Post by: LJULICH on April 13, 2005, 08:21:13 PM
I posted just a little while ago. I noticed that you may be available to help my ...well...I know...simple question. I know you are a busy guy......Just so wanting to get rid of this Bad Boy.
Thank you for helping us ALL
Post by: guestolo on April 13, 2005, 08:28:32 PM
I'll try and help when I can
Instructions Here (http://\"http://www.thetechguide.com/forum/index.php?showtopic=14623\")
Post by: LJULICH on April 13, 2005, 09:30:41 PM
here is my run..............
Logfile of HijackThis v1.99.1
Scan saved at 9:26:41 PM, on 4/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ISS\BlackICE\blackice.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Outlook Express\msimn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\winsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\LEOJUL~1\LOCALS~1\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?division=90 (http://\"http://www.rr.com/flash/index.cfm?division=90\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - Startup: WindowsUpdate43618[1].exe
O4 - Startup: winupdate59046366[1].exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://images.photogra.com/PhotoX/BPImageEditor.cab (http://\"http://images.photogra.com/PhotoX/BPImageEditor.cab\")
O16 - DPF: {69432678-2906-2705-1128-068943397621} -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab (http://\"http://www3.ca.com/securityadvisor/virusinfo/webscan.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab\")
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Windows update Service (updater) - Unknown owner - C:\WINDOWS\system32\winsvc.exe
Thank you for your help...
/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />)
Post by: guestolo on April 13, 2005, 09:47:23 PM
In the meantime, can you go back to that link and follow the directions to make a permanent folder for Hijackthis
As you can see your running from a temp directory
C:\DOCUME~1\LEOJUL~1\LOCALS~1\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe
Remember to choose save to disk, rather than open when downloading a zip file
The .exe version can be found in my signature
Post back with a fresh log from the one saved to a permanent folder, thanks
Post by: Guest_LJULICH_* on April 14, 2005, 07:55:29 AM
Logfile of HijackThis v1.99.1
Scan saved at 7:50:36 AM, on 4/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ISS\BlackICE\blackice.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Outlook Express\msimn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\winsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\LEOJUL~1\LOCALS~1\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?division=90 (http://\"http://www.rr.com/flash/index.cfm?division=90\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - Startup: WindowsUpdate43618[1].exe
O4 - Startup: winupdate59046366[1].exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://images.photogra.com/PhotoX/BPImageEditor.cab (http://\"http://images.photogra.com/PhotoX/BPImageEditor.cab\")
O16 - DPF: {69432678-2906-2705-1128-068943397621} -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab (http://\"http://www3.ca.com/securityadvisor/virusinfo/webscan.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab\")
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Windows update Service (updater) - Unknown owner - C:\WINDOWS\system32\winsvc.exe
Off to work....thanks for all your help!!
Post by: guestolo on April 14, 2005, 10:41:11 PM
Double Click "MY Computer"
Open your>> C: drive
Click "File" >>> "New" >>>> "Folder"
A new folder will be created, name it HJT
Now you will have C:\HJT
This is important because HijackThis makes backups to that same folder
Download, from my signature below Hijackthis.exe and save it to that new folder
After that is done
===Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup (http://\"http://www.antispyware.nextdesigns.net/installs/cleanup.php?type=exe\")
Install for now, don't run a scan yet
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Please Print this out or save these instructions to a Notepad file and save it to your Desktop
RESTART your Computer in SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=4#_Section4\")
You can do this by tapping the F8 key as the system is restarting, after the single post beep, or use the link
I supplied for a more detailed explanation
==Next: Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- Windows update Service
Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
Find and delete these files if found
C:\WINDOWS\system32\winsvc.exe <-file
C:\WINDOWS\system32\wldr.dll <-file
C:\WINDOWS\Desktop.html <-file
C:\WINDOWS\Web\Desktop.html <-file
C:\Documents and Settings\<Your User>\Start Menu\Programs\Startup\WindowsUpdate43618[1].exe <-file
C:\Documents and Settings\<Your User>\Start Menu\Programs\Startup\winupdate59046366[1].exe <-file
Stay in safe mode
Do another scan with Hijackthis and put a check next to these entries:
Not all may be found, but fix what you find
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O4 - Startup: WindowsUpdate43618[1].exe
O4 - Startup: winupdate59046366[1].exe
O9 - Extra button: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O16 - DPF: {69432678-2906-2705-1128-068943397621} -
O23 - Service: Windows update Service (updater) - Unknown owner - C:\WINDOWS\system32\winsvc.exe
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
Don't log off or restart yet
Instead
Go to START>>RUN>>type in
msconfig
Select Normal Startup and Apply it and close
Restart back to Normal mode
Don't open a browser yet
Do the following
1. Open the Control Panel.
2. Open Display Properties.
3. Click the Desktop tab.
4. Click the Customize Desktop button.
5. Click the Web tab in the Desktop Items window.
6. Make sure all checkboxes in this window are un-checked.
OK your way out
Log off your user account and log back on again if anything unchecked
Run another scan with Hijackthis and post the log
Let me know of any problems, please post to this thread, thanks
Post by: Guest_LJULICH_* on April 15, 2005, 01:08:11 PM
It has been so long since I had right click capability...I forgot if I right click on desktop icons should it work? Well it doesn't. Just let me know if it should and how I may fix that.
Here is my Hijackthis latest log:
Logfile of HijackThis v1.99.1
Scan saved at 1:04:52 PM, on 4/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?division=90 (http://\"http://www.rr.com/flash/index.cfm?division=90\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Vsa] C:\WINDOWS\System32\Jnk.exe
O4 - HKLM\..\Run: [Vrh] C:\WINDOWS\Vjt.exe
O4 - HKLM\..\Run: [Vlv] C:\WINDOWS\System32\Ssc.exe
O4 - HKLM\..\Run: [Vko] C:\WINDOWS\System32\Vop.exe
O4 - HKLM\..\Run: [Vki] C:\WINDOWS\Meq.exe
O4 - HKLM\..\Run: [Vjl] C:\WINDOWS\System32\Con.exe
O4 - HKLM\..\Run: [Vio] C:\WINDOWS\System32\Eoq.exe
O4 - HKLM\..\Run: [Vig] C:\WINDOWS\System32\Thk.exe
O4 - HKLM\..\Run: [Vek] C:\WINDOWS\Faf.exe
O4 - HKLM\..\Run: [Vdo] C:\WINDOWS\System32\Svn.exe
O4 - HKLM\..\Run: [Vcg] C:\WINDOWS\System32\Pnt.exe
O4 - HKLM\..\Run: [Vbn] C:\WINDOWS\Jqa.exe
O4 - HKLM\..\Run: [Uvf] C:\WINDOWS\Aas.exe
O4 - HKLM\..\Run: [Uri] C:\WINDOWS\Njs.exe
O4 - HKLM\..\Run: [Uov] C:\WINDOWS\System32\Esb.exe
O4 - HKLM\..\Run: [Unq] C:\WINDOWS\System32\Don.exe
O4 - HKLM\..\Run: [Una] C:\WINDOWS\Jds.exe
O4 - HKLM\..\Run: [Ukt] C:\WINDOWS\Pqf.exe
O4 - HKLM\..\Run: [Uic] C:\WINDOWS\System32\Chb.exe
O4 - HKLM\..\Run: [Uib] C:\WINDOWS\System32\Cor.exe
O4 - HKLM\..\Run: [Ufb] C:\WINDOWS\Fjv.exe
O4 - HKLM\..\Run: [Ueu] C:\WINDOWS\System32\Cid.exe
O4 - HKLM\..\Run: [Ucc] C:\WINDOWS\System32\Pco.exe
O4 - HKLM\..\Run: [Uba] C:\WINDOWS\Dia.exe
O4 - HKLM\..\Run: [Uap] C:\WINDOWS\Lfa.exe
O4 - HKLM\..\Run: [Uaa] C:\WINDOWS\System32\Rur.exe
O4 - HKLM\..\Run: [Tuq] C:\WINDOWS\Tom.exe
O4 - HKLM\..\Run: [Tun] C:\WINDOWS\Cqe.exe
O4 - HKLM\..\Run: [Tsr] C:\WINDOWS\Hst.exe
O4 - HKLM\..\Run: [Tsq] C:\WINDOWS\System32\Sds.exe
O4 - HKLM\..\Run: [Tsn] C:\WINDOWS\System32\Qvh.exe
O4 - HKLM\..\Run: [Tpp] C:\WINDOWS\Tem.exe
O4 - HKLM\..\Run: [Tou] C:\WINDOWS\Irg.exe
O4 - HKLM\..\Run: [Tmn] C:\WINDOWS\Qjv.exe
O4 - HKLM\..\Run: [Tld] C:\WINDOWS\System32\Vnm.exe
O4 - HKLM\..\Run: [Tkt] C:\WINDOWS\Qck.exe
O4 - HKLM\..\Run: [Tjc] C:\WINDOWS\Avu.exe
O4 - HKLM\..\Run: [Tgg] C:\WINDOWS\Giv.exe
O4 - HKLM\..\Run: [Tgd] C:\WINDOWS\Mvu.exe
O4 - HKLM\..\Run: [Tel] C:\WINDOWS\System32\Fmh.exe
O4 - HKLM\..\Run: [Tea] C:\WINDOWS\Gom.exe
O4 - HKLM\..\Run: [Tac] C:\WINDOWS\System32\Ehn.exe
O4 - HKLM\..\Run: [Svn] C:\WINDOWS\Uie.exe
O4 - HKLM\..\Run: [Stu] C:\WINDOWS\Ogj.exe
O4 - HKLM\..\Run: [Sts] C:\WINDOWS\Jcl.exe
O4 - HKLM\..\Run: [Std] C:\WINDOWS\Djq.exe
O4 - HKLM\..\Run: [Ssm] C:\WINDOWS\Eqn.exe
O4 - HKLM\..\Run: [Sqq] C:\WINDOWS\Jfh.exe
O4 - HKLM\..\Run: [Sqn] C:\WINDOWS\System32\Qvr.exe
O4 - HKLM\..\Run: [Sov] C:\WINDOWS\Erq.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Slp] C:\WINDOWS\Lgk.exe
O4 - HKLM\..\Run: [Skr] C:\WINDOWS\Cum.exe
O4 - HKLM\..\Run: [Skn] C:\WINDOWS\System32\Ncm.exe
O4 - HKLM\..\Run: [Skm] C:\WINDOWS\System32\Duo.exe
O4 - HKLM\..\Run: [Sji] C:\WINDOWS\Gvl.exe
O4 - HKLM\..\Run: [Sio] C:\WINDOWS\System32\Ums.exe
O4 - HKLM\..\Run: [Sim] C:\WINDOWS\System32\Tgk.exe
O4 - HKLM\..\Run: [Sil] C:\WINDOWS\Jnl.exe
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [See] C:\WINDOWS\System32\Unu.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Seb] C:\WINDOWS\System32\Ndj.exe
O4 - HKLM\..\Run: [Scr] C:\WINDOWS\Fqb.exe
O4 - HKLM\..\Run: [Sbl] C:\WINDOWS\System32\Teo.exe
O4 - HKLM\..\Run: [Sbk] C:\WINDOWS\System32\Opa.exe
O4 - HKLM\..\Run: [Rvo] C:\WINDOWS\Nae.exe
O4 - HKLM\..\Run: [Rsl] C:\WINDOWS\System32\Jpr.exe
O4 - HKLM\..\Run: [Rpk] C:\WINDOWS\Uii.exe
O4 - HKLM\..\Run: [Rpi] C:\WINDOWS\System32\Llc.exe
O4 - HKLM\..\Run: [Rou] C:\WINDOWS\Lki.exe
O4 - HKLM\..\Run: [Rmt] C:\WINDOWS\Fai.exe
O4 - HKLM\..\Run: [Rlj] C:\WINDOWS\System32\Uhj.exe
O4 - HKLM\..\Run: [Rjk] C:\WINDOWS\Qre.exe
O4 - HKLM\..\Run: [Ria] C:\WINDOWS\System32\Ger.exe
O4 - HKLM\..\Run: [Rhv] C:\WINDOWS\Hnk.exe
O4 - HKLM\..\Run: [Rhr] C:\WINDOWS\Qrj.exe
O4 - HKLM\..\Run: [Rha] C:\WINDOWS\System32\Lvf.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Rcm] C:\WINDOWS\System32\Kal.exe
O4 - HKLM\..\Run: [Rbl] C:\WINDOWS\Utv.exe
O4 - HKLM\..\Run: [Rao] C:\WINDOWS\Tgt.exe
O4 - HKLM\..\Run: [Qvv] C:\WINDOWS\Hpm.exe
O4 - HKLM\..\Run: [Qvr] C:\WINDOWS\Vpf.exe
O4 - HKLM\..\Run: [Qqo] C:\WINDOWS\System32\Pic.exe
O4 - HKLM\..\Run: [Qoo] C:\WINDOWS\System32\Hvc.exe
O4 - HKLM\..\Run: [Qol] C:\WINDOWS\System32\Fme.exe
O4 - HKLM\..\Run: [Qoe] C:\WINDOWS\System32\Nvi.exe
O4 - HKLM\..\Run: [Qnn] C:\WINDOWS\Njf.exe
O4 - HKLM\..\Run: [Qnj] C:\WINDOWS\System32\Cma.exe
O4 - HKLM\..\Run: [Qlt] C:\WINDOWS\Fkh.exe
O4 - HKLM\..\Run: [Qlo] C:\WINDOWS\System32\Kbh.exe
O4 - HKLM\..\Run: [Qle] C:\WINDOWS\Nbc.exe
O4 - HKLM\..\Run: [Qho] C:\WINDOWS\System32\Jsg.exe
O4 - HKLM\..\Run: [Qhc] C:\WINDOWS\System32\Dkb.exe
O4 - HKLM\..\Run: [Pvu] C:\WINDOWS\System32\Mbm.exe
O4 - HKLM\..\Run: [Pts] C:\WINDOWS\Kqf.exe
O4 - HKLM\..\Run: [Pss] C:\WINDOWS\Jek.exe
O4 - HKLM\..\Run: [Pru] C:\WINDOWS\Loj.exe
O4 - HKLM\..\Run:
C:\WINDOWS\System32\Qgu.exe
O4 - HKLM\..\Run: [Ppt] C:\WINDOWS\Eap.exe
O4 - HKLM\..\Run: [Ppd] C:\WINDOWS\System32\Tgp.exe
O4 - HKLM\..\Run: [Pnm] C:\WINDOWS\System32\Cjc.exe
O4 - HKLM\..\Run: [Png] C:\WINDOWS\System32\Akn.exe
O4 - HKLM\..\Run: [Pms] C:\WINDOWS\Ihj.exe
O4 - HKLM\..\Run: [Plq] C:\WINDOWS\System32\Ifu.exe
O4 - HKLM\..\Run: [Plf] C:\WINDOWS\System32\Kul.exe
O4 - HKLM\..\Run: [Pjd] C:\WINDOWS\System32\Msg.exe
O4 - HKLM\..\Run: [Pim] C:\WINDOWS\System32\Mia.exe
O4 - HKLM\..\Run: [Pif] C:\WINDOWS\Kih.exe
O4 - HKLM\..\Run: [Pfa] C:\WINDOWS\System32\Nda.exe
O4 - HKLM\..\Run: [Pct] C:\WINDOWS\Tda.exe
O4 - HKLM\..\Run: [Pcc] C:\WINDOWS\Nap.exe
O4 - HKLM\..\Run: [Pcb] C:\WINDOWS\Hga.exe
O4 - HKLM\..\Run: [Paf] C:\WINDOWS\Hgi.exe
O4 - HKLM\..\Run: [Pae] C:\WINDOWS\Dpv.exe
O4 - HKLM\..\Run: [Oqr] C:\WINDOWS\Vhb.exe
O4 - HKLM\..\Run: [Oqi] C:\WINDOWS\System32\Agk.exe
O4 - HKLM\..\Run: [Oph] C:\WINDOWS\Ftr.exe
O4 - HKLM\..\Run: [Oon] C:\WINDOWS\Dqd.exe
O4 - HKLM\..\Run: [Ooe] C:\WINDOWS\System32\Num.exe
O4 - HKLM\..\Run: [Onu] C:\WINDOWS\System32\Jmh.exe
O4 - HKLM\..\Run: [Omi] C:\WINDOWS\System32\Ons.exe
O4 - HKLM\..\Run: [Oma] C:\WINDOWS\System32\Bka.exe
O4 - HKLM\..\Run: [Ojd] C:\WINDOWS\System32\Npd.exe
O4 - HKLM\..\Run: [Oil] C:\WINDOWS\Ivg.exe
O4 - HKLM\..\Run: [Oik] C:\WINDOWS\Sra.exe
O4 - HKLM\..\Run: [Oic] C:\WINDOWS\System32\Jmj.exe
O4 - HKLM\..\Run: [Ogj] C:\WINDOWS\System32\Hev.exe
O4 - HKLM\..\Run: [Obt] C:\WINDOWS\Sgu.exe
O4 - HKLM\..\Run: [Nuj] C:\WINDOWS\System32\Qte.exe
O4 - HKLM\..\Run: [Ntq] C:\WINDOWS\System32\Jfn.exe
O4 - HKLM\..\Run: [Ntn] C:\WINDOWS\System32\Khr.exe
O4 - HKLM\..\Run: [Nth] C:\WINDOWS\Bgd.exe
O4 - HKLM\..\Run: [Npq] C:\WINDOWS\System32\Ptl.exe
O4 - HKLM\..\Run: [Noc] C:\WINDOWS\Npo.exe
O4 - HKLM\..\Run: [Nob] C:\WINDOWS\Rgc.exe
O4 - HKLM\..\Run: [Nmt] C:\WINDOWS\System32\Jsa.exe
O4 - HKLM\..\Run: [Nig] C:\WINDOWS\Rkq.exe
O4 - HKLM\..\Run: [Ngk] C:\WINDOWS\Vti.exe
O4 - HKLM\..\Run: [Ndf] C:\WINDOWS\System32\Bua.exe
O4 - HKLM\..\Run: [Nbf] C:\WINDOWS\Lld.exe
O4 - HKLM\..\Run: [Nbd] C:\WINDOWS\System32\Ckg.exe
O4 - HKLM\..\Run: [Nam] C:\WINDOWS\System32\Mrg.exe
O4 - HKLM\..\Run: [Mvl] C:\WINDOWS\System32\Ssi.exe
O4 - HKLM\..\Run: [Mua] C:\WINDOWS\Rei.exe
O4 - HKLM\..\Run: [Mst] C:\WINDOWS\Lro.exe
O4 - HKLM\..\Run: [Msj] C:\WINDOWS\Auo.exe
O4 - HKLM\..\Run: [Msb] C:\WINDOWS\Nnm.exe
O4 - HKLM\..\Run: [Mpr] C:\WINDOWS\System32\Oor.exe
O4 - HKLM\..\Run: [Mpb] C:\WINDOWS\System32\Hjr.exe
O4 - HKLM\..\Run: [Mor] C:\WINDOWS\System32\Kiq.exe
O4 - HKLM\..\Run: [Mni] C:\WINDOWS\System32\Eov.exe
O4 - HKLM\..\Run: [Mmk] C:\WINDOWS\Qcc.exe
O4 - HKLM\..\Run: [Mll] C:\WINDOWS\system32\Gqq.exe
O4 - HKLM\..\Run: [Mlb] C:\WINDOWS\Uil.exe
O4 - HKLM\..\Run: [Mjj] C:\WINDOWS\System32\Cap.exe
O4 - HKLM\..\Run: [Mii] C:\WINDOWS\System32\Dnk.exe
O4 - HKLM\..\Run: [Mgv] C:\WINDOWS\Ldo.exe
O4 - HKLM\..\Run: [Met] C:\WINDOWS\Mck.exe
O4 - HKLM\..\Run: [Mdn] C:\WINDOWS\System32\Hgp.exe
O4 - HKLM\..\Run: [Mav] C:\WINDOWS\Gsk.exe
O4 - HKLM\..\Run: [Lvu] C:\WINDOWS\System32\Qsf.exe
O4 - HKLM\..\Run: [Ltt] C:\WINDOWS\Ggc.exe
O4 - HKLM\..\Run: [Lts] C:\WINDOWS\System32\Kkp.exe
O4 - HKLM\..\Run: [Ltl] C:\WINDOWS\Oeb.exe
O4 - HKLM\..\Run: [Lqm] C:\WINDOWS\System32\Rtn.exe
O4 - HKLM\..\Run: [Lqk] C:\WINDOWS\Dkr.exe
O4 - HKLM\..\Run: [Lqj] C:\WINDOWS\Fou.exe
O4 - HKLM\..\Run: [Lpj] C:\WINDOWS\Svn.exe
O4 - HKLM\..\Run: [Lpi] C:\WINDOWS\System32\Iup.exe
O4 - HKLM\..\Run: [Lor] C:\WINDOWS\Htk.exe
O4 - HKLM\..\Run: [Lob] C:\WINDOWS\Nkq.exe
O4 - HKLM\..\Run: [Lmu] C:\WINDOWS\System32\Aqu.exe
O4 - HKLM\..\Run: [Lmj] C:\WINDOWS\System32\Pbg.exe
O4 - HKLM\..\Run: [Ljv] C:\WINDOWS\System32\Shv.exe
O4 - HKLM\..\Run: [Ljq] C:\WINDOWS\System32\Sum.exe
O4 - HKLM\..\Run: [Lil] C:\WINDOWS\Utu.exe
O4 - HKLM\..\Run: [Lhr] C:\WINDOWS\System32\Bra.exe
O4 - HKLM\..\Run: [Lgp] C:\WINDOWS\Trd.exe
O4 - HKLM\..\Run: [Lgg] C:\WINDOWS\System32\Reh.exe
O4 - HKLM\..\Run: [Lfs] C:\WINDOWS\System32\Gtk.exe
O4 - HKLM\..\Run: [Leh] C:\WINDOWS\System32\Okn.exe
O4 - HKLM\..\Run: [Ldq] C:\WINDOWS\Oft.exe
O4 - HKLM\..\Run: [Ldp] C:\WINDOWS\System32\Ich.exe
O4 - HKLM\..\Run: [Ldm] C:\WINDOWS\Lqe.exe
O4 - HKLM\..\Run: [Lbq] C:\WINDOWS\System32\Cal.exe
O4 - HKLM\..\Run: [Kvr] C:\WINDOWS\Lri.exe
O4 - HKLM\..\Run: [Kui] C:\WINDOWS\System32\Ceh.exe
O4 - HKLM\..\Run: [Kuc] C:\WINDOWS\System32\Euv.exe
O4 - HKLM\..\Run: [Ktp] C:\WINDOWS\Lsu.exe
O4 - HKLM\..\Run: [Ksn] C:\WINDOWS\Grp.exe
O4 - HKLM\..\Run: [Kpt] C:\WINDOWS\System32\Ecf.exe
O4 - HKLM\..\Run: [Kpm] C:\WINDOWS\System32\Jbc.exe
O4 - HKLM\..\Run: [Kpe] C:\WINDOWS\Kkd.exe
O4 - HKLM\..\Run: [Kpd] C:\WINDOWS\System32\Qnv.exe
O4 - HKLM\..\Run: [Kms] C:\WINDOWS\System32\Vld.exe
O4 - HKLM\..\Run: [Klq] C:\WINDOWS\System32\Cnh.exe
O4 - HKLM\..\Run: [Kis] C:\WINDOWS\Tfe.exe
O4 - HKLM\..\Run: [Kfu] C:\WINDOWS\Ifn.exe
O4 - HKLM\..\Run: [Kfj] C:\WINDOWS\System32\Gam.exe
O4 - HKLM\..\Run: [Kej] C:\WINDOWS\System32\Qci.exe
O4 - HKLM\..\Run: [Kca] C:\WINDOWS\Smi.exe
O4 - HKLM\..\Run: [Kbh] C:\WINDOWS\System32\Osf.exe
O4 - HKLM\..\Run: [Kbb] C:\WINDOWS\System32\Mtm.exe
O4 - HKLM\..\Run: [Kav] C:\WINDOWS\Oia.exe
O4 - HKLM\..\Run: [Jso] C:\WINDOWS\Uih.exe
O4 - HKLM\..\Run: [Jrt] C:\WINDOWS\System32\Rng.exe
O4 - HKLM\..\Run: [Jrk] C:\WINDOWS\System32\Tdp.exe
O4 - HKLM\..\Run: [Jrg] C:\WINDOWS\System32\Khl.exe
O4 - HKLM\..\Run: [Jqt] C:\WINDOWS\System32\Beh.exe
O4 - HKLM\..\Run: [Jqs] C:\WINDOWS\Jhm.exe
O4 - HKLM\..\Run: [Jot] C:\WINDOWS\Cfo.exe
O4 - HKLM\..\Run: [Jna] C:\WINDOWS\System32\Bon.exe
O4 - HKLM\..\Run: [Jmh] C:\WINDOWS\System32\Hvb.exe
O4 - HKLM\..\Run: [Jmg] C:\WINDOWS\Mhg.exe
O4 - HKLM\..\Run: [Jls] C:\WINDOWS\System32\Ahu.exe
O4 - HKLM\..\Run: [Jlq] C:\WINDOWS\Djo.exe
O4 - HKLM\..\Run: [Jlb] C:\WINDOWS\Svf.exe
O4 - HKLM\..\Run: [Jii] C:\WINDOWS\Itk.exe
O4 - HKLM\..\Run: [Jgp] C:\WINDOWS\System32\Vsn.exe
O4 - HKLM\..\Run: [Jda] C:\WINDOWS\Dam.exe
O4 - HKLM\..\Run: [Jbs] C:\WINDOWS\Fmv.exe
O4 - HKLM\..\Run: [Jar] C:\WINDOWS\System32\Fur.exe
O4 - HKLM\..\Run: [Ivp] C:\WINDOWS\System32\Lvr.exe
O4 - HKLM\..\Run: [Ivg] C:\WINDOWS\Tit.exe
O4 - HKLM\..\Run: [Ive] C:\WINDOWS\Bht.exe
O4 - HKLM\..\Run: [Iub] C:\WINDOWS\Ari.exe
O4 - HKLM\..\Run: [Itn] C:\WINDOWS\Acd.exe
O4 - HKLM\..\Run: [Itm] C:\WINDOWS\Lbr.exe
O4 - HKLM\..\Run: [Itj] C:\WINDOWS\System32\Mia.exe
O4 - HKLM\..\Run: [Isc] C:\WINDOWS\Aqc.exe
O4 - HKLM\..\Run: [Ipu] C:\WINDOWS\System32\Gnp.exe
O4 - HKLM\..\Run: [Inf] C:\WINDOWS\Qsf.exe
O4 - HKLM\..\Run: [Iln] C:\WINDOWS\System32\Uuv.exe
O4 - HKLM\..\Run: [Ild] C:\WINDOWS\System32\Ntp.exe
O4 - HKLM\..\Run: [Ifi] C:\WINDOWS\System32\Vmo.exe
O4 - HKLM\..\Run: [Iep] C:\WINDOWS\Khl.exe
O4 - HKLM\..\Run: [Iel] C:\WINDOWS\Fud.exe
O4 - HKLM\..\Run: [Ich] C:\WINDOWS\Lva.exe
O4 - HKLM\..\Run: [Ica] C:\WINDOWS\Meu.exe
O4 - HKLM\..\Run: [Ibu] C:\WINDOWS\Oqd.exe
O4 - HKLM\..\Run: [Ibk] C:\WINDOWS\System32\Qpi.exe
O4 - HKLM\..\Run: [Iah] C:\WINDOWS\System32\Sfj.exe
O4 - HKLM\..\Run: [Hvr] C:\WINDOWS\System32\Ins.exe
O4 - HKLM\..\Run: [Hrs] C:\WINDOWS\System32\Eot.exe
O4 - HKLM\..\Run: [Hrn] C:\WINDOWS\Vdh.exe
O4 - HKLM\..\Run: [Hof] C:\WINDOWS\Mhg.exe
O4 - HKLM\..\Run: [Hmu] C:\WINDOWS\Vqq.exe
O4 - HKLM\..\Run: [Hik] C:\WINDOWS\Oua.exe
O4 - HKLM\..\Run: [Hij] C:\WINDOWS\System32\Cqf.exe
O4 - HKLM\..\Run: [Hif] C:\WINDOWS\System32\Ons.exe
O4 - HKLM\..\Run: [Hhe] C:\WINDOWS\Kfa.exe
O4 - HKLM\..\Run: [Hhb] C:\WINDOWS\Fvb.exe
O4 - HKLM\..\Run: [Hgb] C:\WINDOWS\System32\Tho.exe
O4 - HKLM\..\Run: [Hes] C:\WINDOWS\System32\Fih.exe
O4 - HKLM\..\Run: [Hdk] C:\WINDOWS\System32\Asr.exe
O4 - HKLM\..\Run: [Hce] C:\WINDOWS\System32\Eai.exe
O4 - HKLM\..\Run: [Gvi] C:\WINDOWS\System32\Mvu.exe
O4 - HKLM\..\Run: [Gur] C:\WINDOWS\System32\Der.exe
O4 - HKLM\..\Run: [Guh] C:\WINDOWS\System32\Hof.exe
O4 - HKLM\..\Run: [Gtq] C:\WINDOWS\Qht.exe
O4 - HKLM\..\Run: [Gsc] C:\WINDOWS\Oim.exe
O4 - HKLM\..\Run: [Gru] C:\WINDOWS\System32\Dnt.exe
O4 - HKLM\..\Run: [Grq] C:\WINDOWS\System32\Ian.exe
O4 - HKLM\..\Run: [Gpe] C:\WINDOWS\Agv.exe
O4 - HKLM\..\Run: [Gob] C:\WINDOWS\System32\Mia.exe
O4 - HKLM\..\Run: [Gno] C:\WINDOWS\Buc.exe
O4 - HKLM\..\Run: [Gmt] C:\WINDOWS\System32\Bns.exe
O4 - HKLM\..\Run: [Gmd] C:\WINDOWS\System32\Jbu.exe
O4 - HKLM\..\Run: [Glt] C:\WINDOWS\Lgr.exe
O4 - HKLM\..\Run: [Gle] C:\WINDOWS\Qpt.exe
O4 - HKLM\..\Run: [Gku] C:\WINDOWS\System32\Adl.exe
O4 - HKLM\..\Run: [Ghi] C:\WINDOWS\System32\Mqj.exe
O4 - HKLM\..\Run: [Ggh] C:\WINDOWS\Dkh.exe
O4 - HKLM\..\Run: [Gfs] C:\WINDOWS\System32\Mal.exe
O4 - HKLM\..\Run: [Fvg] C:\WINDOWS\System32\Pun.exe
O4 - HKLM\..\Run: [Fvb] C:\WINDOWS\Ccp.exe
O4 - HKLM\..\Run: [Fuv] C:\WINDOWS\System32\Vha.exe
O4 - HKLM\..\Run: [Fua] C:\WINDOWS\System32\Ogh.exe
O4 - HKLM\..\Run: [Ftn] C:\WINDOWS\System32\Mqu.exe
O4 - HKLM\..\Run: [Fsj] C:\WINDOWS\Equ.exe
O4 - HKLM\..\Run: [Fqo] C:\WINDOWS\System32\Dmc.exe
O4 - HKLM\..\Run: [Fpv] C:\WINDOWS\System32\Fik.exe
O4 - HKLM\..\Run: [Fna] C:\WINDOWS\System32\Pmc.exe
O4 - HKLM\..\Run: [Flv] C:\WINDOWS\System32\Gkf.exe
O4 - HKLM\..\Run: [Flh] C:\WINDOWS\Oha.exe
O4 - HKLM\..\Run: [Fea] C:\WINDOWS\System32\Gta.exe
O4 - HKLM\..\Run: [Ete] C:\WINDOWS\System32\Duh.exe
O4 - HKLM\..\Run: [Ere] C:\WINDOWS\System32\Bgi.exe
O4 - HKLM\..\Run: [Eqp] C:\WINDOWS\System32\Tdb.exe
O4 - HKLM\..\Run: [Epi] C:\WINDOWS\System32\Ujn.exe
O4 - HKLM\..\Run: [Ekr] C:\WINDOWS\System32\Sib.exe
O4 - HKLM\..\Run: [Eje] C:\WINDOWS\Oqj.exe
O4 - HKLM\..\Run: [Eii] C:\WINDOWS\System32\Jqv.exe
O4 - HKLM\..\Run: [Ege] C:\WINDOWS\System32\Ruv.exe
O4 - HKLM\..\Run: [Ecq] C:\WINDOWS\System32\Tel.exe
O4 - HKLM\..\Run: [Dsr] C:\WINDOWS\system32\Ruo.exe
O4 - HKLM\..\Run: [Dsl] C:\WINDOWS\System32\Lno.exe
O4 - HKLM\..\Run: [Drb] C:\WINDOWS\Rka.exe
O4 - HKLM\..\Run: [Dob] C:\WINDOWS\System32\Ulc.exe
O4 - HKLM\..\Run: [Dnd] C:\WINDOWS\System32\Ran.exe
O4 - HKLM\..\Run: [Dlv] C:\WINDOWS\System32\Cbr.exe
O4 - HKLM\..\Run: [Djh] C:\WINDOWS\System32\Hdr.exe
O4 - HKLM\..\Run: [Dhv] C:\WINDOWS\System32\Eii.exe
O4 - HKLM\..\Run: [Dhk] C:\WINDOWS\Fvh.exe
O4 - HKLM\..\Run: [Dfh] C:\WINDOWS\System32\Ncf.exe
O4 - HKLM\..\Run: [Daf] C:\WINDOWS\System32\Isl.exe
O4 - HKLM\..\Run: [Cvj] C:\WINDOWS\System32\Est.exe
O4 - HKLM\..\Run: [Cvc] C:\WINDOWS\System32\Qls.exe
O4 - HKLM\..\Run: [Ctn] C:\WINDOWS\System32\Aeo.exe
O4 - HKLM\..\Run: [Cta] C:\WINDOWS\System32\Bkl.exe
O4 - HKLM\..\Run: [Csv] C:\WINDOWS\Kvr.exe
O4 - HKLM\..\Run: [Csq] C:\WINDOWS\Dcm.exe
O4 - HKLM\..\Run: [Cov] C:\WINDOWS\System32\Tql.exe
O4 - HKLM\..\Run: [Cot] C:\WINDOWS\System32\Rhr.exe
O4 - HKLM\..\Run: [Cnv] C:\WINDOWS\Jkd.exe
O4 - HKLM\..\Run: [Ckr] C:\WINDOWS\System32\Rnh.exe
O4 - HKLM\..\Run: [Ckl] C:\WINDOWS\System32\Btm.exe
O4 - HKLM\..\Run: [Cho] C:\WINDOWS\System32\Hfg.exe
O4 - HKLM\..\Run: [Cfk] C:\WINDOWS\System32\Urg.exe
O4 - HKLM\..\Run: [Cen] C:\WINDOWS\System32\Qrf.exe
O4 - HKLM\..\Run: [Cdq] C:\WINDOWS\System32\Rbf.exe
O4 - HKLM\..\Run: [Cbo] C:\WINDOWS\System32\Krd.exe
O4 - HKLM\..\Run: [Cbf] C:\WINDOWS\System32\Urb.exe
O4 - HKLM\..\Run: [Bnh] C:\WINDOWS\System32\Qss.exe
O4 - HKLM\..\Run: [Bml] C:\WINDOWS\System32\Bvn.exe
O4 - HKLM\..\Run: [Blv] C:\WINDOWS\System32\Rgl.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Blk] C:\WINDOWS\System32\Vdt.exe
O4 - HKLM\..\Run: [Bkv] C:\WINDOWS\Bts.exe
O4 - HKLM\..\Run: [Bjf] C:\WINDOWS\System32\Oln.exe
O4 - HKLM\..\Run: [Bim] C:\WINDOWS\Ltf.exe
O4 - HKLM\..\Run: [Bij] C:\WINDOWS\Ann.exe
O4 - HKLM\..\Run: [Bht] C:\WINDOWS\Gtc.exe
O4 - HKLM\..\Run: [Bdv] C:\WINDOWS\Kae.exe
O4 - HKLM\..\Run: [Bcq] C:\WINDOWS\Qbe.exe
O4 - HKLM\..\Run: [Bbe] C:\WINDOWS\System32\Khg.exe
O4 - HKLM\..\Run: [Avr] C:\WINDOWS\System32\Eaq.exe
O4 - HKLM\..\Run: [Avn] C:\WINDOWS\Dva.exe
O4 - HKLM\..\Run: [Avi] C:\WINDOWS\System32\Ued.exe
O4 - HKLM\..\Run: [Avb] C:\WINDOWS\Lgb.exe
O4 - HKLM\..\Run: [Aum] C:\WINDOWS\System32\Nhh.exe
O4 - HKLM\..\Run: [Ata] C:\WINDOWS\System32\Hoo.exe
O4 - HKLM\..\Run: [Aqt] C:\WINDOWS\System32\Kfo.exe
O4 - HKLM\..\Run: [Aqi] C:\WINDOWS\System32\Fmq.exe
O4 - HKLM\..\Run: [Apf] C:\WINDOWS\Qdu.exe
O4 - HKLM\..\Run: [Aom] C:\WINDOWS\Acr.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Aok] C:\WINDOWS\Sgv.exe
O4 - HKLM\..\Run: [Anm] C:\WINDOWS\System32\Dda.exe
O4 - HKLM\..\Run: [Ane] C:\WINDOWS\System32\Rgc.exe
O4 - HKLM\..\Run: [Akh] C:\WINDOWS\Mcq.exe
O4 - HKLM\..\Run: [Akc] C:\WINDOWS\Rhm.exe
O4 - HKLM\..\Run: [Ajg] C:\WINDOWS\Sge.exe
O4 - HKLM\..\Run: [Ail] C:\WINDOWS\Fan.exe
O4 - HKLM\..\Run: [Ahv] C:\WINDOWS\System32\Fgd.exe
O4 - HKLM\..\Run: [Ago] C:\WINDOWS\System32\Kcq.exe
O4 - HKLM\..\Run: [Aes] C:\WINDOWS\System32\Gpm.exe
O4 - HKLM\..\Run: [Aeg] C:\WINDOWS\System32\Fff.exe
O4 - HKLM\..\Run: [Adm] C:\WINDOWS\System32\Hov.exe
O4 - HKLM\..\Run: [Aal] C:\WINDOWS\Gea.exe
O4 - HKLM\..\Run: [Aai] C:\WINDOWS\System32\Tvi.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://images.photogra.com/PhotoX/BPImageEditor.cab (http://\"http://images.photogra.com/PhotoX/BPImageEditor.cab\")
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab (http://\"http://www3.ca.com/securityadvisor/virusinfo/webscan.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab\")
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
Thanks for your help Questolo
Post by: Guest_LJULICH_* on April 15, 2005, 01:11:05 PM
Post by: Guest_LJULICH_* on April 15, 2005, 02:29:32 PM
Noticed that my original desktop icons are not there. I will try to do shortcuts and put them back on.
Also noticed in Display Properties, Desktop---that I have no control to change background themes, also changing color background sometimes works and sometimes doesn't.
Thanks Loads!!
Post by: Guest_LJULICH_* on April 15, 2005, 02:57:28 PM
When I try to put shortcuts on my desktop----I get double icons.
Please advise.
Post by: Guest_LJULICH_* on April 15, 2005, 03:03:09 PM
Thanks Loads!!
Post by: Guest_LJULICH_* on April 15, 2005, 09:54:56 PM
Post by: guestolo on April 16, 2005, 12:40:44 AM
So you now hav Fixdisply.reg in the same folder
[attachment=146:attachment]
==Download and UNZIP to a folder
HSFIX.zip (http://\"http://www.atribune.org/downloads/HSFix.zip\")
HSFix directory will be created
We'll need this later
I need you to Print the rest of this out or save too a Notepad file for reference
Restart your computer back into Safe mode
Do another scan with Hijackthis and put a check next to these entries:
Could you also look for the files related and delete them if found
Example from the first entry asked to fix
Some I ask to delete may be duplicate entries, but fix what you find
O4 - HKLM\..\Run: [Vsa] C:\WINDOWS\System32\Jnk.exe <-delete this file
O4 - HKLM\..\Run: [Vrh] C:\WINDOWS\Vjt.exe
O4 - HKLM\..\Run: [Vlv] C:\WINDOWS\System32\Ssc.exe
O4 - HKLM\..\Run: [Vko] C:\WINDOWS\System32\Vop.exe
O4 - HKLM\..\Run: [Vki] C:\WINDOWS\Meq.exe
O4 - HKLM\..\Run: [Vjl] C:\WINDOWS\System32\Con.exe
O4 - HKLM\..\Run: [Vio] C:\WINDOWS\System32\Eoq.exe
O4 - HKLM\..\Run: [Vig] C:\WINDOWS\System32\Thk.exe
O4 - HKLM\..\Run: [Vek] C:\WINDOWS\Faf.exe
O4 - HKLM\..\Run: [Vdo] C:\WINDOWS\System32\Svn.exe
O4 - HKLM\..\Run: [Vcg] C:\WINDOWS\System32\Pnt.exe
O4 - HKLM\..\Run: [Vbn] C:\WINDOWS\Jqa.exe
O4 - HKLM\..\Run: [Uvf] C:\WINDOWS\Aas.exe
O4 - HKLM\..\Run: [Uri] C:\WINDOWS\Njs.exe
O4 - HKLM\..\Run: [Uov] C:\WINDOWS\System32\Esb.exe
O4 - HKLM\..\Run: [Unq] C:\WINDOWS\System32\Don.exe
O4 - HKLM\..\Run: [Una] C:\WINDOWS\Jds.exe
O4 - HKLM\..\Run: [Ukt] C:\WINDOWS\Pqf.exe
O4 - HKLM\..\Run: [Uic] C:\WINDOWS\System32\Chb.exe
O4 - HKLM\..\Run: [Uib] C:\WINDOWS\System32\Cor.exe
O4 - HKLM\..\Run: [Ufb] C:\WINDOWS\Fjv.exe
O4 - HKLM\..\Run: [Ueu] C:\WINDOWS\System32\Cid.exe
O4 - HKLM\..\Run: [Ucc] C:\WINDOWS\System32\Pco.exe
O4 - HKLM\..\Run: [Uba] C:\WINDOWS\Dia.exe
O4 - HKLM\..\Run: [Uap] C:\WINDOWS\Lfa.exe
O4 - HKLM\..\Run: [Uaa] C:\WINDOWS\System32\Rur.exe
O4 - HKLM\..\Run: [Tuq] C:\WINDOWS\Tom.exe
O4 - HKLM\..\Run: [Tun] C:\WINDOWS\Cqe.exe
O4 - HKLM\..\Run: [Tsr] C:\WINDOWS\Hst.exe
O4 - HKLM\..\Run: [Tsq] C:\WINDOWS\System32\Sds.exe
O4 - HKLM\..\Run: [Tsn] C:\WINDOWS\System32\Qvh.exe
O4 - HKLM\..\Run: [Tpp] C:\WINDOWS\Tem.exe
O4 - HKLM\..\Run: [Tou] C:\WINDOWS\Irg.exe
O4 - HKLM\..\Run: [Tmn] C:\WINDOWS\Qjv.exe
O4 - HKLM\..\Run: [Tld] C:\WINDOWS\System32\Vnm.exe
O4 - HKLM\..\Run: [Tkt] C:\WINDOWS\Qck.exe
O4 - HKLM\..\Run: [Tjc] C:\WINDOWS\Avu.exe
O4 - HKLM\..\Run: [Tgg] C:\WINDOWS\Giv.exe
O4 - HKLM\..\Run: [Tgd] C:\WINDOWS\Mvu.exe
O4 - HKLM\..\Run: [Tel] C:\WINDOWS\System32\Fmh.exe
O4 - HKLM\..\Run: [Tea] C:\WINDOWS\Gom.exe
O4 - HKLM\..\Run: [Tac] C:\WINDOWS\System32\Ehn.exe
O4 - HKLM\..\Run: [Svn] C:\WINDOWS\Uie.exe
O4 - HKLM\..\Run: [Stu] C:\WINDOWS\Ogj.exe
O4 - HKLM\..\Run: [Sts] C:\WINDOWS\Jcl.exe
O4 - HKLM\..\Run: [Std] C:\WINDOWS\Djq.exe
O4 - HKLM\..\Run: [Ssm] C:\WINDOWS\Eqn.exe
O4 - HKLM\..\Run: [Sqq] C:\WINDOWS\Jfh.exe
O4 - HKLM\..\Run: [Sqn] C:\WINDOWS\System32\Qvr.exe
O4 - HKLM\..\Run: [Sov] C:\WINDOWS\Erq.exe
O4 - HKLM\..\Run: [Slp] C:\WINDOWS\Lgk.exe
O4 - HKLM\..\Run: [Skr] C:\WINDOWS\Cum.exe
O4 - HKLM\..\Run: [Skn] C:\WINDOWS\System32\Ncm.exe
O4 - HKLM\..\Run: [Skm] C:\WINDOWS\System32\Duo.exe
O4 - HKLM\..\Run: [Sji] C:\WINDOWS\Gvl.exe
O4 - HKLM\..\Run: [Sio] C:\WINDOWS\System32\Ums.exe
O4 - HKLM\..\Run: [Sim] C:\WINDOWS\System32\Tgk.exe
O4 - HKLM\..\Run: [Sil] C:\WINDOWS\Jnl.exe
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [See] C:\WINDOWS\System32\Unu.exe
O4 - HKLM\..\Run: [Seb] C:\WINDOWS\System32\Ndj.exe
O4 - HKLM\..\Run: [Scr] C:\WINDOWS\Fqb.exe
O4 - HKLM\..\Run: [Sbl] C:\WINDOWS\System32\Teo.exe
O4 - HKLM\..\Run: [Sbk] C:\WINDOWS\System32\Opa.exe
O4 - HKLM\..\Run: [Rvo] C:\WINDOWS\Nae.exe
O4 - HKLM\..\Run: [Rsl] C:\WINDOWS\System32\Jpr.exe
O4 - HKLM\..\Run: [Rpk] C:\WINDOWS\Uii.exe
O4 - HKLM\..\Run: [Rpi] C:\WINDOWS\System32\Llc.exe
O4 - HKLM\..\Run: [Rou] C:\WINDOWS\Lki.exe
O4 - HKLM\..\Run: [Rmt] C:\WINDOWS\Fai.exe
O4 - HKLM\..\Run: [Rlj] C:\WINDOWS\System32\Uhj.exe
O4 - HKLM\..\Run: [Rjk] C:\WINDOWS\Qre.exe
O4 - HKLM\..\Run: [Ria] C:\WINDOWS\System32\Ger.exe
O4 - HKLM\..\Run: [Rhv] C:\WINDOWS\Hnk.exe
O4 - HKLM\..\Run: [Rhr] C:\WINDOWS\Qrj.exe
O4 - HKLM\..\Run: [Rha] C:\WINDOWS\System32\Lvf.exe
O4 - HKLM\..\Run: [Seb] C:\WINDOWS\System32\Ndj.exe
O4 - HKLM\..\Run: [Scr] C:\WINDOWS\Fqb.exe
O4 - HKLM\..\Run: [Sbl] C:\WINDOWS\System32\Teo.exe
O4 - HKLM\..\Run: [Sbk] C:\WINDOWS\System32\Opa.exe
O4 - HKLM\..\Run: [Rvo] C:\WINDOWS\Nae.exe
O4 - HKLM\..\Run: [Rsl] C:\WINDOWS\System32\Jpr.exe
O4 - HKLM\..\Run: [Rpk] C:\WINDOWS\Uii.exe
O4 - HKLM\..\Run: [Rpi] C:\WINDOWS\System32\Llc.exe
O4 - HKLM\..\Run: [Rou] C:\WINDOWS\Lki.exe
O4 - HKLM\..\Run: [Rmt] C:\WINDOWS\Fai.exe
O4 - HKLM\..\Run: [Rlj] C:\WINDOWS\System32\Uhj.exe
O4 - HKLM\..\Run: [Rjk] C:\WINDOWS\Qre.exe
O4 - HKLM\..\Run: [Ria] C:\WINDOWS\System32\Ger.exe
O4 - HKLM\..\Run: [Rhv] C:\WINDOWS\Hnk.exe
O4 - HKLM\..\Run: [Rhr] C:\WINDOWS\Qrj.exe
O4 - HKLM\..\Run: [Rha] C:\WINDOWS\System32\Lvf.exe
O4 - HKLM\..\Run: [Rcm] C:\WINDOWS\System32\Kal.exe
O4 - HKLM\..\Run: [Rbl] C:\WINDOWS\Utv.exe
O4 - HKLM\..\Run: [Rao] C:\WINDOWS\Tgt.exe
O4 - HKLM\..\Run: [Qvv] C:\WINDOWS\Hpm.exe
O4 - HKLM\..\Run: [Qvr] C:\WINDOWS\Vpf.exe
O4 - HKLM\..\Run: [Qqo] C:\WINDOWS\System32\Pic.exe
O4 - HKLM\..\Run: [Qoo] C:\WINDOWS\System32\Hvc.exe
O4 - HKLM\..\Run: [Qol] C:\WINDOWS\System32\Fme.exe
O4 - HKLM\..\Run: [Qoe] C:\WINDOWS\System32\Nvi.exe
O4 - HKLM\..\Run: [Qnn] C:\WINDOWS\Njf.exe
O4 - HKLM\..\Run: [Qnj] C:\WINDOWS\System32\Cma.exe
O4 - HKLM\..\Run: [Qlt] C:\WINDOWS\Fkh.exe
O4 - HKLM\..\Run: [Qlo] C:\WINDOWS\System32\Kbh.exe
O4 - HKLM\..\Run: [Qle] C:\WINDOWS\Nbc.exe
O4 - HKLM\..\Run: [Qho] C:\WINDOWS\System32\Jsg.exe
O4 - HKLM\..\Run: [Qhc] C:\WINDOWS\System32\Dkb.exe
O4 - HKLM\..\Run: [Pvu] C:\WINDOWS\System32\Mbm.exe
O4 - HKLM\..\Run: [Pts] C:\WINDOWS\Kqf.exe
O4 - HKLM\..\Run: [Pss] C:\WINDOWS\Jek.exe
O4 - HKLM\..\Run: [Pru] C:\WINDOWS\Loj.exe
O4 - HKLM\..\Run:
C:\WINDOWS\System32\Qgu.exe
O4 - HKLM\..\Run: [Ppt] C:\WINDOWS\Eap.exe
O4 - HKLM\..\Run: [Ppd] C:\WINDOWS\System32\Tgp.exe
O4 - HKLM\..\Run: [Pnm] C:\WINDOWS\System32\Cjc.exe
O4 - HKLM\..\Run: [Png] C:\WINDOWS\System32\Akn.exe
O4 - HKLM\..\Run: [Pms] C:\WINDOWS\Ihj.exe
O4 - HKLM\..\Run: [Plq] C:\WINDOWS\System32\Ifu.exe
O4 - HKLM\..\Run: [Plf] C:\WINDOWS\System32\Kul.exe
O4 - HKLM\..\Run: [Pjd] C:\WINDOWS\System32\Msg.exe
O4 - HKLM\..\Run: [Pim] C:\WINDOWS\System32\Mia.exe
O4 - HKLM\..\Run: [Pif] C:\WINDOWS\Kih.exe
O4 - HKLM\..\Run: [Pfa] C:\WINDOWS\System32\Nda.exe
O4 - HKLM\..\Run: [Pct] C:\WINDOWS\Tda.exe
O4 - HKLM\..\Run: [Pcc] C:\WINDOWS\Nap.exe
O4 - HKLM\..\Run: [Pcb] C:\WINDOWS\Hga.exe
O4 - HKLM\..\Run: [Paf] C:\WINDOWS\Hgi.exe
O4 - HKLM\..\Run: [Pae] C:\WINDOWS\Dpv.exe
O4 - HKLM\..\Run: [Oqr] C:\WINDOWS\Vhb.exe
O4 - HKLM\..\Run: [Oqi] C:\WINDOWS\System32\Agk.exe
O4 - HKLM\..\Run: [Oph] C:\WINDOWS\Ftr.exe
O4 - HKLM\..\Run: [Oon] C:\WINDOWS\Dqd.exe
O4 - HKLM\..\Run: [Ooe] C:\WINDOWS\System32\Num.exe
O4 - HKLM\..\Run: [Onu] C:\WINDOWS\System32\Jmh.exe
O4 - HKLM\..\Run: [Omi] C:\WINDOWS\System32\Ons.exe
O4 - HKLM\..\Run: [Oma] C:\WINDOWS\System32\Bka.exe
O4 - HKLM\..\Run: [Ojd] C:\WINDOWS\System32\Npd.exe
O4 - HKLM\..\Run: [Oil] C:\WINDOWS\Ivg.exe
O4 - HKLM\..\Run: [Oik] C:\WINDOWS\Sra.exe
O4 - HKLM\..\Run: [Oic] C:\WINDOWS\System32\Jmj.exe
O4 - HKLM\..\Run: [Ogj] C:\WINDOWS\System32\Hev.exe
O4 - HKLM\..\Run: [Obt] C:\WINDOWS\Sgu.exe
O4 - HKLM\..\Run: [Nuj] C:\WINDOWS\System32\Qte.exe
O4 - HKLM\..\Run: [Ntq] C:\WINDOWS\System32\Jfn.exe
O4 - HKLM\..\Run: [Ntn] C:\WINDOWS\System32\Khr.exe
O4 - HKLM\..\Run: [Nth] C:\WINDOWS\Bgd.exe
O4 - HKLM\..\Run: [Npq] C:\WINDOWS\System32\Ptl.exe
O4 - HKLM\..\Run: [Noc] C:\WINDOWS\Npo.exe
O4 - HKLM\..\Run: [Nob] C:\WINDOWS\Rgc.exe
O4 - HKLM\..\Run: [Nmt] C:\WINDOWS\System32\Jsa.exe
O4 - HKLM\..\Run: [Nig] C:\WINDOWS\Rkq.exe
O4 - HKLM\..\Run: [Ngk] C:\WINDOWS\Vti.exe
O4 - HKLM\..\Run: [Ndf] C:\WINDOWS\System32\Bua.exe
O4 - HKLM\..\Run: [Nbf] C:\WINDOWS\Lld.exe
O4 - HKLM\..\Run: [Nbd] C:\WINDOWS\System32\Ckg.exe
O4 - HKLM\..\Run: [Nam] C:\WINDOWS\System32\Mrg.exe
O4 - HKLM\..\Run: [Mvl] C:\WINDOWS\System32\Ssi.exe
O4 - HKLM\..\Run: [Mua] C:\WINDOWS\Rei.exe
O4 - HKLM\..\Run: [Mst] C:\WINDOWS\Lro.exe
O4 - HKLM\..\Run: [Msj] C:\WINDOWS\Auo.exe
O4 - HKLM\..\Run: [Msb] C:\WINDOWS\Nnm.exe
O4 - HKLM\..\Run: [Mpr] C:\WINDOWS\System32\Oor.exe
O4 - HKLM\..\Run: [Mpb] C:\WINDOWS\System32\Hjr.exe
O4 - HKLM\..\Run: [Mor] C:\WINDOWS\System32\Kiq.exe
O4 - HKLM\..\Run: [Mni] C:\WINDOWS\System32\Eov.exe
O4 - HKLM\..\Run: [Mmk] C:\WINDOWS\Qcc.exe
O4 - HKLM\..\Run: [Mll] C:\WINDOWS\system32\Gqq.exe
O4 - HKLM\..\Run: [Mlb] C:\WINDOWS\Uil.exe
O4 - HKLM\..\Run: [Mjj] C:\WINDOWS\System32\Cap.exe
O4 - HKLM\..\Run: [Mii] C:\WINDOWS\System32\Dnk.exe
O4 - HKLM\..\Run: [Mgv] C:\WINDOWS\Ldo.exe
O4 - HKLM\..\Run: [Met] C:\WINDOWS\Mck.exe
O4 - HKLM\..\Run: [Mdn] C:\WINDOWS\System32\Hgp.exe
O4 - HKLM\..\Run: [Mav] C:\WINDOWS\Gsk.exe
O4 - HKLM\..\Run: [Lvu] C:\WINDOWS\System32\Qsf.exe
O4 - HKLM\..\Run: [Ltt] C:\WINDOWS\Ggc.exe
O4 - HKLM\..\Run: [Lts] C:\WINDOWS\System32\Kkp.exe
O4 - HKLM\..\Run: [Ltl] C:\WINDOWS\Oeb.exe
O4 - HKLM\..\Run: [Lqm] C:\WINDOWS\System32\Rtn.exe
O4 - HKLM\..\Run: [Lqk] C:\WINDOWS\Dkr.exe
O4 - HKLM\..\Run: [Lqj] C:\WINDOWS\Fou.exe
O4 - HKLM\..\Run: [Lpj] C:\WINDOWS\Svn.exe
O4 - HKLM\..\Run: [Lpi] C:\WINDOWS\System32\Iup.exe
O4 - HKLM\..\Run: [Lor] C:\WINDOWS\Htk.exe
O4 - HKLM\..\Run: [Lob] C:\WINDOWS\Nkq.exe
O4 - HKLM\..\Run: [Lmu] C:\WINDOWS\System32\Aqu.exe
O4 - HKLM\..\Run: [Lmj] C:\WINDOWS\System32\Pbg.exe
O4 - HKLM\..\Run: [Ljv] C:\WINDOWS\System32\Shv.exe
O4 - HKLM\..\Run: [Ljq] C:\WINDOWS\System32\Sum.exe
O4 - HKLM\..\Run: [Lil] C:\WINDOWS\Utu.exe
O4 - HKLM\..\Run: [Lhr] C:\WINDOWS\System32\Bra.exe
O4 - HKLM\..\Run: [Lgp] C:\WINDOWS\Trd.exe
O4 - HKLM\..\Run: [Lgg] C:\WINDOWS\System32\Reh.exe
O4 - HKLM\..\Run: [Lfs] C:\WINDOWS\System32\Gtk.exe
O4 - HKLM\..\Run: [Leh] C:\WINDOWS\System32\Okn.exe
O4 - HKLM\..\Run: [Ldq] C:\WINDOWS\Oft.exe
O4 - HKLM\..\Run: [Ldp] C:\WINDOWS\System32\Ich.exe
O4 - HKLM\..\Run: [Ldm] C:\WINDOWS\Lqe.exe
O4 - HKLM\..\Run: [Lbq] C:\WINDOWS\System32\Cal.exe
O4 - HKLM\..\Run: [Kvr] C:\WINDOWS\Lri.exe
O4 - HKLM\..\Run: [Kui] C:\WINDOWS\System32\Ceh.exe
O4 - HKLM\..\Run: [Kuc] C:\WINDOWS\System32\Euv.exe
O4 - HKLM\..\Run: [Ktp] C:\WINDOWS\Lsu.exe
O4 - HKLM\..\Run: [Ksn] C:\WINDOWS\Grp.exe
O4 - HKLM\..\Run: [Kpt] C:\WINDOWS\System32\Ecf.exe
O4 - HKLM\..\Run: [Kpm] C:\WINDOWS\System32\Jbc.exe
O4 - HKLM\..\Run: [Kpe] C:\WINDOWS\Kkd.exe
O4 - HKLM\..\Run: [Kpd] C:\WINDOWS\System32\Qnv.exe
O4 - HKLM\..\Run: [Kms] C:\WINDOWS\System32\Vld.exe
O4 - HKLM\..\Run: [Klq] C:\WINDOWS\System32\Cnh.exe
O4 - HKLM\..\Run: [Kis] C:\WINDOWS\Tfe.exe
O4 - HKLM\..\Run: [Kfu] C:\WINDOWS\Ifn.exe
O4 - HKLM\..\Run: [Kfj] C:\WINDOWS\System32\Gam.exe
O4 - HKLM\..\Run: [Kej] C:\WINDOWS\System32\Qci.exe
O4 - HKLM\..\Run: [Kca] C:\WINDOWS\Smi.exe
O4 - HKLM\..\Run: [Kbh] C:\WINDOWS\System32\Osf.exe
O4 - HKLM\..\Run: [Kbb] C:\WINDOWS\System32\Mtm.exe
O4 - HKLM\..\Run: [Kav] C:\WINDOWS\Oia.exe
O4 - HKLM\..\Run: [Jso] C:\WINDOWS\Uih.exe
O4 - HKLM\..\Run: [Jrt] C:\WINDOWS\System32\Rng.exe
O4 - HKLM\..\Run: [Jrk] C:\WINDOWS\System32\Tdp.exe
O4 - HKLM\..\Run: [Jrg] C:\WINDOWS\System32\Khl.exe
O4 - HKLM\..\Run: [Jqt] C:\WINDOWS\System32\Beh.exe
O4 - HKLM\..\Run: [Jqs] C:\WINDOWS\Jhm.exe
O4 - HKLM\..\Run: [Jot] C:\WINDOWS\Cfo.exe
O4 - HKLM\..\Run: [Jna] C:\WINDOWS\System32\Bon.exe
O4 - HKLM\..\Run: [Jmh] C:\WINDOWS\System32\Hvb.exe
O4 - HKLM\..\Run: [Jmg] C:\WINDOWS\Mhg.exe
O4 - HKLM\..\Run: [Jls] C:\WINDOWS\System32\Ahu.exe
O4 - HKLM\..\Run: [Jlq] C:\WINDOWS\Djo.exe
O4 - HKLM\..\Run: [Jlb] C:\WINDOWS\Svf.exe
O4 - HKLM\..\Run: [Jii] C:\WINDOWS\Itk.exe
O4 - HKLM\..\Run: [Jgp] C:\WINDOWS\System32\Vsn.exe
O4 - HKLM\..\Run: [Jda] C:\WINDOWS\Dam.exe
O4 - HKLM\..\Run: [Jbs] C:\WINDOWS\Fmv.exe
O4 - HKLM\..\Run: [Jar] C:\WINDOWS\System32\Fur.exe
O4 - HKLM\..\Run: [Ivp] C:\WINDOWS\System32\Lvr.exe
O4 - HKLM\..\Run: [Ivg] C:\WINDOWS\Tit.exe
O4 - HKLM\..\Run: [Ive] C:\WINDOWS\Bht.exe
O4 - HKLM\..\Run: [Iub] C:\WINDOWS\Ari.exe
O4 - HKLM\..\Run: [Itn] C:\WINDOWS\Acd.exe
O4 - HKLM\..\Run: [Itm] C:\WINDOWS\Lbr.exe
O4 - HKLM\..\Run: [Itj] C:\WINDOWS\System32\Mia.exe
O4 - HKLM\..\Run: [Isc] C:\WINDOWS\Aqc.exe
O4 - HKLM\..\Run: [Ipu] C:\WINDOWS\System32\Gnp.exe
O4 - HKLM\..\Run: [Inf] C:\WINDOWS\Qsf.exe
O4 - HKLM\..\Run: [Iln] C:\WINDOWS\System32\Uuv.exe
O4 - HKLM\..\Run: [Ild] C:\WINDOWS\System32\Ntp.exe
O4 - HKLM\..\Run: [Ifi] C:\WINDOWS\System32\Vmo.exe
O4 - HKLM\..\Run: [Iep] C:\WINDOWS\Khl.exe
O4 - HKLM\..\Run: [Iel] C:\WINDOWS\Fud.exe
O4 - HKLM\..\Run: [Ich] C:\WINDOWS\Lva.exe
O4 - HKLM\..\Run: [Ica] C:\WINDOWS\Meu.exe
O4 - HKLM\..\Run: [Ibu] C:\WINDOWS\Oqd.exe
O4 - HKLM\..\Run: [Ibk] C:\WINDOWS\System32\Qpi.exe
O4 - HKLM\..\Run: [Iah] C:\WINDOWS\System32\Sfj.exe
O4 - HKLM\..\Run: [Hvr] C:\WINDOWS\System32\Ins.exe
O4 - HKLM\..\Run: [Hrs] C:\WINDOWS\System32\Eot.exe
O4 - HKLM\..\Run: [Hrn] C:\WINDOWS\Vdh.exe
O4 - HKLM\..\Run: [Hof] C:\WINDOWS\Mhg.exe
O4 - HKLM\..\Run: [Hmu] C:\WINDOWS\Vqq.exe
O4 - HKLM\..\Run: [Hik] C:\WINDOWS\Oua.exe
O4 - HKLM\..\Run: [Hij] C:\WINDOWS\System32\Cqf.exe
O4 - HKLM\..\Run: [Hif] C:\WINDOWS\System32\Ons.exe
O4 - HKLM\..\Run: [Hhe] C:\WINDOWS\Kfa.exe
O4 - HKLM\..\Run: [Hhb] C:\WINDOWS\Fvb.exe
O4 - HKLM\..\Run: [Hgb] C:\WINDOWS\System32\Tho.exe
O4 - HKLM\..\Run: [Hes] C:\WINDOWS\System32\Fih.exe
O4 - HKLM\..\Run: [Hdk] C:\WINDOWS\System32\Asr.exe
O4 - HKLM\..\Run: [Hce] C:\WINDOWS\System32\Eai.exe
O4 - HKLM\..\Run: [Gvi] C:\WINDOWS\System32\Mvu.exe
O4 - HKLM\..\Run: [Gur] C:\WINDOWS\System32\Der.exe
O4 - HKLM\..\Run: [Guh] C:\WINDOWS\System32\Hof.exe
O4 - HKLM\..\Run: [Gtq] C:\WINDOWS\Qht.exe
O4 - HKLM\..\Run: [Gsc] C:\WINDOWS\Oim.exe
O4 - HKLM\..\Run: [Gru] C:\WINDOWS\System32\Dnt.exe
O4 - HKLM\..\Run: [Grq] C:\WINDOWS\System32\Ian.exe
O4 - HKLM\..\Run: [Gpe] C:\WINDOWS\Agv.exe
O4 - HKLM\..\Run: [Gob] C:\WINDOWS\System32\Mia.exe
O4 - HKLM\..\Run: [Gno] C:\WINDOWS\Buc.exe
O4 - HKLM\..\Run: [Gmt] C:\WINDOWS\System32\Bns.exe
O4 - HKLM\..\Run: [Gmd] C:\WINDOWS\System32\Jbu.exe
O4 - HKLM\..\Run: [Glt] C:\WINDOWS\Lgr.exe
O4 - HKLM\..\Run: [Gle] C:\WINDOWS\Qpt.exe
O4 - HKLM\..\Run: [Gku] C:\WINDOWS\System32\Adl.exe
O4 - HKLM\..\Run: [Ghi] C:\WINDOWS\System32\Mqj.exe
O4 - HKLM\..\Run: [Ggh] C:\WINDOWS\Dkh.exe
O4 - HKLM\..\Run: [Gfs] C:\WINDOWS\System32\Mal.exe
O4 - HKLM\..\Run: [Fvg] C:\WINDOWS\System32\Pun.exe
O4 - HKLM\..\Run: [Fvb] C:\WINDOWS\Ccp.exe
O4 - HKLM\..\Run: [Fuv] C:\WINDOWS\System32\Vha.exe
O4 - HKLM\..\Run: [Fua] C:\WINDOWS\System32\Ogh.exe
O4 - HKLM\..\Run: [Ftn] C:\WINDOWS\System32\Mqu.exe
O4 - HKLM\..\Run: [Fsj] C:\WINDOWS\Equ.exe
O4 - HKLM\..\Run: [Fqo] C:\WINDOWS\System32\Dmc.exe
O4 - HKLM\..\Run: [Fpv] C:\WINDOWS\System32\Fik.exe
O4 - HKLM\..\Run: [Fna] C:\WINDOWS\System32\Pmc.exe
O4 - HKLM\..\Run: [Flv] C:\WINDOWS\System32\Gkf.exe
O4 - HKLM\..\Run: [Flh] C:\WINDOWS\Oha.exe
O4 - HKLM\..\Run: [Fea] C:\WINDOWS\System32\Gta.exe
O4 - HKLM\..\Run: [Ete] C:\WINDOWS\System32\Duh.exe
O4 - HKLM\..\Run: [Ere] C:\WINDOWS\System32\Bgi.exe
O4 - HKLM\..\Run: [Eqp] C:\WINDOWS\System32\Tdb.exe
O4 - HKLM\..\Run: [Epi] C:\WINDOWS\System32\Ujn.exe
O4 - HKLM\..\Run: [Ekr] C:\WINDOWS\System32\Sib.exe
O4 - HKLM\..\Run: [Eje] C:\WINDOWS\Oqj.exe
O4 - HKLM\..\Run: [Eii] C:\WINDOWS\System32\Jqv.exe
O4 - HKLM\..\Run: [Ege] C:\WINDOWS\System32\Ruv.exe
O4 - HKLM\..\Run: [Ecq] C:\WINDOWS\System32\Tel.exe
O4 - HKLM\..\Run: [Dsr] C:\WINDOWS\system32\Ruo.exe
O4 - HKLM\..\Run: [Dsl] C:\WINDOWS\System32\Lno.exe
O4 - HKLM\..\Run: [Drb] C:\WINDOWS\Rka.exe
O4 - HKLM\..\Run: [Dob] C:\WINDOWS\System32\Ulc.exe
O4 - HKLM\..\Run: [Dnd] C:\WINDOWS\System32\Ran.exe
O4 - HKLM\..\Run: [Dlv] C:\WINDOWS\System32\Cbr.exe
O4 - HKLM\..\Run: [Djh] C:\WINDOWS\System32\Hdr.exe
O4 - HKLM\..\Run: [Dhv] C:\WINDOWS\System32\Eii.exe
O4 - HKLM\..\Run: [Dhk] C:\WINDOWS\Fvh.exe
O4 - HKLM\..\Run: [Dfh] C:\WINDOWS\System32\Ncf.exe
O4 - HKLM\..\Run: [Daf] C:\WINDOWS\System32\Isl.exe
O4 - HKLM\..\Run: [Cvj] C:\WINDOWS\System32\Est.exe
O4 - HKLM\..\Run: [Cvc] C:\WINDOWS\System32\Qls.exe
O4 - HKLM\..\Run: [Ctn] C:\WINDOWS\System32\Aeo.exe
O4 - HKLM\..\Run: [Cta] C:\WINDOWS\System32\Bkl.exe
O4 - HKLM\..\Run: [Csv] C:\WINDOWS\Kvr.exe
O4 - HKLM\..\Run: [Csq] C:\WINDOWS\Dcm.exe
O4 - HKLM\..\Run: [Cov] C:\WINDOWS\System32\Tql.exe
O4 - HKLM\..\Run: [Cot] C:\WINDOWS\System32\Rhr.exe
O4 - HKLM\..\Run: [Cnv] C:\WINDOWS\Jkd.exe
O4 - HKLM\..\Run: [Ckr] C:\WINDOWS\System32\Rnh.exe
O4 - HKLM\..\Run: [Ckl] C:\WINDOWS\System32\Btm.exe
O4 - HKLM\..\Run: [Cho] C:\WINDOWS\System32\Hfg.exe
O4 - HKLM\..\Run: [Cfk] C:\WINDOWS\System32\Urg.exe
O4 - HKLM\..\Run: [Cen] C:\WINDOWS\System32\Qrf.exe
O4 - HKLM\..\Run: [Cdq] C:\WINDOWS\System32\Rbf.exe
O4 - HKLM\..\Run: [Cbo] C:\WINDOWS\System32\Krd.exe
O4 - HKLM\..\Run: [Cbf] C:\WINDOWS\System32\Urb.exe
O4 - HKLM\..\Run: [Bnh] C:\WINDOWS\System32\Qss.exe
O4 - HKLM\..\Run: [Bml] C:\WINDOWS\System32\Bvn.exe
O4 - HKLM\..\Run: [Blv] C:\WINDOWS\System32\Rgl.exe
O4 - HKLM\..\Run: [Blk] C:\WINDOWS\System32\Vdt.exe
O4 - HKLM\..\Run: [Bkv] C:\WINDOWS\Bts.exe
O4 - HKLM\..\Run: [Bjf] C:\WINDOWS\System32\Oln.exe
O4 - HKLM\..\Run: [Bim] C:\WINDOWS\Ltf.exe
O4 - HKLM\..\Run: [Bij] C:\WINDOWS\Ann.exe
O4 - HKLM\..\Run: [Bht] C:\WINDOWS\Gtc.exe
O4 - HKLM\..\Run: [Bdv] C:\WINDOWS\Kae.exe
O4 - HKLM\..\Run: [Bcq] C:\WINDOWS\Qbe.exe
O4 - HKLM\..\Run: [Bbe] C:\WINDOWS\System32\Khg.exe
O4 - HKLM\..\Run: [Avr] C:\WINDOWS\System32\Eaq.exe
O4 - HKLM\..\Run: [Avn] C:\WINDOWS\Dva.exe
O4 - HKLM\..\Run: [Avi] C:\WINDOWS\System32\Ued.exe
O4 - HKLM\..\Run: [Avb] C:\WINDOWS\Lgb.exe
O4 - HKLM\..\Run: [Aum] C:\WINDOWS\System32\Nhh.exe
O4 - HKLM\..\Run: [Ata] C:\WINDOWS\System32\Hoo.exe
O4 - HKLM\..\Run: [Aqt] C:\WINDOWS\System32\Kfo.exe
O4 - HKLM\..\Run: [Aqi] C:\WINDOWS\System32\Fmq.exe
O4 - HKLM\..\Run: [Apf] C:\WINDOWS\Qdu.exe
O4 - HKLM\..\Run: [Aom] C:\WINDOWS\Acr.exe
O4 - HKLM\..\Run: [Aok] C:\WINDOWS\Sgv.exe
O4 - HKLM\..\Run: [Anm] C:\WINDOWS\System32\Dda.exe
O4 - HKLM\..\Run: [Ane] C:\WINDOWS\System32\Rgc.exe
O4 - HKLM\..\Run: [Akh] C:\WINDOWS\Mcq.exe
O4 - HKLM\..\Run: [Akc] C:\WINDOWS\Rhm.exe
O4 - HKLM\..\Run: [Ajg] C:\WINDOWS\Sge.exe
O4 - HKLM\..\Run: [Ail] C:\WINDOWS\Fan.exe
O4 - HKLM\..\Run: [Ahv] C:\WINDOWS\System32\Fgd.exe
O4 - HKLM\..\Run: [Ago] C:\WINDOWS\System32\Kcq.exe
O4 - HKLM\..\Run: [Aes] C:\WINDOWS\System32\Gpm.exe
O4 - HKLM\..\Run: [Aeg] C:\WINDOWS\System32\Fff.exe
O4 - HKLM\..\Run: [Adm] C:\WINDOWS\System32\Hov.exe
O4 - HKLM\..\Run: [Aal] C:\WINDOWS\Gea.exe
O4 - HKLM\..\Run: [Aai] C:\WINDOWS\System32\Tvi.exe
O9 - Extra button: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
After fixing the above entries and deleting the files related
Run Windows CleanUp again
After it finishes scanning, don't log off yet
Instead
==Navigate to the HSFix directory>>Open the folder, ensure you unzipped this
and double-click on HSFix.bat.
* It will produce a log file, located here: C:\hslog.txt <--we'll need this later
Double click on Fixdisply.reg and allow to merge to the registry
Restart back into Normal mode
Post back a fresh Hijackthis log and the log from hsfix.bat
C:\hslog.txt <-this log
Post by: Guest_LJULICH_* on April 17, 2005, 12:02:06 AM
Post by: Guest_LJULICH_* on April 17, 2005, 12:15:55 AM
I did as you directed me to do.... Here is my latest HijackThis Log..
Logfile of HijackThis v1.99.1
Scan saved at 12:02:49 AM, on 4/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\LEOJUL~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?division=90 (http://\"http://www.rr.com/flash/index.cfm?division=90\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Qle] C:\WINDOWS\Nbc.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://images.photogra.com/PhotoX/BPImageEditor.cab (http://\"http://images.photogra.com/PhotoX/BPImageEditor.cab\")
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab (http://\"http://www3.ca.com/securityadvisor/virusinfo/webscan.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab\")
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
Here is info from hslog.txt....
Horseserver Removal Tool v1.05
by Atri
-
-
1. Registry Fix Started
-
Registry fix complete
-
2. Deleted Services
-
-
3. Finding files Located on system
-
-
4. Deleting files that were found.
-
-
5. Checking for and Removing Winupdate
-
Things are looking a lot more back to Normal!!
I will look around and see If I missede anything.
YOU HAVE BEEN AWESUME!!!!!!!!!!!!!!!!
Thank You....
Leo
Post by: guestolo on April 17, 2005, 12:59:09 AM
Please run Hijackthis from this location
C:\HJT\hijackthis.exe
Do another scan with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O4 - HKLM\..\Run: [Qle] C:\WINDOWS\Nbc.exe
O9 - Extra button: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Restart the computer and delete this file if found
C:\WINDOWS\Nbc.exe <-file
Post back a fresh Hijackthis log afterwards
Could you also
Download and UNZIP to desktop
FindFiles.zip
Open the FindFiles folder and double click on
Find.bat
Wait for the log it produces and copy and paste it back here
Post by: Guest_LJULICH_* on April 17, 2005, 09:08:22 AM
Here is the fresh Hijackthis log and the log from FindFiles.
Logfile of HijackThis v1.99.1
Scan saved at 9:03:26 AM, on 4/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?division=90 (http://\"http://www.rr.com/flash/index.cfm?division=90\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://images.photogra.com/PhotoX/BPImageEditor.cab (http://\"http://images.photogra.com/PhotoX/BPImageEditor.cab\")
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab (http://\"http://www3.ca.com/securityadvisor/virusinfo/webscan.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab\")
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
»»»»»»»»»»»»»»»»»»***LOG!***»»»»»»»»»»»»»»»»
Scanning for file(s)...
* result-> C:\WINDOWS\AVA~1.HTM
* result-> C:\WINDOWS\BAP~1.HTM
* result-> C:\WINDOWS\BSO~1.HTM
* result-> C:\WINDOWS\CAE~1.HTM
* result-> C:\WINDOWS\CCA~1.HTM
* result-> C:\WINDOWS\CVS~1.HTM
* result-> C:\WINDOWS\EGK~1.HTM
* result-> C:\WINDOWS\ERU~1.HTM
* result-> C:\WINDOWS\FTS~1.HTM
* result-> C:\WINDOWS\HMJ~1.HTM
* result-> C:\WINDOWS\JSD~1.HTM
* result-> C:\WINDOWS\KVF~1.HTM
* result-> C:\WINDOWS\LKL~1.HTM
* result-> C:\WINDOWS\LLS~1.HTM
* result-> C:\WINDOWS\MEA~1.HTM
* result-> C:\WINDOWS\MGG~1.HTM
* result-> C:\WINDOWS\MHK~1.HTM
* result-> C:\WINDOWS\MUJ~1.HTM
* result-> C:\WINDOWS\NIH~1.HTM
* result-> C:\WINDOWS\POPUP~1.HTM
* result-> C:\WINDOWS\QLF~1.HTM
* result-> C:\WINDOWS\RKS~1.HTM
* result-> C:\WINDOWS\RLA~1.HTM
* result-> C:\WINDOWS\TTF~1.HTM
* result-> C:\WINDOWS\VDC~1.HTM
Thanks again for all your Help !!
Post by: guestolo on April 17, 2005, 10:34:32 AM
so you now have Clean.bat on your desktop
[attachment=151:attachment]
Double click to run Clean.bat
A dos window will open and close
Restart your computer one last time and post back a fresh Hijackthis log
Could you also run Find.bat one more time and post that log too, thanks
By the way, you have the Kodak updater running, which uses the backweb technology
Many consider Backweb spyware itself
Here's some more info about the updater
http://faqs.kodak.com/EasyShare_Software_E...FAQ_13_841.shtm (http://\"http://faqs.kodak.com/EasyShare_Software_English/FAQ_13_841.shtm\")
You can disable the updater
Every once a month you can enable it and restart the computer and see if there's updates
If not disable it again, up to you
Post by: Guest_LJULICH_* on April 17, 2005, 07:36:18 PM
I followed your instructions.
Here is the fresh Hijackthis Log and the log for Find.bat.....
Logfile of HijackThis v1.99.1
Scan saved at 7:27:21 PM, on 4/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?division=90 (http://\"http://www.rr.com/flash/index.cfm?division=90\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://images.photogra.com/PhotoX/BPImageEditor.cab (http://\"http://images.photogra.com/PhotoX/BPImageEditor.cab\")
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab (http://\"http://www3.ca.com/securityadvisor/virusinfo/webscan.cab\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab\")
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
»»»»»»»»»»»»»»»»»»***LOG!***»»»»»»»»»»»»»»»»
Scanning for file(s)...
I still have no control of Desktop Backgrounds and if I try to change color it works sometimes...and sometimes not.
Also I still have no control of right click on Desktop Icons.....should I?
Like I mentioned earlier...I forget if I did.....LOL.
Any Advise for that?
Anyway....Thank you so much foe your help so far. My Puter is MUCH better.
Thank you Loads.....LEO
Post by: guestolo on April 17, 2005, 07:42:31 PM
Could you ensure that you downloaded and Unzipped Fixdisply.zip
That I posted earlier
Ensure you unzip this and double click on Fixdisply.reg
Allow to merge to the Registry
Restart your computer
Back in Windows
1. Open the Control Panel.
2. Open Display Properties.
3. Click the Desktop tab.
4. Change your background
5. Click the Customize Desktop button.
6. Click the Web tab in the Desktop Items window.
7. Make sure all checkboxes in this window are un-checked.
OK your way out
Log off your user account and log back on again if anything was unchecked
Could you also download and UNZIP to a folder
Find.zip
So you now have Find.bat in the same folder
Find.zip (http://\"http://www.thetechguide.com/forum/index.php?act=Attach&type=post&id=152\")
Double click on Find.bat and copy and paste back the contents
Post by: Guest_LJULICH_* on April 17, 2005, 09:05:26 PM
Here is the Find.bat
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallpaper"=dword:00000000
"NoComponents"=dword:00000000
"NoAddingComponents"=dword:00000000
"NoDeletingComponents"=dword:00000000
"NoEditingComponents"=dword:00000000
"NoHTMLWallPaper"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
I have my right click I-cons back on my desktop...also am able to change desktop themes...WOW
Thank you so much...any more Advise??
YOU ROCK..............................Leo
Post by: guestolo on April 17, 2005, 09:12:02 PM
If everything is running better
You should disable system restore---restart your computer--enable system restore
This will clear all your restore points and ensure you don't restore any nasties
Once reenabled it will create a fresh restore point
How to Disable and Re-enable System Restore feature (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")
Once back in Windows and System Restore is reenabled
You should set up protection against future attacks
SpywareBlaster 3.3 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial (http://\"http://www.bleepingcomputer.com/forums/index.php?showtutorial=53\")
Download link (http://\"https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD\")
With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply enable all protection
IE-Spyad is compatible with XP SP2 as well
Stay safe
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Post by: guestolo on April 20, 2005, 09:50:03 PM
PM an Mod or the site Admin and supply a link to this thread
Take Care
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />