Posted December 15, 200519 yr Just need to know what not to delete Thanks. Logfile of HijackThis v1.99.1 Platform: Windows 2000 SP1 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 (5.00.2920.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\winpad.exe C:\WINDOWS\system32\MSTask.exe C:\WINDOWS\shost.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\stisvc.exe C:\WINDOWS\winlog.exe C:\WINDOWS\Explorer.exe C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\WINDOWS\System32\mouse.exe C:\Program Files\BearShare\BearShare.exe C:\windows\TEMP\CWIN0.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\pgws.exe C:\WINDOWS\System32\cpqtrn.exe C:\Program Files\Windows Media Player\mplayer2.exe C:\WINDOWS\System32\msn9.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\System32\igps.exe C:\WINDOWS\System32\cpqtrn.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\cssrss.exe C:\WINDOWS\system32\cmd.exe C:\ozi.exe C:\ozzi.exe C:\ozzi.exe C:\ozzi.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\ozzi.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\System32\msnchecker.exe C:\WINDOWS\system32\cmd.exe C:\Documents and Settings\big m\Local Settings\Temp\wze5ab\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\rqonn.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [PP8 SE Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini" O4 - HKLM\..\Run: [mouse] mouse.exe O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg.dll" O4 - HKLM\..\Run: [services] C:\sk17934.exe O4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [Java] C:\windows\TEMP\CWIN0.EXE O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\System32\igps.exe" O4 - HKLM\..\Run: [0ce80c5c.dll] RUNDLL32.EXE 0ce80c5c.dll,b 36235013 O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006a.exe O4 - HKLM\..\Run: [\swo] C:\windows\mrjj.exe O4 - HKLM\..\Run: [MSN Checker] msnchecker.exe O4 - HKLM\..\Run: [=TPM] C:\windows\mrjj.exe O4 - HKLM\..\Run: [ntdll.dll] C:\windows\TEMP\OVSS2.EXE O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe" O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\wkkiyi.exe reg_run O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\DLLLOADRS.EXE O4 - HKLM\..\RunServices: [mouse] mouse.exe O4 - HKLM\..\RunServices: [DCPG0] c:\windows\TEMP\DCPG0.EXE O4 - HKLM\..\RunServices: [KBIT1] c:\windows\TEMP\KBIT1.EXE O4 - HKLM\..\RunServices: [NWBX2] c:\windows\TEMP\NWBX2.EXE O4 - HKLM\..\RunServices: [uFRV0] c:\windows\TEMP\UFRV0.EXE O4 - HKLM\..\RunServices: [ECMD1] c:\windows\TEMP\ECMD1.EXE O4 - HKLM\..\RunServices: [TDNG2] c:\windows\TEMP\TDNG2.EXE O4 - HKLM\..\RunServices: [MSN Checker] msnchecker.exe O4 - HKLM\..\RunServices: [WGRV0] c:\windows\TEMP\WGRV0.EXE O4 - HKLM\..\RunServices: [JPIR1] c:\windows\TEMP\JPIR1.EXE
December 15, 200519 yr Author the rest of it O4 - HKLM\..\RunServices: [JFPD2] c:\windows\TEMP\JFPD2.EXE O4 - HKLM\..\RunServices: [WDPK0] c:\windows\TEMP\WDPK0.EXE O4 - HKLM\..\RunServices: [LFOG1] c:\windows\TEMP\LFOG1.EXE O4 - HKLM\..\RunServices: [RSVR2] c:\windows\TEMP\RSVR2.EXE O4 - HKLM\..\RunServices: [CLIA0] c:\windows\TEMP\CLIA0.EXE O4 - HKLM\..\RunServices: [PJRE1] c:\windows\TEMP\PJRE1.EXE O4 - HKLM\..\RunServices: [HCDM2] c:\windows\TEMP\HCDM2.EXE O4 - HKLM\..\RunServices: [hrEU0] c:\windows\TEMP\HREU0.EXE O4 - HKLM\..\RunServices: [bKQW1] c:\windows\TEMP\BKQW1.EXE O4 - HKLM\..\RunServices: [NCWK2] c:\windows\TEMP\NCWK2.EXE O4 - HKLM\..\RunServices: [GESN0] c:\windows\TEMP\GESN0.EXE O4 - HKLM\..\RunServices: [uGCQ1] c:\windows\TEMP\UGCQ1.EXE O4 - HKLM\..\RunServices: [KILA2] c:\windows\TEMP\KILA2.EXE O4 - HKLM\..\RunServices: [CHMU0] c:\windows\TEMP\CHMU0.EXE O4 - HKLM\..\RunServices: [FMKP1] c:\windows\TEMP\FMKP1.EXE O4 - HKLM\..\RunServices: [VRAW2] c:\windows\TEMP\VRAW2.EXE O4 - HKLM\..\RunServices: [PVPD0] c:\windows\TEMP\PVPD0.EXE O4 - HKLM\..\RunServices: [iWGN1] c:\windows\TEMP\IWGN1.EXE O4 - HKLM\..\RunServices: [sGPQ2] c:\windows\TEMP\SGPQ2.EXE O4 - HKLM\..\RunServices: [WBNQ0] c:\windows\TEMP\WBNQ0.EXE O4 - HKLM\..\RunServices: [FAHU1] c:\windows\TEMP\FAHU1.EXE O4 - HKLM\..\RunServices: [WIUI2] c:\windows\TEMP\WIUI2.EXE O4 - HKLM\..\RunServices: [VDOE0] c:\windows\TEMP\VDOE0.EXE O4 - HKLM\..\RunServices: [sEUX1] c:\windows\TEMP\SEUX1.EXE O4 - HKLM\..\RunServices: [LNCO2] c:\windows\TEMP\LNCO2.EXE O4 - HKLM\..\RunServices: [VDAW0] c:\windows\TEMP\VDAW0.EXE O4 - HKLM\..\RunServices: [KWAA1] c:\windows\TEMP\KWAA1.EXE O4 - HKLM\..\RunServices: [sPEF2] c:\windows\TEMP\SPEF2.EXE O4 - HKLM\..\RunServices: [RIEP0] c:\windows\TEMP\RIEP0.EXE O4 - HKLM\..\RunServices: [sEWO1] c:\windows\TEMP\SEWO1.EXE O4 - HKLM\..\RunServices: [sEOT2] c:\windows\TEMP\SEOT2.EXE O4 - HKLM\..\RunServices: [RHBV0] c:\windows\TEMP\RHBV0.EXE O4 - HKLM\..\RunServices: [WQUU1] c:\windows\TEMP\WQUU1.EXE O4 - HKLM\..\RunServices: [OVSS2] c:\windows\TEMP\OVSS2.EXE O4 - HKLM\..\RunServices: [KBXA0] c:\windows\TEMP\KBXA0.EXE O4 - HKLM\..\RunServices: [uVUK1] c:\windows\TEMP\UVUK1.EXE O4 - HKLM\..\RunServices: [DPBV2] c:\windows\TEMP\DPBV2.EXE O4 - HKLM\..\RunServices: [CWIN0] c:\windows\TEMP\CWIN0.EXE O4 - HKLM\..\RunServices: [KOIE1] c:\windows\TEMP\KOIE1.EXE O4 - HKLM\..\RunServices: [bOJH2] c:\windows\TEMP\BOJH2.EXE O4 - HKLM\..\RunServices: [QJUC0] c:\windows\TEMP\QJUC0.EXE O4 - HKLM\..\RunServices: [NHCD1] c:\windows\TEMP\NHCD1.EXE O4 - HKLM\..\RunServices: [NXWS2] c:\windows\TEMP\NXWS2.EXE O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg.dll" O4 - HKCU\..\Run: [MSN Checker] msnchecker.exe O4 - HKCU\..\Run: [kbdrpo] C:\WINDOWS\System32\kbdrpo.exe O4 - HKCU\..\Run: [eqnase] C:\WINDOWS\System32\eqnase.exe O4 - HKCU\..\Run: [cpqtrn] C:\WINDOWS\System32\cpqtrn.exe O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe O4 - HKCU\..\RunOnce: [cpqtrn] C:\WINDOWS\System32\cpqtrn.exe O4 - Global Startup: SuiteStart.lnk = C:\lotus\smartctr\suitest.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - http://www.worldwinner.com/games/shared/uninstall.cab O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll O20 - Winlogon Notify: cbaay - cbaay.dll (file missing) O20 - Winlogon Notify: ljhfg - ljhfg.dll (file missing) O20 - Winlogon Notify: mllif - C:\WINDOWS\SYSTEM32\mllif.dll O20 - Winlogon Notify: rqonn - C:\WINDOWS\SYSTEM32\rqonn.dll O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\windows\SYSTEM32\Brmfrmps.exe" -service (file missing) O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Word Process (msproc) - Unknown owner - C:\WINDOWS\winpad.exe O23 - Service: Windows Remote Procedure Call Monitoring Service (rpcsvc) - Unknown owner - C:\WINDOWS\System32\rpcsvc.exe O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Windows Logon (winlog) - Unknown owner - C:\WINDOWS\winlog.exe[/size]
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.