MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: desktop overtaken, horseserver also? help- HJT log
August 20, 2019, 09:18:26 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
August 20, 2019, 09:18:26 PM

Login with username, password and session length
 
News
New  New Poll on our main page!
"My experience with Vista..."
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: desktop overtaken, horseserver also? help- HJT log  (Read 8382 times)
thatnugget
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 6


Bookmark and Share

View Profile
« on: March 25, 2005, 11:46:13 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:




Sudden;y my computer has changed my desktop to remove all my icons and read "DANGER: SPYWARE" with an ad for some supposed spyware removal program called smart security. Also, it has been kind enough to give me a life supply of random popup ads.

All the required tools have been run: adaware, spybot, a2, virus, cwshredder, and now hijack this

heres the log:



Logfile of HijackThis v1.99.1
Scan saved at 5:43:28 PM, on 3/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\Shi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\open32.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\atds.exe
C:\WINDOWS\System32\w?nspool.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.254.100:8081
O2 - BHO: (no name) - {8D225D6C-B5F0-9D50-AD2E-BAC9DBC23DB4} - C:\WINDOWS\System32\wza.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Erk] C:\WINDOWS\System32\Shi.exe
O4 - HKLM\..\Run: [Acm] C:\WINDOWS\System32\Ekc.exe
O4 - HKLM\..\Run: [nsvcin] C:\WINDOWS\system32\n20050308.exe
O4 - HKLM\..\Run: [Hhg] C:\WINDOWS\Sve.exe
O4 - HKLM\..\Run: [Lqb] C:\WINDOWS\System32\Fav.exe
O4 - HKLM\..\Run: [Ovn] C:\WINDOWS\System32\Clo.exe
O4 - HKLM\..\Run: [Prd] C:\WINDOWS\System32\Ceb.exe
O4 - HKLM\..\Run: [Qmb] C:\WINDOWS\Ohq.exe
O4 - HKLM\..\Run: [Qjn] C:\WINDOWS\System32\Ogv.exe
O4 - HKLM\..\Run: [Ptb] C:\WINDOWS\System32\Stj.exe
O4 - HKLM\..\Run: [Sld] C:\WINDOWS\Ufn.exe
O4 - HKLM\..\Run: [Kcd] C:\WINDOWS\Cia.exe
O4 - HKLM\..\Run: [Fhk] C:\WINDOWS\Bnd.exe
O4 - HKLM\..\Run: [Shr] C:\WINDOWS\Qvg.exe
O4 - HKLM\..\Run: [Fpd] C:\WINDOWS\Ggo.exe
O4 - HKLM\..\Run: [Ill] C:\WINDOWS\Quu.exe
O4 - HKLM\..\Run: [Kdo] C:\WINDOWS\System32\Jvr.exe
O4 - HKLM\..\Run: [Qcc] C:\WINDOWS\System32\Rpl.exe
O4 - HKLM\..\Run: [Lgq] C:\WINDOWS\Qhd.exe
O4 - HKLM\..\Run: [Cbc] C:\WINDOWS\Tsg.exe
O4 - HKLM\..\Run: [Fas] C:\WINDOWS\Siv.exe
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [Tjm] C:\WINDOWS\Sdt.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Erk] C:\WINDOWS\System32\Shi.exe
O4 - HKCU\..\Run: [Acm] C:\WINDOWS\System32\Ekc.exe
O4 - HKCU\..\Run: [Hhg] C:\WINDOWS\Sve.exe
O4 - HKCU\..\Run: [Lqb] C:\WINDOWS\System32\Fav.exe
O4 - HKCU\..\Run: [Ubch] C:\WINDOWS\System32\atds.exe
O4 - HKCU\..\Run: [Iz56RRHsW] nv4tdfmt.exe
O4 - HKCU\..\Run: [Rrbjjo] C:\WINDOWS\System32\w?nspool.exe
O4 - HKCU\..\Run: [Ovn] C:\WINDOWS\System32\Clo.exe
O4 - HKCU\..\Run: [Prd] C:\WINDOWS\System32\Ceb.exe
O4 - HKCU\..\Run: [Qmb] C:\WINDOWS\Ohq.exe
O4 - HKCU\..\Run: [Qjn] C:\WINDOWS\System32\Ogv.exe
O4 - HKCU\..\Run: [Ptb] C:\WINDOWS\System32\Stj.exe
O4 - HKCU\..\Run: [Sld] C:\WINDOWS\Ufn.exe
O4 - HKCU\..\Run: [Kcd] C:\WINDOWS\Cia.exe
O4 - HKCU\..\Run: [Fhk] C:\WINDOWS\Bnd.exe
O4 - HKCU\..\Run: [Shr] C:\WINDOWS\Qvg.exe
O4 - HKCU\..\Run: [Fpd] C:\WINDOWS\Ggo.exe
O4 - HKCU\..\Run: [Ill] C:\WINDOWS\Quu.exe
O4 - HKCU\..\Run: [Kdo] C:\WINDOWS\System32\Jvr.exe
O4 - HKCU\..\Run: [Qcc] C:\WINDOWS\System32\Rpl.exe
O4 - HKCU\..\Run: [Lgq] C:\WINDOWS\Qhd.exe
O4 - HKCU\..\Run: [Cbc] C:\WINDOWS\Tsg.exe
O4 - HKCU\..\Run: [Fas] C:\WINDOWS\Siv.exe
O4 - HKCU\..\Run: [Tjm] C:\WINDOWS\Sdt.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ultra Hal Text-to-Speech Reader Startup.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.horse-active.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.horse-active.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 64.62.171.156
O15 - Trusted IP range: 64.62.171.156 (HKLM)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/popcaploader_v6.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


thanks
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: March 26, 2005, 02:25:33 AM »

Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed. Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes
.These instructions are for HJT v1.99.1 only


Download any of the required programs before attempting to start any of the fixes.


Turn off System Restore instructions (WinXP)
Rightclick My Computer | Properties | System Restore | check
« Last Edit: March 26, 2005, 02:34:26 AM by Pancake » Logged

An Australian Member of

EDDY
thatnugget
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 6


Bookmark and Share

View Profile
« Reply #2 on: March 26, 2005, 04:18:30 AM »

yea, this is a problem, it refuses to respond when i right click 'my computer' and select properties nothing happens, same thing applies if i try and do it in explorer with the file--->properties way

so i cant turn off system restore - help please?
Logged

 
thatnugget
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 6


Bookmark and Share

View Profile
« Reply #3 on: March 26, 2005, 04:30:38 AM »

scratch that - i found another way to get there - it was already off  Sad
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #4 on: March 26, 2005, 04:31:56 AM »

Continue without using system restore.
Logged

An Australian Member of

EDDY
thatnugget
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 6


Bookmark and Share

View Profile
« Reply #5 on: March 26, 2005, 06:30:02 AM »

newest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:18:36 AM, on 3/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.254.100:8081
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ultra Hal Text-to-Speech Reader Startup.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/popcaploader_v6.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



thanks!
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #6 on: March 26, 2005, 06:52:00 AM »

I dont see any problems there now.You should be fine.
Logged

An Australian Member of

EDDY
thatnugget
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 6


Bookmark and Share

View Profile
« Reply #7 on: March 26, 2005, 05:37:30 PM »

hmm, well, i got my homepage back but i still can't right click on files or my desktop (it works in some programs though) and it wont allow me to change my desktop to something other than standard blue (the background and browse areas within the desktop properties are greyed out) - also, everything saved t the desktop is still doubled when saved there

any ideas? perhaps there are some settings that have been changed?


thanks again
Logged

 
thatnugget
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 6


Bookmark and Share

View Profile
« Reply #8 on: March 26, 2005, 08:17:32 PM »

ok, everything is fixed except i still cant change my desktop background

any ideas?
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #9 on: March 27, 2005, 12:07:45 AM »

Just check by going and right click on the desk top and then Properties/Desktop/Customize/Web/ and make sure any boxes there are not ticked.Other than that I suggest you ask the guys in the XP forum.
Logged

An Australian Member of

EDDY
jerryplatt
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1


Bookmark and Share

View Profile
« Reply #10 on: April 15, 2005, 12:26:11 AM »

Exactly the same problem as "thatnugget) but with a different HJT log (obviously), which as as follows

Logfile of HijackThis v1.99.1
Scan saved at 9:34:51 AM, on 15/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\winsvc.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\open32.exe
C:\WINDOWS\System32\Jpa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\Desktop\OLDHAR~1\WinZip\winzip32.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://au10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [Doa] C:\WINDOWS\System32\Jpa.exe
O4 - HKLM\..\Run: [Blg] C:\WINDOWS\System32\Pis.exe
O4 - HKLM\..\Run: [Tfe] C:\WINDOWS\Sjd.exe
O4 - HKLM\..\Run: [Mhp] C:\WINDOWS\Vgh.exe
O4 - HKLM\..\Run: [Iuu] C:\WINDOWS\Moi.exe
O4 - HKLM\..\Run: [Jna] C:\WINDOWS\System32\Srm.exe
O4 - HKLM\..\Run: [Efl] C:\WINDOWS\Kfr.exe
O4 - HKLM\..\Run: [Abs] C:\WINDOWS\Rmm.exe
O4 - HKLM\..\Run: [Nvm] C:\WINDOWS\System32\Ivl.exe
O4 - HKLM\..\Run: [Jqf] C:\WINDOWS\Ied.exe
O4 - HKLM\..\Run: [Jqh] C:\WINDOWS\System32\Ibd.exe
O4 - HKLM\..\Run: [Gjf] C:\WINDOWS\Lei.exe
O4 - HKLM\..\Run: [Rpq] C:\WINDOWS\Jpu.exe
O4 - HKLM\..\Run: [Fvn] C:\WINDOWS\System32\Dtt.exe
O4 - HKLM\..\Run: [Sfr] C:\WINDOWS\Nnb.exe
O4 - HKLM\..\Run: [lurgt] C:\WINDOWS\lurgt.exe
O4 - HKLM\..\Run: [Etg] C:\WINDOWS\System32\Dqn.exe
O4 - HKLM\..\Run: [Lke] C:\WINDOWS\Ohl.exe
O4 - HKLM\..\Run: [Ksi] C:\WINDOWS\Klm.exe
O4 - HKLM\..\Run: [Iae] C:\WINDOWS\Tkr.exe
O4 - HKLM\..\Run: [Uar] C:\WINDOWS\Qet.exe
O4 - HKLM\..\Run: [Svr] C:\WINDOWS\System32\Dkp.exe
O4 - HKLM\..\Run: [Egt] C:\WINDOWS\Vvb.exe
O4 - HKLM\..\Run: [Gvs] C:\WINDOWS\System32\Ufb.exe
O4 - HKLM\..\Run: [Gea] C:\WINDOWS\Hti.exe
O4 - HKLM\..\Run: [Usm] C:\WINDOWS\System32\Jhn.exe
O4 - HKLM\..\Run: [Stn] C:\WINDOWS\Nur.exe
O4 - HKLM\..\Run: [Ppb] C:\WINDOWS\Brt.exe
O4 - HKLM\..\Run: [Nat] C:\WINDOWS\System32\Cia.exe
O4 - HKLM\..\Run: [Gfq] C:\WINDOWS\Vun.exe
O4 - HKLM\..\Run: [Moe] C:\WINDOWS\System32\Sag.exe
O4 - HKLM\..\Run: [Cdm] C:\WINDOWS\Uef.exe
O4 - HKLM\..\Run: [Kpc] C:\WINDOWS\Alg.exe
O4 - HKLM\..\Run: [Uto] C:\WINDOWS\Hgk.exe
O4 - HKLM\..\Run: [Ihd] C:\WINDOWS\System32\Eir.exe
O4 - HKLM\..\Run: [Fns] C:\WINDOWS\System32\Hne.exe
O4 - HKLM\..\Run: [Pgj] C:\WINDOWS\Hpl.exe
O4 - HKLM\..\Run: [Vkf] C:\WINDOWS\System32\Dbs.exe
O4 - HKLM\..\Run: [Sgd] C:\WINDOWS\System32\Dgb.exe
O4 - HKLM\..\Run: [Nsq] C:\WINDOWS\System32\Heq.exe
O4 - HKLM\..\Run: [Fvg] C:\WINDOWS\Ikn.exe
O4 - HKLM\..\Run: [Htd] C:\WINDOWS\Phc.exe
O4 - HKLM\..\Run: [Nas] C:\WINDOWS\Dld.exe
O4 - HKLM\..\Run: [Fvf] C:\WINDOWS\System32\Pha.exe
O4 - HKLM\..\Run: [Gsk] C:\WINDOWS\Qvj.exe
O4 - HKLM\..\Run: [Vml] C:\WINDOWS\System32\Vfe.exe
O4 - HKLM\..\Run: [Ako] C:\WINDOWS\Hpl.exe
O4 - HKLM\..\Run: [Fcp] C:\WINDOWS\System32\Uls.exe
O4 - HKLM\..\Run: [Bpr] C:\WINDOWS\System32\Thu.exe
O4 - HKLM\..\Run: [Tjn] C:\WINDOWS\System32\Hig.exe
O4 - HKLM\..\Run: [Omn] C:\WINDOWS\System32\Lkg.exe
O4 - HKLM\..\Run: [Ojf] C:\WINDOWS\Slt.exe
O4 - HKLM\..\Run: [Qvj] C:\WINDOWS\Ntp.exe
O4 - HKLM\..\Run: [Mfg] C:\WINDOWS\System32\Qsq.exe
O4 - HKLM\..\Run: [Occ] C:\WINDOWS\System32\Gfg.exe
O4 - HKLM\..\Run: [Bgd] C:\WINDOWS\Opc.exe
O4 - HKLM\..\Run: [Noi] C:\WINDOWS\Csu.exe
O4 - HKLM\..\Run: [Ibt] C:\WINDOWS\Lfe.exe
O4 - HKLM\..\Run: [Qmb] C:\WINDOWS\Clc.exe
O4 - HKLM\..\Run: [Vmj] C:\WINDOWS\System32\Qdm.exe
O4 - HKLM\..\Run: [Geq] C:\WINDOWS\System32\Bnj.exe
O4 - HKLM\..\Run: [Tbc] C:\WINDOWS\System32\Ire.exe
O4 - HKLM\..\Run: [Dav] C:\WINDOWS\Iuh.exe
O4 - HKLM\..\Run: [Pmh] C:\WINDOWS\Hhd.exe
O4 - HKLM\..\Run: [Cqs] C:\WINDOWS\Sio.exe
O4 - HKLM\..\Run: [Amt] C:\WINDOWS\System32\Lee.exe
O4 - HKLM\..\Run: [Unk] C:\WINDOWS\But.exe
O4 - HKLM\..\Run: [Ebv] C:\WINDOWS\System32\Bci.exe
O4 - HKLM\..\Run: [Fir] C:\WINDOWS\Ppj.exe
O4 - HKLM\..\Run: [Ppj] C:\WINDOWS\Ucf.exe
O4 - HKLM\..\Run: [Dap] C:\WINDOWS\Bho.exe
O4 - HKLM\..\Run: [Dtk] C:\WINDOWS\Nsh.exe
O4 - HKLM\..\Run: [Emg] C:\WINDOWS\Qrc.exe
O4 - HKLM\..\Run: [Urm] C:\WINDOWS\Hlm.exe
O4 - HKLM\..\Run: [Gis] C:\WINDOWS\System32\Kre.exe
O4 - HKLM\..\Run: [Qhb] C:\WINDOWS\Mfl.exe
O4 - HKLM\..\Run: [But] C:\WINDOWS\Fri.exe
O4 - HKLM\..\Run: [Fkc] C:\WINDOWS\System32\Qds.exe
O4 - HKLM\..\Run: [Msq] C:\WINDOWS\System32\Ndq.exe
O4 - HKLM\..\Run: [Vkj] C:\WINDOWS\System32\Cqn.exe
O4 - HKLM\..\Run: [Alj] C:\WINDOWS\Qpi.exe
O4 - HKLM\..\Run: [Hjo] C:\WINDOWS\System32\Apa.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Bgk] C:\WINDOWS\System32\Kug.exe
O4 - HKLM\..\Run: [Khm] C:\WINDOWS\Tii.exe
O4 - HKLM\..\Run: [Vdn] C:\WINDOWS\Otc.exe
O4 - HKLM\..\Run: [Mjs] C:\WINDOWS\System32\Eia.exe
O4 - HKLM\..\Run: [Cif] C:\WINDOWS\System32\Hlf.exe
O4 - HKLM\..\Run: [Pjd] C:\WINDOWS\Hpa.exe
O4 - HKLM\..\Run: [Qgq] C:\WINDOWS\Rfq.exe
O4 - HKLM\..\Run: [Jus] C:\WINDOWS\System32\Oqm.exe
O4 - HKLM\..\Run: [Ngr] C:\WINDOWS\Hgo.exe
O4 - HKLM\..\Run: [Rus] C:\WINDOWS\System32\Usl.exe
O4 - HKLM\..\Run: [Mqe] C:\WINDOWS\Oma.exe
O4 - HKLM\..\Run: [Bae] C:\WINDOWS\Rds.exe
O4 - HKLM\..\Run: [Bvb] C:\WINDOWS\Qkb.exe
O4 - HKLM\..\Run: [Lmc] C:\WINDOWS\Kth.exe
O4 - HKLM\..\Run: [Otd] C:\WINDOWS\System32\Hhl.exe
O4 - HKLM\..\Run: [Orq] C:\WINDOWS\Rlq.exe
O4 - HKLM\..\Run: [Bnc] C:\WINDOWS\Hke.exe
O4 - HKLM\..\Run: [Snj] C:\WINDOWS\System32\Jbe.exe
O4 - HKLM\..\Run: [Kqf] C:\WINDOWS\Iii.exe
O4 - HKLM\..\Run: [Mge] C:\WINDOWS\System32\Kjm.exe
O4 - HKLM\..\Run: [Anf] C:\WINDOWS\Ujl.exe
O4 - HKLM\..\Run: [Gmv] C:\WINDOWS\Nlf.exe
O4 - HKLM\..\Run: [Nao] C:\WINDOWS\System32\Mss.exe
O4 - HKLM\..\Run: [Dco] C:\WINDOWS\Ioc.exe
O4 - HKLM\..\Run: [Fhb] C:\WINDOWS\Mjo.exe
O4 - HKLM\..\Run: [Scj] C:\WINDOWS\System32\Rmd.exe
O4 - HKLM\..\Run: [Fmp] C:\WINDOWS\Ukg.exe
O4 - HKLM\..\Run: [Tps] C:\WINDOWS\Njg.exe
O4 - HKLM\..\Run: [Qva] C:\WINDOWS\System32\Neo.exe
O4 - HKLM\..\Run: [Hae] C:\WINDOWS\System32\Buo.exe
O4 - HKLM\..\Run: [Agd] C:\WINDOWS\Qtc.exe
O4 - HKLM\..\Run: [Ajs] C:\WINDOWS\System32\Hmo.exe
O4 - HKLM\..\Run: [Krt] C:\WINDOWS\System32\Kgo.exe
O4 - HKLM\..\Run: [Don] C:\WINDOWS\Ajq.exe
O4 - HKLM\..\Run: [Cdf] C:\WINDOWS\Hjr.exe
O4 - HKLM\..\Run: [Mdf] C:\WINDOWS\Ura.exe
O4 - HKLM\..\Run: [Jrt] C:\WINDOWS\System32\Phm.exe
O4 - HKLM\..\Run: [Tjd] C:\WINDOWS\Loo.exe
O4 - HKLM\..\Run: [Nlu] C:\WINDOWS\System32\Mjk.exe
O4 - HKLM\..\Run: [Fml] C:\WINDOWS\System32\Tfm.exe
O4 - HKLM\..\Run: [Chj] C:\WINDOWS\Mng.exe
O4 - HKLM\..\Run: [Qvs] C:\WINDOWS\Qmk.exe
O4 - HKLM\..\Run: [Nfm] C:\WINDOWS\Dct.exe
O4 - HKLM\..\Run: [Cgf] C:\WINDOWS\System32\Ojv.exe
O4 - HKLM\..\Run: [Pci] C:\WINDOWS\System32\Gdm.exe
O4 - HKLM\..\Run: [Rde] C:\WINDOWS\System32\Cac.exe
O4 - HKLM\..\Run: [Hkm] C:\WINDOWS\System32\Kfr.exe
O4 - HKLM\..\Run: [Nir] C:\WINDOWS\Fop.exe
O4 - HKLM\..\Run: [Oto] C:\WINDOWS\Ucb.exe
O4 - HKLM\..\Run: [Uer] C:\WINDOWS\Dpk.exe
O4 - HKLM\..\Run: [Ifb] C:\WINDOWS\System32\Ooj.exe
O4 - HKLM\..\Run: [Cpj] C:\WINDOWS\System32\Qgv.exe
O4 - HKLM\..\Run: [Ssu] C:\WINDOWS\Dnq.exe
O4 - HKLM\..\Run: [Blj] C:\WINDOWS\System32\Jcp.exe
O4 - HKLM\..\Run: [Srs] C:\WINDOWS\System32\Cgj.exe
O4 - HKLM\..\Run: [Tsf] C:\WINDOWS\Ivn.exe
O4 - HKLM\..\Run: [Hqf] C:\WINDOWS\System32\Upg.exe
O4 - HKLM\..\Run: [Rci] C:\WINDOWS\Djo.exe
O4 - HKLM\..\Run: [Ofi] C:\WINDOWS\Nct.exe
O4 - HKLM\..\Run: [Iqg] C:\WINDOWS\System32\Hlk.exe
O4 - HKLM\..\Run: [Fbh] C:\WINDOWS\System32\Joj.exe
O4 - HKLM\..\Run: [Uet] C:\WINDOWS\Osi.exe
O4 - HKLM\..\Run: [Bmj] C:\WINDOWS\System32\Ipr.exe
O4 - HKLM\..\Run: [Usf] C:\WINDOWS\Prs.exe
O4 - HKLM\..\Run: [Bjl] C:\WINDOWS\Njn.exe
O4 - HKLM\..\Run: [Qrm] C:\WINDOWS\Dsh.exe
O4 - HKLM\..\Run: [Jrr] C:\WINDOWS\System32\Fdc.exe
O4 - HKLM\..\Run: [Bjr] C:\WINDOWS\System32\Hpe.exe
O4 - HKLM\..\Run: [Emj] C:\WINDOWS\System32\Juc.exe
O4 - HKLM\..\Run: [Mlf] C:\WINDOWS\Pff.exe
O4 - HKLM\..\Run: [Qig] C:\WINDOWS\System32\Fmj.exe
O4 - HKLM\..\Run: [Pff] C:\WINDOWS\Bpa.exe
O4 - HKLM\..\Run: [Dnq] C:\WINDOWS\System32\Ahn.exe
O4 - HKLM\..\Run: [Fst] C:\WINDOWS\Mqh.exe
O4 - HKLM\..\Run: [Dcb] C:\WINDOWS\System32\Uvs.exe
O4 - HKLM\..\Run: [Qkg] C:\WINDOWS\System32\Kpq.exe
O4 - HKLM\..\Run: [Nud] C:\WINDOWS\Mig.exe
O4 - HKLM\..\Run: [Eso] C:\WINDOWS\System32\Meq.exe
O4 - HKLM\..\Run: [Vdr] C:\WINDOWS\Rgm.exe
O4 - HKLM\..\Run: [tponpl] c:\windows\system32\tponpl.exe
O4 - HKLM\..\Run: [Sdr] C:\WINDOWS\Flp.exe
O4 - HKLM\..\Run: [Nes] C:\WINDOWS\Jip.exe
O4 - HKLM\..\Run: [Sjc] C:\WINDOWS\System32\Esm.exe
O4 - HKLM\..\Run: [Gtk] C:\WINDOWS\System32\Dmf.exe
O4 - HKLM\..\Run: [Pup] C:\WINDOWS\Gpr.exe
O4 - HKLM\..\Run: [Duh] C:\WINDOWS\Cpk.exe
O4 - HKLM\..\Run: [Vvk] C:\WINDOWS\Ous.exe
O4 - HKLM\..\Run: [Hhj] C:\WINDOWS\Mbo.exe
O4 - HKLM\..\Run: [Snn] C:\WINDOWS\Iod.exe
O4 - HKLM\..\Run: [Dqc] C:\WINDOWS\Aud.exe
O4 - HKLM\..\Run: [Oce] C:\WINDOWS\Ver.exe
O4 - HKLM\..\Run: [Kkc] C:\WINDOWS\Mra.exe
O4 - HKLM\..\Run: [Glf] C:\WINDOWS\System32\Bag.exe
O4 - HKLM\..\Run: [Fsl] C:\WINDOWS\Lgp.exe
O4 - HKLM\..\Run: [Fkn] C:\WINDOWS\Plu.exe
O4 - HKLM\..\Run: [Tmp] C:\WINDOWS\System32\Cnv.exe
O4 - HKLM\..\Run: [Aeh] C:\WINDOWS\System32\Gpl.exe
O4 - HKLM\..\Run: [Atu] C:\WINDOWS\Tts.exe
O4 - HKLM\..\Run: [Gei] C:\WINDOWS\System32\Ibk.exe
O4 - HKLM\..\Run: [Tiv] C:\WINDOWS\Utc.exe
O4 - HKLM\..\Run: [Apn] C:\WINDOWS\System32\Bvd.exe
O4 - HKLM\..\Run: [Jum] C:\WINDOWS\Hot.exe
O4 - HKLM\..\Run: [Mib] C:\WINDOWS\Apb.exe
O4 - HKLM\..\Run: [Aqg] C:\WINDOWS\Lim.exe
O4 - HKLM\..\Run: [Bbb] C:\WINDOWS\System32\Ndi.exe
O4 - HKLM\..\Run: [Qsu] C:\WINDOWS\Jmr.exe
O4 - HKLM\..\Run: [Ugg] C:\WINDOWS\Csp.exe
O4 - HKLM\..\Run: [Bcv] C:\WINDOWS\Org.exe
O4 - HKLM\..\Run: [Qtl] C:\WINDOWS\Hui.exe
O4 - HKLM\..\Run: [Nsl] C:\WINDOWS\System32\Kau.exe
O4 - HKLM\..\Run: [Jev] C:\WINDOWS\System32\Gtk.exe
O4 - HKLM\..\Run: [Ifo] C:\WINDOWS\Evr.exe
O4 - HKLM\..\Run: [Dgh] C:\WINDOWS\Nfk.exe
O4 - HKLM\..\Run: [Uag] C:\WINDOWS\System32\Lbj.exe
O4 - HKLM\..\Run: [Uch] C:\WINDOWS\Ead.exe
O4 - HKLM\..\Run: [Siq] C:\WINDOWS\Iqd.exe
O4 - HKLM\..\Run: [Jbd] C:\WINDOWS\Mqb.exe
O4 - HKLM\..\Run: [Rfv] C:\WINDOWS\System32\Mrg.exe
O4 - HKLM\..\Run: [Ums] C:\WINDOWS\System32\Tlu.exe
O4 - HKLM\..\Run: [Npd] C:\WINDOWS\System32\Odh.exe
O4 - HKLM\..\Run: [Cqf] C:\WINDOWS\System32\Jcq.exe
O4 - HKLM\..\Run: [Abe] C:\WINDOWS\One.exe
O4 - HKLM\..\Run: [Dgv] C:\WINDOWS\System32\Puf.exe
O4 - HKLM\..\Run: [Emu] C:\WINDOWS\Oko.exe
O4 - HKLM\..\Run: [Iti] C:\WINDOWS\Amc.exe
O4 - HKLM\..\Run: [Uel] C:\WINDOWS\System32\Dhj.exe
O4 - HKLM\..\Run: [Ahp] C:\WINDOWS\Tkb.exe
O4 - HKLM\..\Run: [Esg] C:\WINDOWS\System32\Mdj.exe
O4 - HKLM\..\Run: [Jnv] C:\WINDOWS\Ahq.exe
O4 - HKLM\..\Run: [Obd] C:\WINDOWS\System32\Qma.exe
O4 - HKLM\..\Run: [Dho] C:\WINDOWS\System32\Ukr.exe
O4 - HKLM\..\Run: [Onp] C:\WINDOWS\System32\Kev.exe
O4 - HKLM\..\Run: [Akk] C:\WINDOWS\Ofl.exe
O4 - HKLM\..\Run: [Kgt] C:\WINDOWS\System32\Tmp.exe
O4 - HKLM\..\Run: [Tjv] C:\WINDOWS\Qrs.exe
O4 - HKLM\..\Run: [Eau] C:\WINDOWS\Mvq.exe
O4 - HKLM\..\Run: [Afs] C:\WINDOWS\Dum.exe
O4 - HKLM\..\Run: [Sek] C:\WINDOWS\System32\Tpo.exe
O4 - HKLM\..\Run: [Nkk] C:\WINDOWS\System32\Pjk.exe
O4 - HKLM\..\Run: [Arn] C:\WINDOWS\System32\Bnu.exe
O4 - HKLM\..\Run: [Qoe] C:\WINDOWS\Bmb.exe
O4 - HKLM\..\Run: [Rqb] C:\WINDOWS\System32\Rad.exe
O4 - HKLM\..\Run: [Dnp] C:\WINDOWS\Ere.exe
O4 - HKLM\..\Run: [Bnr] C:\WINDOWS\System32\Fca.exe
O4 - HKLM\..\Run: [Uru] C:\WINDOWS\System32\Rie.exe
O4 - HKLM\..\Run: [Vel] C:\WINDOWS\Fcl.exe
O4 - HKLM\..\Run: [Upp] C:\WINDOWS\System32\Joj.exe
O4 - HKLM\..\Run: [Iha] C:\WINDOWS\Tbn.exe
O4 - HKLM\..\Run: [Lba] C:\WINDOWS\System32\Kba.exe
O4 - HKLM\..\Run: [Srb] C:\WINDOWS\Mje.exe
O4 - HKLM\..\Run: [Hfv] C:\WINDOWS\Avj.exe
O4 - HKLM\..\Run: [Qom] C:\WINDOWS\Dnk.exe
O4 - HKLM\..\Run: [Jdl] C:\WINDOWS\System32\Rmu.exe
O4 - HKLM\..\Run: [Mdk] C:\WINDOWS\Rul.exe
O4 - HKLM\..\Run: [Vlt] C:\WINDOWS\Viq.exe
O4 - HKLM\..\Run: [Pia] C:\WINDOWS\Cuc.exe
O4 - HKLM\..\Run: [Ikb] C:\WINDOWS\Bts.exe
O4 - HKLM\..\Run: [Tio] C:\WINDOWS\System32\Ulv.exe
O4 - HKLM\..\Run: [Bns] C:\WINDOWS\System32\Kek.exe
O4 - HKLM\..\Run: [Rpo] C:\WINDOWS\Rbn.exe
O4 - HKLM\..\Run: [Ida] C:\WINDOWS\System32\Pim.exe
O4 - HKLM\..\Run: [Lps] C:\WINDOWS\Loo.exe
O4 - HKLM\..\Run: [Ibd] C:\WINDOWS\System32\Uqv.exe
O4 - HKLM\..\Run: [yhivsiz] c:\windows\system32\kmbjao.exe
O4 - HKLM\..\Run: [Qmk] C:\WINDOWS\Rca.exe
O4 - HKLM\..\Run: [Tnf] C:\WINDOWS\Uev.exe
O4 - HKLM\..\Run: [Dud] C:\WINDOWS\System32\Fqu.exe
O4 - HKLM\..\Run: [Ogl] C:\WINDOWS\Bhu.exe
O4 - HKLM\..\Run: [Qjq] C:\WINDOWS\Mlt.exe
O4 - HKLM\..\Run: [Lbt] C:\WINDOWS\System32\Huq.exe
O4 - HKLM\..\Run: [Ocl] C:\WINDOWS\System32\Vnj.exe
O4 - HKLM\..\Run: [Vjs] C:\WINDOWS\Rjc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Rtu] C:\WINDOWS\System32\Ljo.exe
O4 - HKLM\..\Run: [Ksr] C:\WINDOWS\Fuq.exe
O4 - HKLM\..\Run: [Ddf] C:\WINDOWS\Cvc.exe
O4 - HKLM\..\Run: [Ekh] C:\WINDOWS\Fev.exe
O4 - HKLM\..\Run: [Hne] C:\WINDOWS\System32\Ktk.exe
O4 - HKLM\..\Run: [Srv] C:\WINDOWS\System32\Tlf.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Doa] C:\WINDOWS\System32\Jpa.exe
O4 - HKCU\..\Run: [Blg] C:\WINDOWS\System32\Pis.exe
O4 - HKCU\..\Run: [Tfe] C:\WINDOWS\Sjd.exe
O4 - HKCU\..\Run: [Mhp] C:\WINDOWS\Vgh.exe
O4 - HKCU\..\Run: [Iuu] C:\WINDOWS\Moi.exe
O4 - HKCU\..\Run: [Jna] C:\WINDOWS\System32\Srm.exe
O4 - HKCU\..\Run: [Efl] C:\WINDOWS\Kfr.exe
O4 - HKCU\..\Run: [Abs] C:\WINDOWS\Rmm.exe
O4 - HKCU\..\Run: [Nvm] C:\WINDOWS\System32\Ivl.exe
O4 - HKCU\..\Run: [Jqf] C:\WINDOWS\Ied.exe
O4 - HKCU\..\Run: [Jqh] C:\WINDOWS\System32\Ibd.exe
O4 - HKCU\..\Run: [Gjf] C:\WINDOWS\Lei.exe
O4 - HKCU\..\Run: [Rpq] C:\WINDOWS\Jpu.exe
O4 - HKCU\..\Run: [Fvn] C:\WINDOWS\System32\Dtt.exe
O4 - HKCU\..\Run: [Sfr] C:\WINDOWS\Nnb.exe
O4 - HKCU\..\Run: [Etg] C:\WINDOWS\System32\Dqn.exe
O4 - HKCU\..\Run: [Lke] C:\WINDOWS\Ohl.exe
O4 - HKCU\..\Run: [Ksi] C:\WINDOWS\Klm.exe
O4 - HKCU\..\Run: [Iae] C:\WINDOWS\Tkr.exe
O4 - HKCU\..\Run: [Uar] C:\WINDOWS\Qet.exe
O4 - HKCU\..\Run: [Svr] C:\WINDOWS\System32\Dkp.exe
O4 - HKCU\..\Run: [Egt] C:\WINDOWS\Vvb.exe
O4 - HKCU\..\Run: [Gvs] C:\WINDOWS\System32\Ufb.exe
O4 - HKCU\..\Run: [Gea] C:\WINDOWS\Hti.exe
O4 - HKCU\..\Run: [Usm] C:\WINDOWS\System32\Jhn.exe
O4 - HKCU\..\Run: [Stn] C:\WINDOWS\Nur.exe
O4 - HKCU\..\Run: [Ppb] C:\WINDOWS\Brt.exe
O4 - HKCU\..\Run: [Nat] C:\WINDOWS\System32\Cia.exe
O4 - HKCU\..\Run: [Gfq] C:\WINDOWS\Vun.exe
O4 - HKCU\..\Run: [Moe] C:\WINDOWS\System32\Sag.exe
O4 - HKCU\..\Run: [Cdm] C:\WINDOWS\Uef.exe
O4 - HKCU\..\Run: [Kpc] C:\WINDOWS\Alg.exe
O4 - HKCU\..\Run: [Uto] C:\WINDOWS\Hgk.exe
O4 - HKCU\..\Run: [Ihd] C:\WINDOWS\System32\Eir.exe
O4 - HKCU\..\Run: [Fns] C:\WINDOWS\System32\Hne.exe
O4 - HKCU\..\Run: [Pgj] C:\WINDOWS\Hpl.exe
O4 - HKCU\..\Run: [Vkf] C:\WINDOWS\System32\Dbs.exe
O4 - HKCU\..\Run: [Sgd] C:\WINDOWS\System32\Dgb.exe
O4 - HKCU\..\Run: [Nsq] C:\WINDOWS\System32\Heq.exe
O4 - HKCU\..\Run: [Fvg] C:\WINDOWS\Ikn.exe
O4 - HKCU\..\Run: [Htd] C:\WINDOWS\Phc.exe
O4 - HKCU\..\Run: [Nas] C:\WINDOWS\Dld.exe
O4 - HKCU\..\Run: [Fvf] C:\WINDOWS\System32\Pha.exe
O4 - HKCU\..\Run: [Gsk] C:\WINDOWS\Qvj.exe
O4 - HKCU\..\Run: [Vml] C:\WINDOWS\System32\Vfe.exe
O4 - HKCU\..\Run: [Ako] C:\WINDOWS\Hpl.exe
O4 - HKCU\..\Run: [Fcp] C:\WINDOWS\System32\Uls.exe
O4 - HKCU\..\Run: [Bpr] C:\WINDOWS\System32\Thu.exe
O4 - HKCU\..\Run: [Tjn] C:\WINDOWS\System32\Hig.exe
O4 - HKCU\..\Run: [Omn] C:\WINDOWS\System32\Lkg.exe
O4 - HKCU\..\Run: [Ojf] C:\WINDOWS\Slt.exe
O4 - HKCU\..\Run: [Qvj] C:\WINDOWS\Ntp.exe
O4 - HKCU\..\Run: [Mfg] C:\WINDOWS\System32\Qsq.exe
O4 - HKCU\..\Run: [Occ] C:\WINDOWS\System32\Gfg.exe
O4 - HKCU\..\Run: [Bgd] C:\WINDOWS\Opc.exe
O4 - HKCU\..\Run: [Noi] C:\WINDOWS\Csu.exe
O4 - HKCU\..\Run: [Ibt] C:\WINDOWS\Lfe.exe
O4 - HKCU\..\Run: [Qmb] C:\WINDOWS\Clc.exe
O4 - HKCU\..\Run: [Vmj] C:\WINDOWS\System32\Qdm.exe
O4 - HKCU\..\Run: [Geq] C:\WINDOWS\System32\Bnj.exe
O4 - HKCU\..\Run: [Tbc] C:\WINDOWS\System32\Ire.exe
O4 - HKCU\..\Run: [Dav] C:\WINDOWS\Iuh.exe
O4 - HKCU\..\Run: [Pmh] C:\WINDOWS\Hhd.exe
O4 - HKCU\..\Run: [Cqs] C:\WINDOWS\Sio.exe
O4 - HKCU\..\Run: [Amt] C:\WINDOWS\System32\Lee.exe
O4 - HKCU\..\Run: [Unk] C:\WINDOWS\But.exe
O4 - HKCU\..\Run: [Ebv] C:\WINDOWS\System32\Bci.exe
O4 - HKCU\..\Run: [Fir] C:\WINDOWS\Ppj.exe
O4 - HKCU\..\Run: [Ppj] C:\WINDOWS\Ucf.exe
O4 - HKCU\..\Run: [Dap] C:\WINDOWS\Bho.exe
O4 - HKCU\..\Run: [Dtk] C:\WINDOWS\Nsh.exe
O4 - HKCU\..\Run: [Emg] C:\WINDOWS\Qrc.exe
O4 - HKCU\..\Run: [Urm] C:\WINDOWS\Hlm.exe
O4 - HKCU\..\Run: [Gis] C:\WINDOWS\System32\Kre.exe
O4 - HKCU\..\Run: [Qhb] C:\WINDOWS\Mfl.exe
O4 - HKCU\..\Run: [But] C:\WINDOWS\Fri.exe
O4 - HKCU\..\Run: [Fkc] C:\WINDOWS\System32\Qds.exe
O4 - HKCU\..\Run: [Msq] C:\WINDOWS\System32\Ndq.exe
O4 - HKCU\..\Run: [Vkj] C:\WINDOWS\System32\Cqn.exe
O4 - HKCU\..\Run: [Alj] C:\WINDOWS\Qpi.exe
O4 - HKCU\..\Run: [Hjo] C:\WINDOWS\System32\Apa.exe
O4 - HKCU\..\Run: [Bgk] C:\WINDOWS\System32\Kug.exe
O4 - HKCU\..\Run: [Khm] C:\WINDOWS\Tii.exe
O4 - HKCU\..\Run: [Vdn] C:\WINDOWS\Otc.exe
O4 - HKCU\..\Run: [Mjs] C:\WINDOWS\System32\Eia.exe
O4 - HKCU\..\Run: [Cif] C:\WINDOWS\System32\Hlf.exe
O4 - HKCU\..\Run: [Pjd] C:\WINDOWS\Hpa.exe
O4 - HKCU\..\Run: [Qgq] C:\WINDOWS\Rfq.exe
O4 - HKCU\..\Run: [Jus] C:\WINDOWS\System32\Oqm.exe
O4 - HKCU\..\Run: [Ngr] C:\WINDOWS\Hgo.exe
O4 - HKCU\..\Run: [Rus] C:\WINDOWS\System32\Usl.exe
O4 - HKCU\..\Run: [Mqe] C:\WINDOWS\Oma.exe
O4 - HKCU\..\Run: [Bae] C:\WINDOWS\Rds.exe
O4 - HKCU\..\Run: [Bvb] C:\WINDOWS\Qkb.exe
O4 - HKCU\..\Run: [Lmc] C:\WINDOWS\Kth.exe
O4 - HKCU\..\Run: [Otd] C:\WINDOWS\System32\Hhl.exe
O4 - HKCU\..\Run: [Orq] C:\WINDOWS\Rlq.exe
O4 - HKCU\..\Run: [Bnc] C:\WINDOWS\Hke.exe
O4 - HKCU\..\Run: [Snj] C:\WINDOWS\System32\Jbe.exe
O4 - HKCU\..\Run: [Kqf] C:\WINDOWS\Iii.exe
O4 - HKCU\..\Run: [Mge] C:\WINDOWS\System32\Kjm.exe
O4 - HKCU\..\Run: [Anf] C:\WINDOWS\Ujl.exe
O4 - HKCU\..\Run: [Gmv] C:\WINDOWS\Nlf.exe
O4 - HKCU\..\Run: [Nao] C:\WINDOWS\System32\Mss.exe
O4 - HKCU\..\Run: [Dco] C:\WINDOWS\Ioc.exe
O4 - HKCU\..\Run: [Fhb] C:\WINDOWS\Mjo.exe
O4 - HKCU\..\Run: [Scj] C:\WINDOWS\System32\Rmd.exe
O4 - HKCU\..\Run: [Fmp] C:\WINDOWS\Ukg.exe
O4 - HKCU\..\Run: [Tps] C:\WINDOWS\Njg.exe
O4 - HKCU\..\Run: [Qva] C:\WINDOWS\System32\Neo.exe
O4 - HKCU\..\Run: [Hae] C:\WINDOWS\System32\Buo.exe
O4 - HKCU\..\Run: [Agd] C:\WINDOWS\Qtc.exe
O4 - HKCU\..\Run: [Ajs] C:\WINDOWS\System32\Hmo.exe
O4 - HKCU\..\Run: [Krt] C:\WINDOWS\System32\Kgo.exe
O4 - HKCU\..\Run: [Don] C:\WINDOWS\Ajq.exe
O4 - HKCU\..\Run: [Cdf] C:\WINDOWS\Hjr.exe
O4 - HKCU\..\Run: [Mdf] C:\WINDOWS\Ura.exe
O4 - HKCU\..\Run: [Jrt] C:\WINDOWS\System32\Phm.exe
O4 - HKCU\..\Run: [Tjd] C:\WINDOWS\Loo.exe
O4 - HKCU\..\Run: [Nlu] C:\WINDOWS\System32\Mjk.exe
O4 - HKCU\..\Run: [Fml] C:\WINDOWS\System32\Tfm.exe
O4 - HKCU\..\Run: [Chj] C:\WINDOWS\Mng.exe
O4 - HKCU\..\Run: [Qvs] C:\WINDOWS\Qmk.exe
O4 - HKCU\..\Run: [Nfm] C:\WINDOWS\Dct.exe
O4 - HKCU\..\Run: [Cgf] C:\WINDOWS\System32\Ojv.exe
O4 - HKCU\..\Run: [Pci] C:\WINDOWS\System32\Gdm.exe
O4 - HKCU\..\Run: [Rde] C:\WINDOWS\System32\Cac.exe
O4 - HKCU\..\Run: [Hkm] C:\WINDOWS\System32\Kfr.exe
O4 - HKCU\..\Run: [Nir] C:\WINDOWS\Fop.exe
O4 - HKCU\..\Run: [Oto] C:\WINDOWS\Ucb.exe
O4 - HKCU\..\Run: [Uer] C:\WINDOWS\Dpk.exe
O4 - HKCU\..\Run: [Ifb] C:\WINDOWS\System32\Ooj.exe
O4 - HKCU\..\Run: [Cpj] C:\WINDOWS\System32\Qgv.exe
O4 - HKCU\..\Run: [Ssu] C:\WINDOWS\Dnq.exe
O4 - HKCU\..\Run: [Blj] C:\WINDOWS\System32\Jcp.exe
O4 - HKCU\..\Run: [Srs] C:\WINDOWS\System32\Cgj.exe
O4 - HKCU\..\Run: [Tsf] C:\WINDOWS\Ivn.exe
O4 - HKCU\..\Run: [Hqf] C:\WINDOWS\System32\Upg.exe
O4 - HKCU\..\Run: [Rci] C:\WINDOWS\Djo.exe
O4 - HKCU\..\Run: [Ofi] C:\WINDOWS\Nct.exe
O4 - HKCU\..\Run: [Iqg] C:\WINDOWS\System32\Hlk.exe
O4 - HKCU\..\Run: [Fbh] C:\WINDOWS\System32\Joj.exe
O4 - HKCU\..\Run: [Uet] C:\WINDOWS\Osi.exe
O4 - HKCU\..\Run: [Bmj] C:\WINDOWS\System32\Ipr.exe
O4 - HKCU\..\Run: [Usf] C:\WINDOWS\Prs.exe
O4 - HKCU\..\Run: [Bjl] C:\WINDOWS\Njn.exe
O4 - HKCU\..\Run: [Qrm] C:\WINDOWS\Dsh.exe
O4 - HKCU\..\Run: [Jrr] C:\WINDOWS\System32\Fdc.exe
O4 - HKCU\..\Run: [Bjr] C:\WINDOWS\System32\Hpe.exe
O4 - HKCU\..\Run: [Emj] C:\WINDOWS\System32\Juc.exe
O4 - HKCU\..\Run: [Mlf] C:\WINDOWS\Pff.exe
O4 - HKCU\..\Run: [Qig] C:\WINDOWS\System32\Fmj.exe
O4 - HKCU\..\Run: [Pff] C:\WINDOWS\Bpa.exe
O4 - HKCU\..\Run: [Dnq] C:\WINDOWS\System32\Ahn.exe
O4 - HKCU\..\Run: [Fst] C:\WINDOWS\Mqh.exe
O4 - HKCU\..\Run: [Dcb] C:\WINDOWS\System32\Uvs.exe
O4 - HKCU\..\Run: [Qkg] C:\WINDOWS\System32\Kpq.exe
O4 - HKCU\..\Run: [Nud] C:\WINDOWS\Mig.exe
O4 - HKCU\..\Run: [Eso] C:\WINDOWS\System32\Meq.exe
O4 - HKCU\..\Run: [Vdr] C:\WINDOWS\Rgm.exe
O4 - HKCU\..\Run: [Sdr] C:\WINDOWS\Flp.exe
O4 - HKCU\..\Run: [Nes] C:\WINDOWS\Jip.exe
O4 - HKCU\..\Run: [Sjc] C:\WINDOWS\System32\Esm.exe
O4 - HKCU\..\Run: [Gtk] C:\WINDOWS\System32\Dmf.exe
O4 - HKCU\..\Run: [Pup] C:\WINDOWS\Gpr.exe
O4 - HKCU\..\Run: [Duh] C:\WINDOWS\Cpk.exe
O4 - HKCU\..\Run: [Vvk] C:\WINDOWS\Ous.exe
O4 - HKCU\..\Run: [Hhj] C:\WINDOWS\Mbo.exe
O4 - HKCU\..\Run: [Snn] C:\WINDOWS\Iod.exe
O4 - HKCU\..\Run: [Dqc] C:\WINDOWS\Aud.exe
O4 - HKCU\..\Run: [Oce] C:\WINDOWS\Ver.exe
O4 - HKCU\..\Run: [Kkc] C:\WINDOWS\Mra.exe
O4 - HKCU\..\Run: [Glf] C:\WINDOWS\System32\Bag.exe
O4 - HKCU\..\Run: [Fsl] C:\WINDOWS\Lgp.exe
O4 - HKCU\..\Run: [Fkn] C:\WINDOWS\Plu.exe
O4 - HKCU\..\Run: [Tmp] C:\WINDOWS\System32\Cnv.exe
O4 - HKCU\..\Run: [Aeh] C:\WINDOWS\System32\Gpl.exe
O4 - HKCU\..\Run: [Atu] C:\WINDOWS\Tts.exe
O4 - HKCU\..\Run: [Gei] C:\WINDOWS\System32\Ibk.exe
O4 - HKCU\..\Run: [Tiv] C:\WINDOWS\Utc.exe
O4 - HKCU\..\Run: [Apn] C:\WINDOWS\System32\Bvd.exe
O4 - HKCU\..\Run: [Jum] C:\WINDOWS\Hot.exe
O4 - HKCU\..\Run: [Mib] C:\WINDOWS\Apb.exe
O4 - HKCU\..\Run: [Aqg] C:\WINDOWS\Lim.exe
O4 - HKCU\..\Run: [Bbb] C:\WINDOWS\System32\Ndi.exe
O4 - HKCU\..\Run: [Qsu] C:\WINDOWS\Jmr.exe
O4 - HKCU\..\Run: [Ugg] C:\WINDOWS\Csp.exe
O4 - HKCU\..\Run: [Bcv] C:\WINDOWS\Org.exe
O4 - HKCU\..\Run: [Qtl] C:\WINDOWS\Hui.exe
O4 - HKCU\..\Run: [Nsl] C:\WINDOWS\System32\Kau.exe
O4 - HKCU\..\Run: [Jev] C:\WINDOWS\System32\Gtk.exe
O4 - HKCU\..\Run: [Ifo] C:\WINDOWS\Evr.exe
O4 - HKCU\..\Run: [Dgh] C:\WINDOWS\Nfk.exe
O4 - HKCU\..\Run: [Uag] C:\WINDOWS\System32\Lbj.exe
O4 - HKCU\..\Run: [Uch] C:\WINDOWS\Ead.exe
O4 - HKCU\..\Run: [Siq] C:\WINDOWS\Iqd.exe
O4 - HKCU\..\Run: [Jbd] C:\WINDOWS\Mqb.exe
O4 - HKCU\..\Run: [Rfv] C:\WINDOWS\System32\Mrg.exe
O4 - HKCU\..\Run: [Ums] C:\WINDOWS\System32\Tlu.exe
O4 - HKCU\..\Run: [Npd] C:\WINDOWS\System32\Odh.exe
O4 - HKCU\..\Run: [Cqf] C:\WINDOWS\System32\Jcq.exe
O4 - HKCU\..\Run: [Abe] C:\WINDOWS\One.exe
O4 - HKCU\..\Run: [Dgv] C:\WINDOWS\System32\Puf.exe
O4 - HKCU\..\Run: [Emu] C:\WINDOWS\Oko.exe
O4 - HKCU\..\Run: [Iti] C:\WINDOWS\Amc.exe
O4 - HKCU\..\Run: [Uel] C:\WINDOWS\System32\Dhj.exe
O4 - HKCU\..\Run: [Ahp] C:\WINDOWS\Tkb.exe
O4 - HKCU\..\Run: [Esg] C:\WINDOWS\System32\Mdj.exe
O4 - HKCU\..\Run: [Jnv] C:\WINDOWS\Ahq.exe
O4 - HKCU\..\Run: [Obd] C:\WINDOWS\System32\Qma.exe
O4 - HKCU\..\Run: [Dho] C:\WINDOWS\System32\Ukr.exe
O4 - HKCU\..\Run: [Onp] C:\WINDOWS\System32\Kev.exe
O4 - HKCU\..\Run: [Akk] C:\WINDOWS\Ofl.exe
O4 - HKCU\..\Run: [Kgt] C:\WINDOWS\System32\Tmp.exe
O4 - HKCU\..\Run: [Tjv] C:\WINDOWS\Qrs.exe
O4 - HKCU\..\Run: [Eau] C:\WINDOWS\Mvq.exe
O4 - HKCU\..\Run: [Afs] C:\WINDOWS\Dum.exe
O4 - HKCU\..\Run: [Sek] C:\WINDOWS\System32\Tpo.exe
O4 - HKCU\..\Run: [Nkk] C:\WINDOWS\System32\Pjk.exe
O4 - HKCU\..\Run: [Arn] C:\WINDOWS\System32\Bnu.exe
O4 - HKCU\..\Run: [Qoe] C:\WINDOWS\Bmb.exe
O4 - HKCU\..\Run: [Rqb] C:\WINDOWS\System32\Rad.exe
O4 - HKCU\..\Run: [Dnp] C:\WINDOWS\Ere.exe
O4 - HKCU\..\Run: [Bnr] C:\WINDOWS\System32\Fca.exe
O4 - HKCU\..\Run: [Uru] C:\WINDOWS\System32\Rie.exe
O4 - HKCU\..\Run: [Vel] C:\WINDOWS\Fcl.exe
O4 - HKCU\..\Run: [Upp] C:\WINDOWS\System32\Joj.exe
O4 - HKCU\..\Run: [Iha] C:\WINDOWS\Tbn.exe
O4 - HKCU\..\Run: [Lba] C:\WINDOWS\System32\Kba.exe
O4 - HKCU\..\Run: [Srb] C:\WINDOWS\Mje.exe
O4 - HKCU\..\Run: [Hfv] C:\WINDOWS\Avj.exe
O4 - HKCU\..\Run: [Qom] C:\WINDOWS\Dnk.exe
O4 - HKCU\..\Run: [Jdl] C:\WINDOWS\System32\Rmu.exe
O4 - HKCU\..\Run: [Mdk] C:\WINDOWS\Rul.exe
O4 - HKCU\..\Run: [Vlt] C:\WINDOWS\Viq.exe
O4 - HKCU\..\Run: [Pia] C:\WINDOWS\Cuc.exe
O4 - HKCU\..\Run: [Ikb] C:\WINDOWS\Bts.exe
O4 - HKCU\..\Run: [Tio] C:\WINDOWS\System32\Ulv.exe
O4 - HKCU\..\Run: [Bns] C:\WINDOWS\System32\Kek.exe
O4 - HKCU\..\Run: [Rpo] C:\WINDOWS\Rbn.exe
O4 - HKCU\..\Run: [Ida] C:\WINDOWS\System32\Pim.exe
O4 - HKCU\..\Run: [Lps] C:\WINDOWS\Loo.exe
O4 - HKCU\..\Run: [Ibd] C:\WINDOWS\System32\Uqv.exe
O4 - HKCU\..\Run: [Qmk] C:\WINDOWS\Rca.exe
O4 - HKCU\..\Run: [Tnf] C:\WINDOWS\Uev.exe
O4 - HKCU\..\Run: [Dud] C:\WINDOWS\System32\Fqu.exe
O4 - HKCU\..\Run: [Ogl] C:\WINDOWS\Bhu.exe
O4 - HKCU\..\Run: [Qjq] C:\WINDOWS\Mlt.exe
O4 - HKCU\..\Run: [Lbt] C:\WINDOWS\System32\Huq.exe
O4 - HKCU\..\Run: [Ocl] C:\WINDOWS\System32\Vnj.exe
O4 - HKCU\..\Run: [Vjs] C:\WINDOWS\Rjc.exe
O4 - HKCU\..\Run: [Rtu] C:\WINDOWS\System32\Ljo.exe
O4 - HKCU\..\Run: [Rsd] C:\WINDOWS\System32\Jmu.exe
O4 - HKCU\..\Run: [Sfn] C:\WINDOWS\Qqj.exe
O4 - HKCU\..\Run: [Ntm] C:\WINDOWS\Njs.exe
O4 - HKCU\..\Run: [Ksr] C:\WINDOWS\Fuq.exe
O4 - HKCU\..\Run: [Ddf] C:\WINDOWS\Cvc.exe
O4 - HKCU\..\Run: [Tap] C:\WINDOWS\Mnm.exe
O4 - HKCU\..\Run: [Ekh] C:\WINDOWS\Fev.exe
O4 - HKCU\..\Run: [Ksk] C:\WINDOWS\System32\Vtk.exe
O4 - HKCU\..\Run: [Ntg] C:\WINDOWS\Hro.exe
O4 - HKCU\..\Run: [Ejb] C:\WINDOWS\System32\Gjp.exe
O4 - HKCU\..\Run: [Hne] C:\WINDOWS\System32\Ktk.exe
O4 - HKCU\..\Run: [Sbj] C:\WINDOWS\Avr.exe
O4 - HKCU\..\Run: [Rju] C:\WINDOWS\Guc.exe
O4 - HKCU\..\Run: [Hvs] C:\WINDOWS\Dpt.exe
O4 - Startup: Update WinBMD.lnk = C:\Documents and Settings\Owner\Desktop\Old Hard Drive\Program Files\WinBMD\WiseUpdt.exe
O4 - Startup: winupdate30473087[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.horse-active.net
O15 - Trusted Zone: *.horse-active.net (HKLM)
O15 - Trusted IP range: 64.62.171.156
O15 - Trusted IP range: 64.62.171.156 (HKLM)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows update Service (updater) - Unknown owner - C:\WINDOWS\System32\winsvc.exe

Please help
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page July 20, 2019, 05:02:35 PM