Hello;
I have also encountered the infamous smartsecurity desktop. I think that I removed it but see in the hjt file that I have other things going on. I would like to remove the 3 letter trojans (I assume they are this) but would very much appreciate some expert advise on exactly what to delete and how to do it so that I don't ruin everything.
Thank you in advance.
HEre is my log file.
Logfile of HijackThis v1.99.1
Scan saved at 1:11:42 PM, on 4/17/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Barb's tools\hijack this\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://daosearch.com/index.php?id=186O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Qsqarrip] C:\Program Files\Ckyvh\Ezchr.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [idtxocflemj] C:\WINDOWS\qvkhzqeh.exe
O4 - HKLM\..\Run: [Uee] C:\WINDOWS\System32\Meo.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{44D3E254-0E0A-40B4-9447-8E1F8E725C12}\SVCHOST.EXE
O4 - HKLM\..\Run: [Cgc] C:\WINDOWS\System32\Ilp.exe
O4 - HKLM\..\Run: [Mhu] C:\WINDOWS\System32\Kvl.exe
O4 - HKLM\..\Run: [Dvm] C:\WINDOWS\System32\Orm.exe
O4 - HKLM\..\Run: [Mqn] C:\WINDOWS\System32\Dcl.exe
O4 - HKLM\..\Run: [Jls] C:\WINDOWS\System32\Jkm.exe
O4 - HKLM\..\Run: [Ttq] C:\WINDOWS\Kmd.exe
O4 - HKLM\..\Run: [Roj] C:\WINDOWS\Eku.exe
O4 - HKLM\..\Run: [Qkj] C:\WINDOWS\Cnp.exe
O4 - HKLM\..\Run: [Gsd] C:\WINDOWS\System32\Tah.exe
O4 - HKLM\..\Run: [Soj] C:\WINDOWS\System32\Uvd.exe
O4 - HKLM\..\Run: [Hqu] C:\WINDOWS\System32\Ens.exe
O4 - HKLM\..\Run: [Gab] C:\WINDOWS\Phf.exe
O4 - HKLM\..\Run: [Qsk] C:\WINDOWS\System32\Tsg.exe
O4 - HKLM\..\Run: [Spq] C:\WINDOWS\System32\Qcc.exe
O4 - HKLM\..\Run: [Iuo] C:\WINDOWS\Tij.exe
O4 - HKLM\..\Run: [Olm] C:\WINDOWS\Uqu.exe
O4 - HKLM\..\Run: [Gqm] C:\WINDOWS\Cbi.exe
O4 - HKLM\..\Run: [Tpa] C:\WINDOWS\System32\Dop.exe
O4 - HKLM\..\Run: [Bnh] C:\WINDOWS\System32\Due.exe
O4 - HKLM\..\Run: [Iqs] C:\WINDOWS\System32\Bjh.exe
O4 - HKLM\..\Run: [Qss] C:\WINDOWS\System32\Rob.exe
O4 - HKLM\..\Run: [Cbq] C:\WINDOWS\Bce.exe
O4 - HKLM\..\Run: [Fpq] C:\WINDOWS\Vdh.exe
O4 - HKLM\..\Run: [Cvl] C:\WINDOWS\System32\Oht.exe
O4 - HKLM\..\Run: [Ace] C:\WINDOWS\Cva.exe
O4 - HKLM\..\Run: [Dqr] C:\WINDOWS\System32\Ufc.exe
O4 - HKLM\..\Run: [Bvu] C:\WINDOWS\Ilh.exe
O4 - HKLM\..\Run: [Ile] C:\WINDOWS\Adb.exe
O4 - HKLM\..\Run: [Nve] C:\WINDOWS\System32\Jnv.exe
O4 - HKLM\..\Run: [Gjj] C:\WINDOWS\Ptv.exe
O4 - HKLM\..\Run: [Hmc] C:\WINDOWS\Uef.exe
O4 - HKLM\..\Run: [Uva] C:\WINDOWS\Evf.exe
O4 - HKLM\..\Run: [Rnj] C:\WINDOWS\Anq.exe
O4 - HKLM\..\Run: [Pao] C:\WINDOWS\System32\Ess.exe
O4 - HKLM\..\Run: [Gkb] C:\WINDOWS\Uqn.exe
O4 - HKLM\..\Run: [Kgk] C:\WINDOWS\System32\Qti.exe
O4 - HKLM\..\Run: [Cak] C:\WINDOWS\System32\Ocj.exe
O4 - HKLM\..\Run: [Tom] C:\WINDOWS\Vuh.exe
O4 - HKLM\..\Run: [Hsr] C:\WINDOWS\System32\Tgn.exe
O4 - HKLM\..\Run: [Ebo] C:\WINDOWS\System32\Oep.exe
O4 - HKLM\..\Run: [Ina] C:\WINDOWS\Htt.exe
O4 - HKLM\..\Run: [Qpd] C:\WINDOWS\System32\Qvg.exe
O4 - HKLM\..\Run: [Asq] C:\WINDOWS\Ltq.exe
O4 - HKLM\..\Run: [Fmn] C:\WINDOWS\System32\Obi.exe
O4 - HKLM\..\Run: [Nnj] C:\WINDOWS\System32\Qbm.exe
O4 - HKLM\..\Run: [Veu] C:\WINDOWS\Giu.exe
O4 - HKLM\..\Run: [Coq] C:\WINDOWS\Oer.exe
O4 - HKLM\..\Run: [Rdh] C:\WINDOWS\Sua.exe
O4 - HKLM\..\Run: [Ufl] C:\WINDOWS\System32\Las.exe
O4 - HKLM\..\Run: [Nos] C:\WINDOWS\System32\Qed.exe
O4 - HKLM\..\Run: [Hhm] C:\WINDOWS\System32\Obp.exe
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{44D3E254-0E0A-40B4-9447-8E1F8E725C12}\SECURITY.EXE
O4 - HKCU\..\Run: [Mhu] C:\WINDOWS\System32\Kvl.exe
O4 - HKCU\..\Run: [Dvm] C:\WINDOWS\System32\Orm.exe
O4 - HKCU\..\Run: [Mqn] C:\WINDOWS\System32\Dcl.exe
O4 - HKCU\..\Run: [Jls] C:\WINDOWS\System32\Jkm.exe
O4 - HKCU\..\Run: [Roj] C:\WINDOWS\Eku.exe
O4 - HKCU\..\Run: [Qkj] C:\WINDOWS\Cnp.exe
O4 - HKCU\..\Run: [Gsd] C:\WINDOWS\System32\Tah.exe
O4 - HKCU\..\Run: [Soj] C:\WINDOWS\System32\Uvd.exe
O4 - HKCU\..\Run: [Hqu] C:\WINDOWS\System32\Ens.exe
O4 - HKCU\..\Run: [Gab] C:\WINDOWS\Phf.exe
O4 - HKCU\..\Run: [Qsk] C:\WINDOWS\System32\Tsg.exe
O4 - HKCU\..\Run: [Spq] C:\WINDOWS\System32\Qcc.exe
O4 - HKCU\..\Run: [Iuo] C:\WINDOWS\Tij.exe
O4 - HKCU\..\Run: [Gqm] C:\WINDOWS\Cbi.exe
O4 - HKCU\..\Run: [Bnh] C:\WINDOWS\System32\Due.exe
O4 - HKCU\..\Run: [Iqs] C:\WINDOWS\System32\Bjh.exe
O4 - HKCU\..\Run: [Qss] C:\WINDOWS\System32\Rob.exe
O4 - HKCU\..\Run: [Cvl] C:\WINDOWS\System32\Oht.exe
O4 - HKCU\..\Run: [Bvu] C:\WINDOWS\Ilh.exe
O4 - HKCU\..\Run: [Ile] C:\WINDOWS\Adb.exe
O4 - HKCU\..\Run: [Nve] C:\WINDOWS\System32\Jnv.exe
O4 - HKCU\..\Run: [Gjj] C:\WINDOWS\Ptv.exe
O4 - HKCU\..\Run: [Hmc] C:\WINDOWS\Uef.exe
O4 - HKCU\..\Run: [Uva] C:\WINDOWS\Evf.exe
O4 - HKCU\..\Run: [Rnj] C:\WINDOWS\Anq.exe
O4 - HKCU\..\Run: [Pao] C:\WINDOWS\System32\Ess.exe
O4 - HKCU\..\Run: [Kgk] C:\WINDOWS\System32\Qti.exe
O4 - HKCU\..\Run: [Cak] C:\WINDOWS\System32\Ocj.exe
O4 - HKCU\..\Run: [Tom] C:\WINDOWS\Vuh.exe
O4 - HKCU\..\Run: [Coq] C:\WINDOWS\Oer.exe
O4 - HKCU\..\Run: [Rdh] C:\WINDOWS\Sua.exe
O4 - HKCU\..\Run: [Ufl] C:\WINDOWS\System32\Las.exe
O4 - HKCU\..\Run: [Nos] C:\WINDOWS\System32\Qed.exe
O4 - HKCU\..\Run: [Hhm] C:\WINDOWS\System32\Obp.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {1C763326-813B-466F-AF7A-8618C10955D6} (SysCheck.SystemCheck) -
http://services.yummy.net/download/WebInstall.CABO16 - DPF: {9386632C-00D9-440F-A448-E25BE16459B2} (DemoShield DemoX Class) -
http://www.bugstores.com/demo//demox.cabO16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} -
https://merlin.telus.net/wizlet/Qualifier/s...flowActiveX.CABO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)
