Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log Help Needed :(


  • Please log in to reply
13 replies to this topic

#1 jama81

jama81

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 12 April 2005 - 07:56 PM

I have tried removing it, but it's still there. When I reboot my windows, several error windows pop up, and it says that my kernel32 components are missing. Could someone please take a look at my HJT log and see what I can do exactly to remove it. Much Appreciated. Thank you in advance :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 8:58:03 AM, on 4/13/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\GEFORCE2\VI_GRM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\ROJ.EXE
C:\WINDOWS\SYSTEM\CAP3RS.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\PLAXO\2.2.3.5\INSTALLSTUB.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM\CAP3LA.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\CAP3SW.EXE
C:\WINDOWS\SYSTEM\CAP3SW.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F1 - win.ini: load=C:\GEFORCE2\vi_grm.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\SYSTEM\CAP3ON.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Ibf] C:\WINDOWS\Roj.exe
O4 - HKLM\..\Run: [load32] C:\WINDOWS\SYSTEM\winldra.exe
O4 - HKLM\..\Run: [ntddetect] WS\SYSTEM\ntddetect.exe
O4 - HKLM\..\Run: [Bke] C:\WINDOWS\Rnb.exe
O4 - HKLM\..\Run: [Gum] C:\WINDOWS\Nup.exe
O4 - HKLM\..\Run: [Rbg] C:\WINDOWS\Uqt.exe
O4 - HKLM\..\Run: [Rbc] C:\WINDOWS\Mbi.exe
O4 - HKLM\..\Run: [Vhs] C:\WINDOWS\Rkn.exe
O4 - HKLM\..\Run: [Mis] C:\WINDOWS\Fcs.exe
O4 - HKLM\..\Run: [Koj] C:\WINDOWS\SYSTEM\Qmf.exe
O4 - HKLM\..\Run: [Kjh] C:\WINDOWS\Scl.exe
O4 - HKLM\..\Run: [Vsg] C:\WINDOWS\SYSTEM\Tiu.exe
O4 - HKLM\..\Run: [Hdj] C:\WINDOWS\SYSTEM\Tfr.exe
O4 - HKLM\..\Run: [Pij] C:\WINDOWS\SYSTEM\Tak.exe
O4 - HKLM\..\Run: [Ovu] C:\WINDOWS\Sqh.exe
O4 - HKLM\..\Run: [Mtq] C:\WINDOWS\SYSTEM\Jlv.exe
O4 - HKLM\..\Run: [Lcu] C:\WINDOWS\Rnp.exe
O4 - HKLM\..\Run: [Ggm] C:\WINDOWS\SYSTEM\Udq.exe
O4 - HKLM\..\Run: [Bqn] C:\WINDOWS\Tqo.exe
O4 - HKLM\..\Run: [Evd] C:\WINDOWS\SYSTEM\Vtq.exe
O4 - HKLM\..\Run: [Ikn] C:\WINDOWS\Rmg.exe
O4 - HKLM\..\Run: [Rki] C:\WINDOWS\Kob.exe
O4 - HKLM\..\Run: [Vdb] C:\WINDOWS\Tqo.exe
O4 - HKLM\..\Run: [Kfe] C:\WINDOWS\Sev.exe
O4 - HKLM\..\Run: [Est] C:\WINDOWS\Bro.exe
O4 - HKLM\..\Run: [Vvm] C:\WINDOWS\SYSTEM\Feg.exe
O4 - HKLM\..\Run: [Sue] C:\WINDOWS\SYSTEM\Lum.exe
O4 - HKLM\..\Run: [Iht] C:\WINDOWS\Lku.exe
O4 - HKLM\..\Run: [Drq] C:\WINDOWS\SYSTEM\Ltk.exe
O4 - HKLM\..\Run: [Vcg] C:\WINDOWS\Kvf.exe
O4 - HKLM\..\Run: [Pfj] C:\WINDOWS\Vff.exe
O4 - HKLM\..\Run: [Kde] C:\WINDOWS\Omm.exe
O4 - HKLM\..\Run: [Uom] C:\WINDOWS\SYSTEM\Idv.exe
O4 - HKLM\..\Run: [Nuk] C:\WINDOWS\SYSTEM\Qdm.exe
O4 - HKLM\..\Run: [Ooc] C:\WINDOWS\SYSTEM\Got.exe
O4 - HKLM\..\Run: [Ksi] C:\WINDOWS\Irg.exe
O4 - HKLM\..\Run: [Pkd] C:\WINDOWS\Top.exe
O4 - HKLM\..\Run: [Fqm] C:\WINDOWS\Skv.exe
O4 - HKLM\..\Run: [Ino] C:\WINDOWS\Kkb.exe
O4 - HKLM\..\Run: [Ppm] C:\WINDOWS\SYSTEM\Ngk.exe
O4 - HKLM\..\Run: [Sng] C:\WINDOWS\SYSTEM\Ede.exe
O4 - HKLM\..\Run: [Eds] C:\WINDOWS\Cpc.exe
O4 - HKLM\..\Run: [Ajp] C:\WINDOWS\Rnp.exe
O4 - HKLM\..\Run: [Gip] C:\WINDOWS\SYSTEM\Goa.exe
O4 - HKLM\..\Run: [Cms] C:\WINDOWS\Olt.exe
O4 - HKLM\..\Run: [Ius] C:\WINDOWS\SYSTEM\Lga.exe
O4 - HKLM\..\Run: [Aqf] C:\WINDOWS\SYSTEM\Ele.exe
O4 - HKLM\..\Run: [Jkd] C:\WINDOWS\Bjj.exe
O4 - HKLM\..\Run: [Hpc] C:\WINDOWS\SYSTEM\Ren.exe
O4 - HKLM\..\Run: [Htt] C:\WINDOWS\Ptl.exe
O4 - HKLM\..\Run: [Dfu] C:\WINDOWS\SYSTEM\Ath.exe
O4 - HKLM\..\Run: [Kdk] C:\WINDOWS\Lpp.exe
O4 - HKLM\..\Run: [Lcq] C:\WINDOWS\SYSTEM\Dff.exe
O4 - HKLM\..\Run: [Hsg] C:\WINDOWS\Cgm.exe
O4 - HKLM\..\Run: [Pdi] C:\WINDOWS\Oqb.exe
O4 - HKLM\..\Run: [Ubk] C:\WINDOWS\SYSTEM\Hlv.exe
O4 - HKLM\..\Run: [Vtf] C:\WINDOWS\SYSTEM\Hoc.exe
O4 - HKLM\..\Run: [Hjo] C:\WINDOWS\SYSTEM\Iac.exe
O4 - HKLM\..\Run: [Gfl] C:\WINDOWS\Jbe.exe
O4 - HKLM\..\Run: [Vml] C:\WINDOWS\SYSTEM\Gjj.exe
O4 - HKLM\..\Run: [Vao] C:\WINDOWS\Fki.exe
O4 - HKLM\..\Run: [Kbj] C:\WINDOWS\SYSTEM\Ikq.exe
O4 - HKLM\..\Run: [Pvv] C:\WINDOWS\Ted.exe
O4 - HKLM\..\Run: [Fos] C:\WINDOWS\SYSTEM\Vlt.exe
O4 - HKLM\..\Run: [Vpt] C:\WINDOWS\SYSTEM\Jif.exe
O4 - HKLM\..\Run: [Ifa] C:\WINDOWS\Srf.exe
O4 - HKLM\..\Run: [Kai] C:\WINDOWS\Aqi.exe
O4 - HKLM\..\Run: [Ofc] C:\WINDOWS\SYSTEM\Aah.exe
O4 - HKLM\..\Run: [Dji] C:\WINDOWS\Qtg.exe
O4 - HKLM\..\Run: [Bfu] C:\WINDOWS\Nrc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\RunServices: [ntddetect] WS\SYSTEM\ntddetect.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.2.3.5\InstallStub.exe -a
O4 - HKCU\..\Run: [Ibf] C:\WINDOWS\Roj.exe
O4 - HKCU\..\Run: [ntddetect] WS\SYSTEM\ntddetect.exe
O4 - HKCU\..\Run: [Bke] C:\WINDOWS\Rnb.exe
O4 - HKCU\..\Run: [Gum] C:\WINDOWS\Nup.exe
O4 - HKCU\..\Run: [Rbg] C:\WINDOWS\Uqt.exe
O4 - HKCU\..\Run: [Rbc] C:\WINDOWS\Mbi.exe
O4 - HKCU\..\Run: [Vhs] C:\WINDOWS\Rkn.exe
O4 - HKCU\..\Run: [Mis] C:\WINDOWS\Fcs.exe
O4 - HKCU\..\Run: [Koj] C:\WINDOWS\SYSTEM\Qmf.exe
O4 - HKCU\..\Run: [Kjh] C:\WINDOWS\Scl.exe
O4 - HKCU\..\Run: [Vsg] C:\WINDOWS\SYSTEM\Tiu.exe
O4 - HKCU\..\Run: [Hdj] C:\WINDOWS\SYSTEM\Tfr.exe
O4 - HKCU\..\Run: [Pij] C:\WINDOWS\SYSTEM\Tak.exe
O4 - HKCU\..\Run: [Ovu] C:\WINDOWS\Sqh.exe
O4 - HKCU\..\Run: [Mtq] C:\WINDOWS\SYSTEM\Jlv.exe
O4 - HKCU\..\Run: [Lcu] C:\WINDOWS\Rnp.exe
O4 - HKCU\..\Run: [Ggm] C:\WINDOWS\SYSTEM\Udq.exe
O4 - HKCU\..\Run: [Bqn] C:\WINDOWS\Tqo.exe
O4 - HKCU\..\Run: [Evd] C:\WINDOWS\SYSTEM\Vtq.exe
O4 - HKCU\..\Run: [Ikn] C:\WINDOWS\Rmg.exe
O4 - HKCU\..\Run: [Rki] C:\WINDOWS\Kob.exe
O4 - HKCU\..\Run: [Vdb] C:\WINDOWS\Tqo.exe
O4 - HKCU\..\Run: [Kfe] C:\WINDOWS\Sev.exe
O4 - HKCU\..\Run: [Est] C:\WINDOWS\Bro.exe
O4 - HKCU\..\Run: [Vvm] C:\WINDOWS\SYSTEM\Feg.exe
O4 - HKCU\..\Run: [Sue] C:\WINDOWS\SYSTEM\Lum.exe
O4 - HKCU\..\Run: [Iht] C:\WINDOWS\Lku.exe
O4 - HKCU\..\Run: [Drq] C:\WINDOWS\SYSTEM\Ltk.exe
O4 - HKCU\..\Run: [Vcg] C:\WINDOWS\Kvf.exe
O4 - HKCU\..\Run: [Pfj] C:\WINDOWS\Vff.exe
O4 - HKCU\..\Run: [Kde] C:\WINDOWS\Omm.exe
O4 - HKCU\..\Run: [Uom] C:\WINDOWS\SYSTEM\Idv.exe
O4 - HKCU\..\Run: [Nuk] C:\WINDOWS\SYSTEM\Qdm.exe
O4 - HKCU\..\Run: [Ooc] C:\WINDOWS\SYSTEM\Got.exe
O4 - HKCU\..\Run: [Ksi] C:\WINDOWS\Irg.exe
O4 - HKCU\..\Run: [Pkd] C:\WINDOWS\Top.exe
O4 - HKCU\..\Run: [Fqm] C:\WINDOWS\Skv.exe
O4 - HKCU\..\Run: [Ino] C:\WINDOWS\Kkb.exe
O4 - HKCU\..\Run: [Ppm] C:\WINDOWS\SYSTEM\Ngk.exe
O4 - HKCU\..\Run: [Sng] C:\WINDOWS\SYSTEM\Ede.exe
O4 - HKCU\..\Run: [Eds] C:\WINDOWS\Cpc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Ajp] C:\WINDOWS\Rnp.exe
O4 - HKCU\..\Run: [Gip] C:\WINDOWS\SYSTEM\Goa.exe
O4 - HKCU\..\Run: [Cms] C:\WINDOWS\Olt.exe
O4 - HKCU\..\Run: [Ius] C:\WINDOWS\SYSTEM\Lga.exe
O4 - HKCU\..\Run: [Aqf] C:\WINDOWS\SYSTEM\Ele.exe
O4 - HKCU\..\Run: [Jkd] C:\WINDOWS\Bjj.exe
O4 - HKCU\..\Run: [Hpc] C:\WINDOWS\SYSTEM\Ren.exe
O4 - HKCU\..\Run: [Htt] C:\WINDOWS\Ptl.exe
O4 - HKCU\..\Run: [Dfu] C:\WINDOWS\SYSTEM\Ath.exe
O4 - HKCU\..\Run: [Kdk] C:\WINDOWS\Lpp.exe
O4 - HKCU\..\Run: [Lcq] C:\WINDOWS\SYSTEM\Dff.exe
O4 - HKCU\..\Run: [Hsg] C:\WINDOWS\Cgm.exe
O4 - HKCU\..\Run: [Pdi] C:\WINDOWS\Oqb.exe
O4 - HKCU\..\Run: [Ubk] C:\WINDOWS\SYSTEM\Hlv.exe
O4 - HKCU\..\Run: [Vtf] C:\WINDOWS\SYSTEM\Hoc.exe
O4 - HKCU\..\Run: [Hjo] C:\WINDOWS\SYSTEM\Iac.exe
O4 - HKCU\..\Run: [Gfl] C:\WINDOWS\Jbe.exe
O4 - HKCU\..\Run: [Vml] C:\WINDOWS\SYSTEM\Gjj.exe
O4 - HKCU\..\Run: [Vao] C:\WINDOWS\Fki.exe
O4 - HKCU\..\Run: [Kbj] C:\WINDOWS\SYSTEM\Ikq.exe
O4 - HKCU\..\Run: [Pvv] C:\WINDOWS\Ted.exe
O4 - HKCU\..\Run: [Fos] C:\WINDOWS\SYSTEM\Vlt.exe
O4 - HKCU\..\Run: [Vpt] C:\WINDOWS\SYSTEM\Jif.exe
O4 - HKCU\..\Run: [Ifa] C:\WINDOWS\Srf.exe
O4 - HKCU\..\Run: [Kai] C:\WINDOWS\Aqi.exe
O4 - HKCU\..\Run: [Ofc] C:\WINDOWS\SYSTEM\Aah.exe
O4 - HKCU\..\Run: [Dji] C:\WINDOWS\Qtg.exe
O4 - HKCU\..\Run: [Bfu] C:\WINDOWS\Nrc.exe
O4 - HKCU\..\RunServices: [PlaxoUpdate] C:\Program Files\Plaxo\2.2.3.5\InstallStub.exe -a
O4 - HKCU\..\RunServices: [Ibf] C:\WINDOWS\Roj.exe
O4 - HKCU\..\RunServices: [ntddetect] WS\SYSTEM\ntddetect.exe
O4 - HKCU\..\RunServices: [Bke] C:\WINDOWS\Rnb.exe
O4 - HKCU\..\RunServices: [Gum] C:\WINDOWS\Nup.exe
O4 - HKCU\..\RunServices: [Rbg] C:\WINDOWS\Uqt.exe
O4 - HKCU\..\RunServices: [Rbc] C:\WINDOWS\Mbi.exe
O4 - HKCU\..\RunServices: [Vhs] C:\WINDOWS\Rkn.exe
O4 - HKCU\..\RunServices: [Mis] C:\WINDOWS\Fcs.exe
O4 - HKCU\..\RunServices: [Koj] C:\WINDOWS\SYSTEM\Qmf.exe
O4 - HKCU\..\RunServices: [Kjh] C:\WINDOWS\Scl.exe
O4 - HKCU\..\RunServices: [Vsg] C:\WINDOWS\SYSTEM\Tiu.exe
O4 - HKCU\..\RunServices: [Hdj] C:\WINDOWS\SYSTEM\Tfr.exe
O4 - HKCU\..\RunServices: [Pij] C:\WINDOWS\SYSTEM\Tak.exe
O4 - HKCU\..\RunServices: [Ovu] C:\WINDOWS\Sqh.exe
O4 - HKCU\..\RunServices: [Mtq] C:\WINDOWS\SYSTEM\Jlv.exe
O4 - HKCU\..\RunServices: [Lcu] C:\WINDOWS\Rnp.exe
O4 - HKCU\..\RunServices: [Ggm] C:\WINDOWS\SYSTEM\Udq.exe
O4 - HKCU\..\RunServices: [Bqn] C:\WINDOWS\Tqo.exe
O4 - HKCU\..\RunServices: [Evd] C:\WINDOWS\SYSTEM\Vtq.exe
O4 - HKCU\..\RunServices: [Ikn] C:\WINDOWS\Rmg.exe
O4 - HKCU\..\RunServices: [Rki] C:\WINDOWS\Kob.exe
O4 - HKCU\..\RunServices: [Vdb] C:\WINDOWS\Tqo.exe
O4 - HKCU\..\RunServices: [Kfe] C:\WINDOWS\Sev.exe
O4 - HKCU\..\RunServices: [Est] C:\WINDOWS\Bro.exe
O4 - HKCU\..\RunServices: [Vvm] C:\WINDOWS\SYSTEM\Feg.exe
O4 - HKCU\..\RunServices: [Sue] C:\WINDOWS\SYSTEM\Lum.exe
O4 - HKCU\..\RunServices: [Iht] C:\WINDOWS\Lku.exe
O4 - HKCU\..\RunServices: [Drq] C:\WINDOWS\SYSTEM\Ltk.exe
O4 - HKCU\..\RunServices: [Vcg] C:\WINDOWS\Kvf.exe
O4 - HKCU\..\RunServices: [Pfj] C:\WINDOWS\Vff.exe
O4 - HKCU\..\RunServices: [Kde] C:\WINDOWS\Omm.exe
O4 - HKCU\..\RunServices: [Uom] C:\WINDOWS\SYSTEM\Idv.exe
O4 - HKCU\..\RunServices: [Nuk] C:\WINDOWS\SYSTEM\Qdm.exe
O4 - HKCU\..\RunServices: [Ooc] C:\WINDOWS\SYSTEM\Got.exe
O4 - HKCU\..\RunServices: [Ksi] C:\WINDOWS\Irg.exe
O4 - HKCU\..\RunServices: [Pkd] C:\WINDOWS\Top.exe
O4 - HKCU\..\RunServices: [Fqm] C:\WINDOWS\Skv.exe
O4 - HKCU\..\RunServices: [Ino] C:\WINDOWS\Kkb.exe
O4 - HKCU\..\RunServices: [Ppm] C:\WINDOWS\SYSTEM\Ngk.exe
O4 - HKCU\..\RunServices: [Sng] C:\WINDOWS\SYSTEM\Ede.exe
O4 - HKCU\..\RunServices: [Eds] C:\WINDOWS\Cpc.exe
O4 - HKCU\..\RunServices: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunServices: [Ajp] C:\WINDOWS\Rnp.exe
O4 - HKCU\..\RunServices: [Gip] C:\WINDOWS\SYSTEM\Goa.exe
O4 - HKCU\..\RunServices: [Cms] C:\WINDOWS\Olt.exe
O4 - HKCU\..\RunServices: [Ius] C:\WINDOWS\SYSTEM\Lga.exe
O4 - HKCU\..\RunServices: [Aqf] C:\WINDOWS\SYSTEM\Ele.exe
O4 - HKCU\..\RunServices: [Jkd] C:\WINDOWS\Bjj.exe
O4 - HKCU\..\RunServices: [Hpc] C:\WINDOWS\SYSTEM\Ren.exe
O4 - HKCU\..\RunServices: [Htt] C:\WINDOWS\Ptl.exe
O4 - HKCU\..\RunServices: [Dfu] C:\WINDOWS\SYSTEM\Ath.exe
O4 - HKCU\..\RunServices: [Kdk] C:\WINDOWS\Lpp.exe
O4 - HKCU\..\RunServices: [Lcq] C:\WINDOWS\SYSTEM\Dff.exe
O4 - HKCU\..\RunServices: [Hsg] C:\WINDOWS\Cgm.exe
O4 - HKCU\..\RunServices: [Pdi] C:\WINDOWS\Oqb.exe
O4 - HKCU\..\RunServices: [Ubk] C:\WINDOWS\SYSTEM\Hlv.exe
O4 - HKCU\..\RunServices: [Vtf] C:\WINDOWS\SYSTEM\Hoc.exe
O4 - HKCU\..\RunServices: [Hjo] C:\WINDOWS\SYSTEM\Iac.exe
O4 - HKCU\..\RunServices: [Gfl] C:\WINDOWS\Jbe.exe
O4 - HKCU\..\RunServices: [Vml] C:\WINDOWS\SYSTEM\Gjj.exe
O4 - HKCU\..\RunServices: [Vao] C:\WINDOWS\Fki.exe
O4 - HKCU\..\RunServices: [Kbj] C:\WINDOWS\SYSTEM\Ikq.exe
O4 - HKCU\..\RunServices: [Pvv] C:\WINDOWS\Ted.exe
O4 - HKCU\..\RunServices: [Fos] C:\WINDOWS\SYSTEM\Vlt.exe
O4 - HKCU\..\RunServices: [Vpt] C:\WINDOWS\SYSTEM\Jif.exe
O4 - HKCU\..\RunServices: [Ifa] C:\WINDOWS\Srf.exe
O4 - HKCU\..\RunServices: [Kai] C:\WINDOWS\Aqi.exe
O4 - HKCU\..\RunServices: [Ofc] C:\WINDOWS\SYSTEM\Aah.exe
O4 - HKCU\..\RunServices: [Dji] C:\WINDOWS\Qtg.exe
O4 - HKCU\..\RunServices: [Bfu] C:\WINDOWS\Nrc.exe
O4 - Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\SYSTEM\CAP3LA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 66.197.161.149
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = lan
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 202.188.0.133,202.188.1.5
O21 - SSODL: DDE Module - {303F44D5-5FEA-4509-ABDE-5E00C3F2125A} - C:\WINDOWS\SYSTEM\hun32.dll
O21 - SSODL: OLE Module - {0656A137-B161-CADD-9777-E37A75727E78} - C:\WINDOWS\SYSTEM\thun32.dll

BC AdBot (Login to Remove)

 


#2 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:06:57 AM

Posted 13 April 2005 - 08:21 AM

Hi jama81,

Let's try running these scans and see if we can kill most of it. Please read through all of the steps first to ensure you understand what I'm asking you to do. If you have any questions, please ask before you start the fixes.
  • I notice you are running TeaTimer. It could interfere with the removal of some items, so please follow these instructions to disable it temporarily. Disable TeaTimer.

  • I want you to run three online virus scans as follows:
    • Perform a full scan here: Trendmicro, check AutoClean and let it remove anything it finds.
    • Perform a second full scan here: Panda Online, follow the instructions on the screed, make sure these are checked:
      • Disinfect automatically
      • Scan compressed files
      • Scan e-mail files
      • Neutralize Trojans
      Let active scan remove anything it finds.
    • Perform a full scan here: BitDefender Free Online Virus Scan
      Follow the instructions on the screen.
      Tick all the boxes on the left and let Bitdefender remove anything it finds.
  • Please download and run Ad-Aware and SpybotS&D to remove any malware infections on your machine.

    Download Spybot and Ad-Aware from the following locations and install them. You should run both programs and clean up what they find. This is to gaurantee that you find the most malware you can installed on your computer.Download both programs from the following locations:Spybot Search and Destroy
    Ad-aware Personal SE
    Before running the scans on both programs, it is mandatory that you update the programs. There are update options in each program when you run them.

    If you would like to learn more about how to use these two programs with the proper settings you can read the tutorials below:Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer.

    Using Spybot - Search & Destroy to remove Spyware, Malware, & Hijackers from Your Computer.
    When you scan with both programs, fix everything that they find.
[*]Reboot your machine in normal mode, run HijackThis and post a new log here using the Add Reply button. Please let me know how the scans and removal went.
[/list]

Edited by penmore, 13 April 2005 - 08:22 AM.


#3 jama81

jama81
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 13 April 2005 - 11:24 PM

Hello Penmore,

Thank you very much for your reply. The results of my scanning: -

1. Housecall Scan at Trendmicro - No viruses detected

2. Panda Online - 174 Infections detected, 6 disinfected. The rest are SlimShield infections, unable to disinfect.

3. Bit Defender - Cleaned a few trojans. Unable to remove Slimshield infections

4. S&D Scan - 1 DSO exploit detected. "Fixed"

5. Ad-Aware - Detected CWS. Cleaned.

Slimshield still seems to be present. And the DSO exploit is still detected when I re-run S&D after the "fix". The 3 lettered files keep reappearing after deleting.

My right-click is still disabled, and I have kernel32 amnd winldra errors when I reboot my pc. :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 12:18:47 PM, on 4/14/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\CAP3RS.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\GEFORCE2\VI_GRM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\ROJ.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\PLAXO\2.2.3.5\INSTALLSTUB.EXE
C:\WINDOWS\SYSTEM\CAP3LA.EXE
C:\WINDOWS\SYSTEM\CAP3SW.EXE
C:\WINDOWS\SYSTEM\CAP3SW.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F1 - win.ini: load=C:\GEFORCE2\vi_grm.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\SYSTEM\CAP3ON.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Ibf] C:\WINDOWS\Roj.exe
O4 - HKLM\..\Run: [load32] C:\WINDOWS\SYSTEM\winldra.exe
O4 - HKLM\..\Run: [ntddetect] WS\SYSTEM\ntddetect.exe
O4 - HKLM\..\Run: [Bke] C:\WINDOWS\Rnb.exe
O4 - HKLM\..\Run: [Gum] C:\WINDOWS\Nup.exe
O4 - HKLM\..\Run: [Rbg] C:\WINDOWS\Uqt.exe
O4 - HKLM\..\Run: [Rbc] C:\WINDOWS\Mbi.exe
O4 - HKLM\..\Run: [Vhs] C:\WINDOWS\Rkn.exe
O4 - HKLM\..\Run: [Mis] C:\WINDOWS\Fcs.exe
O4 - HKLM\..\Run: [Koj] C:\WINDOWS\SYSTEM\Qmf.exe
O4 - HKLM\..\Run: [Kjh] C:\WINDOWS\Scl.exe
O4 - HKLM\..\Run: [Vsg] C:\WINDOWS\SYSTEM\Tiu.exe
O4 - HKLM\..\Run: [Hdj] C:\WINDOWS\SYSTEM\Tfr.exe
O4 - HKLM\..\Run: [Pij] C:\WINDOWS\SYSTEM\Tak.exe
O4 - HKLM\..\Run: [Ovu] C:\WINDOWS\Sqh.exe
O4 - HKLM\..\Run: [Mtq] C:\WINDOWS\SYSTEM\Jlv.exe
O4 - HKLM\..\Run: [Lcu] C:\WINDOWS\Rnp.exe
O4 - HKLM\..\Run: [Ggm] C:\WINDOWS\SYSTEM\Udq.exe
O4 - HKLM\..\Run: [Bqn] C:\WINDOWS\Tqo.exe
O4 - HKLM\..\Run: [Evd] C:\WINDOWS\SYSTEM\Vtq.exe
O4 - HKLM\..\Run: [Ikn] C:\WINDOWS\Rmg.exe
O4 - HKLM\..\Run: [Rki] C:\WINDOWS\Kob.exe
O4 - HKLM\..\Run: [Vdb] C:\WINDOWS\Tqo.exe
O4 - HKLM\..\Run: [Kfe] C:\WINDOWS\Sev.exe
O4 - HKLM\..\Run: [Est] C:\WINDOWS\Bro.exe
O4 - HKLM\..\Run: [Vvm] C:\WINDOWS\SYSTEM\Feg.exe
O4 - HKLM\..\Run: [Sue] C:\WINDOWS\SYSTEM\Lum.exe
O4 - HKLM\..\Run: [Iht] C:\WINDOWS\Lku.exe
O4 - HKLM\..\Run: [Drq] C:\WINDOWS\SYSTEM\Ltk.exe
O4 - HKLM\..\Run: [Vcg] C:\WINDOWS\Kvf.exe
O4 - HKLM\..\Run: [Pfj] C:\WINDOWS\Vff.exe
O4 - HKLM\..\Run: [Kde] C:\WINDOWS\Omm.exe
O4 - HKLM\..\Run: [Uom] C:\WINDOWS\SYSTEM\Idv.exe
O4 - HKLM\..\Run: [Nuk] C:\WINDOWS\SYSTEM\Qdm.exe
O4 - HKLM\..\Run: [Ooc] C:\WINDOWS\SYSTEM\Got.exe
O4 - HKLM\..\Run: [Ksi] C:\WINDOWS\Irg.exe
O4 - HKLM\..\Run: [Pkd] C:\WINDOWS\Top.exe
O4 - HKLM\..\Run: [Fqm] C:\WINDOWS\Skv.exe
O4 - HKLM\..\Run: [Ino] C:\WINDOWS\Kkb.exe
O4 - HKLM\..\Run: [Ppm] C:\WINDOWS\SYSTEM\Ngk.exe
O4 - HKLM\..\Run: [Sng] C:\WINDOWS\SYSTEM\Ede.exe
O4 - HKLM\..\Run: [Eds] C:\WINDOWS\Cpc.exe
O4 - HKLM\..\Run: [Ajp] C:\WINDOWS\Rnp.exe
O4 - HKLM\..\Run: [Gip] C:\WINDOWS\SYSTEM\Goa.exe
O4 - HKLM\..\Run: [Cms] C:\WINDOWS\Olt.exe
O4 - HKLM\..\Run: [Ius] C:\WINDOWS\SYSTEM\Lga.exe
O4 - HKLM\..\Run: [Aqf] C:\WINDOWS\SYSTEM\Ele.exe
O4 - HKLM\..\Run: [Jkd] C:\WINDOWS\Bjj.exe
O4 - HKLM\..\Run: [Hpc] C:\WINDOWS\SYSTEM\Ren.exe
O4 - HKLM\..\Run: [Htt] C:\WINDOWS\Ptl.exe
O4 - HKLM\..\Run: [Dfu] C:\WINDOWS\SYSTEM\Ath.exe
O4 - HKLM\..\Run: [Kdk] C:\WINDOWS\Lpp.exe
O4 - HKLM\..\Run: [Lcq] C:\WINDOWS\SYSTEM\Dff.exe
O4 - HKLM\..\Run: [Hsg] C:\WINDOWS\Cgm.exe
O4 - HKLM\..\Run: [Pdi] C:\WINDOWS\Oqb.exe
O4 - HKLM\..\Run: [Ubk] C:\WINDOWS\SYSTEM\Hlv.exe
O4 - HKLM\..\Run: [Vtf] C:\WINDOWS\SYSTEM\Hoc.exe
O4 - HKLM\..\Run: [Hjo] C:\WINDOWS\SYSTEM\Iac.exe
O4 - HKLM\..\Run: [Gfl] C:\WINDOWS\Jbe.exe
O4 - HKLM\..\Run: [Vml] C:\WINDOWS\SYSTEM\Gjj.exe
O4 - HKLM\..\Run: [Vao] C:\WINDOWS\Fki.exe
O4 - HKLM\..\Run: [Kbj] C:\WINDOWS\SYSTEM\Ikq.exe
O4 - HKLM\..\Run: [Pvv] C:\WINDOWS\Ted.exe
O4 - HKLM\..\Run: [Fos] C:\WINDOWS\SYSTEM\Vlt.exe
O4 - HKLM\..\Run: [Vpt] C:\WINDOWS\SYSTEM\Jif.exe
O4 - HKLM\..\Run: [Ifa] C:\WINDOWS\Srf.exe
O4 - HKLM\..\Run: [Kai] C:\WINDOWS\Aqi.exe
O4 - HKLM\..\Run: [Ofc] C:\WINDOWS\SYSTEM\Aah.exe
O4 - HKLM\..\Run: [Dji] C:\WINDOWS\Qtg.exe
O4 - HKLM\..\Run: [Bfu] C:\WINDOWS\Nrc.exe
O4 - HKLM\..\Run: [Llg] C:\WINDOWS\Cgn.exe
O4 - HKLM\..\Run: [Dqi] C:\WINDOWS\SYSTEM\Phr.exe
O4 - HKLM\..\Run: [Klf] C:\WINDOWS\SYSTEM\Vuh.exe
O4 - HKLM\..\Run: [Acj] C:\WINDOWS\SYSTEM\Oam.exe
O4 - HKLM\..\Run: [Fsu] C:\WINDOWS\SYSTEM\Anr.exe
O4 - HKLM\..\Run: [Oge] C:\WINDOWS\SYSTEM\Hca.exe
O4 - HKLM\..\Run: [Use] C:\WINDOWS\Oto.exe
O4 - HKLM\..\Run: [Dkd] C:\WINDOWS\SYSTEM\Njh.exe
O4 - HKLM\..\Run: [Hsi] C:\WINDOWS\Ses.exe
O4 - HKLM\..\Run: [Jfo] C:\WINDOWS\Ovq.exe
O4 - HKLM\..\Run: [Gts] C:\WINDOWS\SYSTEM\Oru.exe
O4 - HKLM\..\Run: [Hse] C:\WINDOWS\SYSTEM\Stg.exe
O4 - HKLM\..\Run: [Bip] C:\WINDOWS\SYSTEM\Som.exe
O4 - HKLM\..\Run: [Vbl] C:\WINDOWS\Vkk.exe
O4 - HKLM\..\Run: [Plh] C:\WINDOWS\Nmi.exe
O4 - HKLM\..\Run: [Ckd] C:\WINDOWS\SYSTEM\Esv.exe
O4 - HKLM\..\Run: [Eed] C:\WINDOWS\SYSTEM\Pka.exe
O4 - HKLM\..\Run: [Qun] C:\WINDOWS\SYSTEM\Dog.exe
O4 - HKLM\..\Run: [Ssk] C:\WINDOWS\SYSTEM\Dem.exe
O4 - HKLM\..\Run: [Ihc] C:\WINDOWS\Iqs.exe
O4 - HKLM\..\Run: [Ucj] C:\WINDOWS\Bbs.exe
O4 - HKLM\..\Run: [Ffp] C:\WINDOWS\Alq.exe
O4 - HKLM\..\Run: [Pov] C:\WINDOWS\Mlp.exe
O4 - HKLM\..\Run: [Rkq] C:\WINDOWS\Nse.exe
O4 - HKLM\..\Run: [Msp] C:\WINDOWS\SYSTEM\Pcp.exe
O4 - HKLM\..\Run: [Ikf] C:\WINDOWS\SYSTEM\Cvu.exe
O4 - HKLM\..\Run: [Gmq] C:\WINDOWS\Jtn.exe
O4 - HKLM\..\Run: [Jnl] C:\WINDOWS\SYSTEM\Ijb.exe
O4 - HKLM\..\Run: [Hsp] C:\WINDOWS\SYSTEM\Rih.exe
O4 - HKLM\..\Run: [Dje] C:\WINDOWS\SYSTEM\Fah.exe
O4 - HKLM\..\Run: [Inl] C:\WINDOWS\SYSTEM\Orq.exe
O4 - HKLM\..\Run: [Fuk] C:\WINDOWS\Asg.exe
O4 - HKLM\..\Run: [Fdo] C:\WINDOWS\Lol.exe
O4 - HKLM\..\Run: [Ggt] C:\WINDOWS\Kml.exe
O4 - HKLM\..\Run: [Vti] C:\WINDOWS\SYSTEM\Vqi.exe
O4 - HKLM\..\Run: [Iqd] C:\WINDOWS\Njr.exe
O4 - HKLM\..\Run: [Agu] C:\WINDOWS\SYSTEM\Cml.exe
O4 - HKLM\..\Run: [Maa] C:\WINDOWS\SYSTEM\Rjc.exe
O4 - HKLM\..\Run: [Lqr] C:\WINDOWS\SYSTEM\Rja.exe
O4 - HKLM\..\Run: [Bng] C:\WINDOWS\Cvv.exe
O4 - HKLM\..\Run: [Fva] C:\WINDOWS\SYSTEM\Kit.exe
O4 - HKLM\..\Run: [Qgp] C:\WINDOWS\SYSTEM\Lnn.exe
O4 - HKLM\..\Run: [Loa] C:\WINDOWS\Koi.exe
O4 - HKLM\..\Run: [Tbm] C:\WINDOWS\SYSTEM\Pqe.exe
O4 - HKLM\..\Run: [Mrr] C:\WINDOWS\Sjk.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\RunServices: [ntddetect] WS\SYSTEM\ntddetect.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.2.3.5\InstallStub.exe -a
O4 - HKCU\..\Run: [Ibf] C:\WINDOWS\Roj.exe
O4 - HKCU\..\Run: [ntddetect] WS\SYSTEM\ntddetect.exe
O4 - HKCU\..\Run: [Bke] C:\WINDOWS\Rnb.exe
O4 - HKCU\..\Run: [Gum] C:\WINDOWS\Nup.exe
O4 - HKCU\..\Run: [Rbg] C:\WINDOWS\Uqt.exe
O4 - HKCU\..\Run: [Rbc] C:\WINDOWS\Mbi.exe
O4 - HKCU\..\Run: [Vhs] C:\WINDOWS\Rkn.exe
O4 - HKCU\..\Run: [Mis] C:\WINDOWS\Fcs.exe
O4 - HKCU\..\Run: [Koj] C:\WINDOWS\SYSTEM\Qmf.exe
O4 - HKCU\..\Run: [Kjh] C:\WINDOWS\Scl.exe
O4 - HKCU\..\Run: [Vsg] C:\WINDOWS\SYSTEM\Tiu.exe
O4 - HKCU\..\Run: [Hdj] C:\WINDOWS\SYSTEM\Tfr.exe
O4 - HKCU\..\Run: [Pij] C:\WINDOWS\SYSTEM\Tak.exe
O4 - HKCU\..\Run: [Ovu] C:\WINDOWS\Sqh.exe
O4 - HKCU\..\Run: [Mtq] C:\WINDOWS\SYSTEM\Jlv.exe
O4 - HKCU\..\Run: [Lcu] C:\WINDOWS\Rnp.exe
O4 - HKCU\..\Run: [Ggm] C:\WINDOWS\SYSTEM\Udq.exe
O4 - HKCU\..\Run: [Bqn] C:\WINDOWS\Tqo.exe
O4 - HKCU\..\Run: [Evd] C:\WINDOWS\SYSTEM\Vtq.exe
O4 - HKCU\..\Run: [Ikn] C:\WINDOWS\Rmg.exe
O4 - HKCU\..\Run: [Rki] C:\WINDOWS\Kob.exe
O4 - HKCU\..\Run: [Vdb] C:\WINDOWS\Tqo.exe
O4 - HKCU\..\Run: [Kfe] C:\WINDOWS\Sev.exe
O4 - HKCU\..\Run: [Est] C:\WINDOWS\Bro.exe
O4 - HKCU\..\Run: [Vvm] C:\WINDOWS\SYSTEM\Feg.exe
O4 - HKCU\..\Run: [Sue] C:\WINDOWS\SYSTEM\Lum.exe
O4 - HKCU\..\Run: [Iht] C:\WINDOWS\Lku.exe
O4 - HKCU\..\Run: [Drq] C:\WINDOWS\SYSTEM\Ltk.exe
O4 - HKCU\..\Run: [Vcg] C:\WINDOWS\Kvf.exe
O4 - HKCU\..\Run: [Pfj] C:\WINDOWS\Vff.exe
O4 - HKCU\..\Run: [Kde] C:\WINDOWS\Omm.exe
O4 - HKCU\..\Run: [Uom] C:\WINDOWS\SYSTEM\Idv.exe
O4 - HKCU\..\Run: [Nuk] C:\WINDOWS\SYSTEM\Qdm.exe
O4 - HKCU\..\Run: [Ooc] C:\WINDOWS\SYSTEM\Got.exe
O4 - HKCU\..\Run: [Ksi] C:\WINDOWS\Irg.exe
O4 - HKCU\..\Run: [Pkd] C:\WINDOWS\Top.exe
O4 - HKCU\..\Run: [Fqm] C:\WINDOWS\Skv.exe
O4 - HKCU\..\Run: [Ino] C:\WINDOWS\Kkb.exe
O4 - HKCU\..\Run: [Ppm] C:\WINDOWS\SYSTEM\Ngk.exe
O4 - HKCU\..\Run: [Sng] C:\WINDOWS\SYSTEM\Ede.exe
O4 - HKCU\..\Run: [Eds] C:\WINDOWS\Cpc.exe
O4 - HKCU\..\Run: [Ajp] C:\WINDOWS\Rnp.exe
O4 - HKCU\..\Run: [Gip] C:\WINDOWS\SYSTEM\Goa.exe
O4 - HKCU\..\Run: [Cms] C:\WINDOWS\Olt.exe
O4 - HKCU\..\Run: [Ius] C:\WINDOWS\SYSTEM\Lga.exe
O4 - HKCU\..\Run: [Aqf] C:\WINDOWS\SYSTEM\Ele.exe
O4 - HKCU\..\Run: [Jkd] C:\WINDOWS\Bjj.exe
O4 - HKCU\..\Run: [Hpc] C:\WINDOWS\SYSTEM\Ren.exe
O4 - HKCU\..\Run: [Htt] C:\WINDOWS\Ptl.exe
O4 - HKCU\..\Run: [Dfu] C:\WINDOWS\SYSTEM\Ath.exe
O4 - HKCU\..\Run: [Kdk] C:\WINDOWS\Lpp.exe
O4 - HKCU\..\Run: [Lcq] C:\WINDOWS\SYSTEM\Dff.exe
O4 - HKCU\..\Run: [Hsg] C:\WINDOWS\Cgm.exe
O4 - HKCU\..\Run: [Pdi] C:\WINDOWS\Oqb.exe
O4 - HKCU\..\Run: [Ubk] C:\WINDOWS\SYSTEM\Hlv.exe
O4 - HKCU\..\Run: [Vtf] C:\WINDOWS\SYSTEM\Hoc.exe
O4 - HKCU\..\Run: [Hjo] C:\WINDOWS\SYSTEM\Iac.exe
O4 - HKCU\..\Run: [Gfl] C:\WINDOWS\Jbe.exe
O4 - HKCU\..\Run: [Vml] C:\WINDOWS\SYSTEM\Gjj.exe
O4 - HKCU\..\Run: [Vao] C:\WINDOWS\Fki.exe
O4 - HKCU\..\Run: [Kbj] C:\WINDOWS\SYSTEM\Ikq.exe
O4 - HKCU\..\Run: [Pvv] C:\WINDOWS\Ted.exe
O4 - HKCU\..\Run: [Fos] C:\WINDOWS\SYSTEM\Vlt.exe
O4 - HKCU\..\Run: [Vpt] C:\WINDOWS\SYSTEM\Jif.exe
O4 - HKCU\..\Run: [Ifa] C:\WINDOWS\Srf.exe
O4 - HKCU\..\Run: [Kai] C:\WINDOWS\Aqi.exe
O4 - HKCU\..\Run: [Ofc] C:\WINDOWS\SYSTEM\Aah.exe
O4 - HKCU\..\Run: [Dji] C:\WINDOWS\Qtg.exe
O4 - HKCU\..\Run: [Bfu] C:\WINDOWS\Nrc.exe
O4 - HKCU\..\Run: [Llg] C:\WINDOWS\Cgn.exe
O4 - HKCU\..\Run: [Dqi] C:\WINDOWS\SYSTEM\Phr.exe
O4 - HKCU\..\Run: [Klf] C:\WINDOWS\SYSTEM\Vuh.exe
O4 - HKCU\..\Run: [Acj] C:\WINDOWS\SYSTEM\Oam.exe
O4 - HKCU\..\Run: [Fsu] C:\WINDOWS\SYSTEM\Anr.exe
O4 - HKCU\..\Run: [Oge] C:\WINDOWS\SYSTEM\Hca.exe
O4 - HKCU\..\Run: [Use] C:\WINDOWS\Oto.exe
O4 - HKCU\..\Run: [Dkd] C:\WINDOWS\SYSTEM\Njh.exe
O4 - HKCU\..\Run: [Hsi] C:\WINDOWS\Ses.exe
O4 - HKCU\..\Run: [Jfo] C:\WINDOWS\Ovq.exe
O4 - HKCU\..\Run: [Gts] C:\WINDOWS\SYSTEM\Oru.exe
O4 - HKCU\..\Run: [Hse] C:\WINDOWS\SYSTEM\Stg.exe
O4 - HKCU\..\Run: [Bip] C:\WINDOWS\SYSTEM\Som.exe
O4 - HKCU\..\Run: [Vbl] C:\WINDOWS\Vkk.exe
O4 - HKCU\..\Run: [Plh] C:\WINDOWS\Nmi.exe
O4 - HKCU\..\Run: [Ckd] C:\WINDOWS\SYSTEM\Esv.exe
O4 - HKCU\..\Run: [Eed] C:\WINDOWS\SYSTEM\Pka.exe
O4 - HKCU\..\Run: [Qun] C:\WINDOWS\SYSTEM\Dog.exe
O4 - HKCU\..\Run: [Ssk] C:\WINDOWS\SYSTEM\Dem.exe
O4 - HKCU\..\Run: [Ihc] C:\WINDOWS\Iqs.exe
O4 - HKCU\..\Run: [Ucj] C:\WINDOWS\Bbs.exe
O4 - HKCU\..\Run: [Ffp] C:\WINDOWS\Alq.exe
O4 - HKCU\..\Run: [Pov] C:\WINDOWS\Mlp.exe
O4 - HKCU\..\Run: [Rkq] C:\WINDOWS\Nse.exe
O4 - HKCU\..\Run: [Msp] C:\WINDOWS\SYSTEM\Pcp.exe
O4 - HKCU\..\Run: [Ikf] C:\WINDOWS\SYSTEM\Cvu.exe
O4 - HKCU\..\Run: [Gmq] C:\WINDOWS\Jtn.exe
O4 - HKCU\..\Run: [Jnl] C:\WINDOWS\SYSTEM\Ijb.exe
O4 - HKCU\..\Run: [Hsp] C:\WINDOWS\SYSTEM\Rih.exe
O4 - HKCU\..\Run: [Dje] C:\WINDOWS\SYSTEM\Fah.exe
O4 - HKCU\..\Run: [Inl] C:\WINDOWS\SYSTEM\Orq.exe
O4 - HKCU\..\Run: [Fuk] C:\WINDOWS\Asg.exe
O4 - HKCU\..\Run: [Fdo] C:\WINDOWS\Lol.exe
O4 - HKCU\..\Run: [Ggt] C:\WINDOWS\Kml.exe
O4 - HKCU\..\Run: [Vti] C:\WINDOWS\SYSTEM\Vqi.exe
O4 - HKCU\..\Run: [Iqd] C:\WINDOWS\Njr.exe
O4 - HKCU\..\Run: [Agu] C:\WINDOWS\SYSTEM\Cml.exe
O4 - HKCU\..\Run: [Maa] C:\WINDOWS\SYSTEM\Rjc.exe
O4 - HKCU\..\Run: [Lqr] C:\WINDOWS\SYSTEM\Rja.exe
O4 - HKCU\..\Run: [Bng] C:\WINDOWS\Cvv.exe
O4 - HKCU\..\Run: [Fva] C:\WINDOWS\SYSTEM\Kit.exe
O4 - HKCU\..\Run: [Qgp] C:\WINDOWS\SYSTEM\Lnn.exe
O4 - HKCU\..\Run: [Loa] C:\WINDOWS\Koi.exe
O4 - HKCU\..\Run: [Tbm] C:\WINDOWS\SYSTEM\Pqe.exe
O4 - HKCU\..\Run: [Mrr] C:\WINDOWS\Sjk.exe
O4 - Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\SYSTEM\CAP3LA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 66.197.161.149
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = lan
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 202.188.0.133,202.188.1.5
O21 - SSODL: DDE Module - {303F44D5-5FEA-4509-ABDE-5E00C3F2125A} - C:\WINDOWS\SYSTEM\hun32.dll
O21 - SSODL: OLE Module - {0656A137-B161-CADD-9777-E37A75727E78} - C:\WINDOWS\SYSTEM\thun32.dll (file missing)

#4 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:06:57 AM

Posted 14 April 2005 - 02:07 PM

Hi jama81,

We still have a lot there so we will have to remove them manually. The main reason that you have a number of Trojan infections is because you don't have any Antivirus protection so lets get a free one downloaded and installed as a matter of urgency.

You may find it helpful to print these instructions out as you will not have access to the Internet whilst you are running in Safe mode.
Please read through all of the steps first to ensure you understand what I'm asking you to do. If you have any questions, please ask before you start the fixes.
  • Please visit the Grisoft website and download the latest version of AVG Anti Virus V7.308 Install the software and download any updates that are available. Double click on the AVG logo and click on the Scan Computer button. Allow AVG to perform a complete scan of your system.

  • Please download the free 30 day trial of Trojan Hunter TrojanHunter Download
    Use the LiveUpdate facility to to automatically update to the latest TrojanHunter ruleset.
    If you have problems with that then download and manually install the latest updates TrajanHunter Ruleset
    Run Trojan Hunter and let it fix all that it finds.

  • Download the following zip file and unzip it to your desktop.

    http://www.mvps.org/winhelp2002/DelDomains.inf

    Right-click on the deldomains.inf file and select 'Install'

  • Restart you machine in Safe Mode:
    • Reboot your computer
    • As the machine starts, continually tap the F8 key
    • You will then be presented with a menu screen
    • Use the the up/down arrow keys to select Safe Mode
    • Press the Enter key to boot in that mode.
  • Run HijackThis
    Click on the Scan button and when complete
    Put a check beside all of the items listed below R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O4 - HKLM\..\Run: [Ibf] C:\WINDOWS\Roj.exe
    O4 - HKLM\..\Run: [load32] C:\WINDOWS\SYSTEM\winldra.exe
    O4 - HKLM\..\Run: [ntddetect] WS\SYSTEM\ntddetect.exe
    O4 - HKLM\..\Run: [Bke] C:\WINDOWS\Rnb.exe
    O4 - HKLM\..\Run: [Gum] C:\WINDOWS\Nup.exe
    O4 - HKLM\..\Run: [Rbg] C:\WINDOWS\Uqt.exe
    O4 - HKLM\..\Run: [Rbc] C:\WINDOWS\Mbi.exe
    O4 - HKLM\..\Run: [Vhs] C:\WINDOWS\Rkn.exe
    O4 - HKLM\..\Run: [Mis] C:\WINDOWS\Fcs.exe
    O4 - HKLM\..\Run: [Koj] C:\WINDOWS\SYSTEM\Qmf.exe
    O4 - HKLM\..\Run: [Kjh] C:\WINDOWS\Scl.exe
    O4 - HKLM\..\Run: [Vsg] C:\WINDOWS\SYSTEM\Tiu.exe
    O4 - HKLM\..\Run: [Hdj] C:\WINDOWS\SYSTEM\Tfr.exe
    O4 - HKLM\..\Run: [Pij] C:\WINDOWS\SYSTEM\Tak.exe
    O4 - HKLM\..\Run: [Ovu] C:\WINDOWS\Sqh.exe
    O4 - HKLM\..\Run: [Mtq] C:\WINDOWS\SYSTEM\Jlv.exe
    O4 - HKLM\..\Run: [Lcu] C:\WINDOWS\Rnp.exe
    O4 - HKLM\..\Run: [Ggm] C:\WINDOWS\SYSTEM\Udq.exe
    O4 - HKLM\..\Run: [Bqn] C:\WINDOWS\Tqo.exe
    O4 - HKLM\..\Run: [Evd] C:\WINDOWS\SYSTEM\Vtq.exe
    O4 - HKLM\..\Run: [Ikn] C:\WINDOWS\Rmg.exe
    O4 - HKLM\..\Run: [Rki] C:\WINDOWS\Kob.exe
    O4 - HKLM\..\Run: [Vdb] C:\WINDOWS\Tqo.exe
    O4 - HKLM\..\Run: [Kfe] C:\WINDOWS\Sev.exe
    O4 - HKLM\..\Run: [Est] C:\WINDOWS\Bro.exe
    O4 - HKLM\..\Run: [Vvm] C:\WINDOWS\SYSTEM\Feg.exe
    O4 - HKLM\..\Run: [Sue] C:\WINDOWS\SYSTEM\Lum.exe
    O4 - HKLM\..\Run: [Iht] C:\WINDOWS\Lku.exe
    O4 - HKLM\..\Run: [Drq] C:\WINDOWS\SYSTEM\Ltk.exe
    O4 - HKLM\..\Run: [Vcg] C:\WINDOWS\Kvf.exe
    O4 - HKLM\..\Run: [Pfj] C:\WINDOWS\Vff.exe
    O4 - HKLM\..\Run: [Kde] C:\WINDOWS\Omm.exe
    O4 - HKLM\..\Run: [Uom] C:\WINDOWS\SYSTEM\Idv.exe
    O4 - HKLM\..\Run: [Nuk] C:\WINDOWS\SYSTEM\Qdm.exe
    O4 - HKLM\..\Run: [Ooc] C:\WINDOWS\SYSTEM\Got.exe
    O4 - HKLM\..\Run: [Ksi] C:\WINDOWS\Irg.exe
    O4 - HKLM\..\Run: [Pkd] C:\WINDOWS\Top.exe
    O4 - HKLM\..\Run: [Fqm] C:\WINDOWS\Skv.exe
    O4 - HKLM\..\Run: [Ino] C:\WINDOWS\Kkb.exe
    O4 - HKLM\..\Run: [Ppm] C:\WINDOWS\SYSTEM\Ngk.exe
    O4 - HKLM\..\Run: [Sng] C:\WINDOWS\SYSTEM\Ede.exe
    O4 - HKLM\..\Run: [Eds] C:\WINDOWS\Cpc.exe
    O4 - HKLM\..\Run: [Ajp] C:\WINDOWS\Rnp.exe
    O4 - HKLM\..\Run: [Gip] C:\WINDOWS\SYSTEM\Goa.exe
    O4 - HKLM\..\Run: [Cms] C:\WINDOWS\Olt.exe
    O4 - HKLM\..\Run: [Ius] C:\WINDOWS\SYSTEM\Lga.exe
    O4 - HKLM\..\Run: [Aqf] C:\WINDOWS\SYSTEM\Ele.exe
    O4 - HKLM\..\Run: [Jkd] C:\WINDOWS\Bjj.exe
    O4 - HKLM\..\Run: [Hpc] C:\WINDOWS\SYSTEM\Ren.exe
    O4 - HKLM\..\Run: [Htt] C:\WINDOWS\Ptl.exe
    O4 - HKLM\..\Run: [Dfu] C:\WINDOWS\SYSTEM\Ath.exe
    O4 - HKLM\..\Run: [Kdk] C:\WINDOWS\Lpp.exe
    O4 - HKLM\..\Run: [Lcq] C:\WINDOWS\SYSTEM\Dff.exe
    O4 - HKLM\..\Run: [Hsg] C:\WINDOWS\Cgm.exe
    O4 - HKLM\..\Run: [Pdi] C:\WINDOWS\Oqb.exe
    O4 - HKLM\..\Run: [Ubk] C:\WINDOWS\SYSTEM\Hlv.exe
    O4 - HKLM\..\Run: [Vtf] C:\WINDOWS\SYSTEM\Hoc.exe
    O4 - HKLM\..\Run: [Hjo] C:\WINDOWS\SYSTEM\Iac.exe
    O4 - HKLM\..\Run: [Gfl] C:\WINDOWS\Jbe.exe
    O4 - HKLM\..\Run: [Vml] C:\WINDOWS\SYSTEM\Gjj.exe
    O4 - HKLM\..\Run: [Vao] C:\WINDOWS\Fki.exe
    O4 - HKLM\..\Run: [Kbj] C:\WINDOWS\SYSTEM\Ikq.exe
    O4 - HKLM\..\Run: [Pvv] C:\WINDOWS\Ted.exe
    O4 - HKLM\..\Run: [Fos] C:\WINDOWS\SYSTEM\Vlt.exe
    O4 - HKLM\..\Run: [Vpt] C:\WINDOWS\SYSTEM\Jif.exe
    O4 - HKLM\..\Run: [Ifa] C:\WINDOWS\Srf.exe
    O4 - HKLM\..\Run: [Kai] C:\WINDOWS\Aqi.exe
    O4 - HKLM\..\Run: [Ofc] C:\WINDOWS\SYSTEM\Aah.exe
    O4 - HKLM\..\Run: [Dji] C:\WINDOWS\Qtg.exe
    O4 - HKLM\..\Run: [Bfu] C:\WINDOWS\Nrc.exe
    O4 - HKLM\..\Run: [Llg] C:\WINDOWS\Cgn.exe
    O4 - HKLM\..\Run: [Dqi] C:\WINDOWS\SYSTEM\Phr.exe
    O4 - HKLM\..\Run: [Klf] C:\WINDOWS\SYSTEM\Vuh.exe
    O4 - HKLM\..\Run: [Acj] C:\WINDOWS\SYSTEM\Oam.exe
    O4 - HKLM\..\Run: [Fsu] C:\WINDOWS\SYSTEM\Anr.exe
    O4 - HKLM\..\Run: [Oge] C:\WINDOWS\SYSTEM\Hca.exe
    O4 - HKLM\..\Run: [Use] C:\WINDOWS\Oto.exe
    O4 - HKLM\..\Run: [Dkd] C:\WINDOWS\SYSTEM\Njh.exe
    O4 - HKLM\..\Run: [Hsi] C:\WINDOWS\Ses.exe
    O4 - HKLM\..\Run: [Jfo] C:\WINDOWS\Ovq.exe
    O4 - HKLM\..\Run: [Gts] C:\WINDOWS\SYSTEM\Oru.exe
    O4 - HKLM\..\Run: [Hse] C:\WINDOWS\SYSTEM\Stg.exe
    O4 - HKLM\..\Run: [Bip] C:\WINDOWS\SYSTEM\Som.exe
    O4 - HKLM\..\Run: [Vbl] C:\WINDOWS\Vkk.exe
    O4 - HKLM\..\Run: [Plh] C:\WINDOWS\Nmi.exe
    O4 - HKLM\..\Run: [Ckd] C:\WINDOWS\SYSTEM\Esv.exe
    O4 - HKLM\..\Run: [Eed] C:\WINDOWS\SYSTEM\Pka.exe
    O4 - HKLM\..\Run: [Qun] C:\WINDOWS\SYSTEM\Dog.exe
    O4 - HKLM\..\Run: [Ssk] C:\WINDOWS\SYSTEM\Dem.exe
    O4 - HKLM\..\Run: [Ihc] C:\WINDOWS\Iqs.exe
    O4 - HKLM\..\Run: [Ucj] C:\WINDOWS\Bbs.exe
    O4 - HKLM\..\Run: [Ffp] C:\WINDOWS\Alq.exe
    O4 - HKLM\..\Run: [Pov] C:\WINDOWS\Mlp.exe
    O4 - HKLM\..\Run: [Rkq] C:\WINDOWS\Nse.exe
    O4 - HKLM\..\Run: [Msp] C:\WINDOWS\SYSTEM\Pcp.exe
    O4 - HKLM\..\Run: [Ikf] C:\WINDOWS\SYSTEM\Cvu.exe
    O4 - HKLM\..\Run: [Gmq] C:\WINDOWS\Jtn.exe
    O4 - HKLM\..\Run: [Jnl] C:\WINDOWS\SYSTEM\Ijb.exe
    O4 - HKLM\..\Run: [Hsp] C:\WINDOWS\SYSTEM\Rih.exe
    O4 - HKLM\..\Run: [Dje] C:\WINDOWS\SYSTEM\Fah.exe
    O4 - HKLM\..\Run: [Inl] C:\WINDOWS\SYSTEM\Orq.exe
    O4 - HKLM\..\Run: [Fuk] C:\WINDOWS\Asg.exe
    O4 - HKLM\..\Run: [Fdo] C:\WINDOWS\Lol.exe
    O4 - HKLM\..\Run: [Ggt] C:\WINDOWS\Kml.exe
    O4 - HKLM\..\Run: [Vti] C:\WINDOWS\SYSTEM\Vqi.exe
    O4 - HKLM\..\Run: [Iqd] C:\WINDOWS\Njr.exe
    O4 - HKLM\..\Run: [Agu] C:\WINDOWS\SYSTEM\Cml.exe
    O4 - HKLM\..\Run: [Maa] C:\WINDOWS\SYSTEM\Rjc.exe
    O4 - HKLM\..\Run: [Lqr] C:\WINDOWS\SYSTEM\Rja.exe
    O4 - HKLM\..\Run: [Bng] C:\WINDOWS\Cvv.exe
    O4 - HKLM\..\Run: [Fva] C:\WINDOWS\SYSTEM\Kit.exe
    O4 - HKLM\..\Run: [Qgp] C:\WINDOWS\SYSTEM\Lnn.exe
    O4 - HKLM\..\Run: [Loa] C:\WINDOWS\Koi.exe
    O4 - HKLM\..\Run: [Tbm] C:\WINDOWS\SYSTEM\Pqe.exe
    O4 - HKLM\..\Run: [Mrr] C:\WINDOWS\Sjk.exe
    O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels32.exe
    O4 - HKLM\..\RunServices: [ntddetect] WS\SYSTEM\ntddetect.exe
    O4 - HKCU\..\Run: [Ibf] C:\WINDOWS\Roj.exe
    O4 - HKCU\..\Run: [ntddetect] WS\SYSTEM\ntddetect.exe
    O4 - HKCU\..\Run: [Dfu] C:\WINDOWS\SYSTEM\Ath.exe
    O4 - HKCU\..\Run: [Kdk] C:\WINDOWS\Lpp.exe
    O4 - HKCU\..\Run: [Lcq] C:\WINDOWS\SYSTEM\Dff.exe
    O4 - HKCU\..\Run: [Hsg] C:\WINDOWS\Cgm.exe
    O4 - HKCU\..\Run: [Pdi] C:\WINDOWS\Oqb.exe
    O4 - HKCU\..\Run: [Ubk] C:\WINDOWS\SYSTEM\Hlv.exe
    O4 - HKCU\..\Run: [Vtf] C:\WINDOWS\SYSTEM\Hoc.exe
    O4 - HKCU\..\Run: [Hjo] C:\WINDOWS\SYSTEM\Iac.exe
    O4 - HKCU\..\Run: [Gfl] C:\WINDOWS\Jbe.exe
    O4 - HKCU\..\Run: [Vml] C:\WINDOWS\SYSTEM\Gjj.exe
    O4 - HKCU\..\Run: [Vao] C:\WINDOWS\Fki.exe
    O4 - HKCU\..\Run: [Kbj] C:\WINDOWS\SYSTEM\Ikq.exe
    O4 - HKCU\..\Run: [Pvv] C:\WINDOWS\Ted.exe
    O4 - HKCU\..\Run: [Fos] C:\WINDOWS\SYSTEM\Vlt.exe
    O4 - HKCU\..\Run: [Vpt] C:\WINDOWS\SYSTEM\Jif.exe
    O4 - HKCU\..\Run: [Ifa] C:\WINDOWS\Srf.exe
    O4 - HKCU\..\Run: [Kai] C:\WINDOWS\Aqi.exe
    O4 - HKCU\..\Run: [Ofc] C:\WINDOWS\SYSTEM\Aah.exe
    O4 - HKCU\..\Run: [Dji] C:\WINDOWS\Qtg.exe
    O4 - HKCU\..\Run: [Bfu] C:\WINDOWS\Nrc.exe
    O4 - HKCU\..\Run: [Llg] C:\WINDOWS\Cgn.exe
    O4 - HKCU\..\Run: [Dqi] C:\WINDOWS\SYSTEM\Phr.exe
    O4 - HKCU\..\Run: [Klf] C:\WINDOWS\SYSTEM\Vuh.exe
    O4 - HKCU\..\Run: [Acj] C:\WINDOWS\SYSTEM\Oam.exe
    O4 - HKCU\..\Run: [Fsu] C:\WINDOWS\SYSTEM\Anr.exe
    O4 - HKCU\..\Run: [Oge] C:\WINDOWS\SYSTEM\Hca.exe
    O4 - HKCU\..\Run: [Use] C:\WINDOWS\Oto.exe
    O4 - HKCU\..\Run: [Dkd] C:\WINDOWS\SYSTEM\Njh.exe
    O4 - HKCU\..\Run: [Hsi] C:\WINDOWS\Ses.exe
    O4 - HKCU\..\Run: [Jfo] C:\WINDOWS\Ovq.exe
    O4 - HKCU\..\Run: [Gts] C:\WINDOWS\SYSTEM\Oru.exe
    O4 - HKCU\..\Run: [Hse] C:\WINDOWS\SYSTEM\Stg.exe
    O4 - HKCU\..\Run: [Bip] C:\WINDOWS\SYSTEM\Som.exe
    O4 - HKCU\..\Run: [Vbl] C:\WINDOWS\Vkk.exe
    O4 - HKCU\..\Run: [Plh] C:\WINDOWS\Nmi.exe
    O4 - HKCU\..\Run: [Ckd] C:\WINDOWS\SYSTEM\Esv.exe
    O4 - HKCU\..\Run: [Eed] C:\WINDOWS\SYSTEM\Pka.exe
    O4 - HKCU\..\Run: [Qun] C:\WINDOWS\SYSTEM\Dog.exe
    O4 - HKCU\..\Run: [Ssk] C:\WINDOWS\SYSTEM\Dem.exe
    O4 - HKCU\..\Run: [Ihc] C:\WINDOWS\Iqs.exe
    O4 - HKCU\..\Run: [Ucj] C:\WINDOWS\Bbs.exe
    O4 - HKCU\..\Run: [Ffp] C:\WINDOWS\Alq.exe
    O4 - HKCU\..\Run: [Pov] C:\WINDOWS\Mlp.exe
    O4 - HKCU\..\Run: [Rkq] C:\WINDOWS\Nse.exe
    O4 - HKCU\..\Run: [Msp] C:\WINDOWS\SYSTEM\Pcp.exe
    O4 - HKCU\..\Run: [Ikf] C:\WINDOWS\SYSTEM\Cvu.exe
    O4 - HKCU\..\Run: [Gmq] C:\WINDOWS\Jtn.exe
    O4 - HKCU\..\Run: [Jnl] C:\WINDOWS\SYSTEM\Ijb.exe
    O4 - HKCU\..\Run: [Hsp] C:\WINDOWS\SYSTEM\Rih.exe
    O4 - HKCU\..\Run: [Dje] C:\WINDOWS\SYSTEM\Fah.exe
    O4 - HKCU\..\Run: [Inl] C:\WINDOWS\SYSTEM\Orq.exe
    O4 - HKCU\..\Run: [Fuk] C:\WINDOWS\Asg.exe
    O4 - HKCU\..\Run: [Fdo] C:\WINDOWS\Lol.exe
    O4 - HKCU\..\Run: [Ggt] C:\WINDOWS\Kml.exe
    O4 - HKCU\..\Run: [Vti] C:\WINDOWS\SYSTEM\Vqi.exe
    O4 - HKCU\..\Run: [Iqd] C:\WINDOWS\Njr.exe
    O4 - HKCU\..\Run: [Agu] C:\WINDOWS\SYSTEM\Cml.exe
    O4 - HKCU\..\Run: [Maa] C:\WINDOWS\SYSTEM\Rjc.exe
    O4 - HKCU\..\Run: [Lqr] C:\WINDOWS\SYSTEM\Rja.exe
    O4 - HKCU\..\Run: [Bng] C:\WINDOWS\Cvv.exe
    O4 - HKCU\..\Run: [Fva] C:\WINDOWS\SYSTEM\Kit.exe
    O4 - HKCU\..\Run: [Qgp] C:\WINDOWS\SYSTEM\Lnn.exe
    O4 - HKCU\..\Run: [Loa] C:\WINDOWS\Koi.exe
    O4 - HKCU\..\Run: [Tbm] C:\WINDOWS\SYSTEM\Pqe.exe
    O4 - HKCU\..\Run: [Mrr] C:\WINDOWS\Sjk.exe


    Fix the following if you, a system administrator or a program like Spybot Search & Destroy did not set restrictions on your Control Panel:
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    Close all open Explorer windows and browsers
    Click on the Fix Checked button.
    When complete and all files removed, close the application.

  • Using Windows Explorer please delete the following files or folders (delete item in bold). Please do not be concerned if any of the items are not found as they may have been automatically removed by actions I had you take earlier in the cleaning process.C:\WINDOWS\SYSTEM\winldra.exe >>> This file only
    WS\SYSTEM\ntddetect.exe >>> This file, but you may have to use the search facility to find it
    C:\WINDOWS\SYSTEM\kernels32.exe >>> This file only
  • In order to save you deleting all the file infections manually please do the following: Open Notepad, (Start button, click on Run, type in Notepad, and click OK) copy & pastes the following block of text into Notepad.
    Del C:\WINDOWS\Rnb.exe
    Del C:\WINDOWS\Nup.exe
    Del C:\WINDOWS\Uqt.exe
    Del C:\WINDOWS\Mbi.exe
    Del C:\WINDOWS\Rkn.exe
    Del C:\WINDOWS\Fcs.exe
    Del C:\WINDOWS\SYSTEM\Qmf.exe
    Del C:\WINDOWS\Scl.exe
    Del C:\WINDOWS\SYSTEM\Tiu.exe
    Del C:\WINDOWS\SYSTEM\Tfr.exe
    Del C:\WINDOWS\SYSTEM\Tak.exe
    Del C:\WINDOWS\Sqh.exe
    Del C:\WINDOWS\SYSTEM\Jlv.exe
    Del C:\WINDOWS\Rnp.exe
    Del C:\WINDOWS\SYSTEM\Udq.exe
    Del C:\WINDOWS\Tqo.exe
    Del C:\WINDOWS\SYSTEM\Vtq.exe
    Del C:\WINDOWS\Rmg.exe
    Del C:\WINDOWS\Kob.exe
    Del C:\WINDOWS\Tqo.exe
    Del C:\WINDOWS\Sev.exe
    Del C:\WINDOWS\Bro.exe
    Del C:\WINDOWS\SYSTEM\Feg.exe
    Del C:\WINDOWS\SYSTEM\Lum.exe
    Del C:\WINDOWS\Lku.exe
    Del C:\WINDOWS\SYSTEM\Ltk.exe
    Del C:\WINDOWS\Kvf.exe
    Del C:\WINDOWS\Vff.exe
    Del C:\WINDOWS\Omm.exe
    Del C:\WINDOWS\SYSTEM\Idv.exe
    Del C:\WINDOWS\SYSTEM\Qdm.exe
    Del C:\WINDOWS\SYSTEM\Got.exe
    Del C:\WINDOWS\Irg.exe
    Del C:\WINDOWS\Top.exe
    Del C:\WINDOWS\Skv.exe
    Del C:\WINDOWS\Kkb.exe
    Del C:\WINDOWS\SYSTEM\Ngk.exe
    Del C:\WINDOWS\SYSTEM\Ede.exe
    Del C:\WINDOWS\Cpc.exe
    Del C:\WINDOWS\Rnp.exe
    Del C:\WINDOWS\SYSTEM\Goa.exe
    Del C:\WINDOWS\Olt.exe
    Del C:\WINDOWS\SYSTEM\Lga.exe
    Del C:\WINDOWS\SYSTEM\Ele.exe
    Del C:\WINDOWS\Bjj.exe
    Del C:\WINDOWS\SYSTEM\Ren.exe
    Del C:\WINDOWS\Ptl.exe
    Del C:\WINDOWS\SYSTEM\Ath.exe
    Del C:\WINDOWS\Lpp.exe
    Del C:\WINDOWS\SYSTEM\Dff.exe
    Del C:\WINDOWS\Cgm.exe
    Del C:\WINDOWS\Oqb.exe
    Del C:\WINDOWS\SYSTEM\Hlv.exe
    Del C:\WINDOWS\SYSTEM\Hoc.exe
    Del C:\WINDOWS\SYSTEM\Iac.exe
    Del C:\WINDOWS\Jbe.exe
    Del C:\WINDOWS\SYSTEM\Gjj.exe
    Del C:\WINDOWS\Fki.exe
    Del C:\WINDOWS\SYSTEM\Ikq.exe
    Del C:\WINDOWS\Ted.exe
    Del C:\WINDOWS\SYSTEM\Vlt.exe
    Del C:\WINDOWS\SYSTEM\Jif.exe
    Del C:\WINDOWS\Srf.exe
    Del C:\WINDOWS\Aqi.exe
    Del C:\WINDOWS\SYSTEM\Aah.exe
    Del C:\WINDOWS\Qtg.exe
    Del C:\WINDOWS\Nrc.exe
    Del C:\WINDOWS\Cgn.exe
    Del C:\WINDOWS\SYSTEM\Phr.exe
    Del C:\WINDOWS\SYSTEM\Vuh.exe
    Del C:\WINDOWS\SYSTEM\Oam.exe
    Del C:\WINDOWS\SYSTEM\Anr.exe
    Del C:\WINDOWS\SYSTEM\Hca.exe
    Del C:\WINDOWS\Oto.exe
    Del C:\WINDOWS\SYSTEM\Njh.exe
    Del C:\WINDOWS\Ses.exe
    Del C:\WINDOWS\Ovq.exe
    Del C:\WINDOWS\SYSTEM\Oru.exe
    Del C:\WINDOWS\SYSTEM\Stg.exe
    Del C:\WINDOWS\SYSTEM\Som.exe
    Del C:\WINDOWS\Vkk.exe
    Del C:\WINDOWS\Nmi.exe
    Del C:\WINDOWS\SYSTEM\Esv.exe
    Del C:\WINDOWS\SYSTEM\Pka.exe
    Del C:\WINDOWS\SYSTEM\Dog.exe
    Del C:\WINDOWS\SYSTEM\Dem.exe
    Del C:\WINDOWS\Iqs.exe
    Del C:\WINDOWS\Bbs.exe
    Del C:\WINDOWS\Alq.exe
    Del C:\WINDOWS\Mlp.exe
    Del C:\WINDOWS\Nse.exe
    Del C:\WINDOWS\SYSTEM\Pcp.exe
    Del C:\WINDOWS\SYSTEM\Cvu.exe
    Del C:\WINDOWS\Jtn.exe
    Del C:\WINDOWS\SYSTEM\Ijb.exe
    Del C:\WINDOWS\SYSTEM\Rih.exe
    Del C:\WINDOWS\SYSTEM\Fah.exe
    Del C:\WINDOWS\SYSTEM\Orq.exe
    Del C:\WINDOWS\Asg.exe
    Del C:\WINDOWS\Lol.exe
    Del C:\WINDOWS\Kml.exe
    Del C:\WINDOWS\SYSTEM\Vqi.exe
    Del C:\WINDOWS\Njr.exe
    Del C:\WINDOWS\SYSTEM\Cml.exe
    Del C:\WINDOWS\SYSTEM\Rjc.exe
    Del C:\WINDOWS\SYSTEM\Rja.exe
    Del C:\WINDOWS\Cvv.exe
    Del C:\WINDOWS\SYSTEM\Kit.exe
    Del C:\WINDOWS\SYSTEM\Lnn.exe
    Del C:\WINDOWS\Koi.exe
    Del C:\WINDOWS\SYSTEM\Pqe.exe
    Del C:\WINDOWS\Sjk.exe
    Del C:\WINDOWS\Roj.exe
    Del C:\WINDOWS\Rnb.exe
    Del C:\WINDOWS\Nup.exe
    Del C:\WINDOWS\Uqt.exe
    Del C:\WINDOWS\Mbi.exe
    Del C:\WINDOWS\Rkn.exe
    Del C:\WINDOWS\Fcs.exe
    Del C:\WINDOWS\SYSTEM\Qmf.exe
    Del C:\WINDOWS\Scl.exe
    Del C:\WINDOWS\SYSTEM\Tiu.exe
    Del C:\WINDOWS\SYSTEM\Tfr.exe
    Del C:\WINDOWS\SYSTEM\Tak.exe
    Del C:\WINDOWS\Sqh.exe
    Del C:\WINDOWS\SYSTEM\Jlv.exe
    Del C:\WINDOWS\Rnp.exe
    Del C:\WINDOWS\SYSTEM\Udq.exe
    Del C:\WINDOWS\Tqo.exe
    Del C:\WINDOWS\SYSTEM\Vtq.exe
    Del C:\WINDOWS\Rmg.exe
    Del C:\WINDOWS\Kob.exe
    Del C:\WINDOWS\Tqo.exe
    Del C:\WINDOWS\Sev.exe
    Del C:\WINDOWS\Bro.exe
    Del C:\WINDOWS\SYSTEM\Feg.exe
    Del C:\WINDOWS\SYSTEM\Lum.exe
    Del C:\WINDOWS\Lku.exe
    Del C:\WINDOWS\SYSTEM\Ltk.exe
    Del C:\WINDOWS\Kvf.exe
    Del C:\WINDOWS\Vff.exe
    Del C:\WINDOWS\Omm.exe
    Del C:\WINDOWS\SYSTEM\Idv.exe
    Del C:\WINDOWS\SYSTEM\Qdm.exe
    Del C:\WINDOWS\SYSTEM\Got.exe
    Del C:\WINDOWS\Irg.exe
    Del C:\WINDOWS\Top.exe
    Del C:\WINDOWS\Skv.exe
    Del C:\WINDOWS\Kkb.exe
    Del C:\WINDOWS\SYSTEM\Ngk.exe
    Del C:\WINDOWS\SYSTEM\Ede.exe
    Del C:\WINDOWS\Cpc.exe
    Del C:\WINDOWS\Rnp.exe
    Del C:\WINDOWS\SYSTEM\Goa.exe
    Del C:\WINDOWS\Olt.exe
    Del C:\WINDOWS\SYSTEM\Lga.exe
    Del C:\WINDOWS\SYSTEM\Ele.exe
    Del C:\WINDOWS\Bjj.exe
    Del C:\WINDOWS\SYSTEM\Ren.exe
    Del C:\WINDOWS\Ptl.exe
    Del C:\WINDOWS\SYSTEM\Ath.exe
    Del C:\WINDOWS\Lpp.exe
    Del C:\WINDOWS\SYSTEM\Dff.exe
    Del C:\WINDOWS\Cgm.exe
    Del C:\WINDOWS\Oqb.exe
    Del C:\WINDOWS\SYSTEM\Hlv.exe
    Del C:\WINDOWS\SYSTEM\Hoc.exe
    Del C:\WINDOWS\SYSTEM\Iac.exe
    Del C:\WINDOWS\Jbe.exe
    Del C:\WINDOWS\SYSTEM\Gjj.exe
    Del C:\WINDOWS\Fki.exe
    Del C:\WINDOWS\SYSTEM\Ikq.exe
    Del C:\WINDOWS\Ted.exe
    Del C:\WINDOWS\SYSTEM\Vlt.exe
    Del C:\WINDOWS\SYSTEM\Jif.exe
    Del C:\WINDOWS\Srf.exe
    Del C:\WINDOWS\Aqi.exe
    Del C:\WINDOWS\SYSTEM\Aah.exe
    Del C:\WINDOWS\Qtg.exe
    Del C:\WINDOWS\Nrc.exe
    Del C:\WINDOWS\Cgn.exe
    Del C:\WINDOWS\SYSTEM\Phr.exe
    Del C:\WINDOWS\SYSTEM\Vuh.exe
    Del C:\WINDOWS\SYSTEM\Oam.exe
    Del C:\WINDOWS\SYSTEM\Anr.exe
    Del C:\WINDOWS\SYSTEM\Hca.exe
    Del C:\WINDOWS\Oto.exe
    Del C:\WINDOWS\SYSTEM\Njh.exe
    Del C:\WINDOWS\Ses.exe
    Del C:\WINDOWS\Ovq.exe
    Del C:\WINDOWS\SYSTEM\Oru.exe
    Del C:\WINDOWS\SYSTEM\Stg.exe
    Del C:\WINDOWS\SYSTEM\Som.exe
    Del C:\WINDOWS\Vkk.exe
    Del C:\WINDOWS\Nmi.exe
    Del C:\WINDOWS\SYSTEM\Esv.exe
    Del C:\WINDOWS\SYSTEM\Pka.exe
    Del C:\WINDOWS\SYSTEM\Dog.exe
    Del C:\WINDOWS\SYSTEM\Dem.exe
    Del C:\WINDOWS\Iqs.exe
    Del C:\WINDOWS\Bbs.exe
    Del C:\WINDOWS\Alq.exe
    Del C:\WINDOWS\Mlp.exe
    Del C:\WINDOWS\Nse.exe
    Del C:\WINDOWS\SYSTEM\Pcp.exe
    Del C:\WINDOWS\SYSTEM\Cvu.exe
    Del C:\WINDOWS\Jtn.exe
    Del C:\WINDOWS\SYSTEM\Ijb.exe
    Del C:\WINDOWS\SYSTEM\Rih.exe
    Del C:\WINDOWS\SYSTEM\Fah.exe
    Del C:\WINDOWS\SYSTEM\Orq.exe
    Del C:\WINDOWS\Asg.exe
    Del C:\WINDOWS\Lol.exe
    Del C:\WINDOWS\Kml.exe
    Del C:\WINDOWS\SYSTEM\Vqi.exe
    Del C:\WINDOWS\Njr.exe
    Del C:\WINDOWS\SYSTEM\Cml.exe
    Del C:\WINDOWS\SYSTEM\Rjc.exe
    Del C:\WINDOWS\SYSTEM\Rja.exe
    Del C:\WINDOWS\Cvv.exe
    Del C:\WINDOWS\SYSTEM\Kit.exe
    Del C:\WINDOWS\SYSTEM\Lnn.exe
    Del C:\WINDOWS\Koi.exe
    Del C:\WINDOWS\SYSTEM\Pqe.exe
    Del C:\WINDOWS\Sjk.exe
    Select 'Save as type:' as All Files,
    Save the file to a convenient folder as delfiles.bat
    Close Notepad
    Go to the folder where you saved the delfiles.bat and doubleclick on the file name to run it.
  • Reboot your machine in normal mode, run HijackThis and post a new log here using the Add Reply button. Let me know how things went and how things are running now.

Edited by penmore, 14 April 2005 - 02:11 PM.


#5 jama81

jama81
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 14 April 2005 - 09:17 PM

Thank you very much for your reply. I seem to have got rid of the SlimShield.
My desktop is restored. No more errors during start up. Just one problem. I still can't right click.
So I couldn't run deldomains. inf

And I'm just wondering what's the TRUSTED Zone with skoobidoo.com all about. Seems dodgy to me.

Here's my new HJT Log: -


Logfile of HijackThis v1.99.1
Scan saved at 10:17:03 AM, on 4/15/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\GEFORCE2\VI_GRM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\WINDOWS\SYSTEM\CAP3RS.EXE
C:\PROGRAM FILES\PLAXO\2.2.3.5\INSTALLSTUB.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\CAP3LA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\CAP3SW.EXE
C:\WINDOWS\SYSTEM\CAP3SW.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F1 - win.ini: load=C:\GEFORCE2\vi_grm.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\SYSTEM\CAP3ON.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.2.3.5\InstallStub.exe -a
O4 - Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\SYSTEM\CAP3LA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 66.197.161.149
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = lan
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 202.188.0.133,202.188.1.5
O21 - SSODL: DDE Module - {303F44D5-5FEA-4509-ABDE-5E00C3F2125A} - C:\WINDOWS\SYSTEM\hun32.dll
O21 - SSODL: OLE Module - {0656A137-B161-CADD-9777-E37A75727E78} - C:\WINDOWS\SYSTEM\thun32.dll (file missing)

#6 jama81

jama81
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 15 April 2005 - 03:16 AM

btw, i just fixed the right-click problem :thumbsup:

#7 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:06:57 AM

Posted 15 April 2005 - 12:38 PM

Hi jama81,

And I'm just wondering what's the TRUSTED Zone with skoobidoo.com all about. Seems dodgy to me.


The DelDomains was supposed to remove those Trusted domains. There were a number of dodgy ones as well as the skoobidoo one. Now that you have your mouse working, could you run the Deldomains.

Also, can you run HijackThis and remove this one:
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab

Run HijackThis and post a new log here using the Add Reply button. If you mouse problem wasn't hardware then I would be interested to hear what the fix was, just for future reference.

#8 jama81

jama81
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 17 April 2005 - 11:45 PM

hello penmore :thumbsup:

Have run deldomains.inf. I believe the dodgy domains are now gone.

Regarding the right-click fix, I download the file from here http://forums.net-integration.net/index.ph...=post&id=141046

and added it to my registry.

Anyway, here's my new HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:48:40 PM, on 4/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\CAP3RS.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\GEFORCE2\VI_GRM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\PLAXO\2.2.3.5\INSTALLSTUB.EXE
C:\WINDOWS\SYSTEM\CAP3LA.EXE
C:\WINDOWS\SYSTEM\CAP3SW.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACRORD32.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F1 - win.ini: load=C:\GEFORCE2\vi_grm.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\SYSTEM\CAP3ON.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.2.3.5\InstallStub.exe -a
O4 - Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\SYSTEM\CAP3LA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = lan
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 202.188.0.133,202.188.1.5
O21 - SSODL: DDE Module - {303F44D5-5FEA-4509-ABDE-5E00C3F2125A} - C:\WINDOWS\SYSTEM\hun32.dll
O21 - SSODL: OLE Module - {0656A137-B161-CADD-9777-E37A75727E78} -

========

Thank you once again for the help. Greatly appreciated :flowers:

#9 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:06:57 AM

Posted 18 April 2005 - 06:03 AM

Hi jama81,

One file that I would like you to submit and one remnant of a trojan entry to remove. I've included my prevention measures below however it is important that you continue to monitor this thread until we have identified that file and know that your machine is clean. Please do the following:
  • Please go to the following submittal form, complete all of the boxes and submit the following file for analysis. http://www.bleepingcomputer.com/submit-malware.php

    C:\WINDOWS\SYSTEM\hun32.dll

    Once you have completed the submittal could you then rename the file to badhun32.old.

  • Remove the following with HijackThis:

    O21 - SSODL: OLE Module - {0656A137-B161-CADD-9777-E37A75727E78} -

  • Reboot your machine and post a new log here using the Add Reply button.
____________________________________________________________

Please take the time to review the list and implement any of the software or settings that you don't have already.
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to enable and reenable system restore here:Renable system restore with instructions from tutorial above.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
    See this link for a listing of some online & their stand-alone antivirus programs:Virus, Spyware, and Malware Protection and Removal Resources
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
    For a tutorial on Firewalls and a listing of some available ones see the link below:Understanding and Using Firewalls
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windows Update Site regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
    A tutorial on installing & using this product can be found here:Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
  • Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
    A tutorial on installing & using this product can be found here:Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    A tutorial on installing & using this product can be found here:Using SpywareBlaster to protect your computer from Spyware and Malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

#10 jama81

jama81
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 18 April 2005 - 11:13 PM

hi penmore,

i've submitted the file as requested. however, i can't seem to rename it because it is currently being used by windows. which is a little worrying.

i am quite sceptical about certain antispy programs especially freewares that are easily downloadable. is it true that some of these programs, while removing other spywares, leave traces of their own on one's pc? how can one be sure that the pc is absolutely clean?

anyway, i will take as many precautionary measures as possible for security.

thanks :thumbsup:

#11 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:06:57 AM

Posted 19 April 2005 - 12:17 PM

Hi jama81,

Try running in Safe mode and renaming that file - let me know if that works.

This site will help you identify Rogue Anti-Spyware. The software that is on my list (Ad-Aware, Spybot S&D and Spywareblaster) are perfectly safe to use and should be part of your protection suite.

#12 jama81

jama81
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 21 April 2005 - 11:15 PM

hello penmore,
I think it was removed by my antivirus this morning. here's my new log: -

Logfile of HijackThis v1.99.1
Scan saved at 12:17:58 PM, on 4/22/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\PLAXO\2.2.3.5\INSTALLSTUB.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\CAP3RS.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\CAP3SW.EXE
C:\WINDOWS\SYSTEM\CAP3SW.EXE
C:\WINDOWS\EXPLORER.EXE
C:\GEFORCE2\VI_GRM.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\CAP3LA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\MSAGENT\AGENTSVR.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F1 - win.ini: load=C:\GEFORCE2\vi_grm.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\SYSTEM\CAP3ON.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.2.3.5\InstallStub.exe -a
O4 - Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\SYSTEM\CAP3LA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = lan
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 202.188.0.133,202.188.1.5

#13 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:06:57 AM

Posted 22 April 2005 - 12:39 PM

Hi jama81,

Well done!! :thumbsup: Your log looks clean. I was reasonably certain that the file I asked you to rename was bad so it's not surprising that your anti virus software has removed it.

Make sure you have everything installed that you need from my list and remember to do the updates on a regular basis and you should stay clean in the future.

Peter

#14 jama81

jama81
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 24 April 2005 - 08:26 PM

Hi Peter,

Thank you once again for your help and guidance.

:thumbsup:

Jayne




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users