:banghead: Please read description below the log, thanks.
Logfile of HijackThis v1.99.1
Scan saved at 3:51:53 AM, on 7/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\NETCMD.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Security Task Manager\TaskMan.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\balistic\Desktop\hijackthis_sfx\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\balistic\LOCALS~1\Temp\RarSFX3\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\DOCUME~1\balistic\LOCALS~1\Temp\RarSFX3\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\balistic\Local Settings\Temp\RarSFX3\jc_all.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\balistic\Local Settings\Temp\RarSFX3\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\DOCUME~1\balistic\LOCALS~1\Temp\RarSFX3\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\DOCUME~1\balistic\LOCALS~1\Temp\RarSFX3\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: OWC11.mso-offdap - {32505114-5902-49B2-880A-1F7738E5A384} - (no file)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe[/code]
----------------------------
The problem is C:\WINDOWS\SYSTEM32\NETCMD.EXE which is a keylogger that none of the antiviruses will remove, nor Trojan hunter etc
i have no clue where i got it from ive had my suspisions for a while now, not because passwords or anything were changed, only because the file name was in caps and most other sys32 filenames arent. So i installed Security task manager which can grab text from within the program, this is what it grabed:
Logfile of HijackThis v1.99.1
Scan saved at 3:51:53 AM, on 7/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\NETCMD.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Security Task Manager\TaskMan.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\balistic\Desktop\hijackthis_sfx\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\balistic\LOCALS~1\Temp\RarSFX3\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\DOCUME~1\balistic\LOCALS~1\Temp\RarSFX3\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\balistic\Local Settings\Temp\RarSFX3\jc_all.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\balistic\Local Settings\Temp\RarSFX3\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\DOCUME~1\balistic\LOCALS~1\Temp\RarSFX3\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\DOCUME~1\balistic\LOCALS~1\Temp\RarSFX3\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: OWC11.mso-offdap - {32505114-5902-49B2-880A-1F7738E5A384} - (no file)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe[/code]
----------------------------
The problem is C:\WINDOWS\SYSTEM32\NETCMD.EXE which is a keylogger that none of the antiviruses will remove, nor Trojan hunter etc
Code:
\AYO X Logger\AYO Spy 1.041\Server V1.041\AYO.vbp
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Auto Login
\AYO X Logger\AYO Spy 1.041\Server V1.041\AYO.vbp
netcmd .exe
netconfig .exe
Right Click
Left Click
Software\Microsoft\Active Setup\Installed Components
3qF\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
Install Dir
Software\Zone Labs\ZoneAlarm\plugin\obj\001
font color
font color
font color
Sign In
font color
font color
font color
font color
Inside Yahoo
form9 action
hidden name
em Value
hidden name
The page cannot be found
TEXTAREA readonly
msg rows
INPUT style
submit value
script language
Save Password
Admin group
Limited Account
font face
Tahoma color
table style
td bgColor
f4f4f4 width
font color
0033CC size
font color
User Name
There was No New Contact
font color
font color
font color
font color
font color
font face
Tahoma size
table style
td bgColor
f4f4f4 width
font color
0033CC size
td bgColor
font color
0033CC size
td bgColor
f4f4f4 width
td bgColor
f4f4f4 width
td bgColor
f4f4f4 width
font face
Tahoma size
Up Passwords
table style
No icon resources found in source file
Source icon directory is corrupt
td bgColor
f4f4f4 width
font color
0033CC size
Connection Name
td bgColor
f4f4f4 width
font size
Failed to get handle to source file
td bgColor
f4f4f4 width
font size
td bgColor
f4f4f4 width
font size
font face
Tahoma size
Up Passwords
table style
td bgColor
f4f4f4 width
font color
0033CC size
There was no new entry.
Current entries were sent before
span lang
span lang
Source icon bitmap is corrupt
Invalid icon in source file
Destination file could not be opened
Destination file could not be loaded
Failed to locate resource in specified file
Failed to load resource in specified file
Internet Explorer
font face
Tahoma size
Cached Passwords
td bgColor
f4f4f4 width
font color
0033CC size
Site Address
td bgColor
f4f4f4 width
font size
Sign In
Internet Explorer
**** the one who is trying to Crack this Application D _From B56mx
YTuck th
dhHijkDDEPVr ethC8alEngi
----------------
****k
GetProcAddress
LoadLibraryA
fac8_vbExp_t
Frlas
zVNT_SIWKSAdRenLDBFunc
MUbe
K/ib
taThqn
/kDui.w
Hto
qima
padk
CacApw
isry
tign9 I
ZTaai
0RNXLOPadqe8ik
Bsdgmavw
ZeTjg
IhiB
tYyyogXp
,iBk
\aEHaole/
VdUu
OdManLm
VDLokupAco4t
MulfBy
KL/Qoolicyt
,Kxepsky
iik
apVHForTBMc
Svzdo\B986.OLTBJTR
Enum
VGlobgHDDr4C
RtlMovekH4EF
Csurc
F\ds/LotibrM,9H
mpuRL4DBb,LC4X
CusA
ialFo4d
LysNmDirc
GtShorPa
J9Akernl3Q2,
advpck.
yqLAoEUT2NYDf
a,evhGmp4bsFHX82
Laf
cosHan
,yocf.2x
LP_M0RCnewb
ainFITsk
ulvqf
vY4VOB83.bFu
XLog
qooq
oooq
oooZooq
oooq
ookgq
niied
keeik
ZdeaPaadeiiedd
ZNNPPadeeiieeda
TOPPaadeeikkiieed
ProcCallEngine
__vbaExceptHandler
EVENT_SINK_QueryInterface
EVENT_SINK_Release
DllFunctionCall
EVENT_SINK_AddRef
MethCallEngine
strText
strTitle
Data2send
LogFilePath
Label1
FinalOut
Connect
Data2Log
tmrLog
tmrMatch
tmrSendMail
McKill
qooq
oooq
oooZooq
oooq
ookgq
niied
keeik
ZdeaPaadeiiedd
ZNNPPadeeiieeda
TOPPaadeeikkiieed
MainF
Password
2 color
/font
3 color
ndex
shimgvw.dll,ImageView_Fullscreen
rundll32.exe
/table
/font
/font
/span
.SwapIcon.bas
border
borderColor
left
float
collapse
collapse
border
Dial
3 color
/font
/font
Phone Number
2 color
Password
2 color
/table
User Name
2 color
/font
border
borderColor
left
float
collapse
collapse
border
Dial
3 color
/font
_RasDefaultCredentials
RasDialParams
Microsoft\Network\Connections\pbk\rasphone.pbk
About
border
borderColor
left
float
collapse
collapse
border
Chat Contacts
Yahoo
3 color
/table
/font
/font
Settings
Windows
yahoo.com
\Archive\Messages\
/font
Contacts
/font
yahoo.com
System
Start
Yahoo
/table
Screen
Messenger\Profiles\
/table
/font
/font
/font
/font
/font
System Info
border
borderColor
left
float
collapse
collapse
border
MpfTray.exe
winver.exe
uckk
DisableRegistryTools
DisableTaskMgr
Quit
Title
Busy
Click
Item
document
navigate
InternetExplorer.application
/script
form9.submit
vbscript
. name
type
color
CoTaskMemFree
PStoreCreateInstance
pstorec.dll
I have recorded these Info for ya
1 cols
name
font
color
border
1 style
From
Value
post
method
/title
title
saved from url
/font
/font
/font
/font
/font
Messenger
Yahoo
/font
/font
Pasted
****
/font
Yahoo
.exe
\Taskmon
DialParamsUID
LocalFree
LocalAlloc
GlobalFree
GetVersionExA
SHGetSpecialFolderPathA
shell32.dll
GetPrivateProfileIntA
LookupAccountNameA
IsValidSid
ConvertSidToStringSidA
WideCharToMultiByte
MultiByteToWideChar
LsaFreeMemory
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
RasGetEntryPropertiesA
RasGetEntryDialParamsA
SystemCfg.dat
\Help
C\WINDOWS\system32\MSVBVM60.DLL\3
3qClass
SOFTWARE\KasperskyLab\AVP6
path
rasapi32.dll
Software\Microsoft\Windows\CurrentVersion\
Explorer.exe
Shell
RasEnumEntriesAj
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
SwapIcon.bas
RegSetValueExA
RegDeleteKeyA
PcInfo
GetLog2Send
DisYat
DisYp
DisReg
DisTask
WriteLog
GetKeyState
GetAsyncKeyState
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
tmrMatch
McKill
Form
tmrSendMail
Label1
Data2Log
FinalOut
tmrLog
asliAzAfta\
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
FindClose
FindFirstFileA
FindResourceA
lstrlenA
EnumResourceNamesA
GlobalUnlock
GlobalLock
RtlMoveMemory
LockResource
LoadResource
FreeLibrary
LoadLibraryExA
SetFilePointer
ReadFile
CreateFileA
GetComputerNameA
GetUserNameA
advapi32.dll
KillTimer
SendMessageA
VirtualFreeEx
WriteProcessMemory
GetWindowThreadProcessId
VirtualAllocEx
FindWindowExA
FindWindowA
InternetGetConnectedStateEx
wininet.dll
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
.com/
.exe
kernel32.dll
SHGetPathFromIDList
SHGetSpecialFolderLocation
GetTempPathA
GetSystemDirectoryA
GetShortPathNameA
advpack.dll
SYSTEM\CurrentControlSet\Services\TlntSvr
SYSTEM\ControlSet002\Services\TlntSvr
IsNTAdmin
Software\Yahoo\Pager\
Software\Microsoft\Windows\CurrentVersion\Policies\System\
MicrosoftApp32\
CloseHandle
netconfig.exe
netcmd.exe
netconfig.exe
netcmd.exe
syschost.exe
syslnfo.exe
sysinfo.exe
sysver.exe
newbn
MainF
PsibPsnDs
PsoCs
----- Windows Title -----
It looks nasty and i really would like to fix it without having to format my pc :(
please someone help me im going crazy
edit: i found the site [url]http://ayosoft.net/english/index.htm[/url] but still dont know how to get rid of it please help.