Your Ad Here Your Ad Here
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Hijack this log....

  1. #1
    enoughfakefiles's Avatar Ad ministrator
    Join Date
    Jun 2003
    Location
    I'm an Even Steven with a
    Posts
    10,491
    Could one of you kind chaps please a have a butchers at this log file and tell me if there`s anything obvious wrong with it.I`ve just done an install of windows xp with server pack two but i`m finding it a bit shit with the internet.Popups and spyware.???

    I have adaware and it keeps finding stuff on a daily basis.

    I try to use firefox but sometimes prefer IE.I know i should`nt have said that but firefox seems sluggish on this forum.

    Here`s the logfile.

    Logfile of HijackThis v1.99.0
    Scan saved at 21:18:51, on 16/02/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\sstray.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\lfmquota.exe
    C:\WINDOWS\system32\lftcd12n.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.148.184.7:80
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\philip clegg\Application Data\Mozilla\Profiles\default\y9aiuw1y.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\philip clegg\Application Data\Mozilla\Profiles\default\y9aiuw1y.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [q3nV32P] lftcd12n.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [b049RSjEX] lfmquota.exe
    O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
    O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    I know it`s just getting used to a new OS but xp seems to attract shite.

    Thanks in advance

  2. Software & Hardware   -   #2
    zedaxax's Avatar ___________
    Join Date
    Oct 2004
    Posts
    926
    I didnt look these up but for me i would check them out

    PROCESSES
    C:\WINDOWS\system32\sstray.exe
    wtf? -
    The process known as sstray.exe is used by nVidia graphic cards. It provides quick access to many of the features of your nVidia nForce graphics card via an icon in the system tray. If you do not have an nForce graphics card installed in your computer you should be safe to stop this process. Otherwise if you do have an nVidia nForce or nForce2 graphics card installed, you should leave this process runnning unless it is causing your system to become unstable.
    nonetheless it is not essential for nvidia to work

    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\hphmon05.exe

    Do you really need 4 process running for your printer to work?

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    if thats from real player you probably have spyware, personally i would kill it

    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    this from java - goto control panel - java - in options disable the "updater"
    unless youreally love programs constantly looking for updates...

    C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    Wtf?

    C:\WINDOWS\system32\HPZipm12.exe
    if thats for your printer it means you have FIVE processes running just for your printer - cant be right


    C:\WINDOWS\system32\lfmquota.exe
    C:\WINDOWS\system32\lftcd12n.exe

    never heard of it - probably your firewall - ifnot check it out
    Last edited by zedaxax; 02-16-2005 at 10:44 PM.

  3. Software & Hardware   -   #3
    Chewie's Avatar Chew E. Bakke
    Join Date
    Feb 2004
    Posts
    4,883
    Quote Originally Posted by zedaxax
    I didnt look these up but for me i would check them out

    PROCESSES
    C:\WINDOWS\system32\sstray.exe
    wtf?
    No wtf about it; gfx card/chipset vendors have been putting these there for years.
    Quote Originally Posted by zedaxax
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\hphmon05.exe

    Do you really need 4 process running for your printer to work?
    HP do love to place peocesses in the background.
    They're not always just for printers though, as HP market their own PCs, scanners, cameras and other fine (!) equipment.
    Quote Originally Posted by zedaxax
    C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    Wtf?
    Looks like a Visioneer scanner program updater.
    Quote Originally Posted by zedaxax

    C:\WINDOWS\system32\lfmquota.exe
    C:\WINDOWS\system32\lftcd12n.exe

    never heard of it - probably your firewall - ifnot check it out
    No Google results for seemingly randomly generated filename = bad file. This would indicate a malicious dll file, which isn't going to be easy to find.

    Also, uninstall AdTools using the Add/Remove Programs applet in Control Panel, then run HijackThis again to check this line has gone:
    O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
    There isn't a bargepole long enough for me to work on [a Sony Viao] - clocker 2008

  4. Software & Hardware   -   #4
    TheDave's Avatar n00b
    Join Date
    Apr 2003
    Location
    yorkshire, england
    Age
    31
    Posts
    6,982
    get the microsoft spyware thing. its better than ad-aware for finding stuff

  5. Software & Hardware   -   #5
    Joakim Agren's Avatar Superman loves P2P
    Join Date
    Oct 2003
    Location
    Sweden
    Age
    38
    Posts
    409
    Hello!

    Your system seems fine from a safety perspective!. Only thing I would remove is this one:

    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab

    That is used when performing a virsuscan with House Call online scanner but might perhaps have some spy functions when not used!. Atleast I have heard that this entry is suspicious and should be removed!!.


    Sincerely Joakim Agren!

  6. Software & Hardware   -   #6
    enoughfakefiles's Avatar Ad ministrator
    Join Date
    Jun 2003
    Location
    I'm an Even Steven with a
    Posts
    10,491
    Thanks for the look there chaps.I`m at work at the moment but as long as nothing looks that bad.

    I`ll try unistalling the adtool thing.It`s just that my computer seem a bit sluggish when i installed windows xp.I have sever pack two as well but for some reason the inbuilt fire wall was turned off.???

    I`ve only installe dthe driver for the mother board and my graphics card which i got with the said items co it might be an idea to update the driver s and things.?????

    /Edit is the microsoft spyware thingy out yet dave.????
    Last edited by enoughfakefiles; 02-17-2005 at 10:24 AM.

  7. Software & Hardware   -   #7
    peat moss's Avatar Software Farmer BT Rep: +15BT Rep +15BT Rep +15
    Join Date
    May 2003
    Location
    Delta B.C. Canada
    Posts
    10,816
    Its been out for awhile . You can get it here.

    http://www.microsoft.com/athome/secu...e/default.mspx

  8. Software & Hardware   -   #8
    enoughfakefiles's Avatar Ad ministrator
    Join Date
    Jun 2003
    Location
    I'm an Even Steven with a
    Posts
    10,491
    Ta very much much much for that peat moss and the dave.

    Do you have to have a genuine copy of windows xp to download it.???

  9. Software & Hardware   -   #9
    enoughfakefiles's Avatar Ad ministrator
    Join Date
    Jun 2003
    Location
    I'm an Even Steven with a
    Posts
    10,491
    I`ve updated my drivers and my computer seems faster thn before.I`ve also changed my virtual memory over to my d drive and turned my computer hibination on.

    I ininstalled the adtools thingy but it appears in the log file again.

    I also installed the beta spyware thing from microsort which actual;ly looks a grat tool i wonder if microsoft have got something right or it`s full of spyware its self.

    Here`s my latest hijack this log file.

    Logfile of HijackThis v1.99.0
    Scan saved at 20:58:56, on 17/02/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\lftcd12n.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\lfmquota.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    D:\Downloads\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.148.184.7:80
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\philip clegg\Application Data\Mozilla\Profiles\default\y9aiuw1y.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\philip clegg\Application Data\Mozilla\Profiles\default\y9aiuw1y.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [q3nV32P] lftcd12n.exe
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [b049RSjEX] lfmquota.exe
    O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Thanks in advance.

  10. Software & Hardware   -   #10
    Chewie's Avatar Chew E. Bakke
    Join Date
    Feb 2004
    Posts
    4,883
    Press CTRL+ALT+DEL or right-click the taskbar and select Task Manager and end these peocesses:
    lftcd12n.exe
    lfmquota.exe


    Delete these files:
    C:\WINDOWS\system32\lftcd12n.exe
    C:\WINDOWS\system32\lfmquota.exe


    Fix these items in HijackThis
    O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
    O4 - HKLM\..\Run: [q3nV32P] lftcd12n.exe
    O4 - HKCU\..\Run: [b049RSjEX] lfmquota.exe


    Reboot and delete this folder:
    C:\Program Files\AdTools Service\

    Rescan with HJT and post another log.
    There isn't a bargepole long enough for me to work on [a Sony Viao] - clocker 2008

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •