*My Log*
Heres a log of my notebook. I had caught a trojan a while back that had unzipped all kinds if junk on my comp. Thanks to Spybot S&D, and Adware, I had got rid of mostly everything except this Ads234 that comes up uploading as I browse the web...
Logfile of HijackThis v1.98.2
Scan saved at 2:26:23 AM, on 8/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\RFA\rfagent.exe
C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe
C:\WINDOWS\System32\avifile8.exe
C:\WINDOWS\system32\soloci.exe
C:\Documents and Settings\Carlos and Elizabeth\Local Settings\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Carlos and Elizabeth\Local Settings\Temp\aqbmI.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D} - (no file)
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RFAgent] C:\Program Files\RFA\rfagent.exe
O4 - HKLM\..\Run: [gz6kl] C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
O4 - HKLM\..\Run: [r8D] C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe
O4 - HKLM\..\Run: [544ca089c00f] C:\WINDOWS\System32\avifile8.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [mtxclu(2)(2)(2)204w.exe] "C:\WINDOWS\System32\mtxclu(2)(2)(2)204w.exe"
O4 - HKCU\..\Run: [Mo33RWaEX] soloci.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {4BEEC43B-1FA3-475E-95E0-C52469093501} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/nextel/iUpdateAutoLaunch.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v5.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\ksuser637q.dll
Logfile of HijackThis v1.98.2
Scan saved at 2:26:23 AM, on 8/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\RFA\rfagent.exe
C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe
C:\WINDOWS\System32\avifile8.exe
C:\WINDOWS\system32\soloci.exe
C:\Documents and Settings\Carlos and Elizabeth\Local Settings\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Carlos and Elizabeth\Local Settings\Temp\aqbmI.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D} - (no file)
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RFAgent] C:\Program Files\RFA\rfagent.exe
O4 - HKLM\..\Run: [gz6kl] C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
O4 - HKLM\..\Run: [r8D] C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe
O4 - HKLM\..\Run: [544ca089c00f] C:\WINDOWS\System32\avifile8.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [mtxclu(2)(2)(2)204w.exe] "C:\WINDOWS\System32\mtxclu(2)(2)(2)204w.exe"
O4 - HKCU\..\Run: [Mo33RWaEX] soloci.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {4BEEC43B-1FA3-475E-95E0-C52469093501} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/nextel/iUpdateAutoLaunch.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v5.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\ksuser637q.dll
0
This discussion has been closed.
Comments
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Carlos and Elizabeth\Local Settings\Temp\aqbmI.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D} - (no file)
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RFAgent] C:\Program Files\RFA\rfagent.exe
O4 - HKLM\..\Run: [gz6kl] C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
O4 - HKLM\..\Run: [r8D] C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe
O4 - HKLM\..\Run: [544ca089c00f] C:\WINDOWS\System32\avifile8.exe
O4 - HKCU\..\Run: [mtxclu(2)(2)(2)204w.exe] "C:\WINDOWS\System32\mtxclu(2)(2)(2)204w.exe"
O4 - HKCU\..\Run: [Mo33RWaEX] soloci.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {4BEEC43B-1FA3-475E-95E0-C52469093501} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\ksuser637q.dll
Then, most important, you'll need to delete this file manually:
C:\WINDOWS\System32\ksuser637q.dll
If you can't see the file, it's because it is hidden. Use this info to explain how to show hidden and system files.
I tried using my Adware today, and when it starts scanning it gets pretty far into it, and freezes up on a file called x.cab
I noticed it stopped working when I installed the new windows update service pk2.
Can someone please help me... And sort of explain what I doing/downloading to fix the problem. Id appreciate it.
Thanks Prime, but i cant download.
Dexter...
The download file pops up, and then another popup comes up saying...
Internet Explorer cannot download getdownload.php?=259 from short-media.com.
Internet Explorer was unable to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later.
Now what?
Dexter...
Now what do I do? I downloaded the fix.
Then, stay in safe mode, run LSP-FIX, and have it remove cdlsp.dll and lspak.dll.
Reboot normally, check things out, come back and let us know. Post a new HJT log for review.
Dexter...
When you say get rid of the following, what and how exactly do you do that? Im sorry for asking but how do you get in safe mode? Thanks for the help... I havent proceeded with fixing this problem because I dont fully understand how to do it. My Internet Explorer is even starting to act up. (Shuts down with error.) I already downloaded the fix. Also, do I system restore before attempting any of these fixes/deleting files?
Logfile of HijackThis v1.98.2
Scan saved at 3:26:40 AM, on 9/2/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\NavNT\vptray.exe
C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe
C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe
C:\WINDOWS\system32\soloci.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hi-Jack-This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Carlos and Elizabeth\Local Settings\Temp\hrZx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [gz6kl.exe] C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
O4 - HKLM\..\Run: [r8D.exe] C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe
O4 - HKLM\..\Run: [gz6kl] C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
O4 - HKLM\..\Run: [r8D] C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [mtxclu(2)(2)(2)204w.exe] "C:\WINDOWS\System32\mtxclu(2)(2)(2)204w.exe"
O4 - HKCU\..\Run: [Mo33RWaEX] soloci.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {4BEEC43B-1FA3-475E-95E0-C52469093501} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/nextel/iUpdateAutoLaunch.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v5.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\glu32476q.dll
http://www.short-media.com/forum/showpost.php?p=175908&postcount=6
Dexter...
Continuing on, get rid of the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Carlos and Elizabeth\Local Settings\Temp\hrZx.dll
O4 - HKLM\..\Run: [gz6kl.exe] C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
O4 - HKLM\..\Run: [r8D.exe] C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe
O4 - HKLM\..\Run: [gz6kl] C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
O4 - HKLM\..\Run: [r8D] C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe
O4 - HKCU\..\Run: [mtxclu(2)(2)(2)204w.exe] "C:\WINDOWS\System32\mtxclu(2)(2)(2)204w.exe"
O4 - HKCU\..\Run: [Mo33RWaEX] soloci.exe
O9 - Extra button: (no name) - {4BEEC43B-1FA3-475E-95E0-C52469093501} - (no file) (HKCU)
O20 - AppInit_DLLs: C:\WINDOWS\system32\glu32476q.dll
Now, set your computer to show hidden files and folders. You must do this before you reboot the computer: Delete the following files:
C:\WINDOWS\SYSTEM32\glu32476q.dll
soloci.exe
C:\WINDOWS\System32\mtxclu(2)(2)(2)204w.exe
C:\Documents and Settings\Carlos and Elizabeth\Local Settings\Temp\ - DELETE EVERYTHING IN THE TEMP FOLDER
After you delete everything, reboot, and then post a new HJT log.
When you said delete everything in this folder--->C:\Documents and Settings\Carlos and Elizabeth\Local Settings\Temp\
Do I just select all and delete or do I go through every folder and delete its contents?
Logfile of HijackThis v1.98.2
Scan saved at 1:53:16 AM, on 9/3/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hi-Jack-This\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Messenger\ypager.exe -quiet
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/nextel/iUpdateAutoLaunch.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v5.cab
Thank you sir's, I really appreciate your help.
Your log looks clean. Everything seem okay now?
So far, everything seems okay. Im going to give it a week to see if anything comes up fishy.
Thanks for the help.