR BOSS, YOUR FRIENDS, YOUR WIFE, YOUR CHILDREN.
Every site you or somebody or even something, like spyware, opened in your browser, with all images, and all downloaded and maybe later removed movies or mp3 songs - ARE STILL THERE and could broke your life!
SECURE YOURSELF RIGHT NOW!
REMOVE ALL SPYWARE FROM YOUR PC!
Removal instructions



i've run adaware, search and destroy cwshredder and cleared out of a lot of crap but i'm not all very clued up on computers an can't seem to get rid of it....

also on shut down it seems to have problems closing a program called 'win min' and seems to struggle logging into some user logins.....

hijack this logfile......


Logfile of HijackThis v1.99.1
Scan saved at 22:40:21, on 05/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\PROGRA~1\SPYSPO~1\SpySpotter.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\freeserve\freeserveconnectionkit\atdialler1.exe
C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe -onreboot
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [fejbeuq] c:\windows\symtgaf.exe
O4 - HKCU\..\Run: [lyughpv] c:\windows\hdfybnj.exe
O4 - HKCU\..\Run: [gyyskwb] c:\windows\lwtjkxv.exe
O4 - HKCU\..\Run: [gccohva] c:\windows\lwtjkxv.exe
O4 - HKCU\..\Run: [jempwxj] c:\windows\lwtjkxv.exe
O4 - HKCU\..\Run: [pykrgcp] c:\windows\lwtjkxv.exe
O4 - HKCU\..\Run: [uqpkulj] c:\windows\lwtjkxv.exe
O4 - HKCU\..\Run: [txuhgut] c:\windows\lwtjkxv.exe
O4 - HKCU\..\Run: [qsojgsp] c:\windows\weqregl.exe
O4 - HKCU\..\Run: [evxkbfn] c:\windows\weqregl.exe
O4 - HKCU\..\Run: [cyxmneg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rfkqiga] c:\windows\xsxiqgc.exe
O4 - HKCU\..\Run: [efmetur] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [leclhue] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [thalmnt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [grgshug] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gvntqpi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [pewstyf] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [mynyqby] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kcjssht] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [iemuhny] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [foydeak] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [bpecidq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gbkcrkt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ljuplfg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [nqydyjo] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [fxqyatg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [trerqaw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hgjcbwn] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uochnrn] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kcpscyv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qubmcjh] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lipnlox] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [tpdaldh] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ecsedeh] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qtxcbfq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uwidcbf] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ylihyht] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [salklix] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gxhmmye] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ekrwukr] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gdniprv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gwbpnat] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [trvusxk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ombbgxc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ejugksh] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [khnrjte] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [dswvamg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qibamkt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [mwounbq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [vfrvbfb] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [bdtwpfw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hpnvdhi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [oipbloe] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kltmbfm] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qtglsgs] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [vygdexs] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uouystw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wprttcb] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [seernhi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [swfnbrf] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ebefdvi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [emugxvk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kallttg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [tedniff] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kqvvhar] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uextbil] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [icerhhf] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rxwccog] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sewxyjp] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [oegvuhc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hsfghnt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lxyigjy] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [djlismd] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qpfrnvk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [oqnpwpm] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wotieea] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [telfdis] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [eppqqkk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lmuklds] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [whjrxix] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [pvpxfod] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [tegwbax] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [mtqhdpn] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [dpmfwnf] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ohnqcph] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [xqgirls] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gfhpihu] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ekkrcte] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gbkxhbl] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hrpcukl] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kupxysb] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gaymrpt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [eqcpcpv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hqlfnwg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lefvesg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jmmiiiv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gsahclv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ppslfbe] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wmctjoc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [btqwrds] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jfcdqjt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jpixxqr] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wxuidhp] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [numpxii] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [omtpgvv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uwysxew] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rsjjgsf] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jxhewpe] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [srtyykh] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [pbbqyxk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wjcjlwt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ttolxbc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wsfgwta] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jdpywjd] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [yvmkoxi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [cqyaylk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qqlpqyr] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [cblyygk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [utmohmd] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gtiufmt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rsyismr] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lmttiqw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [boauixq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [cfiyjvy] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [fpnfxsy] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kijwnlk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lqfrygk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [aiulinc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [govnxtc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [nrmdthy] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ntftnox] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [fwhrjwi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [grqomac] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [odpymtr] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uxdqsfs] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gdigrxy] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [mdrjdyk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [taqnwur] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [iuyneve] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kcepxkh] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lboimsx] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gjscbre] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [dupstro] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [dtswkem] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hdpapar] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rjdwrfd] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [oitqhsv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ngrhudq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gocrqje] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [nkgrnam] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [yvvgmxv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uaecjpt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [dfuhckw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lgnpnrw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sgwwwiv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [pyxdonm] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [syhrhxn] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [agnqpyu] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [cwnvciv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [mseohme] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hspuugu] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sqonwwi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kwbdcui] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [mvknmbw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wuiybcl] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [unwgfbc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [pebgxjg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kvrvnue] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wwmvmee] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ofpxori] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qvsoxly] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [goctqtd] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [klmxgbk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rinhnbs] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [vfllioe] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sibniji] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [stcjlmn] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sddnrjl] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ocannot] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [tydfutr] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sdfprpq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [smmwbey] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jvjrqoa] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sfaepwl] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kfdblam] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jfhnnly] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rvroxne] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [cvibqvc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [exduqbk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qgsvlun] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [chdigbq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qsredwj] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ixoivcj] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [etiotus] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [tsbjivw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [feqmnrb] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qqvbxks] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qmceswv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [cbrymti] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [taoaipd] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [pmkfjsl] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [bstfnik] c:\windows\obeyyub.exe
O4 - HKCU\..\Run: [dteceto] c:\windows\obeyyub.exe
O4 - HKCU\..\Run: [aqcnxpd] c:\windows\obeyyub.exe
O4 - HKCU\..\Run: [oiktnuq] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [whtsbrs] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [jxayvcd] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [xkhxoyw] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [muocsmk] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [tmxjyyh] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [guqbcqi] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [paywrnp] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [lkcrroc] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [fkcgwsf] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [swdttvd] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [ikqbdem] c:\windows\epakolm.exe
O4 - HKCU\..\Run: [ymjkvms] c:\windows\epakolm.exe
O4 - HKCU\..\Run: [lnlswdw] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [phbvjxv] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [knocoqf] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [mmubhqi] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [xwcessp] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [nvniyfh] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [olomiwb] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [dqnesoo] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [munvhku] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [oapdrtg] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [skypiiq] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [wdkdolb] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [xbccncy] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [vcwnkcy] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [npxkjxg] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [govfket] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [wkltmhg] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [skmixep] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [lhfpwqm] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [jvguncv] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [wqkrqrt] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [udijwbp] c:\windows\jaoeggr.exe
O4 - HKCU\..\Run: [wjnpxwl] c:\windows\jaoeggr.exe
O4 - HKCU\..\Run: [pikxqrx] c:\windows\jaoeggr.exe
O4 - HKCU\..\Run: [oakmlku] c:\windows\jaoeggr.exe
O4 - HKCU\..\Run: [ybbvfhu] c:\windows\jaoeggr.exe
O4 - HKCU\..\Run: [rlmiile] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [mesipni] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [ascwkoq] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [ejhocri] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [ljnmmqd] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [ipaymdp] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [rxqsjhh] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [tfqiixq] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [ljmyfuw] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [baijlxv] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [bfkplbs] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [guaisaj] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [iokkcmb] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [tfeanag] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [ospnruc] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [lskrsrq] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [lbnitkg] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [kldvdhc] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [yvrybpy] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [epiysap] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [rwsbmdo] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [hjpwlxv] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [yucwgur] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [dqsjxgb] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [fukxixa] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [gfknyfs] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [smrcjsg] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [xjfchuq] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [ttfikoo] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [kgxasfo] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [bgsdmgm] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [caqlyhn] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [phuoooi] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [icqfbwc] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [wlscxrr] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [hlxrvrp] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [bkhtlxq] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [ouuljpv] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [uxkdvht] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [jhchnot] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [xgssvji] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [qbfghmy] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [ruadtma] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [hknjnkj] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [vwcgsjy] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [olqroqc] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [fceagkm] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [sixhmdg] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [xdmfmel] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [wgkjmlk] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [ructxgk] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [ijibvxi] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [gmnseyu] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [eclvdaj] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [jkcwayd] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [vqlfcyj] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [nyipymy] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [ysktgum] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [etoxqoq] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [twnhtst] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [jhmaodj] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [gwmqbqk] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [grtyims] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [rnlnyek] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [ucxyrhf] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [wsmqjxt] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [jwvobpr] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [uvomryo] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [pxaimle] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [asmbgvd] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [fgueenk] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [ihpyhqb] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [vtghwjo] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [nfbchov] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [byibktf] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [xkqiatw] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [gxnyeja] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [lgcpelf] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [yutvsxu] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [elcmihm] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [sltkkko] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [tkufndn] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [fdxkuji] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [keobibo] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [sclouew] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [nbkpsji] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [xocahgu] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [eqquuxt] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [xkuoggg] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [iupvvja] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [mvqiawk] c:\windows\gckttet.exe
O4 - HKCU\..\Run: [flhuxrv] c:\windows\vqedhqv.exe
O4 - HKCU\..\Run: [pnwixwa] c:\windows\tiwwdng.exe
O4 - HKCU\..\Run: [xiayqte] c:\windows\ujthqsa.exe
O4 - HKCU\..\Run: [bagaott] c:\windows\iqgkbcm.exe
O4 - HKCU\..\Run: [trtysto] c:\windows\iciehjm.exe
O4 - HKCU\..\Run: [ielhcwv] c:\windows\tuyqjvg.exe
O4 - HKCU\..\Run: [qgsdjvm] c:\windows\ucjmatd.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Freeserve Connection Kit.lnk = C:\freeserve\freeserveconnectionkit\atdialler1.exe
O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: Microsoft AntiSpyware helper - {07D1A699-3C30-4403-9C57-A216A4D6110E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {07D1A699-3C30-4403-9C57-A216A4D6110E} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: DigiChat Applet - http://host4.digichat.com/DigiChat/D.../Client_IE.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1101155868359
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://aragorn.briars.net/tsweb/msrdp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - http://plugin.euro-infomedia.com/mpv0.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
brooksie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 05-22-2005, 01:14 AM   #2 (permalink)
Old Timer
 
jgvernonco's Avatar
 
Join Date: Sep 2003
Location: Northern Arizona
Posts: 7,958
OS: Vista Home Premium, SP 27


Greetings, and welcome to TSF!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

===============

Download, unzip to your desktop CWShredder and run it, then:

1. Click "Check For Update"

(If an update isn't available, skip to step #4.)

2. Click "Click here to Download the upate".
3. When the new version has been downloaded, click "Save".
4. Click "Fix ->"


===============

Download LSPFix and unzip to your desktop, then run it. Now, we need to:

1. check(tick) "I know what i'm doing".
2. click on (highlight) each occurance of the following, one at a time:

flsmngr.dll

3. then click ">>", mo'ing each one, individually, to the 'Remove' pane.
4. (double-check, and make sure that only the above files are in the 'Remove'pane.)
5. click "Finish >>"


===============

Run HiJackThis then:

1. Click "Config..."
2. Click "Misc Tools"
3. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\PROGRA~1\SPYSPO~1\SpySpotter.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.

Also move the "Backups" folder, for HiJackThis, if present.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe -onreboot
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [fejbeuq] c:\windows\symtgaf.exe
O4 - HKCU\..\Run: [lyughpv] c:\windows\hdfybnj.exe
O4 - HKCU\..\Run: [gyyskwb] c:\windows\lwtjkxv.exe
O4 - HKCU\..\Run: [gccohva] c:\windows\lwtjkxv.exe
O4 - HKCU\..\Run: [jempwxj] c:\windows\lwtjkxv.exe
O4 - HKCU\..\Run: [pykrgcp] c:\windows\lwtjkxv.exe
O4 - HKCU\..\Run: [uqpkulj] c:\windows\lwtjkxv.exe
O4 - HKCU\..\Run: [txuhgut] c:\windows\lwtjkxv.exe
O4 - HKCU\..\Run: [qsojgsp] c:\windows\weqregl.exe
O4 - HKCU\..\Run: [evxkbfn] c:\windows\weqregl.exe
O4 - HKCU\..\Run: [cyxmneg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rfkqiga] c:\windows\xsxiqgc.exe
O4 - HKCU\..\Run: [efmetur] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [leclhue] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [thalmnt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [grgshug] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gvntqpi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [pewstyf] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [mynyqby] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kcjssht] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [iemuhny] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [foydeak] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [bpecidq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gbkcrkt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ljuplfg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [nqydyjo] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [fxqyatg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [trerqaw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hgjcbwn] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uochnrn] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kcpscyv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qubmcjh] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lipnlox] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [tpdaldh] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ecsedeh] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qtxcbfq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uwidcbf] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ylihyht] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [salklix] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gxhmmye] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ekrwukr] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gdniprv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gwbpnat] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [trvusxk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ombbgxc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ejugksh] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [khnrjte] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [dswvamg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qibamkt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [mwounbq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [vfrvbfb] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [bdtwpfw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hpnvdhi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [oipbloe] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kltmbfm] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qtglsgs] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [vygdexs] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uouystw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wprttcb] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [seernhi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [swfnbrf] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ebefdvi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [emugxvk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kallttg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [tedniff] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kqvvhar] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uextbil] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [icerhhf] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rxwccog] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sewxyjp] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [oegvuhc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hsfghnt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lxyigjy] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [djlismd] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qpfrnvk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [oqnpwpm] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wotieea] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [telfdis] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [eppqqkk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lmuklds] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [whjrxix] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [pvpxfod] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [tegwbax] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [mtqhdpn] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [dpmfwnf] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ohnqcph] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [xqgirls] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gfhpihu] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ekkrcte] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gbkxhbl] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hrpcukl] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kupxysb] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gaymrpt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [eqcpcpv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hqlfnwg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lefvesg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jmmiiiv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gsahclv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ppslfbe] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wmctjoc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [btqwrds] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jfcdqjt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jpixxqr] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wxuidhp] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [numpxii] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [omtpgvv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uwysxew] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rsjjgsf] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jxhewpe] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [srtyykh] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [pbbqyxk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wjcjlwt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ttolxbc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wsfgwta] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jdpywjd] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [yvmkoxi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [cqyaylk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qqlpqyr] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [cblyygk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [utmohmd] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gtiufmt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rsyismr] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lmttiqw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [boauixq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [cfiyjvy] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [fpnfxsy] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kijwnlk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lqfrygk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [aiulinc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [govnxtc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [nrmdthy] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ntftnox] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [fwhrjwi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [grqomac] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [odpymtr] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uxdqsfs] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gdigrxy] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [mdrjdyk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [taqnwur] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [iuyneve] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kcepxkh] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lboimsx] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gjscbre] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [dupstro] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [dtswkem] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hdpapar] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rjdwrfd] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [oitqhsv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ngrhudq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gocrqje] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [nkgrnam] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [yvvgmxv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uaecjpt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [dfuhckw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lgnpnrw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sgwwwiv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [pyxdonm] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [syhrhxn] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [agnqpyu] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [cwnvciv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [mseohme] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hspuugu] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sqonwwi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kwbdcui] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [mvknmbw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wuiybcl] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [unwgfbc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [pebgxjg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kvrvnue] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wwmvmee] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ofpxori] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qvsoxly] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [goctqtd] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [klmxgbk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rinhnbs] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [vfllioe] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sibniji] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [stcjlmn] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sddnrjl] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ocannot] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [tydfutr] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sdfprpq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [smmwbey] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jvjrqoa] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sfaepwl] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kfdblam] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jfhnnly] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rvroxne] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [cvibqvc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [exduqbk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qgsvlun] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [chdigbq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qsredwj] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ixoivcj] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [etiotus] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [tsbjivw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [feqmnrb] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qqvbxks] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qmceswv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [cbrymti] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [taoaipd] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [pmkfjsl] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [bstfnik] c:\windows\obeyyub.exe
O4 - HKCU\..\Run: [dteceto] c:\windows\obeyyub.exe
O4 - HKCU\..\Run: [aqcnxpd] c:\windows\obeyyub.exe
O4 - HKCU\..\Run: [oiktnuq] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [whtsbrs] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [jxayvcd] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [xkhxoyw] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [muocsmk] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [tmxjyyh] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [guqbcqi] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [paywrnp] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [lkcrroc] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [fkcgwsf] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [swdttvd] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [ikqbdem] c:\windows\epakolm.exe
O4 - HKCU\..\Run: [ymjkvms] c:\windows\epakolm.exe
O4 - HKCU\..\Run: [lnlswdw] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [phbvjxv] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [knocoqf] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [mmubhqi] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [xwcessp] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [nvniyfh] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [olomiwb] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [dqnesoo] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [munvhku] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [oapdrtg] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [skypiiq] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [wdkdolb] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [xbccncy] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [vcwnkcy] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [npxkjxg] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [govfket] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [wkltmhg] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [skmixep] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [lhfpwqm] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [jvguncv] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [wqkrqrt] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [udijwbp] c:\windows\jaoeggr.exe
O4 - HKCU\..\Run: [wjnpxwl] c:\windows\jaoeggr.exe
O4 - HKCU\..\Run: [pikxqrx] c:\windows\jaoeggr.exe
O4 - HKCU\..\Run: [oakmlku] c:\windows\jaoeggr.exe
O4 - HKCU\..\Run: [ybbvfhu] c:\windows\jaoeggr.exe
O4 - HKCU\..\Run: [rlmiile] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [mesipni] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [ascwkoq] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [ejhocri] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [ljnmmqd] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [ipaymdp] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [rxqsjhh] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [tfqiixq] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [ljmyfuw] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [baijlxv] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [bfkplbs] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [guaisaj] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [iokkcmb] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [tfeanag] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [ospnruc] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [lskrsrq] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [lbnitkg] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [kldvdhc] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [yvrybpy] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [epiysap] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [rwsbmdo] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [hjpwlxv] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [yucwgur] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [dqsjxgb] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [fukxixa] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [gfknyfs] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [smrcjsg] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [xjfchuq] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [ttfikoo] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [kgxasfo] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [bgsdmgm] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [caqlyhn] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [phuoooi] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [icqfbwc] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [wlscxrr] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [hlxrvrp] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [bkhtlxq] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [ouuljpv] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [uxkdvht] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [jhchnot] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [xgssvji] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [qbfghmy] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [ruadtma] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [hknjnkj] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [vwcgsjy] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [olqroqc] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [fceagkm] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [sixhmdg] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [xdmfmel] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [wgkjmlk] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [ructxgk] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [ijibvxi] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [gmnseyu] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [eclvdaj] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [jkcwayd] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [vqlfcyj] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [nyipymy] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [ysktgum] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [etoxqoq] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [twnhtst] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [jhmaodj] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [gwmqbqk] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [grtyims] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [rnlnyek] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [ucxyrhf] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [wsmqjxt] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [jwvobpr] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [uvomryo] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [pxaimle] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [asmbgvd] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [fgueenk] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [ihpyhqb] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [vtghwjo] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [nfbchov] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [byibktf] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [xkqiatw] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [gxnyeja] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [lgcpelf] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [yutvsxu] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [elcmihm] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [sltkkko] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [tkufndn] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [fdxkuji] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [keobibo] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [sclouew] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [nbkpsji] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [xocahgu] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [eqquuxt] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [xkuoggg] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [iupvvja] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [mvqiawk] c:\windows\gckttet.exe
O4 - HKCU\..\Run: [flhuxrv] c:\windows\vqedhqv.exe
O4 - HKCU\..\Run: [pnwixwa] c:\windows\tiwwdng.exe
O4 - HKCU\..\Run: [xiayqte] c:\windows\ujthqsa.exe
O4 - HKCU\..\Run: [bagaott] c:\windows\iqgkbcm.exe
O4 - HKCU\..\Run: [trtysto] c:\windows\iciehjm.exe
O4 - HKCU\..\Run: [ielhcwv] c:\windows\tuyqjvg.exe
O4 - HKCU\..\Run: [qgsdjvm] c:\windows\ucjmatd.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?

O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - http://plugin.euro-infomedia.com/mpv0.cab


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...

C:\PROGRA~1\SPYSPO~1

files...

C:\WINDOWS\System32\spoolsrv32.exe
c:\windows\symtgaf.exe
c:\windows\hdfybnj.exe
c:\windows\lwtjkxv.exe
c:\windows\weqregl.exe
c:\windows\lhugqol.exe
c:\windows\xsxiqgc.exe
c:\windows\obeyyub.exe
c:\windows\oklpreo.exe
c:\windows\epakolm.exe
c:\windows\drltrib.exe
c:\windows\jaoeggr.exe
c:\windows\rjokesl.exe
c:\windows\iodoeap.exe
c:\windows\mvkvtkq.exe
c:\windows\jhlwmnb.exe
c:\windows\gckttet.exe
c:\windows\vqedhqv.exe
c:\windows\tiwwdng.exe
c:\windows\ujthqsa.exe
c:\windows\iqgkbcm.exe
c:\windows\iciehjm.exe
c:\windows\tuyqjvg.exe
c:\windows\ucjmatd.exe
c:\windows\system32\flsmngr.dll

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".

===============

Post back a new log, and let us know how everything goes.
jgvernonco is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-05-2005, 04:06 AM   #3 (permalink)
Registered User
 
Join Date: Dec 2004
Posts: 29
OS: XP


sorry its taken such a long time to reply...had to go back to nottingham...have come back and with a combination of things this is the hijack this log now....any other nasty's to get rid of?? its certainly a fair shorter now

Logfile of HijackThis v1.99.1
Scan saved at 12:05:31, on 06/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\freeserve\freeserveconnectionkit\atdialler1.exe
C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{B109FAA8-EEB1-49C6-81F2-71B8AEC12546}\SECURITY.EXE
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{DECEF43B-1200-4816-B4A0-E6A07D740A68}\SVCHOST.EXE
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Freeserve Connection Kit.lnk = C:\freeserve\freeserveconnectionkit\atdialler1.exe
O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: DigiChat Applet - http://host4.digichat.com/DigiChat/D.../Client_IE.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1101155868359
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://aragorn.briars.net/tsweb/msrdp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
brooksie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-06-2005, 01:13 AM   #4 (permalink)
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,965
OS: Windows XP-Pro SP2


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
If you have a highspeed connection please Run an online virus scan from TrendMicro Please select the “autoclean” option when prompted to do so.

Download and install CleanUp http://cleanup.stevengould.org/


Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{B109FAA8-EEB1-49C6-81F2-71B8AEC12546}\SECURITY.EXE
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{DECEF43B-1200-4816-B4A0-E6A07D740A68}\SVCHOST.EXE
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://aragorn.briars.net/tsweb/msrdp.cab

C:\WINDOWS\System32\Services <--delete that folder

C:\WINDOWS\System32\spoolsrv32.exe <--delete that file

C:\Windows\desktop.html <--delete that file if you have it.

Now locate and delete ANY of these files below....

Files dropped in C:\windows\system32 folder..............

$$$_.log
1iln10o2.exe
1iln10o2.ini
2g6k5jnm.dat
4i59j9qq.dat
633d1u62.exe
633d1u62.ini
739nndpq.dat
abc.exe
auto_update_uninstall.exe
auto_update_uninstall.log
bre.dll
bre32.dll
cc47dtjf.dat
cidft.dll
cidpoq32.dll
cssrs.exe
eSellerateControl350.dll
eSellerateEngine.dll
exclean.exe
exdl.exe
exdl0.exe
exdl1.exe
exul.exe
fs9iphc6.dll
ga02vaii.ini
gpeart.exe
gupd.dll
h323log.txt
hst32.dll
ica3prt.exe
icnfe.dll
icqrt.dll
icvbr.dll
init32m.exe
ipdnssec6.exe
kernels32.exe
latest.exe
mqexdlm.srg
msbe.dll
mscnf.dll
msxct.exe
ok91u8rs.dat
r006o4ab.html
rch.dll
rch32.dll
rdrlib.dll
sdfup.dll
thun.dll
thun32.dll
trf32.dll
ucoruw.dll
vx.tll
vxgame1.exe
vxgame3.exe
vxgamet1.exe
vxgamet2.exe
vxh8jkdq1.exe
vxh8jkdq2.exe
vxh8jkdq5.exe
vxh8jkdq6.exe
vxh8jkdq7.exe
vxh8jkdq8.exe
wcnl32.dll
web.exe
wecxg32.dll
win32.exe
wirl.dll
wnstssv.exe

C:\Documents and Settings\useraccount\Application Data\osse.exe <--delete that if you have it. If another file is there..post it here.

Run the cleanup utility and reboot/logoff when prompted. Reboot back to normal mode and post another hijackthis log.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!





Spyware/Adware Removal Tools
Hijackthis
Ad-aware SE
Spybot Search&Destroy
SpywareBlaster
CWShredder
MicroBell is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-18-2005, 10:12 AM   #5 (permalink)
Registered User
 
Join Date: Dec 2004
Posts: 29
OS: XP


Thanks,

cleanup website isn't working so i couldn't download this.

I ran anti virus and removed any problems, then hijackthis and deleted what i could find...this is the resulting log.....the only real problem i have now is that although the spyware msg on my desktop has gone and everything is working properly my desktop has been replaced with a white background that changes colour slightly when you move over any desktop icons!!??


Logfile of HijackThis v1.99.1
Scan saved at 18:00:32, on 06/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\freeserve\freeserveconnectionkit\atdialler1.exe
C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Freeserve Connection Kit.lnk = C:\freeserve\freeserveconnectionkit\atdialler1.exe
O4 - Global Startup: Kodak Picture Easy 3.1 Batch Transfer.lnk = C:\Program Files\Kodak\Picture Easy Software\Program\PezDownload.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: DigiChat Applet - http://host4.digichat.com/DigiChat/D.../Client_IE.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1101155868359
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
brooksie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-19-2005, 11:20 PM   #6 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 23,264
OS: N/A


Here's an alternative link for CleanUp! >> http://www.greyknight17.com/spy/Cleanup.exe
You should run CleanUp once to allow it to clear the rubbish that has accumulated.

Your log is clean.

However, there still remains a few bits of housekeeping ...

Clear Sun Java's Cache
  1. Go to Start > Settings > Control Panel > Java > General Tab > Temporary Internet Files
  2. Click Delete Files...
  3. Tick the checkboxes for - Downloaded Applets, Downloaded Applications & Other Files
  4. Click "OK"

Create a new System Restore point
  • click Start >> Run - type SYSDM.CPL & press Enter
  • select the System Restore Tab
  • tick on the checkbox - "Turn off System Restore on all drives"
  • click Apply
  • then untick the same checkbox & click OK

Enable Windows Auto Update
  • Go to Start > Settings > Control Panel > System > Automatic Updates
  • tick on the checkbox - "Keep my computer up to date"
  • Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
  • Click on "OK".

In light of your recent hiccup, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you have no more problems, you should be set to go.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-27-2005, 01:12 PM   #7 (permalink)
Registered User
 
Join Date: Dec 2004
Posts: 29
OS: XP


thanks for your help, much appreciated!
brooksie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 01:14 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84