Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log


  • This topic is locked This topic is locked
44 replies to this topic

#1 tireddad

tireddad

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 13 October 2005 - 08:34 PM

I suspect that there's a lot going on with my PC that I just don't know about. For some reason Ctrl Alt Del does NOT bring up Windows Task Mgr, McAfee has to be disabled in order to run HJT, running slowly and MANY pop ups.

Will someone look at this for me?

Logfile of HijackThis v1.99.1
Scan saved at 8:52:37 PM, on 10/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\winmsc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\userint32.exe
C:\et3243423.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\WINDOWS\system32\mswkst32.exe
C:\WINDOWS\seli.exe
C:\WINDOWS\system32\tikpu7hh.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\cdmweb\laoqejvfnn.exe
c:\rdrfasgz.exe
C:\WINDOWS\876029.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\DOCUME~1\Lisa\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\userint32.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O2 - BHO: (no name) - {9ADD76B9-2988-4DC0-D24B-5C9918570EA0} - C:\WINDOWS\cdmweb\laoqejvfnn.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: 180search Toolbar - {93CECBB2-6B1B-448D-91B9-72604EF70105} - C:\Program Files\180search Assistant Programs\180search Toolbar\180ST.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Windows Service Manager] C:\WINDOWS\userint32.exe
O4 - HKLM\..\Run: [P] C:\documents and settings\lisa\local settings\temp\P.exe
O4 - HKLM\..\Run: [qjnq.exe] c:\windows\system32\qjnq.exe
O4 - HKLM\..\Run: [s] C:\windows\system32\s.exe
O4 - HKLM\..\Run: [ktstyp] C:\WINDOWS\ktstyp.exe
O4 - HKLM\..\Run: [Spyware Slayer] C:\Program Files\Spyware Slayer\SpywareSlayer.Exe
O4 - HKLM\..\Run: [eTunnel] C:\et3243423.exe
O4 - HKLM\..\Run: [8fo] C:\documents and settings\lisa\local settings\temp\8fo.exe
O4 - HKLM\..\Run: [YM0SA3H] C:\windows\system32\YM0SA3H.exe
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [RIJA] C:\documents and settings\lisa\local settings\temp\RIJA.exe
O4 - HKLM\..\Run: [QwwnGtBn8] C:\windows\system32\QwwnGtBn8.exe
O4 - HKLM\..\Run: [ezoesni] c:\windows\system32\trtmvu.exe
O4 - HKLM\..\Run: [Microsoft Updat3] mswkst32.exe
O4 - HKLM\..\Run: [p7tk3tU] mdwfile.exe
O4 - HKLM\..\Run: [seli] C:\WINDOWS\seli.exe
O4 - HKLM\..\Run: [tikpu7hh] C:\WINDOWS\system32\tikpu7hh.exe
O4 - HKLM\..\Run: [180sa] c:\program files\180search assistant\180sa.exe
O4 - HKLM\..\Run: [ToolbarInstall] C:\WINDOWS\876029.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunServices: [Microsoft Updat3] mswkst32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yw2qRjY2T] lpriosrv.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540004} (CInstall Class) - http://freepcscan.com/spyware/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutio...bridge-c420.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Configuration Utility (mbot) - Unknown owner - C:\WINDOWS\winmsc32.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Thanks for your help,

Tireddad

BC AdBot (Login to Remove)

 


#2 tireddad

tireddad
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 17 October 2005 - 09:20 PM

A lot has happened over the weekend so I thought that I would post an updated log. I've done away with McAfee and installed Symantec though its not yet working right. Still experiencing lots of problems.

Logfile of HijackThis v1.99.1
Scan saved at 10:16:16 PM, on 10/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\winmsc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\userint32.exe
C:\et3243423.exe
C:\WINDOWS\seli.exe
C:\WINDOWS\system32\tikpu7hh.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\DOCUME~1\Lisa\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\userint32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: (no name) - {D9EE3250-CD1D-3F9C-A81E-AE7EF860855A} - C:\WINDOWS\cdmweb\laoqejvfnn.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Windows Service Manager] C:\WINDOWS\userint32.exe
O4 - HKLM\..\Run: [P] C:\documents and settings\lisa\local settings\temp\P.exe
O4 - HKLM\..\Run: [qjnq.exe] c:\windows\system32\qjnq.exe
O4 - HKLM\..\Run: [s] C:\windows\system32\s.exe
O4 - HKLM\..\Run: [ktstyp] C:\WINDOWS\ktstyp.exe
O4 - HKLM\..\Run: [eTunnel] C:\et3243423.exe
O4 - HKLM\..\Run: [8fo] C:\documents and settings\lisa\local settings\temp\8fo.exe
O4 - HKLM\..\Run: [YM0SA3H] C:\windows\system32\YM0SA3H.exe
O4 - HKLM\..\Run: [RIJA] C:\documents and settings\lisa\local settings\temp\RIJA.exe
O4 - HKLM\..\Run: [QwwnGtBn8] C:\windows\system32\QwwnGtBn8.exe
O4 - HKLM\..\Run: [ezoesni] c:\windows\system32\trtmvu.exe
O4 - HKLM\..\Run: [p7tk3tU] mdwfile.exe
O4 - HKLM\..\Run: [seli] C:\WINDOWS\seli.exe
O4 - HKLM\..\Run: [tikpu7hh] C:\WINDOWS\system32\tikpu7hh.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yw2qRjY2T] lpriosrv.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540004} (CInstall Class) - http://freepcscan.com/spyware/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutio...bridge-c420.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Configuration Utility (mbot) - Unknown owner - C:\WINDOWS\winmsc32.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Thanks for your help.

Tireddad

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:42 AM

Posted 18 October 2005 - 08:02 AM

Hello,

First of all, you didn't unzip/extract hijackthis.. and it's still in the tempfolder.
So I strongly advise to unzip/extract hijackthis.zip.
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Create a permanent folder and move hijackthis.exe into it. The reason is because hijackthis creates backups and when it's in your temp-folder it can be accidentally deleted.
How do you make a permanent folder:

Click My Computer, then C:\ and then on Program Files.
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".
Now you have C:\Program Files\HijackThis. Put your HijackThis.exe there.

It is important you don't miss a step and perform everything in the right order!!

* Download Killbox.
Click killbox.exe.
Select the option "Delete on reboot".

Now copy the next bold:

C:\WINDOWS\winmsc32.exe
C:\WINDOWS\userint32.exe
C:\et3243423.exe
C:\WINDOWS\seli.exe
C:\WINDOWS\system32\tikpu7hh.exe
C:\WINDOWS\cdmweb\laoqejvfnn.dll
C:\documents and settings\lisa\local settings\temp\P.exe
c:\windows\system32\qjnq.exe
C:\windows\system32\s.exe
C:\WINDOWS\ktstyp.exe
C:\documents and settings\lisa\local settings\temp\8fo.exe
C:\windows\system32\YM0SA3H.exe
C:\documents and settings\lisa\local settings\temp\RIJA.exe
C:\windows\system32\QwwnGtBn8.exe
c:\windows\system32\trtmvu.exe


Open 'file' in the killboxmenu on top and choose Paste from clipboard

Now you will see, this is pasted in the "Full Path of File to Delete"-field.
There's a little arrow (dropdown-arrow) next to that field.
If you expand it, these lines must be there together if the files are present!

Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be deleted on next reboot.. Click YES
When it asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.
Click No at the Pending Operations prompt.

Your computer must reboot now.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\userint32.exe
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: (no name) - {D9EE3250-CD1D-3F9C-A81E-AE7EF860855A} - C:\WINDOWS\cdmweb\laoqejvfnn.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Windows Service Manager] C:\WINDOWS\userint32.exe
O4 - HKLM\..\Run: [P] C:\documents and settings\lisa\local settings\temp\P.exe
O4 - HKLM\..\Run: [qjnq.exe] c:\windows\system32\qjnq.exe
O4 - HKLM\..\Run: [s] C:\windows\system32\s.exe
O4 - HKLM\..\Run: [ktstyp] C:\WINDOWS\ktstyp.exe
O4 - HKLM\..\Run: [eTunnel] C:\et3243423.exe
O4 - HKLM\..\Run: [8fo] C:\documents and settings\lisa\local settings\temp\8fo.exe
O4 - HKLM\..\Run: [YM0SA3H] C:\windows\system32\YM0SA3H.exe
O4 - HKLM\..\Run: [RIJA] C:\documents and settings\lisa\local settings\temp\RIJA.exe
O4 - HKLM\..\Run: [QwwnGtBn8] C:\windows\system32\QwwnGtBn8.exe
O4 - HKLM\..\Run: [ezoesni] c:\windows\system32\trtmvu.exe
O4 - HKLM\..\Run: [p7tk3tU] mdwfile.exe
O4 - HKLM\..\Run: [seli] C:\WINDOWS\seli.exe
O4 - HKLM\..\Run: [tikpu7hh] C:\WINDOWS\system32\tikpu7hh.exe
O4 - HKCU\..\Run: [Yw2qRjY2T] lpriosrv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540004} (CInstall Class) - http://freepcscan.com/spyware/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutio...bridge-c420.cab
O23 - Service: Configuration Utility (mbot) - Unknown owner - C:\WINDOWS\winmsc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)


* Search for and delete next folders if still present:

C:\WINDOWS\cdmweb
C:\PROGRAM FILES\COMMON FILES\WinTools

*Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

* Again in start > run, copy and paste next commands:

sc delete mbot Click enter
sc delete SvcProc Click enter

REBOOT your computer!

* Perform an online scan with Kaspersky Online Scanner

Click "Launch Kaspersky Anti-Virus Web Scanner"
You will be prompted if you want to install an ActiveX component from Kaspersky, click yes.
This will start downloading the latest definition files.
Once the files have been downloaded click on "Next"

* Click "Scan Settings"
Select the following in Scan Settings (normally they are already selected by default)

°Scan using the following Anti-Virus database: Standard

°Scan Options: Scan Archives
Scan Mail Bases

* Click OK
* Under select a target to scan, select "My Computer"

* This program will start to scan your system.
The scan will take a while so be patient and let it run.
When the scan is done, it will show a list of infected files found.

* Click on the "Save as Text"- button:
Save the scan log and post it along with a new HijackThis Log
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 tireddad

tireddad
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 18 October 2005 - 08:03 PM

I got as far as the Kaspersky Online Scanner but then was unable to access the Kaspersky site - not thru your link nor by typing Kaspersky.com directly into the URL address box.

I decided to stop until I hear back from you. Just for giggles...here's the latest log.

Logfile of HijackThis v1.99.1
Scan saved at 9:00:06 PM, on 10/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3F66A0C8-F691-389C-23F0-94B4F8E7D20A} - C:\WINDOWS\cdmweb\laoqejvfnn.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Thanks for your help,

Tireddad

#5 tireddad

tireddad
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 18 October 2005 - 08:24 PM

Is it possible that there's something on my computer that is blocking me from going to certain sites? I can't get to the Symantec site either on this computer but I can on my other computer sharing the same broadband.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:42 AM

Posted 19 October 2005 - 03:09 AM

Hi tireddad..,

Yes, your hostsfile is probably blocking access to those sites, so let's fix that..

* Download: Hoster
Unzip hoster to an own folder, eg C:\Hoster
Start Hoster.exe, click 'Restore Original Hosts' and click OK.

Check and fix next entry in hijackthis again (it's a leftover)

O2 - BHO: (no name) - {3F66A0C8-F691-389C-23F0-94B4F8E7D20A} - C:\WINDOWS\cdmweb\laoqejvfnn.dll (file missing)

Try the Kaspersky Online scan again and post the log. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 tireddad

tireddad
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 19 October 2005 - 06:41 PM

Thanks...Hoster helped....

Here's the Kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, October 19, 2005 19:28:22
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 20/10/2005
Kaspersky Anti-Virus database records: 145746
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 52790
Number of viruses found: 31
Number of infected objects: 114
Number of suspicious objects: 0
Duration of the scan process: 2159 sec

Infected Object Name - Virus Name
C:\!KillBox\et3243423.exe Infected: Trojan-Proxy.Win32.Ranky.bw
C:\!KillBox\userint32.exe Infected: Backdoor.Win32.Agent.jn
C:\!KillBox\winmsc32.exe Infected: Backdoor.Win32.IRCBot.cm
C:\0ef0.exe Infected: Trojan-Clicker.Win32.Small.fx
C:\Documents and Settings\Lisa\Local Settings\Temp\AI_Euro.exe/data0002 Infected: Trojan-Downloader.Win32.Apropo.ab
C:\Documents and Settings\Lisa\Local Settings\Temp\AI_Euro.exe Infected: Trojan-Downloader.Win32.Apropo.ab
C:\Documents and Settings\Lisa\Local Settings\Temp\all_files7.exe/data0005/data0004 Infected: Backdoor.Win32.VB.oq
C:\Documents and Settings\Lisa\Local Settings\Temp\all_files7.exe/data0005/data0006 Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Lisa\Local Settings\Temp\all_files7.exe/data0005 Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Lisa\Local Settings\Temp\all_files7.exe/data0010 Infected: Trojan-Downloader.Win32.Apropo.ab
C:\Documents and Settings\Lisa\Local Settings\Temp\all_files7.exe Infected: Trojan-Downloader.Win32.Apropo.ab
C:\Documents and Settings\Lisa\Local Settings\Temp\dealhelper.exe Infected: Trojan-Downloader.Win32.Agent.hw
C:\Documents and Settings\Lisa\Local Settings\Temp\Del1B.tmp Infected: Trojan-Downloader.Win32.Small.asf
C:\Documents and Settings\Lisa\Local Settings\Temp\Del22.tmp Infected: Trojan-Downloader.Win32.Small.asf
C:\Documents and Settings\Lisa\Local Settings\Temp\Del28.tmp Infected: Trojan-Downloader.Win32.Small.asf
C:\Documents and Settings\Lisa\Local Settings\Temp\Del34.tmp Infected: Trojan-Downloader.Win32.Small.asf
C:\Documents and Settings\Lisa\Local Settings\Temp\Del7D.tmp Infected: Trojan-Downloader.Win32.Small.asf
C:\Documents and Settings\Lisa\Local Settings\Temp\Del85.tmp Infected: Trojan-Downloader.Win32.Small.asf
C:\Documents and Settings\Lisa\Local Settings\Temp\Del8A.tmp Infected: Trojan-Downloader.Win32.Small.asf
C:\Documents and Settings\Lisa\Local Settings\Temp\Del8F.tmp Infected: Trojan-Downloader.Win32.Small.asf
C:\Documents and Settings\Lisa\Local Settings\Temp\Del9D.tmp Infected: Trojan-Downloader.Win32.Small.asf
C:\Documents and Settings\Lisa\Local Settings\Temp\DelA8.tmp Infected: Trojan-Downloader.Win32.Small.asf
C:\Documents and Settings\Lisa\Local Settings\Temp\DelAD.tmp Infected: Trojan-Downloader.Win32.Small.asf
C:\Documents and Settings\Lisa\Local Settings\Temp\DMAlSx.exe Infected: Trojan-Downloader.Win32.IstBar.jl
C:\Documents and Settings\Lisa\Local Settings\Temp\dqnfgqi.exe Infected: Backdoor.Win32.Aimbot.ae
C:\Documents and Settings\Lisa\Local Settings\Temp\fca0IVf.exe Infected: Trojan-Downloader.Win32.INService.jj
C:\Documents and Settings\Lisa\Local Settings\Temp\GLF1FGLF1F.EXE/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Documents and Settings\Lisa\Local Settings\Temp\GLF1FGLF1F.EXE Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Documents and Settings\Lisa\Local Settings\Temp\ICD1.tmp\mm81.ocx Infected: Trojan-Downloader.Win32.VB.ov
C:\Documents and Settings\Lisa\Local Settings\Temp\ICD3.tmp\mm81.ocx Infected: Trojan-Downloader.Win32.VB.ov
C:\Documents and Settings\Lisa\Local Settings\Temp\mw.exe/data0004 Infected: Trojan-Downloader.Win32.VB.em
C:\Documents and Settings\Lisa\Local Settings\Temp\mw.exe Infected: Trojan-Downloader.Win32.VB.em
C:\Documents and Settings\Lisa\Local Settings\Temp\SEPInst.exe/data0002 Infected: Trojan.Win32.Septic.a
C:\Documents and Settings\Lisa\Local Settings\Temp\SEPInst.exe Infected: Trojan.Win32.Septic.a
C:\Documents and Settings\Lisa\Local Settings\Temp\sidefind.exe Infected: Trojan-Downloader.Win32.INService.jd
C:\Documents and Settings\Lisa\Local Settings\Temp\targetsaver.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Documents and Settings\Lisa\Local Settings\Temp\targetsaver.exe Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Documents and Settings\Lisa\Local Settings\Temp\temp.fr1B2A Infected: Trojan.Win32.Pakes
C:\Documents and Settings\Lisa\Local Settings\Temp\temp.fr7C70 Infected: Trojan.Win32.Pakes
C:\Documents and Settings\Lisa\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.k
C:\Documents and Settings\Lisa\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Documents and Settings\Lisa\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\Documents and Settings\Lisa\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\Documents and Settings\Lisa\Local Settings\Temp\WBCM_Installer.exe/data0002 Infected: Trojan.Win32.Agent.az
C:\Documents and Settings\Lisa\Local Settings\Temp\WBCM_Installer.exe Infected: Trojan.Win32.Agent.az
C:\fixed.exe Infected: Backdoor.Win32.Rbot.gen
C:\Program Files\Aprps\CxtPls.dll Infected: Trojan-Downloader.Win32.Apropo.ag
C:\Program Files\Aprps\CxtPls.exe Infected: Trojan-Downloader.Win32.Apropo.ag
C:\Program Files\Common Files\oirk\oirkl.exe Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\rdrfasgz.exe Infected: Trojan-Dropper.Win32.Delf.nk
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP516\A0025175.dll Infected: Trojan-Downloader.Win32.Apropo.ah
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP516\A0025184.exe Infected: Trojan-Downloader.Win32.Apropo.ac
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP516\A0025185.exe Infected: Trojan-Downloader.Win32.Agent.ed
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP522\A0025411.dll Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP522\A0025412.exe Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP525\A0025503.dll Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP525\A0025504.exe Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP527\A0025566.exe Infected: Trojan-Clicker.Win32.Small.fx
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP527\A0026601.exe Infected: Trojan-Clicker.Win32.Small.fx
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP527\A0026615.exe Infected: Trojan-Clicker.Win32.Small.fx
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP541\A0027937.dll Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP541\A0027938.exe Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP543\A0028077.exe Infected: Trojan-Dropper.Win32.Delf.nk
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP543\A0028081.exe/data0005 Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP543\A0028081.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP543\A0028082.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP543\A0028099.exe Infected: Trojan-Dropper.Win32.Delf.nk
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP543\A0028100.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP543\A0028133.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP543\A0028135.exe Infected: Trojan-Dropper.Win32.Delf.nk
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP543\A0028141.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP543\A0028166.exe Infected: Trojan-Dropper.Win32.Delf.nk
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP543\A0028167.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP543\A0028170.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP543\A0028201.exe Infected: Trojan-Dropper.Win32.Delf.nk
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP544\A0028237.exe Infected: Trojan-Dropper.Win32.Delf.nk
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP544\A0028271.exe Infected: Trojan-Dropper.Win32.Delf.nk
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP544\A0028272.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP545\A0028280.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP545\A0028301.exe Infected: Trojan-Dropper.Win32.Delf.nk
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP545\A0028302.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP545\A0028309.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP546\A0028371.exe Infected: Trojan-Dropper.Win32.Delf.nk
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP546\A0028373.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP546\A0028385.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP546\A0028418.exe Infected: Trojan-Dropper.Win32.Delf.nk
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP546\A0028420.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP547\A0028437.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP547\A0028466.exe/g.exe Infected: Trojan-Downloader.Win32.IstBar.is
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP547\A0028466.exe Infected: Trojan-Downloader.Win32.IstBar.is
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP547\A0028494.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP547\A0028495.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP551\A0028857.exe Infected: Backdoor.Win32.Rbot.gen
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP553\A0029162.exe Infected: Backdoor.Win32.IRCBot.cm
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP553\A0029163.exe Infected: Backdoor.Win32.Agent.jn
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP553\A0029164.exe Infected: Trojan-Proxy.Win32.Ranky.bw
C:\tmp.exe/g.exe Infected: Trojan-Downloader.Win32.IstBar.is
C:\tmp.exe Infected: Trojan-Downloader.Win32.IstBar.is
C:\WINDOWS\g.exe Infected: Trojan-Downloader.Win32.IstBar.is
C:\WINDOWS\optimize.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\WINDOWS\ssk3b5doublemedia.exe/data0005 Infected: Trojan-Dropper.Win32.Small.qn
C:\WINDOWS\ssk3b5doublemedia.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\WINDOWS\SYSTEM32\Asp5Wzh.exe Infected: Trojan-Downloader.Win32.VB.em
C:\WINDOWS\SYSTEM32\Awdzm.exe Infected: Trojan-Downloader.Win32.VB.em
C:\WINDOWS\SYSTEM32\boUEo.exe Infected: Trojan.Win32.Agent.az
C:\WINDOWS\SYSTEM32\Dnkz9.exe Infected: Trojan-Downloader.Win32.VB.em
C:\WINDOWS\SYSTEM32\LwiPYK.exe Infected: Trojan-Downloader.Win32.VB.em
C:\WINDOWS\SYSTEM32\Lzkoqfy.exe Infected: Trojan-Downloader.Win32.VB.em
C:\WINDOWS\SYSTEM32\NspV.exe Infected: Trojan-Downloader.Win32.VB.em
C:\WINDOWS\SYSTEM32\OjqN0Y44.exe Infected: Trojan-Downloader.Win32.VB.em
C:\WINDOWS\SYSTEM32\OwmQ9t0X.exe Infected: Trojan-Downloader.Win32.VB.em
C:\WINDOWS\SYSTEM32\RZHOdFQc.exe Infected: Trojan.Win32.Agent.az
C:\WINDOWS\SYSTEM32\YjpWR9u0.exe Infected: Trojan-Downloader.Win32.VB.em
C:\WINDOWS\SYSTEM32\Zvcyl.exe Infected: Backdoor.Win32.VB.oq

Scan process completed.


Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:34:53 PM, on 10/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Progress huh? But the Kaspersky log looks nasty.

Tireddad (feeling less tired)

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:42 AM

Posted 19 October 2005 - 06:52 PM

Hi, the good thing is, the malware isn't active, so we just have to delete the leftovers. :thumbsup:

So delete next files and folders:

C:\rdrfasgz.exe
C:\0ef0.exe
C:\fixed.exe
C:\Program Files\Aprps <== folder
C:\Program Files\Common Files\oirk <== folder
C:\tmp.exe
C:\WINDOWS\g.exe
C:\WINDOWS\optimize.exe
C:\WINDOWS\ssk3b5doublemedia.exe
C:\WINDOWS\SYSTEM32\Asp5Wzh.exe
C:\WINDOWS\SYSTEM32\Awdzm.exe
C:\WINDOWS\SYSTEM32\boUEo.exe
C:\WINDOWS\SYSTEM32\Dnkz9.exe
C:\WINDOWS\SYSTEM32\LwiPYK.exe
C:\WINDOWS\SYSTEM32\Lzkoqfy.exe
C:\WINDOWS\SYSTEM32\NspV.exe
C:\WINDOWS\SYSTEM32\OjqN0Y44.exe
C:\WINDOWS\SYSTEM32\OwmQ9t0X.exe
C:\WINDOWS\SYSTEM32\RZHOdFQc.exe
C:\WINDOWS\SYSTEM32\YjpWR9u0.exe
C:\WINDOWS\SYSTEM32\Zvcyl.exe

Then, Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

Let me know afterwards how things are running. :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 tireddad

tireddad
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 20 October 2005 - 08:04 PM

Was not able to find, nor delete, the following:

C:\0ef0.exe
C:\fixed.exe

C:\WINDOWS\SYSTEM32\Asp5Wzh.exe
C:\WINDOWS\SYSTEM32\Awdzm.exe
C:\WINDOWS\SYSTEM32\boUEo.exe
C:\WINDOWS\SYSTEM32\Dnkz9.exe
C:\WINDOWS\SYSTEM32\LwiPYK.exe
C:\WINDOWS\SYSTEM32\Lzkoqfy.exe
C:\WINDOWS\SYSTEM32\NspV.exe
C:\WINDOWS\SYSTEM32\OjqN0Y44.exe
C:\WINDOWS\SYSTEM32\OwmQ9t0X.exe
C:\WINDOWS\SYSTEM32\RZHOdFQc.exe
C:\WINDOWS\SYSTEM32\YjpWR9u0.exe
C:\WINDOWS\SYSTEM32\Zvcyl.exe



ps...I did enable: "Show hidden files"

TD

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:42 AM

Posted 20 October 2005 - 08:22 PM

This is odd.... Kaspersky scan showed them as present though....
Did you also show hidden system files? (see part in bold)

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Can you run a new Kaspersky Scan please?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 tireddad

tireddad
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 20 October 2005 - 08:52 PM

This is odd.... Kaspersky scan showed them as present though....
Did you also show hidden system files? (see part in bold)

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Can you run a new Kaspersky Scan please?



#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:42 AM

Posted 21 October 2005 - 03:36 AM

Hi, you quoted my post instead of posting your message. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 tireddad

tireddad
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 21 October 2005 - 07:42 AM

Hi, you quoted my post instead of posting your message. :thumbsup:



miekiemoes....not sure how that happened...

I had NOT unhidden all the files but was able to last night following your instructions. I delected all the files but didn't have time to run new Kaspersky/HJT scans. I'll do that tonight and repost.

Thank you for your help,

TD

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:42 AM

Posted 21 October 2005 - 07:48 AM

Hello,

Well, it seems like you did find the files after all. :thumbsup:
In that case, if you did find them, no need to run a new Kaspersky scan anymore. I only asked you this to perform again to see if those files were still really present, because you said you couldn't find them. Which you did afterwards. :flowers:

So the choice is yours... You can run and post a new log from Kaspersky if you are still in doubt if everything is gone.
How are things running in general now? Much smoother?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 tireddad

tireddad
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 21 October 2005 - 07:53 AM

I would like to run & post another round of logs. Things ARE running better...far fewer pop ups, I've been able to install Symantec firewall, Task Mgr is working again. But I can't seem to access the "Customize" button on the Tools, Internet Options, Security tab - its greyed out. This is one of our home machines but neither my wife nor I remember setting up the Administrator but I suspect this is the issue. Might the Dell original documentation have the Administrator password?

TD




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users