Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

This ish is killing me...Really annoying malware...need help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

This ish is killing me...Really annoying malware...need help

Unread postby MainsourceQB » April 20th, 2005, 1:23 am

My homepage keeps switching to http://www.w-find.com. Three links keep appearing in my favorites after deleting them. Also my windows update does not work, I keep getting Error number: 0x80070424. Please help me. Thanks. :(

Logfile of HijackThis v1.99.1
Scan saved at 12:35:42 AM, on 4/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\drmfctrs.exe
C:\windows\arejcfe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\sdpasvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jhon\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKCU\..\Run: [eApmRRjEU] drmfctrs.exe
O4 - HKCU\..\Run: [culylwq] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [vghgkpy] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [qxnpkhd] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [dneffkw] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [ircxlit] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [nrpwoky] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [bvxehbs] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [icofhmx] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [mayaqtj] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [wwtxtep] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [pfilngr] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [tkejnqd] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [iligjon] c:\windows\hifuskf.exe
O4 - HKCU\..\Run: [phrmeeb] c:\windows\abucsxt.exe
O4 - HKCU\..\Run: [fudmtxc] c:\windows\hifuskf.exe
O4 - HKCU\..\Run: [yucdgyg] c:\windows\abucsxt.exe
O4 - HKCU\..\Run: [nfmkoph] c:\windows\hifuskf.exe
O4 - HKCU\..\Run: [alnbtbv] c:\windows\abucsxt.exe
O4 - HKCU\..\Run: [nagukhh] c:\windows\hifuskf.exe
O4 - HKCU\..\Run: [jpuheyp] c:\windows\abucsxt.exe
O4 - HKCU\..\Run: [joywwcr] c:\windows\wxbbrfe.exe
O4 - HKCU\..\Run: [xkfswye] c:\windows\lkdnpoi.exe
O4 - HKCU\..\Run: [uwhlhvr] c:\windows\nnwlqea.exe
O4 - HKCU\..\Run: [nbxfmfe] c:\windows\vuhdqql.exe
O4 - HKCU\..\Run: [goelbki] c:\windows\wxbbrfe.exe
O4 - HKCU\..\Run: [lmlfpgn] c:\windows\lkdnpoi.exe
O4 - HKCU\..\Run: [snhecia] c:\windows\nnwlqea.exe
O4 - HKCU\..\Run: [ynjnpiv] c:\windows\vuhdqql.exe
O4 - HKCU\..\Run: [jqutffh] c:\windows\wxbbrfe.exe
O4 - HKCU\..\Run: [yjllexl] c:\windows\lkdnpoi.exe
O4 - HKCU\..\Run: [xwptouo] c:\windows\vuhdqql.exe
O4 - HKCU\..\Run: [ypewxtr] c:\windows\wxbbrfe.exe
O4 - HKCU\..\Run: [utlkclx] c:\windows\lkdnpoi.exe
O4 - HKCU\..\Run: [mwokqtq] c:\windows\vuhdqql.exe
O4 - HKCU\..\Run: [yrjpkiq] c:\windows\wxbbrfe.exe
O4 - HKCU\..\Run: [dgbvxoq] c:\windows\lkdnpoi.exe
O4 - HKCU\..\Run: [gujosmq] c:\windows\vuhdqql.exe
O4 - HKCU\..\Run: [cupxgpp] c:\windows\kwxwejh.exe
O4 - HKCU\..\Run: [kdhlnrb] c:\windows\xfppwny.exe
O4 - HKCU\..\Run: [gyptxuv] c:\windows\xfppwny.exe
O4 - HKCU\..\Run: [prbyred] c:\windows\xfppwny.exe
O4 - HKCU\..\Run: [nfwbrtc] c:\windows\xfppwny.exe
O4 - HKCU\..\Run: [yycqodh] c:\windows\xfppwny.exe
O4 - HKCU\..\Run: [gemmatm] c:\windows\xfppwny.exe
O4 - HKCU\..\Run: [flftons] c:\windows\xfppwny.exe
O4 - HKCU\..\Run: [bhifxwy] c:\windows\xfppwny.exe
O4 - HKCU\..\Run: [hjvicrf] c:\windows\xfppwny.exe
O4 - HKCU\..\Run: [ohlhpro] c:\windows\xfppwny.exe
O4 - HKCU\..\Run: [lgkqjsr] c:\windows\mpgfuky.exe
O4 - HKCU\..\Run: [pldsipb] c:\windows\mpgfuky.exe
O4 - HKCU\..\Run: [vojuqet] c:\windows\mpgfuky.exe
O4 - HKCU\..\Run: [fyjmluw] c:\windows\mpgfuky.exe
O4 - HKCU\..\Run: [hcombff] c:\windows\rcedpkf.exe
O4 - HKCU\..\Run: [cpvbkes] c:\windows\liljtib.exe
O4 - HKCU\..\Run: [dljnpta] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [jhhinpj] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [nwchjbm] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [matxgot] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [noxtfhx] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [ygacpnj] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [kepnwms] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [pmfilud] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [qnkcqmf] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [eftvxmp] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [josicpu] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [kfppsjm] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [hasduvp] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [hyioasw] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [pvwjojo] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [ygjduvw] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [vuyyadm] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [bdfhwqf] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [ujpptdc] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [xlxopqq] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [sxjmmqb] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [yfkwnfy] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [hiprcym] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [ytwwpfl] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [qssgiwd] c:\windows\sytwojr.exe
O4 - HKCU\..\Run: [wfubgjb] c:\windows\sytwojr.exe
O4 - HKCU\..\Run: [isoxvjn] c:\windows\sytwojr.exe
O4 - HKCU\..\Run: [taikjqc] c:\windows\sytwojr.exe
O4 - HKCU\..\Run: [jwfphot] c:\windows\wnsirkd.exe
O4 - HKCU\..\Run: [txmypco] c:\windows\wnsirkd.exe
O4 - HKCU\..\Run: [biswilp] c:\windows\wnsirkd.exe
O4 - HKCU\..\Run: [xwhlvbt] c:\windows\spyjawo.exe
O4 - HKCU\..\Run: [srscoqn] c:\windows\spyjawo.exe
O4 - HKCU\..\Run: [crhmium] c:\windows\spyjawo.exe
O4 - HKCU\..\Run: [pfvyort] c:\windows\spyjawo.exe
O4 - HKCU\..\Run: [ecupsop] c:\windows\spyjawo.exe
O4 - HKCU\..\Run: [cfkkshl] c:\windows\spyjawo.exe
O4 - HKCU\..\Run: [fbubcvu] c:\windows\spyjawo.exe
O4 - HKCU\..\Run: [obyjpli] c:\windows\spyjawo.exe
O4 - HKCU\..\Run: [tqgmjbm] c:\windows\dnocwlb.exe
O4 - HKCU\..\Run: [nweiacx] c:\windows\dnocwlb.exe
O4 - HKCU\..\Run: [jgbpqur] c:\windows\dnocwlb.exe
O4 - HKCU\..\Run: [hffxfxa] c:\windows\noocxkm.exe
O4 - HKCU\..\Run: [ppblhqj] c:\windows\noocxkm.exe
O4 - HKCU\..\Run: [talgffe] c:\windows\noocxkm.exe
O4 - HKCU\..\Run: [xqlsbpb] c:\windows\noocxkm.exe
O4 - HKCU\..\Run: [tbdcwug] c:\windows\noocxkm.exe
O4 - HKCU\..\Run: [epsvlnn] c:\windows\noocxkm.exe
O4 - HKCU\..\Run: [jbfodjl] c:\windows\noocxkm.exe
O4 - HKCU\..\Run: [lrsshex] c:\windows\noocxkm.exe
O4 - HKCU\..\Run: [wfmjklo] c:\windows\noocxkm.exe
O4 - HKCU\..\Run: [sxemoxu] c:\windows\noocxkm.exe
O4 - HKCU\..\Run: [ykvpmtj] c:\windows\miycpso.exe
O4 - HKCU\..\Run: [ahxhfnp] c:\windows\miycpso.exe
O4 - HKCU\..\Run: [bbuullm] c:\windows\miycpso.exe
O4 - HKCU\..\Run: [brjtfij] c:\windows\wiqvtri.exe
O4 - HKCU\..\Run: [irgijoi] c:\windows\tdecrnw.exe
O4 - HKCU\..\Run: [lfeqyru] c:\windows\rakfqxf.exe
O4 - HKCU\..\Run: [hujqtld] c:\windows\wiqvtri.exe
O4 - HKCU\..\Run: [tsstvhe] c:\windows\tdecrnw.exe
O4 - HKCU\..\Run: [mrwvjer] c:\windows\rakfqxf.exe
O4 - HKCU\..\Run: [rqvbsad] c:\windows\rakfqxf.exe
O4 - HKCU\..\Run: [dlcbjjv] c:\windows\tdecrnw.exe
O4 - HKCU\..\Run: [otnuibk] c:\windows\tdecrnw.exe
O4 - HKCU\..\Run: [bbwibbj] c:\windows\rakfqxf.exe
O4 - HKCU\..\Run: [wwjgwqo] c:\windows\tdecrnw.exe
O4 - HKCU\..\Run: [dakfftn] c:\windows\rakfqxf.exe
O4 - HKCU\..\Run: [jrpuvms] c:\windows\tdecrnw.exe
O4 - HKCU\..\Run: [xudmisf] c:\windows\rakfqxf.exe
O4 - HKCU\..\Run: [rbnhvbd] c:\windows\tdecrnw.exe
O4 - HKCU\..\Run: [xtshyhu] c:\windows\rakfqxf.exe
O4 - HKCU\..\Run: [nmtgofb] c:\windows\tdecrnw.exe
O4 - HKCU\..\Run: [gqnbjeh] c:\windows\rakfqxf.exe
O4 - HKCU\..\Run: [nlwtcqf] c:\windows\tdecrnw.exe
O4 - HKCU\..\Run: [apyflqi] c:\windows\rakfqxf.exe
O4 - HKCU\..\Run: [jlqkedh] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [mlgejtv] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [cubabfp] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [mwfbgoj] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [emujylf] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [uuuyqdn] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [lmqvjhr] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [dirnink] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [wddhtqu] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [sxpekyv] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [hitlvya] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [lskuhab] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [occbihh] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [gtjgjis] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [ljwafye] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [ixbhdns] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [bjecwiu] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [taxspkl] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [uifdyfw] c:\windows\qnlnkew.exe
O4 - HKCU\..\Run: [cqaldbx] c:\windows\qnlnkew.exe
O4 - HKCU\..\Run: [mlxpawg] c:\windows\qnlnkew.exe
O4 - HKCU\..\Run: [gfwelbw] c:\windows\qnlnkew.exe
O4 - HKCU\..\Run: [lhjdtrg] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [ncxgnyw] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [fumurci] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [xjmshng] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [pqlaaiq] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [yguomdm] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [wpthcid] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [ahkgori] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [vptusvu] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [dnvanav] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [drbnrqp] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [qwtfxhy] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [ivnknlr] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [geltska] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [gjwggng] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [nkrfmup] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [omrupee] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [ikwyogh] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [bloeveh] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [weadtdx] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [ucmfndr] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [umnmint] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [rffnopb] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [jjskbcg] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [knvudiy] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [vcemesj] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [wuvsicu] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [hibilio] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [rrqvgbg] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [stmyjge] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [enwaokc] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [jvgyjim] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [fohyygb] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [vcepxhh] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [mtskssp] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [kksqcie] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [fkpcery] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [ixydtcy] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [awnfjwk] c:\windows\qmayiod.exe
O4 - HKCU\..\Run: [mrerrpj] c:\windows\qmayiod.exe
O4 - HKCU\..\Run: [qhktrwu] c:\windows\qmayiod.exe
O4 - HKCU\..\Run: [twbxifq] c:\windows\qmayiod.exe
O4 - HKCU\..\Run: [cffwwxa] c:\windows\qmayiod.exe
O4 - HKCU\..\Run: [wwvxajg] c:\windows\qmayiod.exe
O4 - HKCU\..\Run: [xlujmsc] c:\windows\kgtfabg.exe
O4 - HKCU\..\Run: [qjvcwfl] c:\windows\kgtfabg.exe
O4 - HKCU\..\Run: [jumpygg] c:\windows\kgtfabg.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {C21A8BE5-4A10-4860-B290-9EBA4012DAD9} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C21A8BE5-4A10-4860-B290-9EBA4012DAD9} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\System32\sdpasvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
User avatar
MainsourceQB
Active Member
 
Posts: 10
Joined: April 20th, 2005, 12:41 am
Advertisement
Register to Remove

Unread postby 'KotaGuy » April 20th, 2005, 2:32 am

Hi MainsourceQB and welcome to Malware Removal.

I'm 'KotaGuy and I will be helping you with your HijackThis log.

Please print my instructions out for reference during the fix.

Download and install CleanUp! Don't run it yet.

Download CWShredder
. Run the program, update it. Press the Fix button.

Download LSPFix. Disconnect from the Internet and close all Internet Explorer Windows. Run LSPFix and check the "I know what I'm doing" Button and place all listings of c:\windows\system32\flsmngr.dll into the remove section by clicking on the button that points to the right. When all instances of this dll are in the Remove section. Press the finish button. Then Reboot.

Make sure no files will be hidden. To do this:

1. Click Start.
2. Open My Computer.
3. Select the Tools menu and click Folder Options.
4. Select the View Tab.
5. Under the Hidden files and folders heading select Show hidden files and folders.
6. Uncheck the Hide protected operating system files (recommended) option.
7. Click Yes to confirm.
8. Click OK.

Hit Ctrl+Alt+Delete to bring up the Task Manager. End Task the following:

drmfctrs.exe
arejcfe.exe


Run and scan with HijackThis. With all other browsers and windows closed, place a check beside the following and Fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKCU\..\Run: [eApmRRjEU] drmfctrs.exe
O4 - HKCU\..\Run: [culylwq] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [vghgkpy] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [qxnpkhd] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [dneffkw] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [ircxlit] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [nrpwoky] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [bvxehbs] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [icofhmx] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [mayaqtj] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [wwtxtep] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [pfilngr] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [tkejnqd] c:\windows\arejcfe.exe
O4 - HKCU\..\Run: [iligjon] c:\windows\hifuskf.exe
O4 - HKCU\..\Run: [phrmeeb] c:\windows\abucsxt.exe
O4 - HKCU\..\Run: [fudmtxc] c:\windows\hifuskf.exe
O4 - HKCU\..\Run: [yucdgyg] c:\windows\abucsxt.exe
O4 - HKCU\..\Run: [nfmkoph] c:\windows\hifuskf.exe
O4 - HKCU\..\Run: [alnbtbv] c:\windows\abucsxt.exe
O4 - HKCU\..\Run: [nagukhh] c:\windows\hifuskf.exe
O4 - HKCU\..\Run: [jpuheyp] c:\windows\abucsxt.exe
O4 - HKCU\..\Run: [joywwcr] c:\windows\wxbbrfe.exe
O4 - HKCU\..\Run: [xkfswye] c:\windows\lkdnpoi.exe
O4 - HKCU\..\Run: [uwhlhvr] c:\windows\nnwlqea.exe
O4 - HKCU\..\Run: [nbxfmfe] c:\windows\vuhdqql.exe
O4 - HKCU\..\Run: [goelbki] c:\windows\wxbbrfe.exe
O4 - HKCU\..\Run: [lmlfpgn] c:\windows\lkdnpoi.exe
O4 - HKCU\..\Run: [snhecia] c:\windows\nnwlqea.exe
O4 - HKCU\..\Run: [ynjnpiv] c:\windows\vuhdqql.exe
O4 - HKCU\..\Run: [jqutffh] c:\windows\wxbbrfe.exe
O4 - HKCU\..\Run: [yjllexl] c:\windows\lkdnpoi.exe
O4 - HKCU\..\Run: [xwptouo] c:\windows\vuhdqql.exe
O4 - HKCU\..\Run: [ypewxtr] c:\windows\wxbbrfe.exe
O4 - HKCU\..\Run: [utlkclx] c:\windows\lkdnpoi.exe
O4 - HKCU\..\Run: [mwokqtq] c:\windows\vuhdqql.exe
O4 - HKCU\..\Run: [yrjpkiq] c:\windows\wxbbrfe.exe
O4 - HKCU\..\Run: [dgbvxoq] c:\windows\lkdnpoi.exe
O4 - HKCU\..\Run: [gujosmq] c:\windows\vuhdqql.exe
O4 - HKCU\..\Run: [cupxgpp] c:\windows\kwxwejh.exe
O4 - HKCU\..\Run: [kdhlnrb] c:\windows\xfppwny.exe
O4 - HKCU\..\Run: [gyptxuv] c:\windows\xfppwny.exe
O4 - HKCU\..\Run: [prbyred] c:\windows\xfppwny.exe
O4 - HKCU\..\Run: [nfwbrtc] c:\windows\xfppwny.exe
O4 - HKCU\..\Run: [yycqodh] c:\windows\xfppwny.exe
O4 - HKCU\..\Run: [gemmatm] c:\windows\xfppwny.exe
O4 - HKCU\..\Run: [flftons] c:\windows\xfppwny.exe
O4 - HKCU\..\Run: [bhifxwy] c:\windows\xfppwny.exe
O4 - HKCU\..\Run: [hjvicrf] c:\windows\xfppwny.exe
O4 - HKCU\..\Run: [ohlhpro] c:\windows\xfppwny.exe
O4 - HKCU\..\Run: [lgkqjsr] c:\windows\mpgfuky.exe
O4 - HKCU\..\Run: [pldsipb] c:\windows\mpgfuky.exe
O4 - HKCU\..\Run: [vojuqet] c:\windows\mpgfuky.exe
O4 - HKCU\..\Run: [fyjmluw] c:\windows\mpgfuky.exe
O4 - HKCU\..\Run: [hcombff] c:\windows\rcedpkf.exe
O4 - HKCU\..\Run: [cpvbkes] c:\windows\liljtib.exe
O4 - HKCU\..\Run: [dljnpta] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [jhhinpj] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [nwchjbm] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [matxgot] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [noxtfhx] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [ygacpnj] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [kepnwms] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [pmfilud] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [qnkcqmf] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [eftvxmp] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [josicpu] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [kfppsjm] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [hasduvp] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [hyioasw] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [pvwjojo] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [ygjduvw] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [vuyyadm] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [bdfhwqf] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [ujpptdc] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [xlxopqq] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [sxjmmqb] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [yfkwnfy] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [hiprcym] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [ytwwpfl] c:\windows\kaqjfwc.exe
O4 - HKCU\..\Run: [qssgiwd] c:\windows\sytwojr.exe
O4 - HKCU\..\Run: [wfubgjb] c:\windows\sytwojr.exe
O4 - HKCU\..\Run: [isoxvjn] c:\windows\sytwojr.exe
O4 - HKCU\..\Run: [taikjqc] c:\windows\sytwojr.exe
O4 - HKCU\..\Run: [jwfphot] c:\windows\wnsirkd.exe
O4 - HKCU\..\Run: [txmypco] c:\windows\wnsirkd.exe
O4 - HKCU\..\Run: [biswilp] c:\windows\wnsirkd.exe
O4 - HKCU\..\Run: [xwhlvbt] c:\windows\spyjawo.exe
O4 - HKCU\..\Run: [srscoqn] c:\windows\spyjawo.exe
O4 - HKCU\..\Run: [crhmium] c:\windows\spyjawo.exe
O4 - HKCU\..\Run: [pfvyort] c:\windows\spyjawo.exe
O4 - HKCU\..\Run: [ecupsop] c:\windows\spyjawo.exe
O4 - HKCU\..\Run: [cfkkshl] c:\windows\spyjawo.exe
O4 - HKCU\..\Run: [fbubcvu] c:\windows\spyjawo.exe
O4 - HKCU\..\Run: [obyjpli] c:\windows\spyjawo.exe
O4 - HKCU\..\Run: [tqgmjbm] c:\windows\dnocwlb.exe
O4 - HKCU\..\Run: [nweiacx] c:\windows\dnocwlb.exe
O4 - HKCU\..\Run: [jgbpqur] c:\windows\dnocwlb.exe
O4 - HKCU\..\Run: [hffxfxa] c:\windows\noocxkm.exe
O4 - HKCU\..\Run: [ppblhqj] c:\windows\noocxkm.exe
O4 - HKCU\..\Run: [talgffe] c:\windows\noocxkm.exe
O4 - HKCU\..\Run: [xqlsbpb] c:\windows\noocxkm.exe
O4 - HKCU\..\Run: [tbdcwug] c:\windows\noocxkm.exe
O4 - HKCU\..\Run: [epsvlnn] c:\windows\noocxkm.exe
O4 - HKCU\..\Run: [jbfodjl] c:\windows\noocxkm.exe
O4 - HKCU\..\Run: [lrsshex] c:\windows\noocxkm.exe
O4 - HKCU\..\Run: [wfmjklo] c:\windows\noocxkm.exe
O4 - HKCU\..\Run: [sxemoxu] c:\windows\noocxkm.exe
O4 - HKCU\..\Run: [ykvpmtj] c:\windows\miycpso.exe
O4 - HKCU\..\Run: [ahxhfnp] c:\windows\miycpso.exe
O4 - HKCU\..\Run: [bbuullm] c:\windows\miycpso.exe
O4 - HKCU\..\Run: [brjtfij] c:\windows\wiqvtri.exe
O4 - HKCU\..\Run: [irgijoi] c:\windows\tdecrnw.exe
O4 - HKCU\..\Run: [lfeqyru] c:\windows\rakfqxf.exe
O4 - HKCU\..\Run: [hujqtld] c:\windows\wiqvtri.exe
O4 - HKCU\..\Run: [tsstvhe] c:\windows\tdecrnw.exe
O4 - HKCU\..\Run: [mrwvjer] c:\windows\rakfqxf.exe
O4 - HKCU\..\Run: [rqvbsad] c:\windows\rakfqxf.exe
O4 - HKCU\..\Run: [dlcbjjv] c:\windows\tdecrnw.exe
O4 - HKCU\..\Run: [otnuibk] c:\windows\tdecrnw.exe
O4 - HKCU\..\Run: [bbwibbj] c:\windows\rakfqxf.exe
O4 - HKCU\..\Run: [wwjgwqo] c:\windows\tdecrnw.exe
O4 - HKCU\..\Run: [dakfftn] c:\windows\rakfqxf.exe
O4 - HKCU\..\Run: [jrpuvms] c:\windows\tdecrnw.exe
O4 - HKCU\..\Run: [xudmisf] c:\windows\rakfqxf.exe
O4 - HKCU\..\Run: [rbnhvbd] c:\windows\tdecrnw.exe
O4 - HKCU\..\Run: [xtshyhu] c:\windows\rakfqxf.exe
O4 - HKCU\..\Run: [nmtgofb] c:\windows\tdecrnw.exe
O4 - HKCU\..\Run: [gqnbjeh] c:\windows\rakfqxf.exe
O4 - HKCU\..\Run: [nlwtcqf] c:\windows\tdecrnw.exe
O4 - HKCU\..\Run: [apyflqi] c:\windows\rakfqxf.exe
O4 - HKCU\..\Run: [jlqkedh] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [mlgejtv] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [cubabfp] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [mwfbgoj] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [emujylf] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [uuuyqdn] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [lmqvjhr] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [dirnink] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [wddhtqu] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [sxpekyv] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [hitlvya] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [lskuhab] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [occbihh] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [gtjgjis] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [ljwafye] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [ixbhdns] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [bjecwiu] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [taxspkl] c:\windows\dsfvlxa.exe
O4 - HKCU\..\Run: [uifdyfw] c:\windows\qnlnkew.exe
O4 - HKCU\..\Run: [cqaldbx] c:\windows\qnlnkew.exe
O4 - HKCU\..\Run: [mlxpawg] c:\windows\qnlnkew.exe
O4 - HKCU\..\Run: [gfwelbw] c:\windows\qnlnkew.exe
O4 - HKCU\..\Run: [lhjdtrg] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [ncxgnyw] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [fumurci] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [xjmshng] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [pqlaaiq] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [yguomdm] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [wpthcid] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [ahkgori] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [vptusvu] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [dnvanav] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [drbnrqp] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [qwtfxhy] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [ivnknlr] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [geltska] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [gjwggng] c:\windows\ywbbvdc.exe
O4 - HKCU\..\Run: [nkrfmup] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [omrupee] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [ikwyogh] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [bloeveh] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [weadtdx] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [ucmfndr] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [umnmint] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [rffnopb] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [jjskbcg] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [knvudiy] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [vcemesj] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [wuvsicu] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [hibilio] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [rrqvgbg] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [stmyjge] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [enwaokc] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [jvgyjim] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [fohyygb] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [vcepxhh] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [mtskssp] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [kksqcie] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [fkpcery] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [ixydtcy] c:\windows\mtyrpma.exe
O4 - HKCU\..\Run: [awnfjwk] c:\windows\qmayiod.exe
O4 - HKCU\..\Run: [mrerrpj] c:\windows\qmayiod.exe
O4 - HKCU\..\Run: [qhktrwu] c:\windows\qmayiod.exe
O4 - HKCU\..\Run: [twbxifq] c:\windows\qmayiod.exe
O4 - HKCU\..\Run: [cffwwxa] c:\windows\qmayiod.exe
O4 - HKCU\..\Run: [wwvxajg] c:\windows\qmayiod.exe
O4 - HKCU\..\Run: [xlujmsc] c:\windows\kgtfabg.exe
O4 - HKCU\..\Run: [qjvcwfl] c:\windows\kgtfabg.exe
O4 - HKCU\..\Run: [jumpygg] c:\windows\kgtfabg.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML


Boot into Safe Mode. To do this:

1. Reboot your computer.
2. Tap the F8 button as your computer is booting to bring you to the Advanced Options Menu.
3. Select Safe Mode and press Enter.

Go to Add/Remove Programs. Uninstall Viewpoint.

Search for and delete this folder:

C:\Program Files\Viewpoint

Search for and delete these files:

C:\WINDOWS\system32\drmfctrs.exe
C:\windows\arejcfe.exe
C:\windows\hifuskf.exe
C:\windows\abucsxt.exe
C:\windows\wxbbrfe.exe
C:\windows\lkdnpoi.exe
C:\windows\nnwlqea.exe
C:\windows\vuhdqql.exe
C:\windows\kwxwejh.exe
C:\windows\xfppwny.exe
C:\windows\mpgfuky.exe
C:\windows\rcedpkf.exe
C:\windows\liljtib.exe
C:\windows\kaqjfwc.exe
C:\windows\sytwojr.exe
C:\windows\wnsirkd.exe
C:\windows\spyjawo.exe
C:\windows\dnocwlb.exe
C:\windows\noocxkm.exe
C:\windows\miycpso.exe
C:\windows\tdecrnw.exe
C:\windows\rakfqxf.exe
C:\windows\wiqvtri.exe
C:\windows\dsfvlxa.exe
C:\windows\qnlnkew.exe
C:\windows\ywbbvdc.exe
C:\windows\mtyrpma.exe
C:\windows\qmayiod.exe
C:\windows\kgtfabg.exe
PowerReg Scheduler.exe

Browse to your C:\Windows\Prefetch folder. Delete all the files in the folder, do not delete the folder itself. Run CleanUp!

Empty your Recycle Bin.

Reboot Windows normally and post a new HijackThis log please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

problem persists

Unread postby MainsourceQB » April 20th, 2005, 4:37 pm

Thanks for the quick response. I cleaned out everything you told me to. My homepage is still changing to w-find.com

Logfile of HijackThis v1.99.1
Scan saved at 4:33:15 PM, on 4/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\sdpasvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\windows\muoohqq.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [jwehigu] c:\windows\xbmskkq.exe
O4 - HKCU\..\Run: [luflqim] c:\windows\xbmskkq.exe
O4 - HKCU\..\Run: [ghnpkus] c:\windows\xbmskkq.exe
O4 - HKCU\..\Run: [ytgycam] c:\windows\xbmskkq.exe
O4 - HKCU\..\Run: [cvqdphc] c:\windows\xbmskkq.exe
O4 - HKCU\..\Run: [ntxqjeo] c:\windows\xbmskkq.exe
O4 - HKCU\..\Run: [ygkciow] c:\windows\xbmskkq.exe
O4 - HKCU\..\Run: [xnyqjia] c:\windows\xbmskkq.exe
O4 - HKCU\..\Run: [eldweff] c:\windows\imvepln.exe
O4 - HKCU\..\Run: [hdtcfkq] c:\windows\imvepln.exe
O4 - HKCU\..\Run: [lpjhyny] c:\windows\imvepln.exe
O4 - HKCU\..\Run: [bpcpwwm] c:\windows\imvepln.exe
O4 - HKCU\..\Run: [uhyypdy] c:\windows\imvepln.exe
O4 - HKCU\..\Run: [jjhgmdr] c:\windows\imvepln.exe
O4 - HKCU\..\Run: [oywmsmf] c:\windows\imvepln.exe
O4 - HKCU\..\Run: [wtywjcn] c:\windows\imvepln.exe
O4 - HKCU\..\Run: [nqhfasv] c:\windows\muoohqq.exe
O4 - HKCU\..\Run: [gmsnbir] c:\windows\muoohqq.exe
O4 - HKCU\..\Run: [untfhap] c:\windows\muoohqq.exe
O4 - HKCU\..\Run: [qhsolth] c:\windows\hinmwdc.exe
O4 - HKCU\..\Run: [mnkaeob] c:\windows\hinmwdc.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {C21A8BE5-4A10-4860-B290-9EBA4012DAD9} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C21A8BE5-4A10-4860-B290-9EBA4012DAD9} - (no file) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3975666981
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\System32\sdpasvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
User avatar
MainsourceQB
Active Member
 
Posts: 10
Joined: April 20th, 2005, 12:41 am

Unread postby 'KotaGuy » April 20th, 2005, 4:59 pm

Thanks for posting the new log. Looks better! Didn't expect it to die easily... it will die though :twisted:

Hit Ctrl+Alt+Delete to bring up the Task Manager. End Task muoohqq.exe

Run and scan with HijackThis. With all other browsers and windows closed, place a check beside the following and

Fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O4 - HKCU\..\Run: [jwehigu] c:\windows\xbmskkq.exe
O4 - HKCU\..\Run: [luflqim] c:\windows\xbmskkq.exe
O4 - HKCU\..\Run: [ghnpkus] c:\windows\xbmskkq.exe
O4 - HKCU\..\Run: [ytgycam] c:\windows\xbmskkq.exe
O4 - HKCU\..\Run: [cvqdphc] c:\windows\xbmskkq.exe
O4 - HKCU\..\Run: [ntxqjeo] c:\windows\xbmskkq.exe
O4 - HKCU\..\Run: [ygkciow] c:\windows\xbmskkq.exe
O4 - HKCU\..\Run: [xnyqjia] c:\windows\xbmskkq.exe
O4 - HKCU\..\Run: [eldweff] c:\windows\imvepln.exe
O4 - HKCU\..\Run: [hdtcfkq] c:\windows\imvepln.exe
O4 - HKCU\..\Run: [lpjhyny] c:\windows\imvepln.exe
O4 - HKCU\..\Run: [bpcpwwm] c:\windows\imvepln.exe
O4 - HKCU\..\Run: [uhyypdy] c:\windows\imvepln.exe
O4 - HKCU\..\Run: [jjhgmdr] c:\windows\imvepln.exe
O4 - HKCU\..\Run: [oywmsmf] c:\windows\imvepln.exe
O4 - HKCU\..\Run: [wtywjcn] c:\windows\imvepln.exe
O4 - HKCU\..\Run: [nqhfasv] c:\windows\muoohqq.exe
O4 - HKCU\..\Run: [gmsnbir] c:\windows\muoohqq.exe
O4 - HKCU\..\Run: [untfhap] c:\windows\muoohqq.exe
O4 - HKCU\..\Run: [qhsolth] c:\windows\hinmwdc.exe
O4 - HKCU\..\Run: [mnkaeob] c:\windows\hinmwdc.exe


Boot to Safe Mode. Search for and delete these files:

C:\windows\xbmskkq.exe
C:\windows\imvepln.exe
C:\windows\muoohqq.exe
C:\windows\hinmwdc.exe

As before, empty the C:\WINDOWS\Prefetch folder, run CleanUp!, and empty your Recycle Bin.

Reboot Windows normally and post a new HijackThis log.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby MainsourceQB » April 20th, 2005, 11:59 pm

Thanks man. Everything seems good. Wheres the donation link?


Logfile of HijackThis v1.99.1
Scan saved at 11:54:13 PM, on 4/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\sdpasvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nawccxj] c:\windows\xxsdnnl.exe
O4 - HKCU\..\Run: [tqvptxo] c:\windows\xxsdnnl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {C21A8BE5-4A10-4860-B290-9EBA4012DAD9} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C21A8BE5-4A10-4860-B290-9EBA4012DAD9} - (no file) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3975666981
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\System32\sdpasvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
User avatar
MainsourceQB
Active Member
 
Posts: 10
Joined: April 20th, 2005, 12:41 am

Unread postby 'KotaGuy » April 21st, 2005, 12:23 am

Thanks for posting the new log. You've done good!

Just a couple more entries to get rid of.

Run and scan with HijackThis. With all other browsers and windows closed, place a check beside the following and Fix:

O4 - HKCU\..\Run: [nawccxj] c:\windows\xxsdnnl.exe
O4 - HKCU\..\Run: [tqvptxo] c:\windows\xxsdnnl.exe


Boot into Safe Mode.

Search for and delete this file:

c:\windows\xxsdnnl.exe

Again, empty the Prefetch folder, the Recycle Bin, and run CleanUp!

Boot Windows normally and post a new HijackThis log.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby MainsourceQB » April 21st, 2005, 1:27 am

LOL. Just got excited. Thanks again.

Logfile of HijackThis v1.99.1
Scan saved at 1:24:42 AM, on 4/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\sdpasvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {C21A8BE5-4A10-4860-B290-9EBA4012DAD9} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C21A8BE5-4A10-4860-B290-9EBA4012DAD9} - (no file) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3975666981
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\System32\sdpasvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
User avatar
MainsourceQB
Active Member
 
Posts: 10
Joined: April 20th, 2005, 12:41 am

Unread postby 'KotaGuy » April 21st, 2005, 1:46 am

Good work! Your log is CLEAN!

How is your computer behaving? Showing any of the previous symptoms?
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby MainsourceQB » April 22nd, 2005, 8:38 pm

Its working really great just like new. Thanx a million for your help. :D
User avatar
MainsourceQB
Active Member
 
Posts: 10
Joined: April 20th, 2005, 12:41 am

Unread postby 'KotaGuy » April 22nd, 2005, 11:56 pm

Good to hear!

To clean up any remnants that may be around I recommend you do scans at Panda ActiveScan, TrendMicro HouseCall, or eTrust AntiVirus WebScanner. Also do an online Trojan scan from Windows Security. Let them fix anything they find, rebooting your computer between each scan.

Next, download and install Ad-Aware
and Spybot S&D. Visit this page for proper configuration. Run and scan with both, letting them fix whatever they find. Remember to reboot between each scan.

And now that it is clean, its a good time to reset your System Restore point. This will ensure a clean backup to fall upon if you ever need it. To do this:

1. Right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Check the "Turn off System Restore" or "Turn off System Restore on all drives"

Reboot your computer, follow the steps above, this time unchecking the "Turn off System Restore" and reboot.

I recommend downloading and installing SpywareBlaster, SpywareGuard, and IE-SPYAD as well. You can get them from the links in my sig. The programs are free and can be updated... so please do so. Installing these will go a long way in preventing reinfection.

If you don't have one, I recommend installing a Firewall. I'm sure you've heard of ZoneAlarm
.

Check out the links in my sig named How'd I get Infected and Understanding Spyware as well, some good information for you :)

Other than that, remember to update Windows frequently, update your protection programs, scan often and...

Surf Safe!
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby ChrisRLG » April 26th, 2005, 8:36 am

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 395 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware