1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Please review HJT

Discussion in 'Virus & Other Malware Removal' started by cwelaw, Apr 23, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. cwelaw

    cwelaw Thread Starter

    Joined:
    Jul 30, 2004
    Messages:
    67
    Would you please review the HJT log attached (too big to put in here) and assist in getting this machine back to normal! Flrman did a great job for me a while back on my system. Thank you.
     

    Attached Files:

  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,673
    Download and Save Spywadfix to your computer from this link: http://www.thespykiller.co.uk/files/spywadfix.exe and double click on the spywadfix.exe

    It will automatically extract to c:\spywad where it needs to be to run and will automatically open the remove spywad.vbs script for you ready to paste in the line mentioned below.

    If it doesn't open then go to c:\spywad and double click on the remove spywad.vbs Do not run any other file from there please unless asked to.

    If you have script blocking enabled you will get a warning about a malicious script wanting to run. Please allow this script to run. It is not malicious.

    It will open an Input box. Paste this line into the box

    C:\WINDOWS\System32\Tmk.exe

    The script will kill that process, backup and then delete any matching files in System32 and your Windows Directory. It will create a log of all files deleted. This log file will be named Spywad.txt and be located inside the C:\Spywad Folder. The backups will also be located in two subfolders there. One named Systems and the other named Window.

    The script will search the Windows Directory and delete desktop.html and popup.html if they exist. It will add entries to the log if these files are found and deleted.

    It will then kill Explorer. You will lose your taskbar and desktop. It will repair the registry entries returning your normal desktop and context menu functions.

    It will restart Explorer.

    Finally, it will Run hijackthis so that you can remove the orphaned run entries.

    If hijackthis doesn't start, run it manually.

    Rescan with Hijack This, close all browser windows except Hijack This, put a check mark beside these entries and click “fix checked”.

    O4 - HKLM\..\Run: [Aan] C:\WINDOWS\System32\Tmk.exe
    O4 - HKLM\..\Run: [Shell] open32.exe
    O4 - HKLM\..\Run: [Eut] C:\WINDOWS\System32\Atj.exe
    O4 - HKLM\..\Run: [Vhv] C:\WINDOWS\Pke.exe
    O4 - HKLM\..\Run: [Hlk] C:\WINDOWS\System32\Chf.exe
    O4 - HKLM\..\Run: [Irp] C:\WINDOWS\Asf.exe
    O4 - HKLM\..\Run: [Ork] C:\WINDOWS\Fdd.exe
    O4 - HKLM\..\Run: [Mli] C:\WINDOWS\Qkf.exe
    O4 - HKLM\..\Run: [Tav] C:\WINDOWS\System32\Lbs.exe
    O4 - HKLM\..\Run: [Rec] C:\WINDOWS\Rsl.exe
    O4 - HKLM\..\Run: [Jeb] C:\WINDOWS\System32\Fds.exe
    O4 - HKLM\..\Run: [Qjq] C:\WINDOWS\System32\Oha.exe
    O4 - HKLM\..\Run: [Sag] C:\WINDOWS\Oel.exe
    O4 - HKLM\..\Run: [Pnc] C:\WINDOWS\Sok.exe
    O4 - HKLM\..\Run: [Jpv] C:\WINDOWS\Ilg.exe
    O4 - HKLM\..\Run: [Kor] C:\WINDOWS\System32\Omg.exe
    O4 - HKLM\..\Run: [Cdo] C:\WINDOWS\System32\Kmc.exe
    O4 - HKLM\..\Run: [Djg] C:\WINDOWS\System32\Edi.exe
    O4 - HKLM\..\Run: [Rmg] C:\WINDOWS\System32\Pns.exe
    O4 - HKLM\..\Run: [Ikl] C:\WINDOWS\Rfi.exe
    O4 - HKLM\..\Run: [Lhr] C:\WINDOWS\Djf.exe
    O4 - HKLM\..\Run: [Tvd] C:\WINDOWS\Nub.exe
    O4 - HKLM\..\Run: [Lqp] C:\WINDOWS\System32\Qmt.exe
    O4 - HKLM\..\Run: [Fbr] C:\WINDOWS\System32\Mij.exe
    O4 - HKLM\..\Run: [Nqa] C:\WINDOWS\System32\Fdp.exe
    O4 - HKLM\..\Run: [Vim] C:\WINDOWS\Rff.exe
    O4 - HKLM\..\Run: [Vvj] C:\WINDOWS\System32\Flu.exe
    O4 - HKLM\..\Run: [Phn] C:\WINDOWS\Ajs.exe
    O4 - HKLM\..\Run: [Scc] C:\WINDOWS\System32\Snt.exe
    O4 - HKLM\..\Run: [Edj] C:\WINDOWS\Bra.exe
    O4 - HKLM\..\Run: [Tdn] C:\WINDOWS\System32\Aeo.exe
    O4 - HKLM\..\Run: [Fdv] C:\WINDOWS\Ths.exe
    O4 - HKLM\..\Run: [Jcr] C:\WINDOWS\System32\Bgn.exe
    O4 - HKLM\..\Run: [Ogh] C:\WINDOWS\System32\Kiv.exe
    O4 - HKLM\..\Run: [Elq] C:\WINDOWS\System32\Cmi.exe
    O4 - HKLM\..\Run: [Fgs] C:\WINDOWS\System32\Urp.exe
    O4 - HKLM\..\Run: [Phm] C:\WINDOWS\Omq.exe
    O4 - HKLM\..\Run: [Dfp] C:\WINDOWS\Ntn.exe
    O4 - HKLM\..\Run: [Ilc] C:\WINDOWS\Thr.exe
    O4 - HKLM\..\Run: [Uop] C:\WINDOWS\Mbc.exe
    O4 - HKLM\..\Run: [Cvk] C:\WINDOWS\System32\Uil.exe
    O4 - HKLM\..\Run: [Tsc] C:\WINDOWS\Ltl.exe
    O4 - HKLM\..\Run: [Ubb] C:\WINDOWS\Ijm.exe
    O4 - HKLM\..\Run: [Pvh] C:\WINDOWS\Qbq.exe
    O4 - HKLM\..\Run: [Atm] C:\WINDOWS\Khb.exe
    O4 - HKLM\..\Run: [Prj] C:\WINDOWS\Hkp.exe
    O4 - HKLM\..\Run: [Bhu] C:\WINDOWS\Dem.exe
    O4 - HKLM\..\Run: [Crr] C:\WINDOWS\System32\Mgr.exe
    O4 - HKLM\..\Run: [Cgl] C:\WINDOWS\System32\Amg.exe
    O4 - HKLM\..\Run: [Rpj] C:\WINDOWS\Srq.exe
    O4 - HKLM\..\Run: [Ejs] C:\WINDOWS\System32\Hrt.exe
    O4 - HKLM\..\Run: [Fad] C:\WINDOWS\Orl.exe
    O4 - HKLM\..\Run: [Gtm] C:\WINDOWS\Jrs.exe
    O4 - HKLM\..\Run: [Tne] C:\WINDOWS\Vdc.exe
    O4 - HKLM\..\Run: [Mfp] C:\WINDOWS\Hta.exe
    O4 - HKLM\..\Run: [Tpo] C:\WINDOWS\System32\Rtv.exe
    O4 - HKLM\..\Run: [Nku] C:\WINDOWS\System32\Gdm.exe
    O4 - HKLM\..\Run: [Elm] C:\WINDOWS\System32\Eiv.exe
    O4 - HKLM\..\Run: [Hnl] C:\WINDOWS\System32\Mfr.exe
    O4 - HKLM\..\Run: [Uin] C:\WINDOWS\Ggi.exe
    O4 - HKLM\..\Run: [Mkk] C:\WINDOWS\Agu.exe
    O4 - HKLM\..\Run: [Tua] C:\WINDOWS\System32\Jnk.exe
    O4 - HKLM\..\Run: [Kis] C:\WINDOWS\Qdk.exe
    O4 - HKLM\..\Run: [Sru] C:\WINDOWS\Ggj.exe
    O4 - HKLM\..\Run: [Dka] C:\WINDOWS\Des.exe
    O4 - HKLM\..\Run: [Ccn] C:\WINDOWS\Qbp.exe
    O4 - HKLM\..\Run: [Huq] C:\WINDOWS\System32\Hcl.exe
    O4 - HKLM\..\Run: [Ott] C:\WINDOWS\Rdg.exe
    O4 - HKLM\..\Run: [Peu] C:\WINDOWS\System32\Gdl.exe
    O4 - HKLM\..\Run: [Hej] C:\WINDOWS\Prj.exe
    O4 - HKLM\..\Run: [Rsa] C:\WINDOWS\Tac.exe
    O4 - HKLM\..\Run: [Hic] C:\WINDOWS\System32\Ujo.exe
    O4 - HKLM\..\Run: [Hma] C:\WINDOWS\System32\Upl.exe
    O4 - HKLM\..\Run: [Udf] C:\WINDOWS\System32\Ppm.exe
    O4 - HKLM\..\Run: [Ess] C:\WINDOWS\System32\Kvq.exe
    O4 - HKLM\..\Run: [Dvq] C:\WINDOWS\System32\Idi.exe
    O4 - HKLM\..\Run: [Mvj] C:\WINDOWS\System32\Vqc.exe
    O4 - HKLM\..\Run: [Pof] C:\WINDOWS\System32\Jks.exe
    O4 - HKLM\..\Run: [Lqi] C:\WINDOWS\Acg.exe
    O4 - HKLM\..\Run: [Feu] C:\WINDOWS\Eik.exe
    O4 - HKLM\..\Run: [Tmt] C:\WINDOWS\System32\Jen.exe
    O4 - HKLM\..\Run: [Irs] C:\WINDOWS\Icu.exe
    O4 - HKLM\..\Run: [Dsp] C:\WINDOWS\System32\Ecc.exe
    O4 - HKLM\..\Run: [Lai] C:\WINDOWS\System32\Lnl.exe
    O4 - HKLM\..\Run: [Dvu] C:\WINDOWS\System32\Fbk.exe
    O4 - HKLM\..\Run: [Idc] C:\WINDOWS\System32\Kuo.exe
    O4 - HKLM\..\Run: [All] C:\WINDOWS\System32\Lod.exe
    O4 - HKLM\..\Run: [Ict] C:\WINDOWS\System32\Hrv.exe
    O4 - HKLM\..\Run: [Ofp] C:\WINDOWS\Cqj.exe
    O4 - HKLM\..\Run: [Gsq] C:\WINDOWS\System32\Erm.exe
    O4 - HKLM\..\Run: [Kqj] C:\WINDOWS\System32\Fmt.exe
    O4 - HKLM\..\Run: [Mrt] C:\WINDOWS\System32\Nmo.exe
    O4 - HKLM\..\Run: [Iql] C:\WINDOWS\System32\Skl.exe
    O4 - HKLM\..\Run: [Jae] C:\WINDOWS\System32\Cpq.exe
    O4 - HKLM\..\Run: [Knt] C:\WINDOWS\Fjf.exe
    O4 - HKLM\..\Run: [Ufa] C:\WINDOWS\Rbm.exe
    O4 - HKLM\..\Run: [Frp] C:\WINDOWS\System32\Hbi.exe
    O4 - HKLM\..\Run: [Ksv] C:\WINDOWS\System32\Kum.exe
    O4 - HKLM\..\Run: [Gdp] C:\WINDOWS\Jpr.exe
    O4 - HKLM\..\Run: [Klb] C:\WINDOWS\Jkd.exe
    O4 - HKLM\..\Run: [Ddg] C:\WINDOWS\Bbp.exe
    O4 - HKLM\..\Run: [Jck] C:\WINDOWS\Bfj.exe
    O4 - HKLM\..\Run: [Idk] C:\WINDOWS\System32\Eju.exe
    O4 - HKLM\..\Run: [Btr] C:\WINDOWS\Ndc.exe
    O4 - HKLM\..\Run: [Rsj] C:\WINDOWS\System32\Pui.exe
    O4 - HKLM\..\Run: [Mes] C:\WINDOWS\System32\Tqe.exe
    O4 - HKLM\..\Run: [Sad] C:\WINDOWS\Grf.exe
    O4 - HKLM\..\Run: [Kem] C:\WINDOWS\Tvq.exe
    O4 - HKLM\..\Run: [Tfg] C:\WINDOWS\System32\Tji.exe
    O4 - HKLM\..\Run: [Bpe] C:\WINDOWS\System32\Qna.exe
    O4 - HKLM\..\Run: [Rum] C:\WINDOWS\Uoq.exe
    O4 - HKLM\..\Run: [Fju] C:\WINDOWS\Poc.exe
    O4 - HKLM\..\Run: [Eqn] C:\WINDOWS\Nak.exe
    O4 - HKLM\..\Run: [Cla] C:\WINDOWS\Ibh.exe
    O4 - HKLM\..\Run: [Igh] C:\WINDOWS\Ujq.exe
    O4 - HKLM\..\Run: [Mlm] C:\WINDOWS\Aii.exe
    O4 - HKLM\..\Run: [Qvk] C:\WINDOWS\Vpo.exe
    O4 - HKLM\..\Run: [Ikq] C:\WINDOWS\Maf.exe
    O4 - HKLM\..\Run: [Oue] C:\WINDOWS\System32\Ibg.exe
    O4 - HKLM\..\Run: [Tmn] C:\WINDOWS\Hvc.exe
    O4 - HKLM\..\Run: [Mic] C:\WINDOWS\Hfh.exe
    O4 - HKLM\..\Run: [Mfq] C:\WINDOWS\Pfi.exe
    O4 - HKLM\..\Run: [Ejh] C:\WINDOWS\System32\Mmp.exe
    O4 - HKLM\..\Run: [Kdt] C:\WINDOWS\System32\Ppq.exe
    O4 - HKLM\..\Run: [Mea] C:\WINDOWS\System32\Gnm.exe
    O4 - HKLM\..\Run: [Ubj] C:\WINDOWS\Dpb.exe
    O4 - HKLM\..\Run: [Shd] C:\WINDOWS\Rnv.exe
    O4 - HKLM\..\Run: [Rhd] C:\WINDOWS\System32\Abh.exe
    O4 - HKLM\..\Run: [Ckj] C:\WINDOWS\System32\Eta.exe
    O4 - HKLM\..\Run: [Ein] C:\WINDOWS\System32\Qrd.exe
    O4 - HKLM\..\Run: [Idq] C:\WINDOWS\System32\Hsk.exe
    O4 - HKLM\..\Run: [Eil] C:\WINDOWS\Urp.exe
    O4 - HKLM\..\Run: [Scj] C:\WINDOWS\Lfn.exe
    O4 - HKLM\..\Run: [Lcu] C:\WINDOWS\System32\Ggv.exe
    O4 - HKLM\..\Run: [Vga] C:\WINDOWS\Iia.exe
    O4 - HKLM\..\Run: [Ito] C:\WINDOWS\System32\Qve.exe
    O4 - HKLM\..\Run: [Reh] C:\WINDOWS\System32\Ffm.exe
    O4 - HKLM\..\Run: [Fgd] C:\WINDOWS\Smo.exe
    O4 - HKLM\..\Run: [Spk] C:\WINDOWS\System32\Hjh.exe
    O4 - HKLM\..\Run: [Edh] C:\WINDOWS\Jok.exe
    O4 - HKLM\..\Run: [Fne] C:\WINDOWS\Pqc.exe
    O4 - HKLM\..\Run: [Sgr] C:\WINDOWS\Ivj.exe
    O4 - HKLM\..\Run: [Vgp] C:\WINDOWS\Eog.exe
    O4 - HKLM\..\Run: [Ekh] C:\WINDOWS\System32\Kng.exe
    O4 - HKLM\..\Run: [Sgh] C:\WINDOWS\System32\Gog.exe
    O4 - HKLM\..\Run: [Jbf] C:\WINDOWS\System32\Gul.exe
    O4 - HKLM\..\Run: [Bda] C:\WINDOWS\Ljv.exe
    O4 - HKLM\..\Run: [Hpq] C:\WINDOWS\System32\Hvl.exe
    O4 - HKLM\..\Run: [Bue] C:\WINDOWS\Smg.exe
    O4 - HKLM\..\Run: [Cgm] C:\WINDOWS\System32\Kln.exe
    O4 - HKLM\..\Run: [Pbr] C:\WINDOWS\Cvf.exe
    O4 - HKLM\..\Run: [Agc] C:\WINDOWS\System32\Efg.exe
    O4 - HKLM\..\Run: [Kae] C:\WINDOWS\System32\Gde.exe
    O4 - HKLM\..\Run: [Lhk] C:\WINDOWS\System32\Dqb.exe
    O4 - HKLM\..\Run: [Hem] C:\WINDOWS\Tmc.exe
    O4 - HKLM\..\Run: [Hfh] C:\WINDOWS\System32\Ffc.exe
    O4 - HKLM\..\Run: [Vve] C:\WINDOWS\Kcm.exe
    O4 - HKLM\..\Run: [Mfg] C:\WINDOWS\System32\Ist.exe
    O4 - HKLM\..\Run: [Dsl] C:\WINDOWS\System32\Nsl.exe
    O4 - HKLM\..\Run: [Mgk] C:\WINDOWS\Kio.exe
    O4 - HKLM\..\Run: [Kmr] C:\WINDOWS\Tta.exe
    O4 - HKLM\..\Run: [Qbe] C:\WINDOWS\System32\Ocp.exe
    O4 - HKLM\..\Run: [Jec] C:\WINDOWS\System32\Ria.exe
    O4 - HKLM\..\Run: [Mjs] C:\WINDOWS\System32\Acl.exe
    O4 - HKLM\..\Run: [Qsh] C:\WINDOWS\System32\Phg.exe
    O4 - HKLM\..\Run: [Fdf] C:\WINDOWS\System32\Thb.exe
    O4 - HKLM\..\Run: [Sgg] C:\WINDOWS\Qaj.exe
    O4 - HKLM\..\Run: [Kpl] C:\WINDOWS\Sfv.exe
    O4 - HKLM\..\Run: [Jfd] C:\WINDOWS\Cfk.exe
    O4 - HKLM\..\Run: [Hbt] C:\WINDOWS\System32\Ovf.exe
    O4 - HKLM\..\Run: [Cdh] C:\WINDOWS\Oqb.exe
    O4 - HKLM\..\Run: [Qap] C:\WINDOWS\Dom.exe
    O4 - HKLM\..\Run: [Fgj] C:\WINDOWS\System32\Fvu.exe
    O4 - HKLM\..\Run: [Vsl] C:\WINDOWS\Sme.exe
    O4 - HKLM\..\Run: [Pnh] C:\WINDOWS\Hge.exe
    O4 - HKLM\..\Run: [Ngr] C:\WINDOWS\System32\Vau.exe
    O4 - HKLM\..\Run: [Mgd] C:\WINDOWS\Qrt.exe
    O4 - HKLM\..\Run: [Cgb] C:\WINDOWS\Aki.exe
    O4 - HKLM\..\Run: [Hfq] C:\WINDOWS\Lbi.exe
    O4 - HKLM\..\Run: [Kqm] C:\WINDOWS\System32\Ccv.exe
    O4 - HKLM\..\Run: [Fab] C:\WINDOWS\System32\Irg.exe
    O4 - HKLM\..\Run: [Htt] C:\WINDOWS\System32\Vbe.exe
    O4 - HKLM\..\Run: [Rqq] C:\WINDOWS\System32\Ota.exe
    O4 - HKLM\..\Run: [Qec] C:\WINDOWS\System32\Hfb.exe
    O4 - HKLM\..\Run: [Bal] C:\WINDOWS\System32\Kgo.exe
    O4 - HKLM\..\Run: [Qlr] C:\WINDOWS\System32\Vsb.exe
    O4 - HKLM\..\Run: [Uos] C:\WINDOWS\System32\Tlh.exe
    O4 - HKLM\..\Run: [Oam] C:\WINDOWS\Ovv.exe
    O4 - HKLM\..\Run: [Fie] C:\WINDOWS\Pqp.exe
    O4 - HKLM\..\Run: [Lgl] C:\WINDOWS\Vdb.exe
    O4 - HKLM\..\Run: [Kfm] C:\WINDOWS\System32\Vih.exe
    O4 - HKLM\..\Run: [Aii] C:\WINDOWS\Ckh.exe
    O4 - HKLM\..\Run: [Utr] C:\WINDOWS\Icl.exe
    O4 - HKLM\..\Run: [Hkp] C:\WINDOWS\Tfl.exe
    O4 - HKLM\..\Run: [Vgk] C:\WINDOWS\Nis.exe
    O4 - HKLM\..\Run: [Bbr] C:\WINDOWS\System32\Nld.exe
    O4 - HKLM\..\Run: [Occ] C:\WINDOWS\Hjs.exe
    O4 - HKLM\..\Run: [Del] C:\WINDOWS\System32\Qrj.exe
    O4 - HKLM\..\Run: [Rmv] C:\WINDOWS\Vfh.exe
    O4 - HKLM\..\Run: [Ujn] C:\WINDOWS\System32\Cap.exe
    O4 - HKLM\..\Run: [Ddo] C:\WINDOWS\Ric.exe
    O4 - HKLM\..\Run: [Rgr] C:\WINDOWS\Bsv.exe
    O4 - HKLM\..\Run: [Gol] C:\WINDOWS\Tsq.exe
    O4 - HKLM\..\Run: [Mlk] C:\WINDOWS\Pur.exe
    O4 - HKLM\..\Run: [Rho] C:\WINDOWS\Uph.exe
    O4 - HKLM\..\Run: [Mjg] C:\WINDOWS\System32\Gfc.exe
    O4 - HKLM\..\Run: [Rnt] C:\WINDOWS\System32\Hjr.exe
    O4 - HKLM\..\Run: [Qgh] C:\WINDOWS\Alh.exe
    O4 - HKLM\..\Run: [Sis] C:\WINDOWS\System32\Ilp.exe
    O4 - HKLM\..\Run: [Upo] C:\WINDOWS\Utf.exe
    O4 - HKLM\..\Run: [Gco] C:\WINDOWS\System32\Mjb.exe
    O4 - HKLM\..\Run: [Lco] C:\WINDOWS\Lao.exe
    O4 - HKLM\..\Run: [Lnu] C:\WINDOWS\System32\Sqs.exe
    O4 - HKLM\..\Run: [Pcl] C:\WINDOWS\System32\Uus.exe
    O4 - HKLM\..\Run: [Msd] C:\WINDOWS\System32\Qcm.exe
    O4 - HKLM\..\Run: [Itd] C:\WINDOWS\System32\Lok.exe
    O4 - HKLM\..\Run: [Quc] C:\WINDOWS\Qbn.exe
    O4 - HKLM\..\Run: [Fdr] C:\WINDOWS\System32\Nqd.exe
    O4 - HKLM\..\Run: [Cec] C:\WINDOWS\System32\Qcm.exe
    O4 - HKLM\..\Run: [Jaq] C:\WINDOWS\Fao.exe
    O4 - HKLM\..\Run: [Vgh] C:\WINDOWS\Gvj.exe
    O4 - HKLM\..\Run: [Bdh] C:\WINDOWS\System32\Qnj.exe
    O4 - HKLM\..\Run: [Ini] C:\WINDOWS\System32\Jmn.exe
    O4 - HKLM\..\Run: [Rng] C:\WINDOWS\System32\Rgv.exe
    O4 - HKLM\..\Run: [Nln] C:\WINDOWS\System32\Qjg.exe
    O4 - HKLM\..\Run: [Pgc] C:\WINDOWS\System32\Its.exe
    O4 - HKLM\..\Run: [Uhj] C:\WINDOWS\System32\Uum.exe
    O4 - HKLM\..\Run: [Dke] C:\WINDOWS\System32\Etd.exe
    O4 - HKLM\..\Run: [Pdg] C:\WINDOWS\System32\Iub.exe
    O4 - HKLM\..\Run: [Ths] C:\WINDOWS\System32\Jdc.exe
    O4 - HKLM\..\Run: [Uft] C:\WINDOWS\System32\Vju.exe
    O4 - HKLM\..\Run: [Uei] C:\WINDOWS\Mgn.exe
    O4 - HKLM\..\Run: [Fdm] C:\WINDOWS\Fib.exe
    O4 - HKLM\..\Run: [Vvk] C:\WINDOWS\System32\Hqk.exe
    O4 - HKLM\..\Run: [Abn] C:\WINDOWS\Krj.exe
    O4 - HKLM\..\Run: [Npa] C:\WINDOWS\Rfm.exe
    O4 - HKLM\..\Run: [Jkb] C:\WINDOWS\System32\Sah.exe
    O4 - HKLM\..\Run: [Qpj] C:\WINDOWS\System32\Mbr.exe
    O4 - HKLM\..\Run: [Fhn] C:\WINDOWS\Kgb.exe
    O4 - HKCU\..\Run: [Aan] C:\WINDOWS\System32\Tmk.exe
    O4 - HKCU\..\Run: [Eut] C:\WINDOWS\System32\Atj.exe
    O4 - HKCU\..\Run: [Vhv] C:\WINDOWS\Pke.exe
    O4 - HKCU\..\Run: [Hlk] C:\WINDOWS\System32\Chf.exe
    O4 - HKCU\..\Run: [Irp] C:\WINDOWS\Asf.exe
    O4 - HKCU\..\Run: [Ork] C:\WINDOWS\Fdd.exe
    O4 - HKCU\..\Run: [Mli] C:\WINDOWS\Qkf.exe
    O4 - HKCU\..\Run: [Tav] C:\WINDOWS\System32\Lbs.exe
    O4 - HKCU\..\Run: [Rec] C:\WINDOWS\Rsl.exe
    O4 - HKCU\..\Run: [Jeb] C:\WINDOWS\System32\Fds.exe
    O4 - HKCU\..\Run: [Qjq] C:\WINDOWS\System32\Oha.exe
    O4 - HKCU\..\Run: [Sag] C:\WINDOWS\Oel.exe
    O4 - HKCU\..\Run: [Pnc] C:\WINDOWS\Sok.exe
    O4 - HKCU\..\Run: [Jpv] C:\WINDOWS\Ilg.exe
    O4 - HKCU\..\Run: [Kor] C:\WINDOWS\System32\Omg.exe
    O4 - HKCU\..\Run: [Cdo] C:\WINDOWS\System32\Kmc.exe
    O4 - HKCU\..\Run: [Djg] C:\WINDOWS\System32\Edi.exe
    O4 - HKCU\..\Run: [Rmg] C:\WINDOWS\System32\Pns.exe
    O4 - HKCU\..\Run: [Ikl] C:\WINDOWS\Rfi.exe
    O4 - HKCU\..\Run: [Lhr] C:\WINDOWS\Djf.exe
    O4 - HKCU\..\Run: [Tvd] C:\WINDOWS\Nub.exe
    O4 - HKCU\..\Run: [Lqp] C:\WINDOWS\System32\Qmt.exe
    O4 - HKCU\..\Run: [Fbr] C:\WINDOWS\System32\Mij.exe
    O4 - HKCU\..\Run: [Nqa] C:\WINDOWS\System32\Fdp.exe
    O4 - HKCU\..\Run: [Vim] C:\WINDOWS\Rff.exe
    O4 - HKCU\..\Run: [Vvj] C:\WINDOWS\System32\Flu.exe
    O4 - HKCU\..\Run: [Phn] C:\WINDOWS\Ajs.exe
    O4 - HKCU\..\Run: [Scc] C:\WINDOWS\System32\Snt.exe
    O4 - HKCU\..\Run: [Edj] C:\WINDOWS\Bra.exe
    O4 - HKCU\..\Run: [Tdn] C:\WINDOWS\System32\Aeo.exe
    O4 - HKCU\..\Run: [Fdv] C:\WINDOWS\Ths.exe
    O4 - HKCU\..\Run: [Jcr] C:\WINDOWS\System32\Bgn.exe
    O4 - HKCU\..\Run: [Ogh] C:\WINDOWS\System32\Kiv.exe
    O4 - HKCU\..\Run: [Elq] C:\WINDOWS\System32\Cmi.exe
    O4 - HKCU\..\Run: [Fgs] C:\WINDOWS\System32\Urp.exe
    O4 - HKCU\..\Run: [Phm] C:\WINDOWS\Omq.exe
    O4 - HKCU\..\Run: [Dfp] C:\WINDOWS\Ntn.exe
    O4 - HKCU\..\Run: [Ilc] C:\WINDOWS\Thr.exe
    O4 - HKCU\..\Run: [Uop] C:\WINDOWS\Mbc.exe
    O4 - HKCU\..\Run: [Cvk] C:\WINDOWS\System32\Uil.exe
    O4 - HKCU\..\Run: [Tsc] C:\WINDOWS\Ltl.exe
    O4 - HKCU\..\Run: [Ubb] C:\WINDOWS\Ijm.exe
    O4 - HKCU\..\Run: [Pvh] C:\WINDOWS\Qbq.exe
    O4 - HKCU\..\Run: [Atm] C:\WINDOWS\Khb.exe
    O4 - HKCU\..\Run: [Prj] C:\WINDOWS\Hkp.exe
    O4 - HKCU\..\Run: [Bhu] C:\WINDOWS\Dem.exe
    O4 - HKCU\..\Run: [Crr] C:\WINDOWS\System32\Mgr.exe
    O4 - HKCU\..\Run: [Cgl] C:\WINDOWS\System32\Amg.exe
    O4 - HKCU\..\Run: [Rpj] C:\WINDOWS\Srq.exe
    O4 - HKCU\..\Run: [Ejs] C:\WINDOWS\System32\Hrt.exe
    O4 - HKCU\..\Run: [Fad] C:\WINDOWS\Orl.exe
    O4 - HKCU\..\Run: [Gtm] C:\WINDOWS\Jrs.exe
    O4 - HKCU\..\Run: [Tne] C:\WINDOWS\Vdc.exe
    O4 - HKCU\..\Run: [Mfp] C:\WINDOWS\Hta.exe
    O4 - HKCU\..\Run: [Tpo] C:\WINDOWS\System32\Rtv.exe
    O4 - HKCU\..\Run: [Nku] C:\WINDOWS\System32\Gdm.exe
    O4 - HKCU\..\Run: [Elm] C:\WINDOWS\System32\Eiv.exe
    O4 - HKCU\..\Run: [Hnl] C:\WINDOWS\System32\Mfr.exe
    O4 - HKCU\..\Run: [Uin] C:\WINDOWS\Ggi.exe
    O4 - HKCU\..\Run: [Mkk] C:\WINDOWS\Agu.exe
    O4 - HKCU\..\Run: [Tua] C:\WINDOWS\System32\Jnk.exe
    O4 - HKCU\..\Run: [Kis] C:\WINDOWS\Qdk.exe
    O4 - HKCU\..\Run: [Sru] C:\WINDOWS\Ggj.exe
    O4 - HKCU\..\Run: [Dka] C:\WINDOWS\Des.exe
    O4 - HKCU\..\Run: [Ccn] C:\WINDOWS\Qbp.exe
    O4 - HKCU\..\Run: [Huq] C:\WINDOWS\System32\Hcl.exe
    O4 - HKCU\..\Run: [Ott] C:\WINDOWS\Rdg.exe
    O4 - HKCU\..\Run: [Peu] C:\WINDOWS\System32\Gdl.exe
    O4 - HKCU\..\Run: [Hej] C:\WINDOWS\Prj.exe
    O4 - HKCU\..\Run: [Rsa] C:\WINDOWS\Tac.exe
    O4 - HKCU\..\Run: [Hic] C:\WINDOWS\System32\Ujo.exe
    O4 - HKCU\..\Run: [Hma] C:\WINDOWS\System32\Upl.exe
    O4 - HKCU\..\Run: [Udf] C:\WINDOWS\System32\Ppm.exe
    O4 - HKCU\..\Run: [Ess] C:\WINDOWS\System32\Kvq.exe
    O4 - HKCU\..\Run: [Dvq] C:\WINDOWS\System32\Idi.exe
    O4 - HKCU\..\Run: [Mvj] C:\WINDOWS\System32\Vqc.exe
    O4 - HKCU\..\Run: [Pof] C:\WINDOWS\System32\Jks.exe
    O4 - HKCU\..\Run: [Lqi] C:\WINDOWS\Acg.exe
    O4 - HKCU\..\Run: [Feu] C:\WINDOWS\Eik.exe
    O4 - HKCU\..\Run: [Tmt] C:\WINDOWS\System32\Jen.exe
    O4 - HKCU\..\Run: [Irs] C:\WINDOWS\Icu.exe
    O4 - HKCU\..\Run: [Dsp] C:\WINDOWS\System32\Ecc.exe
    O4 - HKCU\..\Run: [Lai] C:\WINDOWS\System32\Lnl.exe
    O4 - HKCU\..\Run: [Dvu] C:\WINDOWS\System32\Fbk.exe
    O4 - HKCU\..\Run: [Idc] C:\WINDOWS\System32\Kuo.exe
    O4 - HKCU\..\Run: [All] C:\WINDOWS\System32\Lod.exe
    O4 - HKCU\..\Run: [Ict] C:\WINDOWS\System32\Hrv.exe
    O4 - HKCU\..\Run: [Ofp] C:\WINDOWS\Cqj.exe
    O4 - HKCU\..\Run: [Gsq] C:\WINDOWS\System32\Erm.exe
    O4 - HKCU\..\Run: [Kqj] C:\WINDOWS\System32\Fmt.exe
    O4 - HKCU\..\Run: [Mrt] C:\WINDOWS\System32\Nmo.exe
    O4 - HKCU\..\Run: [Iql] C:\WINDOWS\System32\Skl.exe
    O4 - HKCU\..\Run: [Jae] C:\WINDOWS\System32\Cpq.exe
    O4 - HKCU\..\Run: [Knt] C:\WINDOWS\Fjf.exe
    O4 - HKCU\..\Run: [Ufa] C:\WINDOWS\Rbm.exe
    O4 - HKCU\..\Run: [Frp] C:\WINDOWS\System32\Hbi.exe
    O4 - HKCU\..\Run: [Ksv] C:\WINDOWS\System32\Kum.exe
    O4 - HKCU\..\Run: [Gdp] C:\WINDOWS\Jpr.exe
    O4 - HKCU\..\Run: [Klb] C:\WINDOWS\Jkd.exe
    O4 - HKCU\..\Run: [Ddg] C:\WINDOWS\Bbp.exe
    O4 - HKCU\..\Run: [Jck] C:\WINDOWS\Bfj.exe
    O4 - HKCU\..\Run: [Idk] C:\WINDOWS\System32\Eju.exe
    O4 - HKCU\..\Run: [Btr] C:\WINDOWS\Ndc.exe
    O4 - HKCU\..\Run: [Rsj] C:\WINDOWS\System32\Pui.exe
    O4 - HKCU\..\Run: [Mes] C:\WINDOWS\System32\Tqe.exe
    O4 - HKCU\..\Run: [Sad] C:\WINDOWS\Grf.exe
    O4 - HKCU\..\Run: [Kem] C:\WINDOWS\Tvq.exe
    O4 - HKCU\..\Run: [Tfg] C:\WINDOWS\System32\Tji.exe
    O4 - HKCU\..\Run: [Bpe] C:\WINDOWS\System32\Qna.exe
    O4 - HKCU\..\Run: [Rum] C:\WINDOWS\Uoq.exe
    O4 - HKCU\..\Run: [Fju] C:\WINDOWS\Poc.exe
    O4 - HKCU\..\Run: [Eqn] C:\WINDOWS\Nak.exe
    O4 - HKCU\..\Run: [Cla] C:\WINDOWS\Ibh.exe
    O4 - HKCU\..\Run: [Igh] C:\WINDOWS\Ujq.exe
    O4 - HKCU\..\Run: [Mlm] C:\WINDOWS\Aii.exe
    O4 - HKCU\..\Run: [Qvk] C:\WINDOWS\Vpo.exe
    O4 - HKCU\..\Run: [Ikq] C:\WINDOWS\Maf.exe
    O4 - HKCU\..\Run: [Oue] C:\WINDOWS\System32\Ibg.exe
    O4 - HKCU\..\Run: [Tmn] C:\WINDOWS\Hvc.exe
    O4 - HKCU\..\Run: [Mic] C:\WINDOWS\Hfh.exe
    O4 - HKCU\..\Run: [Mfq] C:\WINDOWS\Pfi.exe
    O4 - HKCU\..\Run: [Ejh] C:\WINDOWS\System32\Mmp.exe
    O4 - HKCU\..\Run: [Kdt] C:\WINDOWS\System32\Ppq.exe
    O4 - HKCU\..\Run: [Mea] C:\WINDOWS\System32\Gnm.exe
    O4 - HKCU\..\Run: [Ubj] C:\WINDOWS\Dpb.exe
    O4 - HKCU\..\Run: [Shd] C:\WINDOWS\Rnv.exe
    O4 - HKCU\..\Run: [Rhd] C:\WINDOWS\System32\Abh.exe
    O4 - HKCU\..\Run: [Ckj] C:\WINDOWS\System32\Eta.exe
    O4 - HKCU\..\Run: [Ein] C:\WINDOWS\System32\Qrd.exe
    O4 - HKCU\..\Run: [Idq] C:\WINDOWS\System32\Hsk.exe
    O4 - HKCU\..\Run: [Eil] C:\WINDOWS\Urp.exe
    O4 - HKCU\..\Run: [Scj] C:\WINDOWS\Lfn.exe
    O4 - HKCU\..\Run: [Lcu] C:\WINDOWS\System32\Ggv.exe
    O4 - HKCU\..\Run: [Vga] C:\WINDOWS\Iia.exe
    O4 - HKCU\..\Run: [Ito] C:\WINDOWS\System32\Qve.exe
    O4 - HKCU\..\Run: [Reh] C:\WINDOWS\System32\Ffm.exe
    O4 - HKCU\..\Run: [Fgd] C:\WINDOWS\Smo.exe
    O4 - HKCU\..\Run: [Spk] C:\WINDOWS\System32\Hjh.exe
    O4 - HKCU\..\Run: [Edh] C:\WINDOWS\Jok.exe
    O4 - HKCU\..\Run: [Fne] C:\WINDOWS\Pqc.exe
    O4 - HKCU\..\Run: [Sgr] C:\WINDOWS\Ivj.exe
    O4 - HKCU\..\Run: [Vgp] C:\WINDOWS\Eog.exe
    O4 - HKCU\..\Run: [Ekh] C:\WINDOWS\System32\Kng.exe
    O4 - HKCU\..\Run: [Sgh] C:\WINDOWS\System32\Gog.exe
    O4 - HKCU\..\Run: [Jbf] C:\WINDOWS\System32\Gul.exe
    O4 - HKCU\..\Run: [Bda] C:\WINDOWS\Ljv.exe
    O4 - HKCU\..\Run: [Hpq] C:\WINDOWS\System32\Hvl.exe
    O4 - HKCU\..\Run: [Bue] C:\WINDOWS\Smg.exe
    O4 - HKCU\..\Run: [Cgm] C:\WINDOWS\System32\Kln.exe
    O4 - HKCU\..\Run: [Pbr] C:\WINDOWS\Cvf.exe
    O4 - HKCU\..\Run: [Agc] C:\WINDOWS\System32\Efg.exe
    O4 - HKCU\..\Run: [Kae] C:\WINDOWS\System32\Gde.exe
    O4 - HKCU\..\Run: [Lhk] C:\WINDOWS\System32\Dqb.exe
    O4 - HKCU\..\Run: [Hem] C:\WINDOWS\Tmc.exe
    O4 - HKCU\..\Run: [Hfh] C:\WINDOWS\System32\Ffc.exe
    O4 - HKCU\..\Run: [Vve] C:\WINDOWS\Kcm.exe
    O4 - HKCU\..\Run: [Mfg] C:\WINDOWS\System32\Ist.exe
    O4 - HKCU\..\Run: [Dsl] C:\WINDOWS\System32\Nsl.exe
    O4 - HKCU\..\Run: [Mgk] C:\WINDOWS\Kio.exe
    O4 - HKCU\..\Run: [Kmr] C:\WINDOWS\Tta.exe
    O4 - HKCU\..\Run: [Qbe] C:\WINDOWS\System32\Ocp.exe
    O4 - HKCU\..\Run: [Jec] C:\WINDOWS\System32\Ria.exe
    O4 - HKCU\..\Run: [Mjs] C:\WINDOWS\System32\Acl.exe
    O4 - HKCU\..\Run: [Qsh] C:\WINDOWS\System32\Phg.exe
    O4 - HKCU\..\Run: [Fdf] C:\WINDOWS\System32\Thb.exe
    O4 - HKCU\..\Run: [Sgg] C:\WINDOWS\Qaj.exe
    O4 - HKCU\..\Run: [Kpl] C:\WINDOWS\Sfv.exe
    O4 - HKCU\..\Run: [Jfd] C:\WINDOWS\Cfk.exe
    O4 - HKCU\..\Run: [Hbt] C:\WINDOWS\System32\Ovf.exe
    O4 - HKCU\..\Run: [Cdh] C:\WINDOWS\Oqb.exe
    O4 - HKCU\..\Run: [Qap] C:\WINDOWS\Dom.exe
    O4 - HKCU\..\Run: [Fgj] C:\WINDOWS\System32\Fvu.exe
    O4 - HKCU\..\Run: [Vsl] C:\WINDOWS\Sme.exe
    O4 - HKCU\..\Run: [Pnh] C:\WINDOWS\Hge.exe
    O4 - HKCU\..\Run: [Ngr] C:\WINDOWS\System32\Vau.exe
    O4 - HKCU\..\Run: [Mgd] C:\WINDOWS\Qrt.exe
    O4 - HKCU\..\Run: [Cgb] C:\WINDOWS\Aki.exe
    O4 - HKCU\..\Run: [Hfq] C:\WINDOWS\Lbi.exe
    O4 - HKCU\..\Run: [Kqm] C:\WINDOWS\System32\Ccv.exe
    O4 - HKCU\..\Run: [Fab] C:\WINDOWS\System32\Irg.exe
    O4 - HKCU\..\Run: [Htt] C:\WINDOWS\System32\Vbe.exe
    O4 - HKCU\..\Run: [Rqq] C:\WINDOWS\System32\Ota.exe
    O4 - HKCU\..\Run: [Qec] C:\WINDOWS\System32\Hfb.exe
    O4 - HKCU\..\Run: [Bal] C:\WINDOWS\System32\Kgo.exe
    O4 - HKCU\..\Run: [Qlr] C:\WINDOWS\System32\Vsb.exe
    O4 - HKCU\..\Run: [Uos] C:\WINDOWS\System32\Tlh.exe
    O4 - HKCU\..\Run: [Oam] C:\WINDOWS\Ovv.exe
    O4 - HKCU\..\Run: [Fie] C:\WINDOWS\Pqp.exe
    O4 - HKCU\..\Run: [Lgl] C:\WINDOWS\Vdb.exe
    O4 - HKCU\..\Run: [Kfm] C:\WINDOWS\System32\Vih.exe
    O4 - HKCU\..\Run: [Aii] C:\WINDOWS\Ckh.exe
    O4 - HKCU\..\Run: [Utr] C:\WINDOWS\Icl.exe
    O4 - HKCU\..\Run: [Hkp] C:\WINDOWS\Tfl.exe
    O4 - HKCU\..\Run: [Vgk] C:\WINDOWS\Nis.exe
    O4 - HKCU\..\Run: [Bbr] C:\WINDOWS\System32\Nld.exe
    O4 - HKCU\..\Run: [Occ] C:\WINDOWS\Hjs.exe
    O4 - HKCU\..\Run: [Del] C:\WINDOWS\System32\Qrj.exe
    O4 - HKCU\..\Run: [Rmv] C:\WINDOWS\Vfh.exe
    O4 - HKCU\..\Run: [Ujn] C:\WINDOWS\System32\Cap.exe
    O4 - HKCU\..\Run: [Ddo] C:\WINDOWS\Ric.exe
    O4 - HKCU\..\Run: [Rgr] C:\WINDOWS\Bsv.exe
    O4 - HKCU\..\Run: [Gol] C:\WINDOWS\Tsq.exe
    O4 - HKCU\..\Run: [Mlk] C:\WINDOWS\Pur.exe
    O4 - HKCU\..\Run: [Rho] C:\WINDOWS\Uph.exe
    O4 - HKCU\..\Run: [Mjg] C:\WINDOWS\System32\Gfc.exe
    O4 - HKCU\..\Run: [Rnt] C:\WINDOWS\System32\Hjr.exe
    O4 - HKCU\..\Run: [Qgh] C:\WINDOWS\Alh.exe
    O4 - HKCU\..\Run: [Sis] C:\WINDOWS\System32\Ilp.exe
    O4 - HKCU\..\Run: [Upo] C:\WINDOWS\Utf.exe
    O4 - HKCU\..\Run: [Gco] C:\WINDOWS\System32\Mjb.exe
    O4 - HKCU\..\Run: [Lco] C:\WINDOWS\Lao.exe
    O4 - HKCU\..\Run: [Lnu] C:\WINDOWS\System32\Sqs.exe
    O4 - HKCU\..\Run: [Pcl] C:\WINDOWS\System32\Uus.exe
    O4 - HKCU\..\Run: [Msd] C:\WINDOWS\System32\Qcm.exe
    O4 - HKCU\..\Run: [Itd] C:\WINDOWS\System32\Lok.exe
    O4 - HKCU\..\Run: [Quc] C:\WINDOWS\Qbn.exe
    O4 - HKCU\..\Run: [Fdr] C:\WINDOWS\System32\Nqd.exe
    O4 - HKCU\..\Run: [Cec] C:\WINDOWS\System32\Qcm.exe
    O4 - HKCU\..\Run: [Jaq] C:\WINDOWS\Fao.exe
    O4 - HKCU\..\Run: [Vgh] C:\WINDOWS\Gvj.exe
    O4 - HKCU\..\Run: [Bdh] C:\WINDOWS\System32\Qnj.exe
    O4 - HKCU\..\Run: [Ini] C:\WINDOWS\System32\Jmn.exe
    O4 - HKCU\..\Run: [Rng] C:\WINDOWS\System32\Rgv.exe
    O4 - HKCU\..\Run: [Nln] C:\WINDOWS\System32\Qjg.exe
    O4 - HKCU\..\Run: [Pgc] C:\WINDOWS\System32\Its.exe
    O4 - HKCU\..\Run: [Uhj] C:\WINDOWS\System32\Uum.exe
    O4 - HKCU\..\Run: [Dke] C:\WINDOWS\System32\Etd.exe
    O4 - HKCU\..\Run: [Pdg] C:\WINDOWS\System32\Iub.exe
    O4 - HKCU\..\Run: [Ths] C:\WINDOWS\System32\Jdc.exe
    O4 - HKCU\..\Run: [Uft] C:\WINDOWS\System32\Vju.exe
    O4 - HKCU\..\Run: [Uei] C:\WINDOWS\Mgn.exe
    O4 - HKCU\..\Run: [Fdm] C:\WINDOWS\Fib.exe
    O4 - HKCU\..\Run: [Vvk] C:\WINDOWS\System32\Hqk.exe
    O4 - HKCU\..\Run: [Abn] C:\WINDOWS\Krj.exe
    O4 - HKCU\..\Run: [Npa] C:\WINDOWS\Rfm.exe
    O4 - HKCU\..\Run: [Jkb] C:\WINDOWS\System32\Sah.exe
    O4 - HKCU\..\Run: [Qpj] C:\WINDOWS\System32\Mbr.exe
    O4 - HKCU\..\Run: [Fhn] C:\WINDOWS\Kgb.exe

    When finished, post the contents of Spywad.txt and a new Hijackthis log. There will be more to fix with HJT and more to do as well but this is a first step.
     
  3. cwelaw

    cwelaw Thread Starter

    Joined:
    Jul 30, 2004
    Messages:
    67
    Thanks, will do the above and get back to you. This is on my son's Matt's machine.
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,673
    No problem.
     
  5. cwelaw

    cwelaw Thread Starter

    Joined:
    Jul 30, 2004
    Messages:
    67
    Cookie, I did the Spywad but did not get a Spywad.txt log file, just the System and Windows folders. Also, it did not kill Explorer, restart it or run Hijack this automatically. What should I do next?
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,673
    Continue with the rest of the instructions and then post another Hijack This log.
     
  7. cwelaw

    cwelaw Thread Starter

    Joined:
    Jul 30, 2004
    Messages:
    67
    OK, Thanks
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,673
  9. cwelaw

    cwelaw Thread Starter

    Joined:
    Jul 30, 2004
    Messages:
    67
    here is the new hjt log. I can't copy what was in the systems and windows folder from spywad:

    Logfile of HijackThis v1.99.0
    Scan saved at 7:23:49 PM, on 4/23/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\System32\open32.exe
    C:\WINDOWS\System32\RUNDLL32.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
    C:\WINDOWS\explorer.exe
    C:\hijackthis\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6C07C118-09D3-4869-83B6-FC05F6759A88} - C:\WINDOWS\System32\inni.dll (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ikvl895] C:\WINDOWS\mjgpd.exe
    O4 - HKLM\..\Run: [ikvl8ÏÔ@ÔÁß]§ú"ü‰üžC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mjgpd.exe
    O4 - HKLM\..\Run: [¢‰¸K0¨4W
    }ïÁzî[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mjgpd.exe
    O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mjgpd.exe
    O4 - HKLM\..\Run: [¢‰¸K0ÔÁß]§ú"ü‰üžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mjgpd.exe
    O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú"ü‰¸K0C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mjgpd.exe
    O4 - HKLM\..\Run: [ynmjetkd] C:\WINDOWS\ynmjetkd.exe
    O4 - HKLM\..\Run: [ikvl8ÏÔÁß]§ú"ü‰üžigC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mjgpd.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [¢‰¸K0¨4W
    }ïÁzîžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mjgpd.exe
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [Suf] C:\WINDOWS\System32\Bkf.exe
    O4 - HKLM\..\Run: [Lil] C:\WINDOWS\System32\Ecv.exe
    O4 - HKLM\..\Run: [Kcv] C:\WINDOWS\System32\Eth.exe
    O4 - HKLM\..\Run: [Ccr] C:\WINDOWS\System32\Hcm.exe
    O4 - HKLM\..\Run: [Kfd] C:\WINDOWS\Lvq.exe
    O4 - HKLM\..\Run: [Lcf] C:\WINDOWS\System32\Bus.exe
    O4 - HKLM\..\Run: [Roa] C:\WINDOWS\System32\Hoj.exe
    O4 - HKLM\..\Run: [Osh] C:\WINDOWS\System32\Tng.exe
    O4 - HKLM\..\Run: [Guc] C:\WINDOWS\Udi.exe
    O4 - HKLM\..\Run: [Ibg] C:\WINDOWS\System32\Qaa.exe
    O4 - HKLM\..\Run: [Svr] C:\WINDOWS\Ibn.exe
    O4 - HKLM\..\Run: [Bvp] C:\WINDOWS\System32\Mph.exe
    O4 - HKLM\..\Run: [Rcg] C:\WINDOWS\Mkn.exe
    O4 - HKLM\..\Run: [Gql] C:\WINDOWS\System32\Oot.exe
    O4 - HKLM\..\Run: [Pra] C:\WINDOWS\Dhl.exe
    O4 - HKLM\..\Run: [Shell] open32.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Suf] C:\WINDOWS\System32\Bkf.exe
    O4 - HKCU\..\Run: [Lil] C:\WINDOWS\System32\Ecv.exe
    O4 - HKCU\..\Run: [Kcv] C:\WINDOWS\System32\Eth.exe
    O4 - HKCU\..\Run: [Ccr] C:\WINDOWS\System32\Hcm.exe
    O4 - HKCU\..\Run: [Kfd] C:\WINDOWS\Lvq.exe
    O4 - HKCU\..\Run: [Lcf] C:\WINDOWS\System32\Bus.exe
    O4 - HKCU\..\Run: [Roa] C:\WINDOWS\System32\Hoj.exe
    O4 - HKCU\..\Run: [Osh] C:\WINDOWS\System32\Tng.exe
    O4 - HKCU\..\Run: [Guc] C:\WINDOWS\Udi.exe
    O4 - HKCU\..\Run: [Ibg] C:\WINDOWS\System32\Qaa.exe
    O4 - HKCU\..\Run: [Svr] C:\WINDOWS\Ibn.exe
    O4 - HKCU\..\Run: [Bvp] C:\WINDOWS\System32\Mph.exe
    O4 - HKCU\..\Run: [Rcg] C:\WINDOWS\Mkn.exe
    O4 - HKCU\..\Run: [Gql] C:\WINDOWS\System32\Oot.exe
    O4 - HKCU\..\Run: [Pra] C:\WINDOWS\Dhl.exe
    O4 - Startup: winupdate67070701[1].exe
    O4 - Startup: winupdate67898385[1].exe
    O4 - Startup: winupdate81090145[1].exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O15 - Trusted Zone: *.horse-active.net
    O15 - Trusted Zone: *.skoobidoo.com
    O15 - Trusted Zone: *.slotchbar.com
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.horse-active.net (HKLM)
    O15 - Trusted Zone: *.skoobidoo.com (HKLM)
    O15 - Trusted Zone: *.slotchbar.com (HKLM)
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted IP range: 64.62.171.156
    O15 - Trusted IP range: (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab30149.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c8.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,673
    Run this uninstaller:

    http://sarc.com/avcenter/venc/data/adware.istbar.html

    Go to Control Panel - Add/Remove programs and remove the following, if there:

    Viewpoint
    AWS (WeatherBug
    WildTangent
    Media Access


    Rescan with Hijack This, close all browser windows except Hijack This, put a check mark beside these entries and click “fix checked”.

    O2 - BHO: (no name) - {6C07C118-09D3-4869-83B6-FC05F6759A88} - C:\WINDOWS\System32\inni.dll (file missing)

    O4 - HKLM\..\Run: [ikvl8ÏÔ@ÔÁß]§ú" ü‰üžC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mjgpd.exe

    O4 - HKLM\..\Run: [¢‰¸K0¨4W
    }ïÁz î¬[ 8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mjgpd.exe

    O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú" ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mjgpd.exe

    O4 - HKLM\..\Run: [¢‰¸K0ÔÁß]§ú" ü‰üžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mjgpd.exe

    O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú" ü‰¸K0C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mjgpd.exe

    O4 - HKLM\..\Run: [ynmjetkd] C:\WINDOWS\ynmjetkd.exe

    O4 - HKLM\..\Run: [ikvl8ÏÔÁß]§ú" ü‰üžigC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mjgpd.exe

    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    O4 - HKLM\..\Run: [¢‰¸K0¨4W
    }ïÁz îžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mjgpd.exe

    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

    O4 - HKLM\..\Run: [Suf] C:\WINDOWS\System32\Bkf.exe

    O4 - HKLM\..\Run: [Lil] C:\WINDOWS\System32\Ecv.exe

    O4 - HKLM\..\Run: [Kcv] C:\WINDOWS\System32\Eth.exe

    O4 - HKLM\..\Run: [Ccr] C:\WINDOWS\System32\Hcm.exe

    O4 - HKLM\..\Run: [Kfd] C:\WINDOWS\Lvq.exe

    O4 - HKLM\..\Run: [Lcf] C:\WINDOWS\System32\Bus.exe

    O4 - HKLM\..\Run: [Roa] C:\WINDOWS\System32\Hoj.exe

    O4 - HKLM\..\Run: [Osh] C:\WINDOWS\System32\Tng.exe

    O4 - HKLM\..\Run: [Guc] C:\WINDOWS\Udi.exe

    O4 - HKLM\..\Run: [Ibg] C:\WINDOWS\System32\Qaa.exe

    O4 - HKLM\..\Run: [Svr] C:\WINDOWS\Ibn.exe

    O4 - HKLM\..\Run: [Bvp] C:\WINDOWS\System32\Mph.exe

    O4 - HKLM\..\Run: [Rcg] C:\WINDOWS\Mkn.exe

    O4 - HKLM\..\Run: [Gql] C:\WINDOWS\System32\Oot.exe

    O4 - HKLM\..\Run: [Pra] C:\WINDOWS\Dhl.exe

    O4 - HKLM\..\Run: [Shell] open32.exe

    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

    O4 - HKCU\..\Run: [Suf] C:\WINDOWS\System32\Bkf.exe

    O4 - HKCU\..\Run: [Lil] C:\WINDOWS\System32\Ecv.exe

    O4 - HKCU\..\Run: [Kcv] C:\WINDOWS\System32\Eth.exe

    O4 - HKCU\..\Run: [Ccr] C:\WINDOWS\System32\Hcm.exe

    O4 - HKCU\..\Run: [Kfd] C:\WINDOWS\Lvq.exe

    O4 - HKCU\..\Run: [Lcf] C:\WINDOWS\System32\Bus.exe

    O4 - HKCU\..\Run: [Roa] C:\WINDOWS\System32\Hoj.exe

    O4 - HKCU\..\Run: [Osh] C:\WINDOWS\System32\Tng.exe

    O4 - HKCU\..\Run: [Guc] C:\WINDOWS\Udi.exe

    O4 - HKCU\..\Run: [Ibg] C:\WINDOWS\System32\Qaa.exe

    O4 - HKCU\..\Run: [Svr] C:\WINDOWS\Ibn.exe

    O4 - HKCU\..\Run: [Bvp] C:\WINDOWS\System32\Mph.exe

    O4 - HKCU\..\Run: [Rcg] C:\WINDOWS\Mkn.exe

    O4 - HKCU\..\Run: [Gql] C:\WINDOWS\System32\Oot.exe

    O4 - HKCU\..\Run: [Pra] C:\WINDOWS\Dhl.exe

    O4 - Startup: winupdate67070701[1].exe

    O4 - Startup: winupdate67898385[1].exe

    O4 - Startup: winupdate81090145[1].exe

    O4 - Global Startup: Exif Launcher.lnk = ?

    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

    O15 - Trusted Zone: *.horse-active.net
    O15 - Trusted Zone: *.skoobidoo.com
    O15 - Trusted Zone: *.slotchbar.com
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.horse-active.net (HKLM)
    O15 - Trusted Zone: *.skoobidoo.com (HKLM)
    O15 - Trusted Zone: *.slotchbar.com (HKLM)
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted IP range: 64.62.171.156
    O15 - Trusted IP range: (HKLM)

    OO16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6...e/bridge-c8.cab

    O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx


    Then boot to safe mode (see how below), locate and delete these files and/or folders:

    C:\Program Files\ISTsvc - folder
    C:\WINDOWS\mjgpd.exe - file
    C:\Program C:\WINDOWS\ynmjetkd.exe - file
    C:\Program Files\Viewpoint - folder
    C:\Program Files\ISTsvc - folder
    C:\Program Files\Media Access - folder
    C:\Program Files\WildTangent - folder
    C:\WINDOWS\System32\Bkf.exe - file
    C:\WINDOWS\System32\Ecv.exe - file
    C:\WINDOWS\System32\Eth.exe - file
    C:\WINDOWS\System32\Hcm.exe - file
    C:\WINDOWS\Lvq.exe - file
    C:\WINDOWS\System32\Bus.exe - file
    C:\WINDOWS\System32\Hoj.exe - file
    C:\WINDOWS\System32\Tng.exe - file
    C:\WINDOWS\Udi.exe - file
    C:\WINDOWS\System32\Qaa.exe- file
    C:\WINDOWS\Ibn.exe - file
    C:\WINDOWS\System32\Mph.exe - file
    C:\WINDOWS\Mkn.exe - file
    C:\WINDOWS\System32\Oot.exe - file
    C:\WINDOWS\Dhl.exe - file
    open32.exe - file
    C:\Program Files\AWS - folder
    C:\WINDOWS\System32\Bkf.exe - file
    C:\WINDOWS\System32\Ecv.exe - file
    C:\WINDOWS\System32\Eth.exe - file
    C:\WINDOWS\System32\Hcm.exe - file
    C:\WINDOWS\Lvq.exe - file
    C:\WINDOWS\System32\Bus.exe - file
    C:\WINDOWS\System32\Hoj.exe - file
    C:\WINDOWS\System32\Tng.exe - file
    C:\WINDOWS\Udi.exe - file
    C:\WINDOWS\System32\Qaa.exe - file
    C:\WINDOWS\Ibn.exe - file
    C:\WINDOWS\System32\Mph.exe - file
    C:\WINDOWS\Mkn.exe - file
    C:\WINDOWS\System32\Oot.exe - file
    C:\WINDOWS\Dhl.exe - file
    C:\PROGRA~1\AWS - folder

    How to restart to safe mode:
    http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam

    Because XP will not always show you hidden files and folders by default, Go to Start - Search and under "More advanced search options". Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

    Next click on My Computer. Go to Tools - Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types". Now click "Apply to all folders"
    Click "Apply" then "OK"

    Is there more than one user profile on this machine?

    Reboot and post another Hijack This log please.
     
  11. cwelaw

    cwelaw Thread Starter

    Joined:
    Jul 30, 2004
    Messages:
    67
    Good Morning. The Symantec uninstaller page is "temporarily unavailable." Will keep checking back to that page to run it. Can I do the rest and then do the uninstaller later?
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,673
    Yes, go ahead.
     
  13. cwelaw

    cwelaw Thread Starter

    Joined:
    Jul 30, 2004
    Messages:
    67
    Still can't get on the Symantec removal tool site. Did the rest of the instructions, noting though that some of the files/folders could not be found. I did have the hidden, system and protected system files/folders shown. Thanks so far, and look forward to what's next. Couple of items I would like to mention are that after I ran Spywad, some of the problems went away, only to return later and I can't get anything to happen when I right click on the mouse. Here's the HJT

    Logfile of HijackThis v1.99.1
    Scan saved at 10:57:39 AM, on 4/24/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\WINDOWS\System32\Kci.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\User\Start Menu\Programs\Startup\winupdate67070701[1].exe
    C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\hijackthis\HijackThis program 4-23-5.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ikvl895] C:\WINDOWS\mjgpd.exe
    O4 - HKLM\..\Run: [Can] C:\WINDOWS\System32\Kci.exe
    O4 - HKLM\..\Run: [Gut] C:\WINDOWS\Hhi.exe
    O4 - HKLM\..\Run: [Tad] C:\WINDOWS\Dkc.exe
    O4 - HKLM\..\Run: [Fus] C:\WINDOWS\System32\Jdh.exe
    O4 - HKLM\..\Run: [Rmo] C:\WINDOWS\Oal.exe
    O4 - HKLM\..\Run: [Rpi] C:\WINDOWS\System32\Nph.exe
    O4 - HKLM\..\Run: [Ilc] C:\WINDOWS\System32\Gds.exe
    O4 - HKLM\..\Run: [Rta] C:\WINDOWS\System32\Ksv.exe
    O4 - HKLM\..\Run: [Lmv] C:\WINDOWS\Fcs.exe
    O4 - HKLM\..\Run: [Etk] C:\WINDOWS\Ham.exe
    O4 - HKLM\..\Run: [Vad] C:\WINDOWS\System32\Fjn.exe
    O4 - HKLM\..\Run: [Rgb] C:\WINDOWS\System32\Rha.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Can] C:\WINDOWS\System32\Kci.exe
    O4 - HKCU\..\Run: [Gut] C:\WINDOWS\Hhi.exe
    O4 - HKCU\..\Run: [Tad] C:\WINDOWS\Dkc.exe
    O4 - HKCU\..\Run: [Fus] C:\WINDOWS\System32\Jdh.exe
    O4 - HKCU\..\Run: [Rmo] C:\WINDOWS\Oal.exe
    O4 - HKCU\..\Run: [Rpi] C:\WINDOWS\System32\Nph.exe
    O4 - HKCU\..\Run: [Ilc] C:\WINDOWS\System32\Gds.exe
    O4 - HKCU\..\Run: [Rta] C:\WINDOWS\System32\Ksv.exe
    O4 - HKCU\..\Run: [Lmv] C:\WINDOWS\Fcs.exe
    O4 - HKCU\..\Run: [Etk] C:\WINDOWS\Ham.exe
    O4 - HKCU\..\Run: [Vad] C:\WINDOWS\System32\Fjn.exe
    O4 - HKCU\..\Run: [Rgb] C:\WINDOWS\System32\Rha.exe
    O4 - Startup: winupdate67070701[1].exe
    O4 - Startup: winupdate67898385[1].exe
    O4 - Startup: winupdate81090145[1].exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab30149.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,673
    The right click is a known problem with this infection and there is a fix for that to be done later.

    First we need to clean up every user. Are there other users?
     
  15. cwelaw

    cwelaw Thread Starter

    Joined:
    Jul 30, 2004
    Messages:
    67
    Sorry, no other user profiles on this machine
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/355665