Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT...need help


  • Please log in to reply
1 reply to this topic

#1 g118

g118

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 10 January 2005 - 10:20 PM

I have run Norton 05, spyot search, ad-adware 6.0, cwshredder and now HiJackThis. My log reads:

Logfile of HijackThis v1.99.0
Scan saved at 10:14:42 PM, on 1/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SM1BG.EXE
C:\documents and settings\ge\local settings\temp\nN.exe
C:\documents and settings\ge\local settings\temp\gdiTW0Ct0.exe
C:\documents and settings\ge\local settings\temp\IWc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\dpscz1.exe
C:\WINDOWS\System32\??rss.exe
C:\Documents and Settings\GE\Application Data\rrup.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Documents and Settings\GE\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1AB88D3C-15D0-0A7E-FD7E-1C943AEA8AE3} - C:\WINDOWS\System32\nqgtqk.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\GE\Local Settings\Temp\lW.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [C8BAF7E5] C:\WINDOWS\System32\lirxhnarhmpbzd.exe
O4 - HKLM\..\Run: [A.exe] C:\documents and settings\ge\local settings\temp\A.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [ardsc] C:\WINDOWS\System32\ardsc.exe
O4 - HKLM\..\Run: [avaj] C:\WINDOWS\System32\avaj.exe
O4 - HKLM\..\Run: [btstatn] C:\WINDOWS\System32\btstatn.exe
O4 - HKLM\..\Run: [ccessa] C:\WINDOWS\System32\ccessa.exe
O4 - HKLM\..\Run: [ciseqm] C:\WINDOWS\System32\ciseqm.exe
O4 - HKLM\..\Run: [DT2FW95M] C:\WINDOWS\System32\DT2FW95M.exe
O4 - HKLM\..\Run: [elph] C:\WINDOWS\System32\elph.exe
O4 - HKLM\..\Run: [esetr] C:\WINDOWS\System32\esetr.exe
O4 - HKLM\..\Run: [eskmond] C:\WINDOWS\System32\eskmond.exe
O4 - HKLM\..\Run: [fcfiless] C:\WINDOWS\System32\fcfiless.exe
O4 - HKLM\..\Run: [ispexd] C:\WINDOWS\System32\ispexd.exe
O4 - HKLM\..\Run: [mdmlogw] C:\WINDOWS\System32\mdmlogw.exe
O4 - HKLM\..\Run: [ogoffl] C:\WINDOWS\System32\ogoffl.exe
O4 - HKLM\..\Run: [prapim] C:\WINDOWS\System32\prapim.exe
O4 - HKLM\..\Run: [prtprioi] C:\WINDOWS\System32\prtprioi.exe
O4 - HKLM\..\Run: [sent97e] C:\WINDOWS\System32\sent97e.exe
O4 - HKLM\..\Run: [sls2m] C:\WINDOWS\System32\sls2m.exe
O4 - HKLM\..\Run: [sswchxm] C:\WINDOWS\System32\sswchxm.exe
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [amocxc] C:\WINDOWS\System32\amocxc.exe
O4 - HKLM\..\Run: [bdheptk] C:\WINDOWS\System32\bdheptk.exe
O4 - HKLM\..\Run: [cm32i] C:\WINDOWS\System32\cm32i.exe
O4 - HKLM\..\Run: [erfcip] C:\WINDOWS\System32\erfcip.exe
O4 - HKLM\..\Run: [etupS] C:\WINDOWS\System32\etupS.exe
O4 - HKLM\..\Run: [imemh] C:\WINDOWS\System32\imemh.exe
O4 - HKLM\..\Run: [lhtmln] C:\WINDOWS\System32\lhtmln.exe
O4 - HKLM\..\Run: [mpnsw] C:\WINDOWS\System32\mpnsw.exe
O4 - HKLM\..\Run: [nmpsnaps] C:\WINDOWS\System32\nmpsnaps.exe
O4 - HKLM\..\Run: [phlpapii] C:\WINDOWS\System32\phlpapii.exe
O4 - HKLM\..\Run: [pmodemxd] C:\WINDOWS\System32\pmodemxd.exe
O4 - HKLM\..\Run: [S3CmdI] C:\WINDOWS\System32\S3CmdI.exe
O4 - HKLM\..\Run: [sportsm] C:\WINDOWS\System32\sportsm.exe
O4 - HKLM\..\Run: [svpcntsr] C:\WINDOWS\System32\svpcntsr.exe
O4 - HKLM\..\Run: [uaucplw] C:\WINDOWS\System32\uaucplw.exe
O4 - HKLM\..\Run: [vrsfin] C:\WINDOWS\System32\vrsfin.exe
O4 - HKLM\..\Run: [vsvc32n] C:\WINDOWS\System32\vsvc32n.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [ctivedsa] C:\WINDOWS\System32\ctivedsa.exe
O4 - HKLM\..\Run: [langm] C:\WINDOWS\System32\langm.exe
O4 - HKLM\..\Run: [nN.exe] C:\documents and settings\ge\local settings\temp\nN.exe
O4 - HKLM\..\Run: [p37V3mS] offrv.exe
O4 - HKLM\..\Run: [SUITEP] C:\WINDOWS\System32\SUITEP.exe
O4 - HKLM\..\Run: [timons] C:\WINDOWS\System32\timons.exe
O4 - HKLM\..\Run: [gdiTW0Ct0.exe] C:\documents and settings\ge\local settings\temp\gdiTW0Ct0.exe
O4 - HKLM\..\Run: [IWc.exe] C:\documents and settings\ge\local settings\temp\IWc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [Y0o9Rge9j] dpscz1.exe
O4 - HKCU\..\Run: [Hmn] C:\WINDOWS\System32\??rss.exe
O4 - HKCU\..\Run: [Osus] C:\Documents and Settings\GE\Application Data\rrup.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {01118D00-3E00-11D2-8470-0060089874ED} - http://support.fastaccess.com/sdccommon/download/tgctlpw.cab
O16 - DPF: {0DD4833D-DFFA-11D3-94D7-0050DAC353B6} (DndCtrl Class) - http://www.ofoto.com/OfotoDND.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwia.ops.placeware.com/etc/place/...quicksilver.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.com/client/setup.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://144.75.185.75/activex/AxisCamControl.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Please advise...thank you. FYI, I am not a computer wizard....detailed explanations help.

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:47 PM

Posted 11 January 2005 - 11:06 PM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {1AB88D3C-15D0-0A7E-FD7E-1C943AEA8AE3} - C:\WINDOWS\System32\nqgtqk.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\GE\Local Settings\Temp\lW.dll
O4 - HKLM\..\Run: [C8BAF7E5] C:\WINDOWS\System32\lirxhnarhmpbzd.exe
O4 - HKLM\..\Run: [A.exe] C:\documents and settings\ge\local settings\temp\A.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [ardsc] C:\WINDOWS\System32\ardsc.exe
O4 - HKLM\..\Run: [avaj] C:\WINDOWS\System32\avaj.exe
O4 - HKLM\..\Run: [btstatn] C:\WINDOWS\System32\btstatn.exe
O4 - HKLM\..\Run: [ccessa] C:\WINDOWS\System32\ccessa.exe
O4 - HKLM\..\Run: [ciseqm] C:\WINDOWS\System32\ciseqm.exe
O4 - HKLM\..\Run: [DT2FW95M] C:\WINDOWS\System32\DT2FW95M.exe
O4 - HKLM\..\Run: [elph] C:\WINDOWS\System32\elph.exe
O4 - HKLM\..\Run: [esetr] C:\WINDOWS\System32\esetr.exe
O4 - HKLM\..\Run: [eskmond] C:\WINDOWS\System32\eskmond.exe
O4 - HKLM\..\Run: [fcfiless] C:\WINDOWS\System32\fcfiless.exe
O4 - HKLM\..\Run: [ispexd] C:\WINDOWS\System32\ispexd.exe
O4 - HKLM\..\Run: [mdmlogw] C:\WINDOWS\System32\mdmlogw.exe
O4 - HKLM\..\Run: [ogoffl] C:\WINDOWS\System32\ogoffl.exe
O4 - HKLM\..\Run: [prapim] C:\WINDOWS\System32\prapim.exe
O4 - HKLM\..\Run: [prtprioi] C:\WINDOWS\System32\prtprioi.exe
O4 - HKLM\..\Run: [sent97e] C:\WINDOWS\System32\sent97e.exe
O4 - HKLM\..\Run: [sls2m] C:\WINDOWS\System32\sls2m.exe
O4 - HKLM\..\Run: [sswchxm] C:\WINDOWS\System32\sswchxm.exe
O4 - HKLM\..\Run: [amocxc] C:\WINDOWS\System32\amocxc.exe
O4 - HKLM\..\Run: [bdheptk] C:\WINDOWS\System32\bdheptk.exe
O4 - HKLM\..\Run: [cm32i] C:\WINDOWS\System32\cm32i.exe
O4 - HKLM\..\Run: [erfcip] C:\WINDOWS\System32\erfcip.exe
O4 - HKLM\..\Run: [etupS] C:\WINDOWS\System32\etupS.exe
O4 - HKLM\..\Run: [imemh] C:\WINDOWS\System32\imemh.exe
O4 - HKLM\..\Run: [lhtmln] C:\WINDOWS\System32\lhtmln.exe
O4 - HKLM\..\Run: [mpnsw] C:\WINDOWS\System32\mpnsw.exe
O4 - HKLM\..\Run: [nmpsnaps] C:\WINDOWS\System32\nmpsnaps.exe
O4 - HKLM\..\Run: [phlpapii] C:\WINDOWS\System32\phlpapii.exe
O4 - HKLM\..\Run: [pmodemxd] C:\WINDOWS\System32\pmodemxd.exe
O4 - HKLM\..\Run: [S3CmdI] C:\WINDOWS\System32\S3CmdI.exe
O4 - HKLM\..\Run: [sportsm] C:\WINDOWS\System32\sportsm.exe
O4 - HKLM\..\Run: [svpcntsr] C:\WINDOWS\System32\svpcntsr.exe
O4 - HKLM\..\Run: [uaucplw] C:\WINDOWS\System32\uaucplw.exe
O4 - HKLM\..\Run: [vrsfin] C:\WINDOWS\System32\vrsfin.exe
O4 - HKLM\..\Run: [vsvc32n] C:\WINDOWS\System32\vsvc32n.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [ctivedsa] C:\WINDOWS\System32\ctivedsa.exe
O4 - HKLM\..\Run: [langm] C:\WINDOWS\System32\langm.exe
O4 - HKLM\..\Run: [nN.exe] C:\documents and settings\ge\local settings\temp\nN.exe
O4 - HKLM\..\Run: [p37V3mS] offrv.exe
O4 - HKLM\..\Run: [SUITEP] C:\WINDOWS\System32\SUITEP.exe
O4 - HKLM\..\Run: [timons] C:\WINDOWS\System32\timons.exe
O4 - HKLM\..\Run: [gdiTW0Ct0.exe] C:\documents and settings\ge\local settings\temp\gdiTW0Ct0.exe
O4 - HKLM\..\Run: [IWc.exe] C:\documents and settings\ge\local settings\temp\IWc.exe
O4 - HKCU\..\Run: [Y0o9Rge9j] dpscz1.exe
O4 - HKCU\..\Run: [Hmn] C:\WINDOWS\System32\??rss.exe
O4 - HKCU\..\Run: [Osus] C:\Documents and Settings\GE\Application Data\rrup.exe
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\System32\nqgtqk.dll
C:\Documents and Settings\GE\Local Settings\Temp\lW.dll
C:\WINDOWS\System32\lirxhnarhmpbzd.exe
C:\documents and settings\ge\local settings\temp\A.exe
C:\WINDOWS\System32\dp-him.exe
C:\WINDOWS\System32\ardsc.exe
C:\WINDOWS\System32\avaj.exe
C:\WINDOWS\System32\btstatn.exe
C:\WINDOWS\System32\ccessa.exe
C:\WINDOWS\System32\ciseqm.exe
C:\WINDOWS\System32\DT2FW95M.exe
C:\WINDOWS\System32\elph.exe
C:\WINDOWS\System32\esetr.exe
C:\WINDOWS\System32\eskmond.exe
C:\WINDOWS\System32\fcfiless.exe
C:\WINDOWS\System32\ispexd.exe
C:\WINDOWS\System32\mdmlogw.exe
C:\WINDOWS\System32\ogoffl.exe
C:\WINDOWS\System32\prapim.exe
C:\WINDOWS\System32\prtprioi.exe
C:\WINDOWS\System32\sent97e.exe
C:\WINDOWS\System32\sls2m.exe
C:\WINDOWS\System32\sswchxm.exe
C:\WINDOWS\System32\amocxc.exe
C:\WINDOWS\System32\bdheptk.exe
C:\WINDOWS\System32\cm32i.exe
C:\WINDOWS\System32\erfcip.exe
C:\WINDOWS\System32\etupS.exe
C:\WINDOWS\System32\imemh.exe
C:\WINDOWS\System32\lhtmln.exe
C:\WINDOWS\System32\mpnsw.exe
C:\WINDOWS\System32\nmpsnaps.exe
C:\WINDOWS\System32\phlpapii.exe
C:\WINDOWS\System32\pmodemxd.exe
C:\WINDOWS\System32\S3CmdI.exe
C:\WINDOWS\System32\sportsm.exe
C:\WINDOWS\System32\svpcntsr.exe
C:\WINDOWS\System32\uaucplw.exe
C:\WINDOWS\System32\vrsfin.exe
C:\WINDOWS\System32\vsvc32n.exe
C:\Program Files\AutoUpdate\
C:\WINDOWS\System32\IEHost.exe
C:\WINDOWS\System32\ctivedsa.exe
C:\WINDOWS\System32\langm.exe
C:\documents and settings\ge\local settings\temp\nN.exe
C:\WINDOWS\System32\offrv.exe
C:\WINDOWS\System32\SUITEP.exe
C:\WINDOWS\System32\timons.exe
C:\documents and settings\ge\local settings\temp\gdiTW0Ct0.exe
C:\documents and settings\ge\local settings\temp\IWc.exe
c:\windows\system32\dpscz1.exe
C:\Documents and Settings\GE\Application Data\rrup.exe

Reboot your computer to go back to normal mode and post a new log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users