« previous next »
Pages: [1] 2

Author Topic: Questolo...Please Help....Please  (Read 7267 times)

Offline LJULICH

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Questolo...Please Help....Please
« on: April 13, 2005, 08:21:13 PM »
Hi...hope all is well with you.
I posted just a little while ago. I noticed that you may be available to help my ...well...I know...simple question.  I know you are a busy guy......Just so wanting to get rid of this Bad Boy.

Thank you for helping us ALL
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Questolo...Please Help....Please
« Reply #1 on: April 13, 2005, 08:28:32 PM »
Please post a hijackthis log, this is the only way to ensure everything is alright on the log
I'll try and help when I can

Instructions Here
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline LJULICH

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Questolo...Please Help....Please
« Reply #2 on: April 13, 2005, 09:30:41 PM »
Questolo,

here is my run..............

Logfile of HijackThis v1.99.1
Scan saved at 9:26:41 PM, on 4/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ISS\BlackICE\blackice.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Outlook Express\msimn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\winsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\LEOJUL~1\LOCALS~1\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?division=90
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - Startup: WindowsUpdate43618[1].exe
O4 - Startup: winupdate59046366[1].exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://images.photogra.com/PhotoX/BPImageEditor.cab
O16 - DPF: {69432678-2906-2705-1128-068943397621} -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Windows update Service (updater) - Unknown owner - C:\WINDOWS\system32\winsvc.exe

Thank you for your help...http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />)
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Questolo...Please Help....Please
« Reply #3 on: April 13, 2005, 09:47:23 PM »
I'm just stepping out for a bit
In the meantime, can you go back to that link and follow the directions to make a permanent folder for Hijackthis

As you can see your running from a temp directory
C:\DOCUME~1\LEOJUL~1\LOCALS~1\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe

Remember to choose save to disk, rather than open when downloading a zip file
The .exe version can be found in my signature
Post back with a fresh log from the one saved to a permanent folder, thanks
« Last Edit: April 14, 2005, 01:15:26 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest_LJULICH_*

  • Guest
Questolo...Please Help....Please
« Reply #4 on: April 14, 2005, 07:55:29 AM »
I made a seperate folder as you suggested.

Logfile of HijackThis v1.99.1
Scan saved at 7:50:36 AM, on 4/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ISS\BlackICE\blackice.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Outlook Express\msimn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\winsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\LEOJUL~1\LOCALS~1\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?division=90
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - Startup: WindowsUpdate43618[1].exe
O4 - Startup: winupdate59046366[1].exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://images.photogra.com/PhotoX/BPImageEditor.cab
O16 - DPF: {69432678-2906-2705-1128-068943397621} -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Windows update Service (updater) - Unknown owner - C:\WINDOWS\system32\winsvc.exe

Off to work....thanks for all your help!!
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Questolo...Please Help....Please
« Reply #5 on: April 14, 2005, 10:41:11 PM »
Can you do this again please, here are the directions

Double Click "MY Computer"
Open your>> C: drive
Click "File" >>> "New" >>>> "Folder"
A new folder will be created, name it HJT

Now you will have C:\HJT
This is important because HijackThis makes backups to that same folder
Download, from my signature below Hijackthis.exe and save it to that new folder

After that is done

===Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup
Install for now, don't run a scan yet

Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Please Print this out or save these instructions to a Notepad file and save it to your Desktop
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, after the single post beep, or use the link
I supplied for a more detailed explanation

==Next: Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- Windows update Service

Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled

Find and delete these files if found
C:\WINDOWS\system32\winsvc.exe <-file
C:\WINDOWS\system32\wldr.dll <-file
C:\WINDOWS\Desktop.html <-file
C:\WINDOWS\Web\Desktop.html <-file
C:\Documents and Settings\<Your User>\Start Menu\Programs\Startup\WindowsUpdate43618[1].exe <-file
C:\Documents and Settings\<Your User>\Start Menu\Programs\Startup\winupdate59046366[1].exe <-file

Stay in safe mode

Do another scan with Hijackthis and put a check next to these entries:
Not all may be found, but fix what you find

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O4 - Startup: WindowsUpdate43618[1].exe
O4 - Startup: winupdate59046366[1].exe
O9 - Extra button: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O16 - DPF: {69432678-2906-2705-1128-068943397621} -
O23 - Service: Windows update Service (updater) - Unknown owner - C:\WINDOWS\system32\winsvc.exe


After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
Don't log off or restart yet

Instead
Go to START>>RUN>>type in
msconfig
Select Normal Startup and Apply it and close

Restart back to Normal mode

Don't open a browser yet
Do the following
1. Open the Control Panel.
2. Open Display Properties.
3. Click the Desktop tab.
4. Click the Customize Desktop button.
5. Click the Web tab in the Desktop Items window.
6. Make sure all checkboxes in this window are un-checked.
OK your way out
Log off your user account and log back on again if anything unchecked

Run another scan with Hijackthis and post the log
Let me know of any problems, please post to this thread, thanks
« Last Edit: April 14, 2005, 10:44:04 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest_LJULICH_*

  • Guest
Questolo...Please Help....Please
« Reply #6 on: April 15, 2005, 01:08:11 PM »
I followed your instructions. My Red screen is gone....thank God !!
It has been so long since I had right click capability...I forgot if I right click on desktop icons should it work? Well it doesn't. Just let me know if it should and how I may fix that.

Here is my Hijackthis latest log:

Logfile of HijackThis v1.99.1
Scan saved at 1:04:52 PM, on 4/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?division=90
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Vsa] C:\WINDOWS\System32\Jnk.exe
O4 - HKLM\..\Run: [Vrh] C:\WINDOWS\Vjt.exe
O4 - HKLM\..\Run: [Vlv] C:\WINDOWS\System32\Ssc.exe
O4 - HKLM\..\Run: [Vko] C:\WINDOWS\System32\Vop.exe
O4 - HKLM\..\Run: [Vki] C:\WINDOWS\Meq.exe
O4 - HKLM\..\Run: [Vjl] C:\WINDOWS\System32\Con.exe
O4 - HKLM\..\Run: [Vio] C:\WINDOWS\System32\Eoq.exe
O4 - HKLM\..\Run: [Vig] C:\WINDOWS\System32\Thk.exe
O4 - HKLM\..\Run: [Vek] C:\WINDOWS\Faf.exe
O4 - HKLM\..\Run: [Vdo] C:\WINDOWS\System32\Svn.exe
O4 - HKLM\..\Run: [Vcg] C:\WINDOWS\System32\Pnt.exe
O4 - HKLM\..\Run: [Vbn] C:\WINDOWS\Jqa.exe
O4 - HKLM\..\Run: [Uvf] C:\WINDOWS\Aas.exe
O4 - HKLM\..\Run: [Uri] C:\WINDOWS\Njs.exe
O4 - HKLM\..\Run: [Uov] C:\WINDOWS\System32\Esb.exe
O4 - HKLM\..\Run: [Unq] C:\WINDOWS\System32\Don.exe
O4 - HKLM\..\Run: [Una] C:\WINDOWS\Jds.exe
O4 - HKLM\..\Run: [Ukt] C:\WINDOWS\Pqf.exe
O4 - HKLM\..\Run: [Uic] C:\WINDOWS\System32\Chb.exe
O4 - HKLM\..\Run: [Uib] C:\WINDOWS\System32\Cor.exe
O4 - HKLM\..\Run: [Ufb] C:\WINDOWS\Fjv.exe
O4 - HKLM\..\Run: [Ueu] C:\WINDOWS\System32\Cid.exe
O4 - HKLM\..\Run: [Ucc] C:\WINDOWS\System32\Pco.exe
O4 - HKLM\..\Run: [Uba] C:\WINDOWS\Dia.exe
O4 - HKLM\..\Run: [Uap] C:\WINDOWS\Lfa.exe
O4 - HKLM\..\Run: [Uaa] C:\WINDOWS\System32\Rur.exe
O4 - HKLM\..\Run: [Tuq] C:\WINDOWS\Tom.exe
O4 - HKLM\..\Run: [Tun] C:\WINDOWS\Cqe.exe
O4 - HKLM\..\Run: [Tsr] C:\WINDOWS\Hst.exe
O4 - HKLM\..\Run: [Tsq] C:\WINDOWS\System32\Sds.exe
O4 - HKLM\..\Run: [Tsn] C:\WINDOWS\System32\Qvh.exe
O4 - HKLM\..\Run: [Tpp] C:\WINDOWS\Tem.exe
O4 - HKLM\..\Run: [Tou] C:\WINDOWS\Irg.exe
O4 - HKLM\..\Run: [Tmn] C:\WINDOWS\Qjv.exe
O4 - HKLM\..\Run: [Tld] C:\WINDOWS\System32\Vnm.exe
O4 - HKLM\..\Run: [Tkt] C:\WINDOWS\Qck.exe
O4 - HKLM\..\Run: [Tjc] C:\WINDOWS\Avu.exe
O4 - HKLM\..\Run: [Tgg] C:\WINDOWS\Giv.exe
O4 - HKLM\..\Run: [Tgd] C:\WINDOWS\Mvu.exe
O4 - HKLM\..\Run: [Tel] C:\WINDOWS\System32\Fmh.exe
O4 - HKLM\..\Run: [Tea] C:\WINDOWS\Gom.exe
O4 - HKLM\..\Run: [Tac] C:\WINDOWS\System32\Ehn.exe
O4 - HKLM\..\Run: [Svn] C:\WINDOWS\Uie.exe
O4 - HKLM\..\Run: [Stu] C:\WINDOWS\Ogj.exe
O4 - HKLM\..\Run: [Sts] C:\WINDOWS\Jcl.exe
O4 - HKLM\..\Run: [Std] C:\WINDOWS\Djq.exe
O4 - HKLM\..\Run: [Ssm] C:\WINDOWS\Eqn.exe
O4 - HKLM\..\Run: [Sqq] C:\WINDOWS\Jfh.exe
O4 - HKLM\..\Run: [Sqn] C:\WINDOWS\System32\Qvr.exe
O4 - HKLM\..\Run: [Sov] C:\WINDOWS\Erq.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Slp] C:\WINDOWS\Lgk.exe
O4 - HKLM\..\Run: [Skr] C:\WINDOWS\Cum.exe
O4 - HKLM\..\Run: [Skn] C:\WINDOWS\System32\Ncm.exe
O4 - HKLM\..\Run: [Skm] C:\WINDOWS\System32\Duo.exe
O4 - HKLM\..\Run: [Sji] C:\WINDOWS\Gvl.exe
O4 - HKLM\..\Run: [Sio] C:\WINDOWS\System32\Ums.exe
O4 - HKLM\..\Run: [Sim] C:\WINDOWS\System32\Tgk.exe
O4 - HKLM\..\Run: [Sil] C:\WINDOWS\Jnl.exe
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [See] C:\WINDOWS\System32\Unu.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Seb] C:\WINDOWS\System32\Ndj.exe
O4 - HKLM\..\Run: [Scr] C:\WINDOWS\Fqb.exe
O4 - HKLM\..\Run: [Sbl] C:\WINDOWS\System32\Teo.exe
O4 - HKLM\..\Run: [Sbk] C:\WINDOWS\System32\Opa.exe
O4 - HKLM\..\Run: [Rvo] C:\WINDOWS\Nae.exe
O4 - HKLM\..\Run: [Rsl] C:\WINDOWS\System32\Jpr.exe
O4 - HKLM\..\Run: [Rpk] C:\WINDOWS\Uii.exe
O4 - HKLM\..\Run: [Rpi] C:\WINDOWS\System32\Llc.exe
O4 - HKLM\..\Run: [Rou] C:\WINDOWS\Lki.exe
O4 - HKLM\..\Run: [Rmt] C:\WINDOWS\Fai.exe
O4 - HKLM\..\Run: [Rlj] C:\WINDOWS\System32\Uhj.exe
O4 - HKLM\..\Run: [Rjk] C:\WINDOWS\Qre.exe
O4 - HKLM\..\Run: [Ria] C:\WINDOWS\System32\Ger.exe
O4 - HKLM\..\Run: [Rhv] C:\WINDOWS\Hnk.exe
O4 - HKLM\..\Run: [Rhr] C:\WINDOWS\Qrj.exe
O4 - HKLM\..\Run: [Rha] C:\WINDOWS\System32\Lvf.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Rcm] C:\WINDOWS\System32\Kal.exe
O4 - HKLM\..\Run: [Rbl] C:\WINDOWS\Utv.exe
O4 - HKLM\..\Run: [Rao] C:\WINDOWS\Tgt.exe
O4 - HKLM\..\Run: [Qvv] C:\WINDOWS\Hpm.exe
O4 - HKLM\..\Run: [Qvr] C:\WINDOWS\Vpf.exe
O4 - HKLM\..\Run: [Qqo] C:\WINDOWS\System32\Pic.exe
O4 - HKLM\..\Run: [Qoo] C:\WINDOWS\System32\Hvc.exe
O4 - HKLM\..\Run: [Qol] C:\WINDOWS\System32\Fme.exe
O4 - HKLM\..\Run: [Qoe] C:\WINDOWS\System32\Nvi.exe
O4 - HKLM\..\Run: [Qnn] C:\WINDOWS\Njf.exe
O4 - HKLM\..\Run: [Qnj] C:\WINDOWS\System32\Cma.exe
O4 - HKLM\..\Run: [Qlt] C:\WINDOWS\Fkh.exe
O4 - HKLM\..\Run: [Qlo] C:\WINDOWS\System32\Kbh.exe
O4 - HKLM\..\Run: [Qle] C:\WINDOWS\Nbc.exe
O4 - HKLM\..\Run: [Qho] C:\WINDOWS\System32\Jsg.exe
O4 - HKLM\..\Run: [Qhc] C:\WINDOWS\System32\Dkb.exe
O4 - HKLM\..\Run: [Pvu] C:\WINDOWS\System32\Mbm.exe
O4 - HKLM\..\Run: [Pts] C:\WINDOWS\Kqf.exe
O4 - HKLM\..\Run: [Pss] C:\WINDOWS\Jek.exe
O4 - HKLM\..\Run: [Pru] C:\WINDOWS\Loj.exe
O4 - HKLM\..\Run: 
 C:\WINDOWS\System32\Qgu.exe
O4 - HKLM\..\Run: [Ppt] C:\WINDOWS\Eap.exe
O4 - HKLM\..\Run: [Ppd] C:\WINDOWS\System32\Tgp.exe
O4 - HKLM\..\Run: [Pnm] C:\WINDOWS\System32\Cjc.exe
O4 - HKLM\..\Run: [Png] C:\WINDOWS\System32\Akn.exe
O4 - HKLM\..\Run: [Pms] C:\WINDOWS\Ihj.exe
O4 - HKLM\..\Run: [Plq] C:\WINDOWS\System32\Ifu.exe
O4 - HKLM\..\Run: [Plf] C:\WINDOWS\System32\Kul.exe
O4 - HKLM\..\Run: [Pjd] C:\WINDOWS\System32\Msg.exe
O4 - HKLM\..\Run: [Pim] C:\WINDOWS\System32\Mia.exe
O4 - HKLM\..\Run: [Pif] C:\WINDOWS\Kih.exe
O4 - HKLM\..\Run: [Pfa] C:\WINDOWS\System32\Nda.exe
O4 - HKLM\..\Run: [Pct] C:\WINDOWS\Tda.exe
O4 - HKLM\..\Run: [Pcc] C:\WINDOWS\Nap.exe
O4 - HKLM\..\Run: [Pcb] C:\WINDOWS\Hga.exe
O4 - HKLM\..\Run: [Paf] C:\WINDOWS\Hgi.exe
O4 - HKLM\..\Run: [Pae] C:\WINDOWS\Dpv.exe
O4 - HKLM\..\Run: [Oqr] C:\WINDOWS\Vhb.exe
O4 - HKLM\..\Run: [Oqi] C:\WINDOWS\System32\Agk.exe
O4 - HKLM\..\Run: [Oph] C:\WINDOWS\Ftr.exe
O4 - HKLM\..\Run: [Oon] C:\WINDOWS\Dqd.exe
O4 - HKLM\..\Run: [Ooe] C:\WINDOWS\System32\Num.exe
O4 - HKLM\..\Run: [Onu] C:\WINDOWS\System32\Jmh.exe
O4 - HKLM\..\Run: [Omi] C:\WINDOWS\System32\Ons.exe
O4 - HKLM\..\Run: [Oma] C:\WINDOWS\System32\Bka.exe
O4 - HKLM\..\Run: [Ojd] C:\WINDOWS\System32\Npd.exe
O4 - HKLM\..\Run: [Oil] C:\WINDOWS\Ivg.exe
O4 - HKLM\..\Run: [Oik] C:\WINDOWS\Sra.exe
O4 - HKLM\..\Run: [Oic] C:\WINDOWS\System32\Jmj.exe
O4 - HKLM\..\Run: [Ogj] C:\WINDOWS\System32\Hev.exe
O4 - HKLM\..\Run: [Obt] C:\WINDOWS\Sgu.exe
O4 - HKLM\..\Run: [Nuj] C:\WINDOWS\System32\Qte.exe
O4 - HKLM\..\Run: [Ntq] C:\WINDOWS\System32\Jfn.exe
O4 - HKLM\..\Run: [Ntn] C:\WINDOWS\System32\Khr.exe
O4 - HKLM\..\Run: [Nth] C:\WINDOWS\Bgd.exe
O4 - HKLM\..\Run: [Npq] C:\WINDOWS\System32\Ptl.exe
O4 - HKLM\..\Run: [Noc] C:\WINDOWS\Npo.exe
O4 - HKLM\..\Run: [Nob] C:\WINDOWS\Rgc.exe
O4 - HKLM\..\Run: [Nmt] C:\WINDOWS\System32\Jsa.exe
O4 - HKLM\..\Run: [Nig] C:\WINDOWS\Rkq.exe
O4 - HKLM\..\Run: [Ngk] C:\WINDOWS\Vti.exe
O4 - HKLM\..\Run: [Ndf] C:\WINDOWS\System32\Bua.exe
O4 - HKLM\..\Run: [Nbf] C:\WINDOWS\Lld.exe
O4 - HKLM\..\Run: [Nbd] C:\WINDOWS\System32\Ckg.exe
O4 - HKLM\..\Run: [Nam] C:\WINDOWS\System32\Mrg.exe
O4 - HKLM\..\Run: [Mvl] C:\WINDOWS\System32\Ssi.exe
O4 - HKLM\..\Run: [Mua] C:\WINDOWS\Rei.exe
O4 - HKLM\..\Run: [Mst] C:\WINDOWS\Lro.exe
O4 - HKLM\..\Run: [Msj] C:\WINDOWS\Auo.exe
O4 - HKLM\..\Run: [Msb] C:\WINDOWS\Nnm.exe
O4 - HKLM\..\Run: [Mpr] C:\WINDOWS\System32\Oor.exe
O4 - HKLM\..\Run: [Mpb] C:\WINDOWS\System32\Hjr.exe
O4 - HKLM\..\Run: [Mor] C:\WINDOWS\System32\Kiq.exe
O4 - HKLM\..\Run: [Mni] C:\WINDOWS\System32\Eov.exe
O4 - HKLM\..\Run: [Mmk] C:\WINDOWS\Qcc.exe
O4 - HKLM\..\Run: [Mll] C:\WINDOWS\system32\Gqq.exe
O4 - HKLM\..\Run: [Mlb] C:\WINDOWS\Uil.exe
O4 - HKLM\..\Run: [Mjj] C:\WINDOWS\System32\Cap.exe
O4 - HKLM\..\Run: [Mii] C:\WINDOWS\System32\Dnk.exe
O4 - HKLM\..\Run: [Mgv] C:\WINDOWS\Ldo.exe
O4 - HKLM\..\Run: [Met] C:\WINDOWS\Mck.exe
O4 - HKLM\..\Run: [Mdn] C:\WINDOWS\System32\Hgp.exe
O4 - HKLM\..\Run: [Mav] C:\WINDOWS\Gsk.exe
O4 - HKLM\..\Run: [Lvu] C:\WINDOWS\System32\Qsf.exe
O4 - HKLM\..\Run: [Ltt] C:\WINDOWS\Ggc.exe
O4 - HKLM\..\Run: [Lts] C:\WINDOWS\System32\Kkp.exe
O4 - HKLM\..\Run: [Ltl] C:\WINDOWS\Oeb.exe
O4 - HKLM\..\Run: [Lqm] C:\WINDOWS\System32\Rtn.exe
O4 - HKLM\..\Run: [Lqk] C:\WINDOWS\Dkr.exe
O4 - HKLM\..\Run: [Lqj] C:\WINDOWS\Fou.exe
O4 - HKLM\..\Run: [Lpj] C:\WINDOWS\Svn.exe
O4 - HKLM\..\Run: [Lpi] C:\WINDOWS\System32\Iup.exe
O4 - HKLM\..\Run: [Lor] C:\WINDOWS\Htk.exe
O4 - HKLM\..\Run: [Lob] C:\WINDOWS\Nkq.exe
O4 - HKLM\..\Run: [Lmu] C:\WINDOWS\System32\Aqu.exe
O4 - HKLM\..\Run: [Lmj] C:\WINDOWS\System32\Pbg.exe
O4 - HKLM\..\Run: [Ljv] C:\WINDOWS\System32\Shv.exe
O4 - HKLM\..\Run: [Ljq] C:\WINDOWS\System32\Sum.exe
O4 - HKLM\..\Run: [Lil] C:\WINDOWS\Utu.exe
O4 - HKLM\..\Run: [Lhr] C:\WINDOWS\System32\Bra.exe
O4 - HKLM\..\Run: [Lgp] C:\WINDOWS\Trd.exe
O4 - HKLM\..\Run: [Lgg] C:\WINDOWS\System32\Reh.exe
O4 - HKLM\..\Run: [Lfs] C:\WINDOWS\System32\Gtk.exe
O4 - HKLM\..\Run: [Leh] C:\WINDOWS\System32\Okn.exe
O4 - HKLM\..\Run: [Ldq] C:\WINDOWS\Oft.exe
O4 - HKLM\..\Run: [Ldp] C:\WINDOWS\System32\Ich.exe
O4 - HKLM\..\Run: [Ldm] C:\WINDOWS\Lqe.exe
O4 - HKLM\..\Run: [Lbq] C:\WINDOWS\System32\Cal.exe
O4 - HKLM\..\Run: [Kvr] C:\WINDOWS\Lri.exe
O4 - HKLM\..\Run: [Kui] C:\WINDOWS\System32\Ceh.exe
O4 - HKLM\..\Run: [Kuc] C:\WINDOWS\System32\Euv.exe
O4 - HKLM\..\Run: [Ktp] C:\WINDOWS\Lsu.exe
O4 - HKLM\..\Run: [Ksn] C:\WINDOWS\Grp.exe
O4 - HKLM\..\Run: [Kpt] C:\WINDOWS\System32\Ecf.exe
O4 - HKLM\..\Run: [Kpm] C:\WINDOWS\System32\Jbc.exe
O4 - HKLM\..\Run: [Kpe] C:\WINDOWS\Kkd.exe
O4 - HKLM\..\Run: [Kpd] C:\WINDOWS\System32\Qnv.exe
O4 - HKLM\..\Run: [Kms] C:\WINDOWS\System32\Vld.exe
O4 - HKLM\..\Run: [Klq] C:\WINDOWS\System32\Cnh.exe
O4 - HKLM\..\Run: [Kis] C:\WINDOWS\Tfe.exe
O4 - HKLM\..\Run: [Kfu] C:\WINDOWS\Ifn.exe
O4 - HKLM\..\Run: [Kfj] C:\WINDOWS\System32\Gam.exe
O4 - HKLM\..\Run: [Kej] C:\WINDOWS\System32\Qci.exe
O4 - HKLM\..\Run: [Kca] C:\WINDOWS\Smi.exe
O4 - HKLM\..\Run: [Kbh] C:\WINDOWS\System32\Osf.exe
O4 - HKLM\..\Run: [Kbb] C:\WINDOWS\System32\Mtm.exe
O4 - HKLM\..\Run: [Kav] C:\WINDOWS\Oia.exe
O4 - HKLM\..\Run: [Jso] C:\WINDOWS\Uih.exe
O4 - HKLM\..\Run: [Jrt] C:\WINDOWS\System32\Rng.exe
O4 - HKLM\..\Run: [Jrk] C:\WINDOWS\System32\Tdp.exe
O4 - HKLM\..\Run: [Jrg] C:\WINDOWS\System32\Khl.exe
O4 - HKLM\..\Run: [Jqt] C:\WINDOWS\System32\Beh.exe
O4 - HKLM\..\Run: [Jqs] C:\WINDOWS\Jhm.exe
O4 - HKLM\..\Run: [Jot] C:\WINDOWS\Cfo.exe
O4 - HKLM\..\Run: [Jna] C:\WINDOWS\System32\Bon.exe
O4 - HKLM\..\Run: [Jmh] C:\WINDOWS\System32\Hvb.exe
O4 - HKLM\..\Run: [Jmg] C:\WINDOWS\Mhg.exe
O4 - HKLM\..\Run: [Jls] C:\WINDOWS\System32\Ahu.exe
O4 - HKLM\..\Run: [Jlq] C:\WINDOWS\Djo.exe
O4 - HKLM\..\Run: [Jlb] C:\WINDOWS\Svf.exe
O4 - HKLM\..\Run: [Jii] C:\WINDOWS\Itk.exe
O4 - HKLM\..\Run: [Jgp] C:\WINDOWS\System32\Vsn.exe
O4 - HKLM\..\Run: [Jda] C:\WINDOWS\Dam.exe
O4 - HKLM\..\Run: [Jbs] C:\WINDOWS\Fmv.exe
O4 - HKLM\..\Run: [Jar] C:\WINDOWS\System32\Fur.exe
O4 - HKLM\..\Run: [Ivp] C:\WINDOWS\System32\Lvr.exe
O4 - HKLM\..\Run: [Ivg] C:\WINDOWS\Tit.exe
O4 - HKLM\..\Run: [Ive] C:\WINDOWS\Bht.exe
O4 - HKLM\..\Run: [Iub] C:\WINDOWS\Ari.exe
O4 - HKLM\..\Run: [Itn] C:\WINDOWS\Acd.exe
O4 - HKLM\..\Run: [Itm] C:\WINDOWS\Lbr.exe
O4 - HKLM\..\Run: [Itj] C:\WINDOWS\System32\Mia.exe
O4 - HKLM\..\Run: [Isc] C:\WINDOWS\Aqc.exe
O4 - HKLM\..\Run: [Ipu] C:\WINDOWS\System32\Gnp.exe
O4 - HKLM\..\Run: [Inf] C:\WINDOWS\Qsf.exe
O4 - HKLM\..\Run: [Iln] C:\WINDOWS\System32\Uuv.exe
O4 - HKLM\..\Run: [Ild] C:\WINDOWS\System32\Ntp.exe
O4 - HKLM\..\Run: [Ifi] C:\WINDOWS\System32\Vmo.exe
O4 - HKLM\..\Run: [Iep] C:\WINDOWS\Khl.exe
O4 - HKLM\..\Run: [Iel] C:\WINDOWS\Fud.exe
O4 - HKLM\..\Run: [Ich] C:\WINDOWS\Lva.exe
O4 - HKLM\..\Run: [Ica] C:\WINDOWS\Meu.exe
O4 - HKLM\..\Run: [Ibu] C:\WINDOWS\Oqd.exe
O4 - HKLM\..\Run: [Ibk] C:\WINDOWS\System32\Qpi.exe
O4 - HKLM\..\Run: [Iah] C:\WINDOWS\System32\Sfj.exe
O4 - HKLM\..\Run: [Hvr] C:\WINDOWS\System32\Ins.exe
O4 - HKLM\..\Run: [Hrs] C:\WINDOWS\System32\Eot.exe
O4 - HKLM\..\Run: [Hrn] C:\WINDOWS\Vdh.exe
O4 - HKLM\..\Run: [Hof] C:\WINDOWS\Mhg.exe
O4 - HKLM\..\Run: [Hmu] C:\WINDOWS\Vqq.exe
O4 - HKLM\..\Run: [Hik] C:\WINDOWS\Oua.exe
O4 - HKLM\..\Run: [Hij] C:\WINDOWS\System32\Cqf.exe
O4 - HKLM\..\Run: [Hif] C:\WINDOWS\System32\Ons.exe
O4 - HKLM\..\Run: [Hhe] C:\WINDOWS\Kfa.exe
O4 - HKLM\..\Run: [Hhb] C:\WINDOWS\Fvb.exe
O4 - HKLM\..\Run: [Hgb] C:\WINDOWS\System32\Tho.exe
O4 - HKLM\..\Run: [Hes] C:\WINDOWS\System32\Fih.exe
O4 - HKLM\..\Run: [Hdk] C:\WINDOWS\System32\Asr.exe
O4 - HKLM\..\Run: [Hce] C:\WINDOWS\System32\Eai.exe
O4 - HKLM\..\Run: [Gvi] C:\WINDOWS\System32\Mvu.exe
O4 - HKLM\..\Run: [Gur] C:\WINDOWS\System32\Der.exe
O4 - HKLM\..\Run: [Guh] C:\WINDOWS\System32\Hof.exe
O4 - HKLM\..\Run: [Gtq] C:\WINDOWS\Qht.exe
O4 - HKLM\..\Run: [Gsc] C:\WINDOWS\Oim.exe
O4 - HKLM\..\Run: [Gru] C:\WINDOWS\System32\Dnt.exe
O4 - HKLM\..\Run: [Grq] C:\WINDOWS\System32\Ian.exe
O4 - HKLM\..\Run: [Gpe] C:\WINDOWS\Agv.exe
O4 - HKLM\..\Run: [Gob] C:\WINDOWS\System32\Mia.exe
O4 - HKLM\..\Run: [Gno] C:\WINDOWS\Buc.exe
O4 - HKLM\..\Run: [Gmt] C:\WINDOWS\System32\Bns.exe
O4 - HKLM\..\Run: [Gmd] C:\WINDOWS\System32\Jbu.exe
O4 - HKLM\..\Run: [Glt] C:\WINDOWS\Lgr.exe
O4 - HKLM\..\Run: [Gle] C:\WINDOWS\Qpt.exe
O4 - HKLM\..\Run: [Gku] C:\WINDOWS\System32\Adl.exe
O4 - HKLM\..\Run: [Ghi] C:\WINDOWS\System32\Mqj.exe
O4 - HKLM\..\Run: [Ggh] C:\WINDOWS\Dkh.exe
O4 - HKLM\..\Run: [Gfs] C:\WINDOWS\System32\Mal.exe
O4 - HKLM\..\Run: [Fvg] C:\WINDOWS\System32\Pun.exe
O4 - HKLM\..\Run: [Fvb] C:\WINDOWS\Ccp.exe
O4 - HKLM\..\Run: [Fuv] C:\WINDOWS\System32\Vha.exe
O4 - HKLM\..\Run: [Fua] C:\WINDOWS\System32\Ogh.exe
O4 - HKLM\..\Run: [Ftn] C:\WINDOWS\System32\Mqu.exe
O4 - HKLM\..\Run: [Fsj] C:\WINDOWS\Equ.exe
O4 - HKLM\..\Run: [Fqo] C:\WINDOWS\System32\Dmc.exe
O4 - HKLM\..\Run: [Fpv] C:\WINDOWS\System32\Fik.exe
O4 - HKLM\..\Run: [Fna] C:\WINDOWS\System32\Pmc.exe
O4 - HKLM\..\Run: [Flv] C:\WINDOWS\System32\Gkf.exe
O4 - HKLM\..\Run: [Flh] C:\WINDOWS\Oha.exe
O4 - HKLM\..\Run: [Fea] C:\WINDOWS\System32\Gta.exe
O4 - HKLM\..\Run: [Ete] C:\WINDOWS\System32\Duh.exe
O4 - HKLM\..\Run: [Ere] C:\WINDOWS\System32\Bgi.exe
O4 - HKLM\..\Run: [Eqp] C:\WINDOWS\System32\Tdb.exe
O4 - HKLM\..\Run: [Epi] C:\WINDOWS\System32\Ujn.exe
O4 - HKLM\..\Run: [Ekr] C:\WINDOWS\System32\Sib.exe
O4 - HKLM\..\Run: [Eje] C:\WINDOWS\Oqj.exe
O4 - HKLM\..\Run: [Eii] C:\WINDOWS\System32\Jqv.exe
O4 - HKLM\..\Run: [Ege] C:\WINDOWS\System32\Ruv.exe
O4 - HKLM\..\Run: [Ecq] C:\WINDOWS\System32\Tel.exe
O4 - HKLM\..\Run: [Dsr] C:\WINDOWS\system32\Ruo.exe
O4 - HKLM\..\Run: [Dsl] C:\WINDOWS\System32\Lno.exe
O4 - HKLM\..\Run: [Drb] C:\WINDOWS\Rka.exe
O4 - HKLM\..\Run: [Dob] C:\WINDOWS\System32\Ulc.exe
O4 - HKLM\..\Run: [Dnd] C:\WINDOWS\System32\Ran.exe
O4 - HKLM\..\Run: [Dlv] C:\WINDOWS\System32\Cbr.exe
O4 - HKLM\..\Run: [Djh] C:\WINDOWS\System32\Hdr.exe
O4 - HKLM\..\Run: [Dhv] C:\WINDOWS\System32\Eii.exe
O4 - HKLM\..\Run: [Dhk] C:\WINDOWS\Fvh.exe
O4 - HKLM\..\Run: [Dfh] C:\WINDOWS\System32\Ncf.exe
O4 - HKLM\..\Run: [Daf] C:\WINDOWS\System32\Isl.exe
O4 - HKLM\..\Run: [Cvj] C:\WINDOWS\System32\Est.exe
O4 - HKLM\..\Run: [Cvc] C:\WINDOWS\System32\Qls.exe
O4 - HKLM\..\Run: [Ctn] C:\WINDOWS\System32\Aeo.exe
O4 - HKLM\..\Run: [Cta] C:\WINDOWS\System32\Bkl.exe
O4 - HKLM\..\Run: [Csv] C:\WINDOWS\Kvr.exe
O4 - HKLM\..\Run: [Csq] C:\WINDOWS\Dcm.exe
O4 - HKLM\..\Run: [Cov] C:\WINDOWS\System32\Tql.exe
O4 - HKLM\..\Run: [Cot] C:\WINDOWS\System32\Rhr.exe
O4 - HKLM\..\Run: [Cnv] C:\WINDOWS\Jkd.exe
O4 - HKLM\..\Run: [Ckr] C:\WINDOWS\System32\Rnh.exe
O4 - HKLM\..\Run: [Ckl] C:\WINDOWS\System32\Btm.exe
O4 - HKLM\..\Run: [Cho] C:\WINDOWS\System32\Hfg.exe
O4 - HKLM\..\Run: [Cfk] C:\WINDOWS\System32\Urg.exe
O4 - HKLM\..\Run: [Cen] C:\WINDOWS\System32\Qrf.exe
O4 - HKLM\..\Run: [Cdq] C:\WINDOWS\System32\Rbf.exe
O4 - HKLM\..\Run: [Cbo] C:\WINDOWS\System32\Krd.exe
O4 - HKLM\..\Run: [Cbf] C:\WINDOWS\System32\Urb.exe
O4 - HKLM\..\Run: [Bnh] C:\WINDOWS\System32\Qss.exe
O4 - HKLM\..\Run: [Bml] C:\WINDOWS\System32\Bvn.exe
O4 - HKLM\..\Run: [Blv] C:\WINDOWS\System32\Rgl.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Blk] C:\WINDOWS\System32\Vdt.exe
O4 - HKLM\..\Run: [Bkv] C:\WINDOWS\Bts.exe
O4 - HKLM\..\Run: [Bjf] C:\WINDOWS\System32\Oln.exe
O4 - HKLM\..\Run: [Bim] C:\WINDOWS\Ltf.exe
O4 - HKLM\..\Run: [Bij] C:\WINDOWS\Ann.exe
O4 - HKLM\..\Run: [Bht] C:\WINDOWS\Gtc.exe
O4 - HKLM\..\Run: [Bdv] C:\WINDOWS\Kae.exe
O4 - HKLM\..\Run: [Bcq] C:\WINDOWS\Qbe.exe
O4 - HKLM\..\Run: [Bbe] C:\WINDOWS\System32\Khg.exe
O4 - HKLM\..\Run: [Avr] C:\WINDOWS\System32\Eaq.exe
O4 - HKLM\..\Run: [Avn] C:\WINDOWS\Dva.exe
O4 - HKLM\..\Run: [Avi] C:\WINDOWS\System32\Ued.exe
O4 - HKLM\..\Run: [Avb] C:\WINDOWS\Lgb.exe
O4 - HKLM\..\Run: [Aum] C:\WINDOWS\System32\Nhh.exe
O4 - HKLM\..\Run: [Ata] C:\WINDOWS\System32\Hoo.exe
O4 - HKLM\..\Run: [Aqt] C:\WINDOWS\System32\Kfo.exe
O4 - HKLM\..\Run: [Aqi] C:\WINDOWS\System32\Fmq.exe
O4 - HKLM\..\Run: [Apf] C:\WINDOWS\Qdu.exe
O4 - HKLM\..\Run: [Aom] C:\WINDOWS\Acr.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Aok] C:\WINDOWS\Sgv.exe
O4 - HKLM\..\Run: [Anm] C:\WINDOWS\System32\Dda.exe
O4 - HKLM\..\Run: [Ane] C:\WINDOWS\System32\Rgc.exe
O4 - HKLM\..\Run: [Akh] C:\WINDOWS\Mcq.exe
O4 - HKLM\..\Run: [Akc] C:\WINDOWS\Rhm.exe
O4 - HKLM\..\Run: [Ajg] C:\WINDOWS\Sge.exe
O4 - HKLM\..\Run: [Ail] C:\WINDOWS\Fan.exe
O4 - HKLM\..\Run: [Ahv] C:\WINDOWS\System32\Fgd.exe
O4 - HKLM\..\Run: [Ago] C:\WINDOWS\System32\Kcq.exe
O4 - HKLM\..\Run: [Aes] C:\WINDOWS\System32\Gpm.exe
O4 - HKLM\..\Run: [Aeg] C:\WINDOWS\System32\Fff.exe
O4 - HKLM\..\Run: [Adm] C:\WINDOWS\System32\Hov.exe
O4 - HKLM\..\Run: [Aal] C:\WINDOWS\Gea.exe
O4 - HKLM\..\Run: [Aai] C:\WINDOWS\System32\Tvi.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://images.photogra.com/PhotoX/BPImageEditor.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

Thanks for your help Questolo
Logged

Guest_LJULICH_*

  • Guest
Questolo...Please Help....Please
« Reply #7 on: April 15, 2005, 01:11:05 PM »
Bump
Logged

Guest_LJULICH_*

  • Guest
Questolo...Please Help....Please
« Reply #8 on: April 15, 2005, 02:29:32 PM »
Questolo,

Noticed that my original desktop icons are not there. I will try to do shortcuts and put them back on.

Also noticed in Display Properties, Desktop---that I have no control to change background themes, also changing color background sometimes works and sometimes doesn't.

Thanks Loads!!
Logged

Guest_LJULICH_*

  • Guest
Questolo...Please Help....Please
« Reply #9 on: April 15, 2005, 02:57:28 PM »
Questolo,

When I try to put shortcuts on my desktop----I get double icons.

Please advise.
Logged

Guest_LJULICH_*

  • Guest
Questolo...Please Help....Please
« Reply #10 on: April 15, 2005, 03:03:09 PM »
I found Spyware Blaster and just downloaded it. I couldn't find IE-Spyad.....is it called something else?

Thanks Loads!!
Logged

Guest_LJULICH_*

  • Guest
Questolo...Please Help....Please
« Reply #11 on: April 15, 2005, 09:54:56 PM »
Bump
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Questolo...Please Help....Please
« Reply #12 on: April 16, 2005, 12:40:44 AM »
Download and UNZIP to a folder Fixdisply.zip
So you now hav Fixdisply.reg in the same folder
[attachment=146:attachment]

==Download and UNZIP to a folder
HSFIX.zip
HSFix directory will be created
We'll need this later


I need you to Print the rest of this out or save too a Notepad file for reference

Restart your computer back into Safe mode

Do another scan with Hijackthis and put a check next to these entries:
Could you also look for the files related and delete them if found
Example from the first entry asked to fix
Some I ask to delete may be duplicate entries, but fix what you find

O4 - HKLM\..\Run: [Vsa] C:\WINDOWS\System32\Jnk.exe <-delete this file
O4 - HKLM\..\Run: [Vrh] C:\WINDOWS\Vjt.exe
O4 - HKLM\..\Run: [Vlv] C:\WINDOWS\System32\Ssc.exe
O4 - HKLM\..\Run: [Vko] C:\WINDOWS\System32\Vop.exe
O4 - HKLM\..\Run: [Vki] C:\WINDOWS\Meq.exe
O4 - HKLM\..\Run: [Vjl] C:\WINDOWS\System32\Con.exe
O4 - HKLM\..\Run: [Vio] C:\WINDOWS\System32\Eoq.exe
O4 - HKLM\..\Run: [Vig] C:\WINDOWS\System32\Thk.exe
O4 - HKLM\..\Run: [Vek] C:\WINDOWS\Faf.exe
O4 - HKLM\..\Run: [Vdo] C:\WINDOWS\System32\Svn.exe
O4 - HKLM\..\Run: [Vcg] C:\WINDOWS\System32\Pnt.exe
O4 - HKLM\..\Run: [Vbn] C:\WINDOWS\Jqa.exe
O4 - HKLM\..\Run: [Uvf] C:\WINDOWS\Aas.exe
O4 - HKLM\..\Run: [Uri] C:\WINDOWS\Njs.exe
O4 - HKLM\..\Run: [Uov] C:\WINDOWS\System32\Esb.exe
O4 - HKLM\..\Run: [Unq] C:\WINDOWS\System32\Don.exe
O4 - HKLM\..\Run: [Una] C:\WINDOWS\Jds.exe
O4 - HKLM\..\Run: [Ukt] C:\WINDOWS\Pqf.exe
O4 - HKLM\..\Run: [Uic] C:\WINDOWS\System32\Chb.exe
O4 - HKLM\..\Run: [Uib] C:\WINDOWS\System32\Cor.exe
O4 - HKLM\..\Run: [Ufb] C:\WINDOWS\Fjv.exe
O4 - HKLM\..\Run: [Ueu] C:\WINDOWS\System32\Cid.exe
O4 - HKLM\..\Run: [Ucc] C:\WINDOWS\System32\Pco.exe
O4 - HKLM\..\Run: [Uba] C:\WINDOWS\Dia.exe
O4 - HKLM\..\Run: [Uap] C:\WINDOWS\Lfa.exe
O4 - HKLM\..\Run: [Uaa] C:\WINDOWS\System32\Rur.exe
O4 - HKLM\..\Run: [Tuq] C:\WINDOWS\Tom.exe
O4 - HKLM\..\Run: [Tun] C:\WINDOWS\Cqe.exe
O4 - HKLM\..\Run: [Tsr] C:\WINDOWS\Hst.exe
O4 - HKLM\..\Run: [Tsq] C:\WINDOWS\System32\Sds.exe
O4 - HKLM\..\Run: [Tsn] C:\WINDOWS\System32\Qvh.exe
O4 - HKLM\..\Run: [Tpp] C:\WINDOWS\Tem.exe
O4 - HKLM\..\Run: [Tou] C:\WINDOWS\Irg.exe
O4 - HKLM\..\Run: [Tmn] C:\WINDOWS\Qjv.exe
O4 - HKLM\..\Run: [Tld] C:\WINDOWS\System32\Vnm.exe
O4 - HKLM\..\Run: [Tkt] C:\WINDOWS\Qck.exe
O4 - HKLM\..\Run: [Tjc] C:\WINDOWS\Avu.exe
O4 - HKLM\..\Run: [Tgg] C:\WINDOWS\Giv.exe
O4 - HKLM\..\Run: [Tgd] C:\WINDOWS\Mvu.exe
O4 - HKLM\..\Run: [Tel] C:\WINDOWS\System32\Fmh.exe
O4 - HKLM\..\Run: [Tea] C:\WINDOWS\Gom.exe
O4 - HKLM\..\Run: [Tac] C:\WINDOWS\System32\Ehn.exe
O4 - HKLM\..\Run: [Svn] C:\WINDOWS\Uie.exe
O4 - HKLM\..\Run: [Stu] C:\WINDOWS\Ogj.exe
O4 - HKLM\..\Run: [Sts] C:\WINDOWS\Jcl.exe
O4 - HKLM\..\Run: [Std] C:\WINDOWS\Djq.exe
O4 - HKLM\..\Run: [Ssm] C:\WINDOWS\Eqn.exe
O4 - HKLM\..\Run: [Sqq] C:\WINDOWS\Jfh.exe
O4 - HKLM\..\Run: [Sqn] C:\WINDOWS\System32\Qvr.exe
O4 - HKLM\..\Run: [Sov] C:\WINDOWS\Erq.exe

O4 - HKLM\..\Run: [Slp] C:\WINDOWS\Lgk.exe
O4 - HKLM\..\Run: [Skr] C:\WINDOWS\Cum.exe
O4 - HKLM\..\Run: [Skn] C:\WINDOWS\System32\Ncm.exe
O4 - HKLM\..\Run: [Skm] C:\WINDOWS\System32\Duo.exe
O4 - HKLM\..\Run: [Sji] C:\WINDOWS\Gvl.exe
O4 - HKLM\..\Run: [Sio] C:\WINDOWS\System32\Ums.exe
O4 - HKLM\..\Run: [Sim] C:\WINDOWS\System32\Tgk.exe
O4 - HKLM\..\Run: [Sil] C:\WINDOWS\Jnl.exe
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [See] C:\WINDOWS\System32\Unu.exe

O4 - HKLM\..\Run: [Seb] C:\WINDOWS\System32\Ndj.exe
O4 - HKLM\..\Run: [Scr] C:\WINDOWS\Fqb.exe
O4 - HKLM\..\Run: [Sbl] C:\WINDOWS\System32\Teo.exe
O4 - HKLM\..\Run: [Sbk] C:\WINDOWS\System32\Opa.exe
O4 - HKLM\..\Run: [Rvo] C:\WINDOWS\Nae.exe
O4 - HKLM\..\Run: [Rsl] C:\WINDOWS\System32\Jpr.exe
O4 - HKLM\..\Run: [Rpk] C:\WINDOWS\Uii.exe
O4 - HKLM\..\Run: [Rpi] C:\WINDOWS\System32\Llc.exe
O4 - HKLM\..\Run: [Rou] C:\WINDOWS\Lki.exe
O4 - HKLM\..\Run: [Rmt] C:\WINDOWS\Fai.exe
O4 - HKLM\..\Run: [Rlj] C:\WINDOWS\System32\Uhj.exe
O4 - HKLM\..\Run: [Rjk] C:\WINDOWS\Qre.exe
O4 - HKLM\..\Run: [Ria] C:\WINDOWS\System32\Ger.exe
O4 - HKLM\..\Run: [Rhv] C:\WINDOWS\Hnk.exe
O4 - HKLM\..\Run: [Rhr] C:\WINDOWS\Qrj.exe
O4 - HKLM\..\Run: [Rha] C:\WINDOWS\System32\Lvf.exe

O4 - HKLM\..\Run: [Seb] C:\WINDOWS\System32\Ndj.exe
O4 - HKLM\..\Run: [Scr] C:\WINDOWS\Fqb.exe
O4 - HKLM\..\Run: [Sbl] C:\WINDOWS\System32\Teo.exe
O4 - HKLM\..\Run: [Sbk] C:\WINDOWS\System32\Opa.exe
O4 - HKLM\..\Run: [Rvo] C:\WINDOWS\Nae.exe
O4 - HKLM\..\Run: [Rsl] C:\WINDOWS\System32\Jpr.exe
O4 - HKLM\..\Run: [Rpk] C:\WINDOWS\Uii.exe
O4 - HKLM\..\Run: [Rpi] C:\WINDOWS\System32\Llc.exe
O4 - HKLM\..\Run: [Rou] C:\WINDOWS\Lki.exe
O4 - HKLM\..\Run: [Rmt] C:\WINDOWS\Fai.exe
O4 - HKLM\..\Run: [Rlj] C:\WINDOWS\System32\Uhj.exe
O4 - HKLM\..\Run: [Rjk] C:\WINDOWS\Qre.exe
O4 - HKLM\..\Run: [Ria] C:\WINDOWS\System32\Ger.exe
O4 - HKLM\..\Run: [Rhv] C:\WINDOWS\Hnk.exe
O4 - HKLM\..\Run: [Rhr] C:\WINDOWS\Qrj.exe
O4 - HKLM\..\Run: [Rha] C:\WINDOWS\System32\Lvf.exe

O4 - HKLM\..\Run: [Rcm] C:\WINDOWS\System32\Kal.exe
O4 - HKLM\..\Run: [Rbl] C:\WINDOWS\Utv.exe
O4 - HKLM\..\Run: [Rao] C:\WINDOWS\Tgt.exe
O4 - HKLM\..\Run: [Qvv] C:\WINDOWS\Hpm.exe
O4 - HKLM\..\Run: [Qvr] C:\WINDOWS\Vpf.exe
O4 - HKLM\..\Run: [Qqo] C:\WINDOWS\System32\Pic.exe
O4 - HKLM\..\Run: [Qoo] C:\WINDOWS\System32\Hvc.exe
O4 - HKLM\..\Run: [Qol] C:\WINDOWS\System32\Fme.exe
O4 - HKLM\..\Run: [Qoe] C:\WINDOWS\System32\Nvi.exe
O4 - HKLM\..\Run: [Qnn] C:\WINDOWS\Njf.exe
O4 - HKLM\..\Run: [Qnj] C:\WINDOWS\System32\Cma.exe
O4 - HKLM\..\Run: [Qlt] C:\WINDOWS\Fkh.exe
O4 - HKLM\..\Run: [Qlo] C:\WINDOWS\System32\Kbh.exe
O4 - HKLM\..\Run: [Qle] C:\WINDOWS\Nbc.exe
O4 - HKLM\..\Run: [Qho] C:\WINDOWS\System32\Jsg.exe
O4 - HKLM\..\Run: [Qhc] C:\WINDOWS\System32\Dkb.exe
O4 - HKLM\..\Run: [Pvu] C:\WINDOWS\System32\Mbm.exe
O4 - HKLM\..\Run: [Pts] C:\WINDOWS\Kqf.exe
O4 - HKLM\..\Run: [Pss] C:\WINDOWS\Jek.exe
O4 - HKLM\..\Run: [Pru] C:\WINDOWS\Loj.exe
O4 - HKLM\..\Run: 
 C:\WINDOWS\System32\Qgu.exe
O4 - HKLM\..\Run: [Ppt] C:\WINDOWS\Eap.exe
O4 - HKLM\..\Run: [Ppd] C:\WINDOWS\System32\Tgp.exe
O4 - HKLM\..\Run: [Pnm] C:\WINDOWS\System32\Cjc.exe
O4 - HKLM\..\Run: [Png] C:\WINDOWS\System32\Akn.exe
O4 - HKLM\..\Run: [Pms] C:\WINDOWS\Ihj.exe
O4 - HKLM\..\Run: [Plq] C:\WINDOWS\System32\Ifu.exe
O4 - HKLM\..\Run: [Plf] C:\WINDOWS\System32\Kul.exe
O4 - HKLM\..\Run: [Pjd] C:\WINDOWS\System32\Msg.exe
O4 - HKLM\..\Run: [Pim] C:\WINDOWS\System32\Mia.exe
O4 - HKLM\..\Run: [Pif] C:\WINDOWS\Kih.exe
O4 - HKLM\..\Run: [Pfa] C:\WINDOWS\System32\Nda.exe
O4 - HKLM\..\Run: [Pct] C:\WINDOWS\Tda.exe
O4 - HKLM\..\Run: [Pcc] C:\WINDOWS\Nap.exe
O4 - HKLM\..\Run: [Pcb] C:\WINDOWS\Hga.exe
O4 - HKLM\..\Run: [Paf] C:\WINDOWS\Hgi.exe
O4 - HKLM\..\Run: [Pae] C:\WINDOWS\Dpv.exe
O4 - HKLM\..\Run: [Oqr] C:\WINDOWS\Vhb.exe
O4 - HKLM\..\Run: [Oqi] C:\WINDOWS\System32\Agk.exe
O4 - HKLM\..\Run: [Oph] C:\WINDOWS\Ftr.exe
O4 - HKLM\..\Run: [Oon] C:\WINDOWS\Dqd.exe
O4 - HKLM\..\Run: [Ooe] C:\WINDOWS\System32\Num.exe
O4 - HKLM\..\Run: [Onu] C:\WINDOWS\System32\Jmh.exe
O4 - HKLM\..\Run: [Omi] C:\WINDOWS\System32\Ons.exe
O4 - HKLM\..\Run: [Oma] C:\WINDOWS\System32\Bka.exe
O4 - HKLM\..\Run: [Ojd] C:\WINDOWS\System32\Npd.exe
O4 - HKLM\..\Run: [Oil] C:\WINDOWS\Ivg.exe
O4 - HKLM\..\Run: [Oik] C:\WINDOWS\Sra.exe
O4 - HKLM\..\Run: [Oic] C:\WINDOWS\System32\Jmj.exe
O4 - HKLM\..\Run: [Ogj] C:\WINDOWS\System32\Hev.exe
O4 - HKLM\..\Run: [Obt] C:\WINDOWS\Sgu.exe
O4 - HKLM\..\Run: [Nuj] C:\WINDOWS\System32\Qte.exe
O4 - HKLM\..\Run: [Ntq] C:\WINDOWS\System32\Jfn.exe
O4 - HKLM\..\Run: [Ntn] C:\WINDOWS\System32\Khr.exe
O4 - HKLM\..\Run: [Nth] C:\WINDOWS\Bgd.exe
O4 - HKLM\..\Run: [Npq] C:\WINDOWS\System32\Ptl.exe
O4 - HKLM\..\Run: [Noc] C:\WINDOWS\Npo.exe
O4 - HKLM\..\Run: [Nob] C:\WINDOWS\Rgc.exe
O4 - HKLM\..\Run: [Nmt] C:\WINDOWS\System32\Jsa.exe
O4 - HKLM\..\Run: [Nig] C:\WINDOWS\Rkq.exe
O4 - HKLM\..\Run: [Ngk] C:\WINDOWS\Vti.exe
O4 - HKLM\..\Run: [Ndf] C:\WINDOWS\System32\Bua.exe
O4 - HKLM\..\Run: [Nbf] C:\WINDOWS\Lld.exe
O4 - HKLM\..\Run: [Nbd] C:\WINDOWS\System32\Ckg.exe
O4 - HKLM\..\Run: [Nam] C:\WINDOWS\System32\Mrg.exe
O4 - HKLM\..\Run: [Mvl] C:\WINDOWS\System32\Ssi.exe
O4 - HKLM\..\Run: [Mua] C:\WINDOWS\Rei.exe
O4 - HKLM\..\Run: [Mst] C:\WINDOWS\Lro.exe
O4 - HKLM\..\Run: [Msj] C:\WINDOWS\Auo.exe
O4 - HKLM\..\Run: [Msb] C:\WINDOWS\Nnm.exe
O4 - HKLM\..\Run: [Mpr] C:\WINDOWS\System32\Oor.exe
O4 - HKLM\..\Run: [Mpb] C:\WINDOWS\System32\Hjr.exe
O4 - HKLM\..\Run: [Mor] C:\WINDOWS\System32\Kiq.exe
O4 - HKLM\..\Run: [Mni] C:\WINDOWS\System32\Eov.exe
O4 - HKLM\..\Run: [Mmk] C:\WINDOWS\Qcc.exe
O4 - HKLM\..\Run: [Mll] C:\WINDOWS\system32\Gqq.exe
O4 - HKLM\..\Run: [Mlb] C:\WINDOWS\Uil.exe
O4 - HKLM\..\Run: [Mjj] C:\WINDOWS\System32\Cap.exe
O4 - HKLM\..\Run: [Mii] C:\WINDOWS\System32\Dnk.exe
O4 - HKLM\..\Run: [Mgv] C:\WINDOWS\Ldo.exe
O4 - HKLM\..\Run: [Met] C:\WINDOWS\Mck.exe
O4 - HKLM\..\Run: [Mdn] C:\WINDOWS\System32\Hgp.exe
O4 - HKLM\..\Run: [Mav] C:\WINDOWS\Gsk.exe
O4 - HKLM\..\Run: [Lvu] C:\WINDOWS\System32\Qsf.exe
O4 - HKLM\..\Run: [Ltt] C:\WINDOWS\Ggc.exe
O4 - HKLM\..\Run: [Lts] C:\WINDOWS\System32\Kkp.exe
O4 - HKLM\..\Run: [Ltl] C:\WINDOWS\Oeb.exe
O4 - HKLM\..\Run: [Lqm] C:\WINDOWS\System32\Rtn.exe
O4 - HKLM\..\Run: [Lqk] C:\WINDOWS\Dkr.exe
O4 - HKLM\..\Run: [Lqj] C:\WINDOWS\Fou.exe
O4 - HKLM\..\Run: [Lpj] C:\WINDOWS\Svn.exe
O4 - HKLM\..\Run: [Lpi] C:\WINDOWS\System32\Iup.exe
O4 - HKLM\..\Run: [Lor] C:\WINDOWS\Htk.exe
O4 - HKLM\..\Run: [Lob] C:\WINDOWS\Nkq.exe
O4 - HKLM\..\Run: [Lmu] C:\WINDOWS\System32\Aqu.exe
O4 - HKLM\..\Run: [Lmj] C:\WINDOWS\System32\Pbg.exe
O4 - HKLM\..\Run: [Ljv] C:\WINDOWS\System32\Shv.exe
O4 - HKLM\..\Run: [Ljq] C:\WINDOWS\System32\Sum.exe
O4 - HKLM\..\Run: [Lil] C:\WINDOWS\Utu.exe
O4 - HKLM\..\Run: [Lhr] C:\WINDOWS\System32\Bra.exe
O4 - HKLM\..\Run: [Lgp] C:\WINDOWS\Trd.exe
O4 - HKLM\..\Run: [Lgg] C:\WINDOWS\System32\Reh.exe
O4 - HKLM\..\Run: [Lfs] C:\WINDOWS\System32\Gtk.exe
O4 - HKLM\..\Run: [Leh] C:\WINDOWS\System32\Okn.exe
O4 - HKLM\..\Run: [Ldq] C:\WINDOWS\Oft.exe
O4 - HKLM\..\Run: [Ldp] C:\WINDOWS\System32\Ich.exe
O4 - HKLM\..\Run: [Ldm] C:\WINDOWS\Lqe.exe
O4 - HKLM\..\Run: [Lbq] C:\WINDOWS\System32\Cal.exe
O4 - HKLM\..\Run: [Kvr] C:\WINDOWS\Lri.exe
O4 - HKLM\..\Run: [Kui] C:\WINDOWS\System32\Ceh.exe
O4 - HKLM\..\Run: [Kuc] C:\WINDOWS\System32\Euv.exe
O4 - HKLM\..\Run: [Ktp] C:\WINDOWS\Lsu.exe
O4 - HKLM\..\Run: [Ksn] C:\WINDOWS\Grp.exe
O4 - HKLM\..\Run: [Kpt] C:\WINDOWS\System32\Ecf.exe
O4 - HKLM\..\Run: [Kpm] C:\WINDOWS\System32\Jbc.exe
O4 - HKLM\..\Run: [Kpe] C:\WINDOWS\Kkd.exe
O4 - HKLM\..\Run: [Kpd] C:\WINDOWS\System32\Qnv.exe
O4 - HKLM\..\Run: [Kms] C:\WINDOWS\System32\Vld.exe
O4 - HKLM\..\Run: [Klq] C:\WINDOWS\System32\Cnh.exe
O4 - HKLM\..\Run: [Kis] C:\WINDOWS\Tfe.exe
O4 - HKLM\..\Run: [Kfu] C:\WINDOWS\Ifn.exe
O4 - HKLM\..\Run: [Kfj] C:\WINDOWS\System32\Gam.exe
O4 - HKLM\..\Run: [Kej] C:\WINDOWS\System32\Qci.exe
O4 - HKLM\..\Run: [Kca] C:\WINDOWS\Smi.exe
O4 - HKLM\..\Run: [Kbh] C:\WINDOWS\System32\Osf.exe
O4 - HKLM\..\Run: [Kbb] C:\WINDOWS\System32\Mtm.exe
O4 - HKLM\..\Run: [Kav] C:\WINDOWS\Oia.exe
O4 - HKLM\..\Run: [Jso] C:\WINDOWS\Uih.exe
O4 - HKLM\..\Run: [Jrt] C:\WINDOWS\System32\Rng.exe
O4 - HKLM\..\Run: [Jrk] C:\WINDOWS\System32\Tdp.exe
O4 - HKLM\..\Run: [Jrg] C:\WINDOWS\System32\Khl.exe
O4 - HKLM\..\Run: [Jqt] C:\WINDOWS\System32\Beh.exe
O4 - HKLM\..\Run: [Jqs] C:\WINDOWS\Jhm.exe
O4 - HKLM\..\Run: [Jot] C:\WINDOWS\Cfo.exe
O4 - HKLM\..\Run: [Jna] C:\WINDOWS\System32\Bon.exe
O4 - HKLM\..\Run: [Jmh] C:\WINDOWS\System32\Hvb.exe
O4 - HKLM\..\Run: [Jmg] C:\WINDOWS\Mhg.exe
O4 - HKLM\..\Run: [Jls] C:\WINDOWS\System32\Ahu.exe
O4 - HKLM\..\Run: [Jlq] C:\WINDOWS\Djo.exe
O4 - HKLM\..\Run: [Jlb] C:\WINDOWS\Svf.exe
O4 - HKLM\..\Run: [Jii] C:\WINDOWS\Itk.exe
O4 - HKLM\..\Run: [Jgp] C:\WINDOWS\System32\Vsn.exe
O4 - HKLM\..\Run: [Jda] C:\WINDOWS\Dam.exe
O4 - HKLM\..\Run: [Jbs] C:\WINDOWS\Fmv.exe
O4 - HKLM\..\Run: [Jar] C:\WINDOWS\System32\Fur.exe
O4 - HKLM\..\Run: [Ivp] C:\WINDOWS\System32\Lvr.exe
O4 - HKLM\..\Run: [Ivg] C:\WINDOWS\Tit.exe
O4 - HKLM\..\Run: [Ive] C:\WINDOWS\Bht.exe
O4 - HKLM\..\Run: [Iub] C:\WINDOWS\Ari.exe
O4 - HKLM\..\Run: [Itn] C:\WINDOWS\Acd.exe
O4 - HKLM\..\Run: [Itm] C:\WINDOWS\Lbr.exe
O4 - HKLM\..\Run: [Itj] C:\WINDOWS\System32\Mia.exe
O4 - HKLM\..\Run: [Isc] C:\WINDOWS\Aqc.exe
O4 - HKLM\..\Run: [Ipu] C:\WINDOWS\System32\Gnp.exe
O4 - HKLM\..\Run: [Inf] C:\WINDOWS\Qsf.exe
O4 - HKLM\..\Run: [Iln] C:\WINDOWS\System32\Uuv.exe
O4 - HKLM\..\Run: [Ild] C:\WINDOWS\System32\Ntp.exe
O4 - HKLM\..\Run: [Ifi] C:\WINDOWS\System32\Vmo.exe
O4 - HKLM\..\Run: [Iep] C:\WINDOWS\Khl.exe
O4 - HKLM\..\Run: [Iel] C:\WINDOWS\Fud.exe
O4 - HKLM\..\Run: [Ich] C:\WINDOWS\Lva.exe
O4 - HKLM\..\Run: [Ica] C:\WINDOWS\Meu.exe
O4 - HKLM\..\Run: [Ibu] C:\WINDOWS\Oqd.exe
O4 - HKLM\..\Run: [Ibk] C:\WINDOWS\System32\Qpi.exe
O4 - HKLM\..\Run: [Iah] C:\WINDOWS\System32\Sfj.exe
O4 - HKLM\..\Run: [Hvr] C:\WINDOWS\System32\Ins.exe
O4 - HKLM\..\Run: [Hrs] C:\WINDOWS\System32\Eot.exe
O4 - HKLM\..\Run: [Hrn] C:\WINDOWS\Vdh.exe
O4 - HKLM\..\Run: [Hof] C:\WINDOWS\Mhg.exe
O4 - HKLM\..\Run: [Hmu] C:\WINDOWS\Vqq.exe
O4 - HKLM\..\Run: [Hik] C:\WINDOWS\Oua.exe
O4 - HKLM\..\Run: [Hij] C:\WINDOWS\System32\Cqf.exe
O4 - HKLM\..\Run: [Hif] C:\WINDOWS\System32\Ons.exe
O4 - HKLM\..\Run: [Hhe] C:\WINDOWS\Kfa.exe
O4 - HKLM\..\Run: [Hhb] C:\WINDOWS\Fvb.exe
O4 - HKLM\..\Run: [Hgb] C:\WINDOWS\System32\Tho.exe
O4 - HKLM\..\Run: [Hes] C:\WINDOWS\System32\Fih.exe
O4 - HKLM\..\Run: [Hdk] C:\WINDOWS\System32\Asr.exe
O4 - HKLM\..\Run: [Hce] C:\WINDOWS\System32\Eai.exe
O4 - HKLM\..\Run: [Gvi] C:\WINDOWS\System32\Mvu.exe
O4 - HKLM\..\Run: [Gur] C:\WINDOWS\System32\Der.exe
O4 - HKLM\..\Run: [Guh] C:\WINDOWS\System32\Hof.exe
O4 - HKLM\..\Run: [Gtq] C:\WINDOWS\Qht.exe
O4 - HKLM\..\Run: [Gsc] C:\WINDOWS\Oim.exe
O4 - HKLM\..\Run: [Gru] C:\WINDOWS\System32\Dnt.exe
O4 - HKLM\..\Run: [Grq] C:\WINDOWS\System32\Ian.exe
O4 - HKLM\..\Run: [Gpe] C:\WINDOWS\Agv.exe
O4 - HKLM\..\Run: [Gob] C:\WINDOWS\System32\Mia.exe
O4 - HKLM\..\Run: [Gno] C:\WINDOWS\Buc.exe
O4 - HKLM\..\Run: [Gmt] C:\WINDOWS\System32\Bns.exe
O4 - HKLM\..\Run: [Gmd] C:\WINDOWS\System32\Jbu.exe
O4 - HKLM\..\Run: [Glt] C:\WINDOWS\Lgr.exe
O4 - HKLM\..\Run: [Gle] C:\WINDOWS\Qpt.exe
O4 - HKLM\..\Run: [Gku] C:\WINDOWS\System32\Adl.exe
O4 - HKLM\..\Run: [Ghi] C:\WINDOWS\System32\Mqj.exe
O4 - HKLM\..\Run: [Ggh] C:\WINDOWS\Dkh.exe
O4 - HKLM\..\Run: [Gfs] C:\WINDOWS\System32\Mal.exe
O4 - HKLM\..\Run: [Fvg] C:\WINDOWS\System32\Pun.exe
O4 - HKLM\..\Run: [Fvb] C:\WINDOWS\Ccp.exe
O4 - HKLM\..\Run: [Fuv] C:\WINDOWS\System32\Vha.exe
O4 - HKLM\..\Run: [Fua] C:\WINDOWS\System32\Ogh.exe
O4 - HKLM\..\Run: [Ftn] C:\WINDOWS\System32\Mqu.exe
O4 - HKLM\..\Run: [Fsj] C:\WINDOWS\Equ.exe
O4 - HKLM\..\Run: [Fqo] C:\WINDOWS\System32\Dmc.exe
O4 - HKLM\..\Run: [Fpv] C:\WINDOWS\System32\Fik.exe
O4 - HKLM\..\Run: [Fna] C:\WINDOWS\System32\Pmc.exe
O4 - HKLM\..\Run: [Flv] C:\WINDOWS\System32\Gkf.exe
O4 - HKLM\..\Run: [Flh] C:\WINDOWS\Oha.exe
O4 - HKLM\..\Run: [Fea] C:\WINDOWS\System32\Gta.exe
O4 - HKLM\..\Run: [Ete] C:\WINDOWS\System32\Duh.exe
O4 - HKLM\..\Run: [Ere] C:\WINDOWS\System32\Bgi.exe
O4 - HKLM\..\Run: [Eqp] C:\WINDOWS\System32\Tdb.exe
O4 - HKLM\..\Run: [Epi] C:\WINDOWS\System32\Ujn.exe
O4 - HKLM\..\Run: [Ekr] C:\WINDOWS\System32\Sib.exe
O4 - HKLM\..\Run: [Eje] C:\WINDOWS\Oqj.exe
O4 - HKLM\..\Run: [Eii] C:\WINDOWS\System32\Jqv.exe
O4 - HKLM\..\Run: [Ege] C:\WINDOWS\System32\Ruv.exe
O4 - HKLM\..\Run: [Ecq] C:\WINDOWS\System32\Tel.exe
O4 - HKLM\..\Run: [Dsr] C:\WINDOWS\system32\Ruo.exe
O4 - HKLM\..\Run: [Dsl] C:\WINDOWS\System32\Lno.exe
O4 - HKLM\..\Run: [Drb] C:\WINDOWS\Rka.exe
O4 - HKLM\..\Run: [Dob] C:\WINDOWS\System32\Ulc.exe
O4 - HKLM\..\Run: [Dnd] C:\WINDOWS\System32\Ran.exe
O4 - HKLM\..\Run: [Dlv] C:\WINDOWS\System32\Cbr.exe
O4 - HKLM\..\Run: [Djh] C:\WINDOWS\System32\Hdr.exe
O4 - HKLM\..\Run: [Dhv] C:\WINDOWS\System32\Eii.exe
O4 - HKLM\..\Run: [Dhk] C:\WINDOWS\Fvh.exe
O4 - HKLM\..\Run: [Dfh] C:\WINDOWS\System32\Ncf.exe
O4 - HKLM\..\Run: [Daf] C:\WINDOWS\System32\Isl.exe
O4 - HKLM\..\Run: [Cvj] C:\WINDOWS\System32\Est.exe
O4 - HKLM\..\Run: [Cvc] C:\WINDOWS\System32\Qls.exe
O4 - HKLM\..\Run: [Ctn] C:\WINDOWS\System32\Aeo.exe
O4 - HKLM\..\Run: [Cta] C:\WINDOWS\System32\Bkl.exe
O4 - HKLM\..\Run: [Csv] C:\WINDOWS\Kvr.exe
O4 - HKLM\..\Run: [Csq] C:\WINDOWS\Dcm.exe
O4 - HKLM\..\Run: [Cov] C:\WINDOWS\System32\Tql.exe
O4 - HKLM\..\Run: [Cot] C:\WINDOWS\System32\Rhr.exe
O4 - HKLM\..\Run: [Cnv] C:\WINDOWS\Jkd.exe
O4 - HKLM\..\Run: [Ckr] C:\WINDOWS\System32\Rnh.exe
O4 - HKLM\..\Run: [Ckl] C:\WINDOWS\System32\Btm.exe
O4 - HKLM\..\Run: [Cho] C:\WINDOWS\System32\Hfg.exe
O4 - HKLM\..\Run: [Cfk] C:\WINDOWS\System32\Urg.exe
O4 - HKLM\..\Run: [Cen] C:\WINDOWS\System32\Qrf.exe
O4 - HKLM\..\Run: [Cdq] C:\WINDOWS\System32\Rbf.exe
O4 - HKLM\..\Run: [Cbo] C:\WINDOWS\System32\Krd.exe
O4 - HKLM\..\Run: [Cbf] C:\WINDOWS\System32\Urb.exe
O4 - HKLM\..\Run: [Bnh] C:\WINDOWS\System32\Qss.exe
O4 - HKLM\..\Run: [Bml] C:\WINDOWS\System32\Bvn.exe
O4 - HKLM\..\Run: [Blv] C:\WINDOWS\System32\Rgl.exe

O4 - HKLM\..\Run: [Blk] C:\WINDOWS\System32\Vdt.exe
O4 - HKLM\..\Run: [Bkv] C:\WINDOWS\Bts.exe
O4 - HKLM\..\Run: [Bjf] C:\WINDOWS\System32\Oln.exe
O4 - HKLM\..\Run: [Bim] C:\WINDOWS\Ltf.exe
O4 - HKLM\..\Run: [Bij] C:\WINDOWS\Ann.exe
O4 - HKLM\..\Run: [Bht] C:\WINDOWS\Gtc.exe
O4 - HKLM\..\Run: [Bdv] C:\WINDOWS\Kae.exe
O4 - HKLM\..\Run: [Bcq] C:\WINDOWS\Qbe.exe
O4 - HKLM\..\Run: [Bbe] C:\WINDOWS\System32\Khg.exe
O4 - HKLM\..\Run: [Avr] C:\WINDOWS\System32\Eaq.exe
O4 - HKLM\..\Run: [Avn] C:\WINDOWS\Dva.exe
O4 - HKLM\..\Run: [Avi] C:\WINDOWS\System32\Ued.exe
O4 - HKLM\..\Run: [Avb] C:\WINDOWS\Lgb.exe
O4 - HKLM\..\Run: [Aum] C:\WINDOWS\System32\Nhh.exe
O4 - HKLM\..\Run: [Ata] C:\WINDOWS\System32\Hoo.exe
O4 - HKLM\..\Run: [Aqt] C:\WINDOWS\System32\Kfo.exe
O4 - HKLM\..\Run: [Aqi] C:\WINDOWS\System32\Fmq.exe
O4 - HKLM\..\Run: [Apf] C:\WINDOWS\Qdu.exe
O4 - HKLM\..\Run: [Aom] C:\WINDOWS\Acr.exe

O4 - HKLM\..\Run: [Aok] C:\WINDOWS\Sgv.exe
O4 - HKLM\..\Run: [Anm] C:\WINDOWS\System32\Dda.exe
O4 - HKLM\..\Run: [Ane] C:\WINDOWS\System32\Rgc.exe
O4 - HKLM\..\Run: [Akh] C:\WINDOWS\Mcq.exe
O4 - HKLM\..\Run: [Akc] C:\WINDOWS\Rhm.exe
O4 - HKLM\..\Run: [Ajg] C:\WINDOWS\Sge.exe
O4 - HKLM\..\Run: [Ail] C:\WINDOWS\Fan.exe
O4 - HKLM\..\Run: [Ahv] C:\WINDOWS\System32\Fgd.exe
O4 - HKLM\..\Run: [Ago] C:\WINDOWS\System32\Kcq.exe
O4 - HKLM\..\Run: [Aes] C:\WINDOWS\System32\Gpm.exe
O4 - HKLM\..\Run: [Aeg] C:\WINDOWS\System32\Fff.exe
O4 - HKLM\..\Run: [Adm] C:\WINDOWS\System32\Hov.exe
O4 - HKLM\..\Run: [Aal] C:\WINDOWS\Gea.exe
O4 - HKLM\..\Run: [Aai] C:\WINDOWS\System32\Tvi.exe

O9 - Extra button: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)


After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

After fixing the above entries and deleting the files related

Run Windows CleanUp again
After it finishes scanning, don't log off yet
Instead

==Navigate to the HSFix directory>>Open the folder, ensure you unzipped this
 and double-click on HSFix.bat.
* It will produce a log file, located here: C:\hslog.txt <--we'll need this later

Double click on Fixdisply.reg and allow to merge to the registry

Restart back into Normal mode

Post back a fresh Hijackthis log and the log from hsfix.bat
C:\hslog.txt  <-this log
« Last Edit: April 16, 2005, 12:45:24 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest_LJULICH_*

  • Guest
Questolo...Please Help....Please
« Reply #13 on: April 17, 2005, 12:02:06 AM »
Bump
Logged

Guest_LJULICH_*

  • Guest
Questolo...Please Help....Please
« Reply #14 on: April 17, 2005, 12:15:55 AM »
Questolo---

I did as you directed me to do.... Here is my latest HijackThis Log..

Logfile of HijackThis v1.99.1
Scan saved at 12:02:49 AM, on 4/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\LEOJUL~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?division=90
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Qle] C:\WINDOWS\Nbc.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://images.photogra.com/PhotoX/BPImageEditor.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE


Here is info from hslog.txt....


Horseserver Removal Tool v1.05
      by Atri
-
-
1. Registry Fix Started
-
   Registry fix complete
-
2. Deleted Services
-
-
3. Finding files Located on system
-
-
4. Deleting files that were found.
-
-
5. Checking for and Removing Winupdate
-


Things are looking a lot more back to Normal!!

I will look around and see If I missede anything.

YOU HAVE BEEN AWESUME!!!!!!!!!!!!!!!!

Thank You....
Leo
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Questolo...Please Help....Please
« Reply #15 on: April 17, 2005, 12:59:09 AM »
Again, let me remind you
Please run Hijackthis from this location
C:\HJT\hijackthis.exe

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

O4 - HKLM\..\Run: [Qle] C:\WINDOWS\Nbc.exe

O9 - Extra button: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {841706FA-8BC6-4F08-A552-9A72B95FD77A} - (no file) (HKCU)

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart the computer and delete this file if found
C:\WINDOWS\Nbc.exe <-file

Post back a fresh Hijackthis log afterwards

Could you also
Download and UNZIP to desktop
FindFiles.zip
Open the FindFiles folder and double click on
Find.bat
Wait for the log it produces and copy and paste it back here
« Last Edit: April 17, 2005, 01:00:52 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest_LJULICH_*

  • Guest
Questolo...Please Help....Please
« Reply #16 on: April 17, 2005, 09:08:22 AM »
Questolo,

Here is the fresh Hijackthis log and the log from FindFiles.

Logfile of HijackThis v1.99.1
Scan saved at 9:03:26 AM, on 4/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?division=90
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://images.photogra.com/PhotoX/BPImageEditor.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

 »»»»»»»»»»»»»»»»»»***LOG!***»»»»»»»»»»»»»»»»
Scanning for file(s)...
 
* result-> C:\WINDOWS\AVA~1.HTM
* result-> C:\WINDOWS\BAP~1.HTM
* result-> C:\WINDOWS\BSO~1.HTM
* result-> C:\WINDOWS\CAE~1.HTM
* result-> C:\WINDOWS\CCA~1.HTM
* result-> C:\WINDOWS\CVS~1.HTM
* result-> C:\WINDOWS\EGK~1.HTM
* result-> C:\WINDOWS\ERU~1.HTM
* result-> C:\WINDOWS\FTS~1.HTM
* result-> C:\WINDOWS\HMJ~1.HTM
* result-> C:\WINDOWS\JSD~1.HTM
* result-> C:\WINDOWS\KVF~1.HTM
* result-> C:\WINDOWS\LKL~1.HTM
* result-> C:\WINDOWS\LLS~1.HTM
* result-> C:\WINDOWS\MEA~1.HTM
* result-> C:\WINDOWS\MGG~1.HTM
* result-> C:\WINDOWS\MHK~1.HTM
* result-> C:\WINDOWS\MUJ~1.HTM
* result-> C:\WINDOWS\NIH~1.HTM
* result-> C:\WINDOWS\POPUP~1.HTM
* result-> C:\WINDOWS\QLF~1.HTM
* result-> C:\WINDOWS\RKS~1.HTM
* result-> C:\WINDOWS\RLA~1.HTM
* result-> C:\WINDOWS\TTF~1.HTM
* result-> C:\WINDOWS\VDC~1.HTM
 

Thanks again for all your Help !!
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Questolo...Please Help....Please
« Reply #17 on: April 17, 2005, 10:34:32 AM »
Download and unzip to desktop Clean.zip
so you now have Clean.bat on your desktop
[attachment=151:attachment]
Double click to run Clean.bat
A dos window will open and close

Restart your computer one last time and post back a fresh Hijackthis log

Could you also run Find.bat one more time and post that log too, thanks

By the way, you have the Kodak updater running, which uses the backweb technology
Many consider Backweb spyware itself
Here's some more info about the updater
http://faqs.kodak.com/EasyShare_Software_E...FAQ_13_841.shtm

You can disable the updater

Every once a month you can enable it and restart the computer and see if there's updates
If not disable it again, up to you
« Last Edit: April 17, 2005, 11:00:14 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest_LJULICH_*

  • Guest
Questolo...Please Help....Please
« Reply #18 on: April 17, 2005, 07:36:18 PM »
Questolo,

I followed your instructions.

Here is the fresh Hijackthis Log and the log for Find.bat.....

Logfile of HijackThis v1.99.1
Scan saved at 7:27:21 PM, on 4/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?division=90
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://images.photogra.com/PhotoX/BPImageEditor.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE


 »»»»»»»»»»»»»»»»»»***LOG!***»»»»»»»»»»»»»»»»
Scanning for file(s)...


I still have no control of Desktop Backgrounds and if I try to change color it works sometimes...and sometimes not.

Also I still have no control of right click on Desktop Icons.....should I?
Like I mentioned earlier...I forget if I did.....LOL.

Any Advise for that?

Anyway....Thank you so much foe your help so far. My Puter is MUCH better.

Thank you Loads.....LEO
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Questolo...Please Help....Please
« Reply #19 on: April 17, 2005, 07:42:31 PM »
I thought that may of been fixed

Could you ensure that you downloaded and Unzipped Fixdisply.zip
That I posted earlier
Ensure you unzip this and double click on Fixdisply.reg
Allow to merge to the Registry

Restart your computer

Back in Windows
1. Open the Control Panel.
2. Open Display Properties.
3. Click the Desktop tab.
4. Change your background
5. Click the Customize Desktop button.
6. Click the Web tab in the Desktop Items window.
7. Make sure all checkboxes in this window are un-checked.
OK your way out
Log off your user account and log back on again if anything was unchecked

Could you also download and UNZIP to a folder
Find.zip
So you now have Find.bat in the same folder
Find.zip

Double click on Find.bat and copy and paste back the contents
« Last Edit: April 17, 2005, 07:47:56 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1] 2
« previous next »