Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need This Log Analyzed Please..


  • Please log in to reply
8 replies to this topic

#1 wannabeadmin141

wannabeadmin141

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 16 March 2006 - 01:51 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:49:36 PM, on 3/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\OfficeScan NT\NTRtScan.exe
C:\OfficeScan NT\TmListen.exe
C:\WINNT\LDClient\wuser32.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\WINDOWS\TEMP\FPCCD0.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\slk8x2peu.exe
C:\Program Files\Siemens\HiPath ProCenter\tacmain.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\MEDITECH\Workstation4.x\T.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\CwbSvStr.Exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe -boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Inventory Scan.LNK = C:\WINNT\LDClient\LDISCN32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5C639F55-B0C0-4E69-BDB8-49066AEDB442} (Exec2 Class) - http://malden6/remote.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hhs.ad
O17 - HKLM\Software\..\Telephony: DomainName = hhs.ad
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hhs.ad
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = hhs.ad
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\m6julg1916.dll
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: HP Web Jetadmin (HPWebJetadmin) - Unknown owner - C:\Program Files\HP Web Jetadmin\hpwebjetd.exe" -k runservice (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\NTRtScan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\TmListen.exe
O23 - Service: Intel Remote Control Service (Wuser32) - LANDeskŪ Software Ltd. - C:\WINNT\LDClient\wuser32.exe

-----------------------------------------------

what looks wrong here...????

"As it was in the beginning, it will be in the end "

BC AdBot (Login to Remove)

 


#2 wannabeadmin141

wannabeadmin141
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 17 March 2006 - 10:58 AM

Also, Ssk and Zeno are in Msconfig under startup. but they are not checked off. They sound like they shouldn't be there to me..

"As it was in the beginning, it will be in the end "

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:28 PM

Posted 22 March 2006 - 03:15 PM

Lets see a new log and then I will help you.

#4 wannabeadmin141

wannabeadmin141
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 27 March 2006 - 11:46 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:47:23 AM, on 3/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\WINNT\LDClient\wuser32.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\OfficeScan NT\TmListen.exe
C:\OfficeScan NT\NTRtScan.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\OfficeScan NT\pccntmon.exe
C:\WINDOWS\TEMP\IC4EC6.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Siemens\HiPath ProCenter\tacmain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\CwbSvStr.Exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Inventory Scan.LNK = C:\WINNT\LDClient\LDISCN32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5C639F55-B0C0-4E69-BDB8-49066AEDB442} (Exec2 Class) - http://malden6/remote.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hhs.ad
O17 - HKLM\Software\..\Telephony: DomainName = hhs.ad
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hhs.ad
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = hhs.ad
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\mvj4l91q1.dll
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: HP Web Jetadmin (HPWebJetadmin) - Unknown owner - C:\Program Files\HP Web Jetadmin\hpwebjetd.exe" -k runservice (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\NTRtScan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\TmListen.exe
O23 - Service: Intel Remote Control Service (Wuser32) - LANDeskŪ Software Ltd. - C:\WINNT\LDClient\wuser32.exe

"As it was in the beginning, it will be in the end "

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:28 PM

Posted 27 March 2006 - 11:52 AM

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

#6 wannabeadmin141

wannabeadmin141
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 28 March 2006 - 09:32 AM

-will be posting both logs on my lunch break this afternoon.. thanks!

"As it was in the beginning, it will be in the end "

#7 wannabeadmin141

wannabeadmin141
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 28 March 2006 - 01:16 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:16:30 PM, on 3/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\OfficeScan NT\NTRtScan.exe
C:\OfficeScan NT\TmListen.exe
C:\WINNT\LDClient\wuser32.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\TEMP\RG13C0.EXE
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\CwbSvStr.Exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Inventory Scan.LNK = C:\WINNT\LDClient\LDISCN32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5C639F55-B0C0-4E69-BDB8-49066AEDB442} (Exec2 Class) - http://malden6/remote.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hhs.ad
O17 - HKLM\Software\..\Telephony: DomainName = hhs.ad
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hhs.ad
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = hhs.ad
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: HP Web Jetadmin (HPWebJetadmin) - Unknown owner - C:\Program Files\HP Web Jetadmin\hpwebjetd.exe" -k runservice (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\NTRtScan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\TmListen.exe
O23 - Service: Intel Remote Control Service (Wuser32) - LANDeskŪ Software Ltd. - C:\WINNT\LDClient\wuser32.exe

------------------------------------------


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 3/28/2006 1:01:01 PM

Infected! C:\WINDOWS\system32\n44sleh71h4.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP39\A0003132.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP39\A0003139.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP39\A0003162.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP39\A0003169.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP39\A0003200.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP39\A0003235.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP40\A0003283.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP40\A0003284.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP40\A0003289.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP40\A0003296.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP40\A0003331.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP40\A0003333.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP43\A0003473.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP43\A0003476.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP43\A0003522.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP43\A0003523.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP44\A0003576.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP44\A0003578.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP48\A0003689.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP48\A0003697.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP48\A0003723.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP48\A0003730.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP49\A0003780.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP49\A0003781.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP49\A0003782.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP49\A0003783.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP49\A0003803.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003867.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003900.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003908.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003926.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003934.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003953.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003960.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP51\A0004953.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP52\A0005953.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006019.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006020.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006034.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006037.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006105.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006137.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006138.dll
Infected! C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0007146.dll
Infected! C:\WINDOWS\system32\f82m0if1e82.dll
Infected! C:\WINDOWS\system32\k2260cfsef260.dll
Infected! C:\WINDOWS\system32\ktrml7911.dll
Infected! C:\WINDOWS\system32\l6l60g3se6.dll
Infected! C:\WINDOWS\system32\mvj4l91q1.dll
Infected! C:\WINDOWS\system32\n44sleh71h4.dll
Infected! C:\WINDOWS\system32\oqbcint.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\n44sleh71h4.dll
C:\WINDOWS\system32\n44sleh71h4.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP39\A0003132.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP39\A0003132.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP39\A0003139.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP39\A0003139.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP39\A0003162.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP39\A0003162.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP39\A0003169.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP39\A0003169.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP39\A0003200.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP39\A0003200.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP39\A0003235.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP39\A0003235.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP40\A0003283.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP40\A0003283.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP40\A0003284.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP40\A0003284.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP40\A0003289.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP40\A0003289.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP40\A0003296.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP40\A0003296.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP40\A0003331.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP40\A0003331.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP40\A0003333.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP40\A0003333.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP43\A0003473.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP43\A0003473.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP43\A0003476.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP43\A0003476.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP43\A0003522.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP43\A0003522.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP43\A0003523.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP43\A0003523.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP44\A0003576.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP44\A0003576.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP44\A0003578.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP44\A0003578.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP48\A0003689.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP48\A0003689.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP48\A0003697.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP48\A0003697.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP48\A0003723.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP48\A0003723.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP48\A0003730.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP48\A0003730.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP49\A0003780.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP49\A0003780.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP49\A0003781.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP49\A0003781.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP49\A0003782.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP49\A0003782.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP49\A0003783.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP49\A0003783.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP49\A0003803.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP49\A0003803.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003867.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003867.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003900.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003900.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003908.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003908.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003926.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003926.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003934.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003934.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003953.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003953.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003960.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP50\A0003960.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP51\A0004953.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP51\A0004953.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP52\A0005953.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP52\A0005953.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006019.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006019.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006020.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006020.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006034.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006034.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006037.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006037.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006105.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006105.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006137.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006137.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006138.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0006138.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0007146.dll
C:\System Volume Information\_restore{DCEC66DC-4D46-4F68-9139-B600AB7A2A5D}\RP53\A0007146.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\f82m0if1e82.dll
C:\WINDOWS\system32\f82m0if1e82.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k2260cfsef260.dll
C:\WINDOWS\system32\k2260cfsef260.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ktrml7911.dll
C:\WINDOWS\system32\ktrml7911.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l6l60g3se6.dll
C:\WINDOWS\system32\l6l60g3se6.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mvj4l91q1.dll
C:\WINDOWS\system32\mvj4l91q1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\n44sleh71h4.dll
C:\WINDOWS\system32\n44sleh71h4.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\oqbcint.dll
C:\WINDOWS\system32\oqbcint.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SharedDLLs

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BC1BBFBA-5A2F-41A6-A05C-B53D0C26331B}"
HKCR\Clsid\{BC1BBFBA-5A2F-41A6-A05C-B53D0C26331B}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{42F8B96F-8D6D-4E91-9B84-CCFBB1F84493}"
HKCR\Clsid\{42F8B96F-8D6D-4E91-9B84-CCFBB1F84493}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

"As it was in the beginning, it will be in the end "

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:28 PM

Posted 28 March 2006 - 05:13 PM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab

Reboot your computer and post a new log and tell me if your better.

#9 wannabeadmin141

wannabeadmin141
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 29 March 2006 - 11:55 AM

popups have stopped!! much appreciated!! soon enough i'll be doing them on my own!

Logfile of HijackThis v1.99.1
Scan saved at 11:54:24 AM, on 3/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\WINNT\LDClient\wuser32.exe
C:\Program Files\HP Web Jetadmin\hpwebjetd.exe
C:\OfficeScan NT\TmListen.exe
C:\OfficeScan NT\NTRtScan.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\WINDOWS\TEMP\VE676D.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\CwbSvStr.Exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Inventory Scan.LNK = C:\WINNT\LDClient\LDISCN32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5C639F55-B0C0-4E69-BDB8-49066AEDB442} (Exec2 Class) - http://malden6/remote.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hhs.ad
O17 - HKLM\Software\..\Telephony: DomainName = hhs.ad
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hhs.ad
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = hhs.ad
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: HP Web Jetadmin (HPWebJetadmin) - Unknown owner - C:\Program Files\HP Web Jetadmin\hpwebjetd.exe" -k runservice (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\NTRtScan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\TmListen.exe
O23 - Service: Intel Remote Control Service (Wuser32) - LANDeskŪ Software Ltd. - C:\WINNT\LDClient\wuser32.exe

"As it was in the beginning, it will be in the end "




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users