1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Problem getting worse! PLZ HELP!

Discussion in 'Windows XP' started by jAWS207, Jul 19, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. jAWS207

    jAWS207 Thread Starter

    Joined:
    Jul 19, 2004
    Messages:
    3
    first off, im not the most computer illeterate but i know some stuff so plz bare with me.

    i keep getting the blue screen of death probably about an hour into my computer startup. doesnt matter what im doing wether a game, net, chat, etc. i wish i could tell you what it says on the blue screen but it only flashes for about a second or two.

    what i can remember are a bunch of zeros or numbers and the 'fatal error' at the bottom of the paragraph. then my computer restarts.

    when my computer boots up, a voice comes on saying "System completed power-on self test, computer now booting from operating system". but now every once in a while it says "System failed memory test, computer now booting from operating system".

    i know i had to delete a bunch of stuff off my C drive because i kept getting alerts that i had no space but even when i did delete programs, it didnt seem like it was making any room on the C drive.


    I have Adware 6.0 and almost everytime i do a scan, the same files come up as infected and they're always .DLL files too. then i quarantine but when i scan the next day the same files come up as infected again.

    thats all the info i can think of. somebody plz help because this started out with the blue screen about once a week and now its once every hour. HELP ME
     
  2. iltos

    iltos

    Joined:
    Jun 13, 2004
    Messages:
    18,287
    go to this tech support guy post on the security forum

    http://forums.techguy.org/t110854.html

    scroll down to the "free fixes" section, "parasitic" and down load "hijack this"

    save it to its own folder, NOT a temporary folder or the desktop

    open it, click "scan" (just takes a second), then that button will change to "save log"...save it to your hijack folder, and a notepad screen will open up, allowing you, in the "edit" menu, to "select all/copy/ and paste" it to your next post on this thread you started....if someone who knows something isn't along in a day, i'll see if i can't point someone in your direction (give a title to your log post that reflect it being a hjt log and you needing help)

    hope this helps (y)
     
  3. jAWS207

    jAWS207 Thread Starter

    Joined:
    Jul 19, 2004
    Messages:
    3
    i did what you told me to. this all looks like giberish to me so i really cant point it out.

    thx for getting me this far and if anyone knows whats wrong id really appreciate it

    Logfile of HijackThis v1.97.7
    Scan saved at 2:36:44 PM, on 7/20/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\sstray.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\documents and settings\qttask.exe
    C:\documents and settings\adam\local settings\temp\bTZTlWC.exe
    C:\PROGRA~1\INTERN~3\inetmgr.exe
    C:\WINDOWS\System32\njyehj.exe
    D:\Winamp\winampa.exe
    C:\Program Files\Internet Optimizer\optimize.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Optimizer\actalert.exe
    C:\PROGRA~1\INTERN~3\inetsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\VtzZy.exe
    C:\WINDOWS\System32\Kdf46BY.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Adam\LOCALS~1\Temp\Rar$EX02.047\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.7
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.7
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.111.52.62:3128
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.7
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50093
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
    R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: (no name) - {0B90AA1B-F649-44C3-9FD3-736C332CBBCF} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\System32\SWin32.dll
    O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem300.dll
    O2 - BHO: (no name) - {9E992732-295F-4987-8BE3-16FAC1639198} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.dll
    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\documents and settings\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [bTZTlWC] C:\documents and settings\adam\local settings\temp\bTZTlWC.exe
    O4 - HKLM\..\Run: [3JBBN8K2E6E39#] C:\WINDOWS\System32\Oub7j0h.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [WebInstall2] C:\Program Files\ClipGenie\WebInstall.exe /R
    O4 - HKLM\..\Run: [fuekuck] C:\WINDOWS\trufqsbx.exe
    O4 - HKLM\..\Run: [liconfgc] C:\WINDOWS\System32\liconfgc.exe
    O4 - HKLM\..\Run: [uartzq] C:\WINDOWS\System32\uartzq.exe
    O4 - HKLM\..\Run: [o7mR3sS] boorsfi.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~3\inetmgr.exe
    O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe
    O4 - HKLM\..\Run: [ibafit] C:\WINDOWS\System32\njyehj.exe
    O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WNSC] C:\WINDOWS\System32\wnsintsv.exe
    O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50151/QDow_AS2.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38091.604537037
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
    O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab
     
  4. jAWS207

    jAWS207 Thread Starter

    Joined:
    Jul 19, 2004
    Messages:
    3
    i did what you told me to. this all looks like giberish to me so i really cant point it out.

    thx for getting me this far and if anyone knows whats wrong id really appreciate it

    Logfile of HijackThis v1.97.7
    Scan saved at 2:36:44 PM, on 7/20/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\sstray.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\documents and settings\qttask.exe
    C:\documents and settings\adam\local settings\temp\bTZTlWC.exe
    C:\PROGRA~1\INTERN~3\inetmgr.exe
    C:\WINDOWS\System32\njyehj.exe
    D:\Winamp\winampa.exe
    C:\Program Files\Internet Optimizer\optimize.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Optimizer\actalert.exe
    C:\PROGRA~1\INTERN~3\inetsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\VtzZy.exe
    C:\WINDOWS\System32\Kdf46BY.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Adam\LOCALS~1\Temp\Rar$EX02.047\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.7
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.7
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.111.52.62:3128
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.7
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50093
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
    R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: (no name) - {0B90AA1B-F649-44C3-9FD3-736C332CBBCF} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\System32\SWin32.dll
    O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem300.dll
    O2 - BHO: (no name) - {9E992732-295F-4987-8BE3-16FAC1639198} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.dll
    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\documents and settings\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [bTZTlWC] C:\documents and settings\adam\local settings\temp\bTZTlWC.exe
    O4 - HKLM\..\Run: [3JBBN8K2E6E39#] C:\WINDOWS\System32\Oub7j0h.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [WebInstall2] C:\Program Files\ClipGenie\WebInstall.exe /R
    O4 - HKLM\..\Run: [fuekuck] C:\WINDOWS\trufqsbx.exe
    O4 - HKLM\..\Run: [liconfgc] C:\WINDOWS\System32\liconfgc.exe
    O4 - HKLM\..\Run: [uartzq] C:\WINDOWS\System32\uartzq.exe
    O4 - HKLM\..\Run: [o7mR3sS] boorsfi.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~3\inetmgr.exe
    O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe
    O4 - HKLM\..\Run: [ibafit] C:\WINDOWS\System32\njyehj.exe
    O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WNSC] C:\WINDOWS\System32\wnsintsv.exe
    O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
    O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50151/QDow_AS2.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...38091.604537037
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
    O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab
     
  5. win98se

    win98se

    Joined:
    Nov 27, 2003
    Messages:
    253
    Download, CWShredder, get off the net, and run it.
    Download Ad-Aware, run it
    Run Hijackthis again whilst you are off the net and see against how many of these you can place a tick.

    If there is reference to a file in the entries below after you have run the above, delete it manually. If you can’t delete it go into Safe Mode and try manually, If it still refuses to go, run regedit (with the usual caveats) and search and remove from there and then delete the file. If is still refuses to go, go to a command prompt and delete it from there.

    If you recognise any and still want them, leave them alone.
    If you don’t recognise them, change the extension name (e.g. change .exe to .xex)

    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe is a Trojan and so is
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load



    C:\WINDOWS\System32\VtzZy.exe
    C:\WINDOWS\System32\Kdf46BY.exe
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.7
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.7

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.7
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50093
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: (no name) - {0B90AA1B-F649-44C3-9FD3-736C332CBBCF} - (no file)
    O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\System32\SWin32.dll
    O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem300.dll
    O2 - BHO: (no name) - {9E992732-295F-4987-8BE3-16FAC1639198} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.dll
    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
    O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
    O4 - HKLM\..\Run: [bTZTlWC] C:\documents and settings\adam\local settings\temp\bTZTlWC.exe
    O4 - HKLM\..\Run: [3JBBN8K2E6E39#] C:\WINDOWS\System32\Oub7j0h.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [fuekuck] C:\WINDOWS\trufqsbx.exe
    O4 - HKLM\..\Run: [liconfgc] C:\WINDOWS\System32\liconfgc.exe
    O4 - HKLM\..\Run: [uartzq] C:\WINDOWS\System32\uartzq.exe
    O4 - HKLM\..\Run: [o7mR3sS] boorsfi.exe
    O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe
    O4 - HKLM\..\Run: [ibafit] C:\WINDOWS\System32\njyehj.exe
    O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
    O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50151/QDow_AS2.cab
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab

    For the last one, follow instructions at http://www.pestpatrol.com/PestInfo/r/roings_com.asp

    Run Hijackthis again and post a log...

    That should keep you busy for a while :p
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/252300

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice