Go Back   Cyber Tech Help Support Forums > Software > Malware Removal
Reload this Page New HiJackThis log
Register FAQ Calendar Today's Active Topics Search

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old December 27th, 2004, 07:18 PM
Sand Sand is offline
New Member
  
Join Date: Dec 2004
Posts: 2
New HiJackThis log
Hi could some body help me please, I've been having a huge problem with pop ups. I have just upgraded my Adaware to the SE Personal and had 404 objects found. Most of them were browser hijackers but I can't seem to get to the source of the problem, so the next day I have the same problem.

Here is my HiJack log file, any help would be greatly appreciated.

Logfile of HijackThis v1.99.0
Scan saved at 17:07:47, on 27/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
C:\WINDOWS\system32\vmss\vmss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Radio 1 Mini DJ\skinkers.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AOL 8.0\aoltray.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\sand\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/u...en/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/radio1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/u...en/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/u...en/default.htm
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PowerSearch - {4E7BD74F-2B8D-469E-A3EE-FB7FA682AA7D} - C:\PROGRA~1\POWERS~2\Toolbar\pwrsdfp\pwrsdp1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-A3EE-FB7FA682AA7D} - C:\PROGRA~1\POWERS~2\Toolbar\pwrsdfp\pwrsdp1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDr ive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [anczyn] C:\WINDOWS\anczyn.exe
O4 - HKLM\..\Run: [lylatat] C:\WINDOWS\lylatat.exe
O4 - HKLM\..\Run: [cksynm] C:\WINDOWS\System32\edyhoumm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [rfak] C:\WINDOWS\System32\yusf.exe
O4 - HKLM\..\Run: [pjpvoj] C:\WINDOWS\System32\xkkb.exe
O4 - HKLM\..\Run: [jcydj] C:\WINDOWS\System32\bohf.exe
O4 - HKLM\..\Run: [vins] C:\WINDOWS\System32\bcqhlu.exe
O4 - HKLM\..\Run: [spqss] C:\WINDOWS\System32\bwtytd.exe
O4 - HKLM\..\Run: [gmoupn] C:\WINDOWS\System32\znjuvz.exe
O4 - HKLM\..\Run: [ravixea] C:\WINDOWS\System32\oyhdcco.exe
O4 - HKLM\..\Run: [nndhpkws] C:\WINDOWS\System32\vrlrf.exe
O4 - HKLM\..\Run: [lndfok] C:\WINDOWS\System32\hlzzcud.exe
O4 - HKLM\..\Run: [otzvvkr] C:\WINDOWS\System32\jnmsd.exe
O4 - HKLM\..\Run: [gjnji] C:\WINDOWS\System32\lfztoba.exe
O4 - HKLM\..\Run: [zxbvn] C:\WINDOWS\System32\ybswpmwx.exe
O4 - HKLM\..\Run: [dwsoky] C:\WINDOWS\System32\avsvzb.exe
O4 - HKLM\..\Run: [drkz] C:\WINDOWS\System32\qpnacmvj.exe
O4 - HKLM\..\Run: [lbljpc] C:\WINDOWS\System32\ajssdf.exe
O4 - HKLM\..\Run: [qqio] C:\WINDOWS\System32\oheto.exe
O4 - HKLM\..\Run: [dzulrjq] C:\WINDOWS\System32\xttgkndx.exe
O4 - HKLM\..\Run: [gjsptpwx] C:\WINDOWS\System32\dajbg.exe
O4 - HKLM\..\Run: [sefdx] C:\WINDOWS\System32\nnrijvq.exe
O4 - HKLM\..\Run: [vgjl] C:\WINDOWS\system32\nrqpec.exe
O4 - HKLM\..\Run: [iokadt] C:\WINDOWS\system32\jyjmuhg.exe
O4 - HKLM\..\Run: [fwfzbgka] C:\WINDOWS\system32\mxrago.exe
O4 - HKLM\..\Run: [hgldrmhb] C:\WINDOWS\system32\qcdkvkkz.exe
O4 - HKLM\..\Run: [zkazcdex] C:\WINDOWS\system32\hhapuv.exe
O4 - HKLM\..\Run: [vctb] C:\WINDOWS\system32\gqmjjmv.exe
O4 - HKLM\..\Run: [dcapue] C:\WINDOWS\system32\ipmw.exe
O4 - HKLM\..\Run: [wrneo] C:\WINDOWS\system32\tsov.exe
O4 - HKLM\..\Run: [xiyjv] C:\WINDOWS\system32\ucshlmox.exe
O4 - HKLM\..\Run: [rlfyyy] C:\WINDOWS\system32\eoyytivw.exe
O4 - HKLM\..\Run: [mkdzfohh] C:\WINDOWS\system32\qlojii.exe
O4 - HKLM\..\Run: [jvgpsr] C:\WINDOWS\system32\ogcmavkk.exe
O4 - HKLM\..\Run: [fqyjw] C:\WINDOWS\system32\fmlyuio.exe
O4 - HKLM\..\Run: [gsismvka] C:\WINDOWS\system32\hevkfo.exe
O4 - HKLM\..\Run: [opvt] C:\WINDOWS\system32\kdjcmdd.exe
O4 - HKLM\..\Run: [omcx] C:\WINDOWS\system32\vfomm.exe
O4 - HKLM\..\Run: [iooqsnvj] C:\WINDOWS\system32\krbjxtt.exe
O4 - HKLM\..\Run: [lgrjel] C:\WINDOWS\system32\mxgvphri.exe
O4 - HKLM\..\Run: [ajjoye] C:\WINDOWS\system32\jwerrkf.exe
O4 - HKLM\..\Run: [myokp] C:\WINDOWS\system32\ggxitdm.exe
O4 - HKLM\..\Run: [vsdkgkvs] C:\WINDOWS\system32\oktga.exe
O4 - HKLM\..\Run: [dgetz] C:\WINDOWS\system32\nzaehooj.exe
O4 - HKLM\..\Run: [ddcy] C:\WINDOWS\system32\qntwgo.exe
O4 - HKLM\..\Run: [sbaaqpp] C:\WINDOWS\system32\nersis.exe
O4 - HKLM\..\Run: [ntlvtbas] C:\WINDOWS\system32\ueudm.exe
O4 - HKLM\..\Run: [tqatv] C:\WINDOWS\system32\rukyo.exe
O4 - HKLM\..\Run: [hhchd] C:\WINDOWS\system32\arvogga.exe
O4 - HKLM\..\Run: [eezkrli] C:\WINDOWS\system32\rvwm.exe
O4 - HKLM\..\Run: [zdnm] C:\WINDOWS\system32\txbxzwot.exe
O4 - HKLM\..\Run: [nmni] C:\WINDOWS\system32\okqx.exe
O4 - HKLM\..\Run: [tcbru] C:\WINDOWS\system32\wdtlcjd.exe
O4 - HKLM\..\Run: [euxxw] C:\WINDOWS\system32\npfmrkae.exe
O4 - HKLM\..\Run: [lktqjhfv] C:\WINDOWS\system32\mhlxtrsz.exe
O4 - HKLM\..\Run: [dkmqf] C:\WINDOWS\system32\jxbtvuy.exe
O4 - HKLM\..\Run: [xnbzku] C:\WINDOWS\system32\nsfje.exe
O4 - HKLM\..\Run: [vopgy] C:\WINDOWS\system32\fzebz.exe
O4 - HKLM\..\Run: [oqcsc] C:\WINDOWS\system32\qujuacfi.exe
O4 - HKLM\..\Run: [ukysnh] C:\WINDOWS\system32\utjsieox.exe
O4 - HKLM\..\Run: [fogdisto] C:\WINDOWS\system32\bwym.exe
O4 - HKLM\..\Run: [homcncl] C:\WINDOWS\system32\jpbatbf.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\system32\vmss\vmss.exe
O4 - HKLM\..\Run: [ypend] C:\WINDOWS\system32\xlelfzy.exe
O4 - HKLM\..\Run: [shspsag] C:\WINDOWS\system32\eealxtiu.exe
O4 - HKLM\..\Run: [yozugddp] C:\WINDOWS\system32\pfmelrvq.exe
O4 - HKLM\..\Run: [ustyhijj] C:\WINDOWS\system32\kuavpxqb.exe
O4 - HKLM\..\Run: [sxwaqbhr] C:\WINDOWS\system32\txrxxuew.exe
O4 - HKLM\..\Run: [xnih] C:\WINDOWS\system32\fvffxun.exe
O4 - HKLM\..\Run: [esrlxuc] C:\WINDOWS\system32\sryiyfil.exe
O4 - HKLM\..\Run: [ykqkn] C:\WINDOWS\system32\ttxfw.exe
O4 - HKLM\..\Run: [sfaolo] C:\WINDOWS\system32\dncxxfje.exe
O4 - HKLM\..\Run: [jfes] C:\WINDOWS\system32\jrnoia.exe
O4 - HKLM\..\Run: [whdpscq] C:\WINDOWS\system32\totdwbuf.exe
O4 - HKLM\..\Run: [ujzms] C:\WINDOWS\system32\qerzzfac.exe
O4 - HKLM\..\Run: [zxmynlg] C:\WINDOWS\system32\yejrz.exe
O4 - HKLM\..\Run: [ftcw] C:\WINDOWS\system32\vdhmb.exe
O4 - HKLM\..\Run: [rbusag] C:\WINDOWS\system32\jqhcnol.exe
O4 - HKLM\..\Run: [gjykvosb] C:\WINDOWS\system32\feik.exe
O4 - HKLM\..\Run: [paplip] C:\WINDOWS\system32\fpjrt.exe
O4 - HKLM\..\Run: [eaqtsh] C:\WINDOWS\system32\ytkdtglk.exe
O4 - HKLM\..\Run: [bshq] C:\WINDOWS\system32\clip.exe
O4 - HKLM\..\Run: [utcdsw] C:\WINDOWS\system32\wkkmxy.exe
O4 - HKLM\..\Run: [oagpdupl] C:\WINDOWS\system32\jhjgzo.exe
O4 - HKLM\..\Run: [vrbvuxz] C:\WINDOWS\system32\ptddl.exe
O4 - HKLM\..\Run: [lfho] C:\WINDOWS\system32\jeiey.exe
O4 - HKLM\..\Run: [fykstxr] C:\WINDOWS\system32\djlkdj.exe
O4 - HKLM\..\Run: [ftsmsam] C:\WINDOWS\system32\twvko.exe
O4 - HKLM\..\Run: [mxmfvpt] C:\WINDOWS\system32\kmmkivdz.exe
O4 - HKLM\..\Run: [gokxuzlf] C:\WINDOWS\system32\xizeug.exe
O4 - HKLM\..\Run: [qedy] C:\WINDOWS\system32\dxxyzil.exe
O4 - HKLM\..\Run: [qflyywg] C:\WINDOWS\system32\abpsq.exe
O4 - HKLM\..\Run: [sgxxyhu] C:\WINDOWS\system32\rofsqn.exe
O4 - HKLM\..\Run: [lpwgbl] C:\WINDOWS\system32\tdrmo.exe
O4 - HKLM\..\Run: [giirpn] C:\WINDOWS\system32\krfjmm.exe
O4 - HKLM\..\Run: [besh] C:\WINDOWS\system32\ghfs.exe
O4 - HKLM\..\Run: [vnydiii] C:\WINDOWS\system32\uwykz.exe
O4 - HKLM\..\Run: [fountw] C:\WINDOWS\system32\jotizb.exe
O4 - HKLM\..\Run: [cbaxidh] C:\WINDOWS\system32\tiiaw.exe
O4 - HKLM\..\Run: [eavu] C:\WINDOWS\system32\djqfuff.exe
O4 - HKLM\..\Run: [cgwrkftf] C:\WINDOWS\system32\gckjfruy.exe
O4 - HKLM\..\Run: [tdvlrpm] C:\WINDOWS\system32\impx.exe
O4 - HKLM\..\Run: [tengpqj] C:\WINDOWS\system32\gzbl.exe
O4 - HKLM\..\Run: [ntqnpsko] C:\WINDOWS\system32\ckwcnh.exe
O4 - HKLM\..\Run: [condr] C:\WINDOWS\system32\kejqsb.exe
O4 - HKLM\..\Run: [zmznoz] C:\WINDOWS\system32\bvoipmmy.exe
O4 - HKLM\..\Run: [wxkzvnef] C:\WINDOWS\system32\caciiy.exe
O4 - HKLM\..\Run: [kstdlw] C:\WINDOWS\system32\ubfpk.exe
O4 - HKLM\..\Run: [nwluiwwm] C:\WINDOWS\system32\zxzndm.exe
O4 - HKLM\..\Run: [igef] C:\WINDOWS\system32\oniny.exe
O4 - HKLM\..\Run: [mhpynx] C:\WINDOWS\system32\tawipglh.exe
O4 - HKLM\..\Run: [azpthn] C:\WINDOWS\system32\cfaybfxe.exe
O4 - HKLM\..\Run: [urxk] C:\WINDOWS\system32\czigcm.exe
O4 - HKLM\..\Run: [lbzeavbc] C:\WINDOWS\system32\sfmpwyon.exe
O4 - HKLM\..\Run: [uckp] C:\WINDOWS\system32\rdriail.exe
O4 - HKLM\..\Run: [wxaoqd] C:\WINDOWS\system32\svbkpbb.exe
O4 - HKLM\..\Run: [gofoc] C:\WINDOWS\system32\jxrb.exe
O4 - HKLM\..\Run: [jcjv] C:\WINDOWS\system32\klqvhh.exe
O4 - HKLM\..\Run: [nsygadq] C:\WINDOWS\system32\lufzhqc.exe
O4 - HKLM\..\Run: [xijv] C:\WINDOWS\system32\xcgiplrq.exe
O4 - HKLM\..\Run: [bugypeth] C:\WINDOWS\system32\soidyqe.exe
O4 - HKLM\..\Run: [ywacwkr] C:\WINDOWS\system32\bdot.exe
O4 - HKLM\..\Run: [fessl] C:\WINDOWS\system32\xphsy.exe
O4 - HKLM\..\Run: [uwasoraw] C:\WINDOWS\system32\isuuxake.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BBCRadio1Cluster] C:\Program Files\Radio 1 Mini DJ\skinkers.exe
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\eufjb.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: SirSearch - file://C:\Program Files\PWRSDP1\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.6.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/28ac35b9...p/RdxIE601.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{83FB9B4E-38B5-45BA-A0FF-C02A84206BAA}: NameServer = 212.67.96.129 212.67.120.148
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thank you
Reply With Quote
  #2  
Old December 27th, 2004, 07:48 PM
Acrobaze Acrobaze is offline
Malware Removal Team
  
Join Date: Nov 2003
O/S: Windows 10 Home
Location: France
Posts: 11,994
Hi,

Print this, because IE must be closed.

Download this TOOL.
-Run it once
When you run the uninstaller, you MUST have an internet connection active for it to work.
-Reboot
-Run it once again.

Close all browser windows, run only HijackThis and check:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: PowerSearch - {4E7BD74F-2B8D-469E-A3EE-FB7FA682AA7D} - C:\PROGRA~1\POWERS~2\Toolbar\pwrsdfp\pwrsdp1.dll (file missing)
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-A3EE-FB7FA682AA7D} - C:\PROGRA~1\POWERS~2\Toolbar\pwrsdfp\pwrsdp1.dll (file missing)

O4 - HKLM\..\Run: [anczyn] C:\WINDOWS\anczyn.exe
O4 - HKLM\..\Run: [lylatat] C:\WINDOWS\lylatat.exe
O4 - HKLM\..\Run: [cksynm] C:\WINDOWS\System32\edyhoumm.exe
O4 - HKLM\..\Run: [rfak] C:\WINDOWS\System32\yusf.exe
O4 - HKLM\..\Run: [pjpvoj] C:\WINDOWS\System32\xkkb.exe
O4 - HKLM\..\Run: [jcydj] C:\WINDOWS\System32\bohf.exe
O4 - HKLM\..\Run: [vins] C:\WINDOWS\System32\bcqhlu.exe
O4 - HKLM\..\Run: [spqss] C:\WINDOWS\System32\bwtytd.exe
O4 - HKLM\..\Run: [gmoupn] C:\WINDOWS\System32\znjuvz.exe
O4 - HKLM\..\Run: [ravixea] C:\WINDOWS\System32\oyhdcco.exe
O4 - HKLM\..\Run: [nndhpkws] C:\WINDOWS\System32\vrlrf.exe
O4 - HKLM\..\Run: [lndfok] C:\WINDOWS\System32\hlzzcud.exe
O4 - HKLM\..\Run: [otzvvkr] C:\WINDOWS\System32\jnmsd.exe
O4 - HKLM\..\Run: [gjnji] C:\WINDOWS\System32\lfztoba.exe
O4 - HKLM\..\Run: [zxbvn] C:\WINDOWS\System32\ybswpmwx.exe
O4 - HKLM\..\Run: [dwsoky] C:\WINDOWS\System32\avsvzb.exe
O4 - HKLM\..\Run: [drkz] C:\WINDOWS\System32\qpnacmvj.exe
O4 - HKLM\..\Run: [lbljpc] C:\WINDOWS\System32\ajssdf.exe
O4 - HKLM\..\Run: [qqio] C:\WINDOWS\System32\oheto.exe
O4 - HKLM\..\Run: [dzulrjq] C:\WINDOWS\System32\xttgkndx.exe
O4 - HKLM\..\Run: [gjsptpwx] C:\WINDOWS\System32\dajbg.exe
O4 - HKLM\..\Run: [sefdx] C:\WINDOWS\System32\nnrijvq.exe
O4 - HKLM\..\Run: [vgjl] C:\WINDOWS\system32\nrqpec.exe
O4 - HKLM\..\Run: [iokadt] C:\WINDOWS\system32\jyjmuhg.exe
O4 - HKLM\..\Run: [fwfzbgka] C:\WINDOWS\system32\mxrago.exe
O4 - HKLM\..\Run: [hgldrmhb] C:\WINDOWS\system32\qcdkvkkz.exe
O4 - HKLM\..\Run: [zkazcdex] C:\WINDOWS\system32\hhapuv.exe
O4 - HKLM\..\Run: [vctb] C:\WINDOWS\system32\gqmjjmv.exe
O4 - HKLM\..\Run: [dcapue] C:\WINDOWS\system32\ipmw.exe
O4 - HKLM\..\Run: [wrneo] C:\WINDOWS\system32\tsov.exe
O4 - HKLM\..\Run: [xiyjv] C:\WINDOWS\system32\ucshlmox.exe
O4 - HKLM\..\Run: [rlfyyy] C:\WINDOWS\system32\eoyytivw.exe
O4 - HKLM\..\Run: [mkdzfohh] C:\WINDOWS\system32\qlojii.exe
O4 - HKLM\..\Run: [jvgpsr] C:\WINDOWS\system32\ogcmavkk.exe
O4 - HKLM\..\Run: [fqyjw] C:\WINDOWS\system32\fmlyuio.exe
O4 - HKLM\..\Run: [gsismvka] C:\WINDOWS\system32\hevkfo.exe
O4 - HKLM\..\Run: [opvt] C:\WINDOWS\system32\kdjcmdd.exe
O4 - HKLM\..\Run: [omcx] C:\WINDOWS\system32\vfomm.exe
O4 - HKLM\..\Run: [iooqsnvj] C:\WINDOWS\system32\krbjxtt.exe
O4 - HKLM\..\Run: [lgrjel] C:\WINDOWS\system32\mxgvphri.exe
O4 - HKLM\..\Run: [ajjoye] C:\WINDOWS\system32\jwerrkf.exe
O4 - HKLM\..\Run: [myokp] C:\WINDOWS\system32\ggxitdm.exe
O4 - HKLM\..\Run: [vsdkgkvs] C:\WINDOWS\system32\oktga.exe
O4 - HKLM\..\Run: [dgetz] C:\WINDOWS\system32\nzaehooj.exe
O4 - HKLM\..\Run: [ddcy] C:\WINDOWS\system32\qntwgo.exe
O4 - HKLM\..\Run: [sbaaqpp] C:\WINDOWS\system32\nersis.exe
O4 - HKLM\..\Run: [ntlvtbas] C:\WINDOWS\system32\ueudm.exe
O4 - HKLM\..\Run: [tqatv] C:\WINDOWS\system32\rukyo.exe
O4 - HKLM\..\Run: [hhchd] C:\WINDOWS\system32\arvogga.exe
O4 - HKLM\..\Run: [eezkrli] C:\WINDOWS\system32\rvwm.exe
O4 - HKLM\..\Run: [zdnm] C:\WINDOWS\system32\txbxzwot.exe
O4 - HKLM\..\Run: [nmni] C:\WINDOWS\system32\okqx.exe
O4 - HKLM\..\Run: [tcbru] C:\WINDOWS\system32\wdtlcjd.exe
O4 - HKLM\..\Run: [euxxw] C:\WINDOWS\system32\npfmrkae.exe
O4 - HKLM\..\Run: [lktqjhfv] C:\WINDOWS\system32\mhlxtrsz.exe
O4 - HKLM\..\Run: [dkmqf] C:\WINDOWS\system32\jxbtvuy.exe
O4 - HKLM\..\Run: [xnbzku] C:\WINDOWS\system32\nsfje.exe
O4 - HKLM\..\Run: [vopgy] C:\WINDOWS\system32\fzebz.exe
O4 - HKLM\..\Run: [oqcsc] C:\WINDOWS\system32\qujuacfi.exe
O4 - HKLM\..\Run: [ukysnh] C:\WINDOWS\system32\utjsieox.exe
O4 - HKLM\..\Run: [fogdisto] C:\WINDOWS\system32\bwym.exe
O4 - HKLM\..\Run: [homcncl] C:\WINDOWS\system32\jpbatbf.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\system32\vmss\vmss.exe
O4 - HKLM\..\Run: [ypend] C:\WINDOWS\system32\xlelfzy.exe
O4 - HKLM\..\Run: [shspsag] C:\WINDOWS\system32\eealxtiu.exe
O4 - HKLM\..\Run: [yozugddp] C:\WINDOWS\system32\pfmelrvq.exe
O4 - HKLM\..\Run: [ustyhijj] C:\WINDOWS\system32\kuavpxqb.exe
O4 - HKLM\..\Run: [sxwaqbhr] C:\WINDOWS\system32\txrxxuew.exe
O4 - HKLM\..\Run: [xnih] C:\WINDOWS\system32\fvffxun.exe
O4 - HKLM\..\Run: [esrlxuc] C:\WINDOWS\system32\sryiyfil.exe
O4 - HKLM\..\Run: [ykqkn] C:\WINDOWS\system32\ttxfw.exe
O4 - HKLM\..\Run: [sfaolo] C:\WINDOWS\system32\dncxxfje.exe
O4 - HKLM\..\Run: [jfes] C:\WINDOWS\system32\jrnoia.exe
O4 - HKLM\..\Run: [whdpscq] C:\WINDOWS\system32\totdwbuf.exe
O4 - HKLM\..\Run: [ujzms] C:\WINDOWS\system32\qerzzfac.exe
O4 - HKLM\..\Run: [zxmynlg] C:\WINDOWS\system32\yejrz.exe
O4 - HKLM\..\Run: [ftcw] C:\WINDOWS\system32\vdhmb.exe
O4 - HKLM\..\Run: [rbusag] C:\WINDOWS\system32\jqhcnol.exe
O4 - HKLM\..\Run: [gjykvosb] C:\WINDOWS\system32\feik.exe
O4 - HKLM\..\Run: [paplip] C:\WINDOWS\system32\fpjrt.exe
O4 - HKLM\..\Run: [eaqtsh] C:\WINDOWS\system32\ytkdtglk.exe
O4 - HKLM\..\Run: [bshq] C:\WINDOWS\system32\clip.exe
O4 - HKLM\..\Run: [utcdsw] C:\WINDOWS\system32\wkkmxy.exe
O4 - HKLM\..\Run: [oagpdupl] C:\WINDOWS\system32\jhjgzo.exe
O4 - HKLM\..\Run: [vrbvuxz] C:\WINDOWS\system32\ptddl.exe
O4 - HKLM\..\Run: [lfho] C:\WINDOWS\system32\jeiey.exe
O4 - HKLM\..\Run: [fykstxr] C:\WINDOWS\system32\djlkdj.exe
O4 - HKLM\..\Run: [mxmfvpt] C:\WINDOWS\system32\kmmkivdz.exe
O4 - HKLM\..\Run: [gokxuzlf] C:\WINDOWS\system32\xizeug.exe
O4 - HKLM\..\Run: [qedy] C:\WINDOWS\system32\dxxyzil.exe
O4 - HKLM\..\Run: [qflyywg] C:\WINDOWS\system32\abpsq.exe
O4 - HKLM\..\Run: [sgxxyhu] C:\WINDOWS\system32\rofsqn.exe
O4 - HKLM\..\Run: [lpwgbl] C:\WINDOWS\system32\tdrmo.exe
O4 - HKLM\..\Run: [giirpn] C:\WINDOWS\system32\krfjmm.exe
O4 - HKLM\..\Run: [besh] C:\WINDOWS\system32\ghfs.exe
O4 - HKLM\..\Run: [vnydiii] C:\WINDOWS\system32\uwykz.exe
O4 - HKLM\..\Run: [fountw] C:\WINDOWS\system32\jotizb.exe
O4 - HKLM\..\Run: [cbaxidh] C:\WINDOWS\system32\tiiaw.exe
O4 - HKLM\..\Run: [eavu] C:\WINDOWS\system32\djqfuff.exe
O4 - HKLM\..\Run: [cgwrkftf] C:\WINDOWS\system32\gckjfruy.exe
O4 - HKLM\..\Run: [tdvlrpm] C:\WINDOWS\system32\impx.exe
O4 - HKLM\..\Run: [tengpqj] C:\WINDOWS\system32\gzbl.exe
O4 - HKLM\..\Run: [ntqnpsko] C:\WINDOWS\system32\ckwcnh.exe
O4 - HKLM\..\Run: [condr] C:\WINDOWS\system32\kejqsb.exe
O4 - HKLM\..\Run: [zmznoz] C:\WINDOWS\system32\bvoipmmy.exe
O4 - HKLM\..\Run: [wxkzvnef] C:\WINDOWS\system32\caciiy.exe
O4 - HKLM\..\Run: [kstdlw] C:\WINDOWS\system32\ubfpk.exe
O4 - HKLM\..\Run: [nwluiwwm] C:\WINDOWS\system32\zxzndm.exe
O4 - HKLM\..\Run: [igef] C:\WINDOWS\system32\oniny.exe
O4 - HKLM\..\Run: [mhpynx] C:\WINDOWS\system32\tawipglh.exe
O4 - HKLM\..\Run: [azpthn] C:\WINDOWS\system32\cfaybfxe.exe
O4 - HKLM\..\Run: [urxk] C:\WINDOWS\system32\czigcm.exe
O4 - HKLM\..\Run: [lbzeavbc] C:\WINDOWS\system32\sfmpwyon.exe
O4 - HKLM\..\Run: [uckp] C:\WINDOWS\system32\rdriail.exe
O4 - HKLM\..\Run: [wxaoqd] C:\WINDOWS\system32\svbkpbb.exe
O4 - HKLM\..\Run: [gofoc] C:\WINDOWS\system32\jxrb.exe
O4 - HKLM\..\Run: [jcjv] C:\WINDOWS\system32\klqvhh.exe
O4 - HKLM\..\Run: [nsygadq] C:\WINDOWS\system32\lufzhqc.exe
O4 - HKLM\..\Run: [xijv] C:\WINDOWS\system32\xcgiplrq.exe
O4 - HKLM\..\Run: [bugypeth] C:\WINDOWS\system32\soidyqe.exe
O4 - HKLM\..\Run: [ywacwkr] C:\WINDOWS\system32\bdot.exe
O4 - HKLM\..\Run: [fessl] C:\WINDOWS\system32\xphsy.exe
O4 - HKLM\..\Run: [uwasoraw] C:\WINDOWS\system32\isuuxake.exe
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\eufjb.exe

Click "Fix checked".

Reboot in safe mode, make sure that you can see the hidden files and folders and delete:
C:\WINDOWS\system32\wsxsvc\ <-folder
C:\WINDOWS\system32\vmss<-folder

Remove all the files from the below TEMP folders (and sub-folders) :
(DO NOT DELETE THE FOLDERS ONLY THE CONTENTS.)
-C:\documents and settings\<your name>\local settings\temp
-C:\temp (if present)
-C:\windows\temp

Empty the recycle bin.

Reboot in normal mode and post a new log, please.
Reply With Quote
  #3  
Old December 30th, 2004, 12:46 AM
Sand Sand is offline
New Member
  
Join Date: Dec 2004
Posts: 2
Thankyou and New log file
Hi ..Thank you for all your help..
Followed all the steps you sent..But after going into safe mode the folders weren't there and there wasn't any contents in my temp folders.. I had also used pest patrol so I don't know if maybe that had removed them?
I am worried as now I have come out of safe mode I have a message box on my computer which says: The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time windows starts..?
Here is my new log file..
Here isLogfile of HijackThis v1.99.0
Scan saved at 21:47:27, on 29/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\gpxwasle.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Radio 1 Mini DJ\skinkers.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AOL 8.0\aoltray.exe
C:\Documents and Settings\sand\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/u...en/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/radio1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/u...en/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/u...en/default.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDr ive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ftsmsam] C:\WINDOWS\system32\twvko.exe
O4 - HKLM\..\Run: [aofgwdm] C:\WINDOWS\system32\blpoa.exe
O4 - HKLM\..\Run: [zeyz] C:\WINDOWS\system32\xflux.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [ltryjbk] C:\WINDOWS\system32\axabkjq.exe
O4 - HKLM\..\Run: [cjwuun] C:\WINDOWS\system32\oesfsolw.exe
O4 - HKLM\..\Run: [zsfmjo] C:\WINDOWS\system32\rdiuxgjf.exe
O4 - HKLM\..\Run: [spjy] C:\WINDOWS\system32\gpxwasle.exe
O4 - HKLM\..\Run: [aczlpo] C:\WINDOWS\system32\aqkcpke.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BBCRadio1Cluster] C:\Program Files\Radio 1 Mini DJ\skinkers.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: SirSearch - file://C:\Program Files\PWRSDP1\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.6.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/28ac35b9...p/RdxIE601.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Reply With Quote
  #4  
Old December 30th, 2004, 01:11 AM
Acrobaze Acrobaze is offline
Malware Removal Team
  
Join Date: Nov 2003
O/S: Windows 10 Home
Location: France
Posts: 11,994
Hi,

It's better, but still some files.

To make sure that you can see all the files, read this PAGE.

---------

ControlAltDel
End the process: gpxwasle.exe

Run again twice the same tool (uninst.exe) when you are online with a reboot between.

After, close all browser windows, run only HijackThis and check:

O4 - HKLM\..\Run: [ftsmsam] C:\WINDOWS\system32\twvko.exe
O4 - HKLM\..\Run: [aofgwdm] C:\WINDOWS\system32\blpoa.exe
O4 - HKLM\..\Run: [zeyz] C:\WINDOWS\system32\xflux.exe
O4 - HKLM\..\Run: [ltryjbk] C:\WINDOWS\system32\axabkjq.exe
O4 - HKLM\..\Run: [cjwuun] C:\WINDOWS\system32\oesfsolw.exe
O4 - HKLM\..\Run: [zsfmjo] C:\WINDOWS\system32\rdiuxgjf.exe
O4 - HKLM\..\Run: [spjy] C:\WINDOWS\system32\gpxwasle.exe
O4 - HKLM\..\Run: [aczlpo] C:\WINDOWS\system32\aqkcpke.exe
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe

O8 - Extra context menu item: SirSearch - file://C:\Program Files\PWRSDP1\Cache\SelectedContextSearch.htm

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.6.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/28ac35b...ip/RdxIE601.cab

Click "Fix checked".

To remove the message:
Start->run->type msconfig
"General" -> check "Normal Startup"

To boot in safe mode:


Delete this folder:
C:\Program Files\Common Files\updater\

Empty the recycle bin.

Reboot in normal mode and post a new log, please, Sand.
Reply With Quote
Reply

Bookmarks

« Previous Topic | Next Topic »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
HiJackThis log PCLady Malware Removal 4 January 8th, 2005 04:00 AM
HijackThis log... LongboardLuLu Malware Removal 4 January 3rd, 2005 03:35 AM
Hijackthis log...please help! adri_chii Malware Removal 5 December 29th, 2004 06:41 AM
HiJackThis log PCLady Malware Removal 3 December 27th, 2004 06:50 AM
HijackThis Log JPen44 Malware Removal 3 December 27th, 2004 05:12 AM


All times are GMT +1. The time now is 10:11 AM.