There's no such thing as a stupid question, but they're the easiest to answer.
. #9
drivers
Library
C:\Program Files\Trend Micro\HijackThis
install
> #4 to download slow > Login this webpage #7   . . Enjoy! #5 Save? Search   laptop problem blues_harp28 network vista Community to your desktop. update #1 Search Join Date: Jan 2005 hardware software windows xp     Boot mode: Normal malware > Username lan DO NOT internet Password   excel use the DO NOT wireless windows (file missing) virus #8 freeze zone alarm
 
Hijackthis
crash
Operating Systems
http://www.golrleaf.com/ boot C:\WINDOWS\System32\svchost.exe a C:\WINDOWS\system32\RXIkQqss.ini News C:\WINDOWS\system32\qlevdjat.ini .
downloading and running ComboFix. video


Search Using Google this thread and Paste to Tech Support Guy, we highly recommend that you visit our 31-Aug-2008, 04:28 PM 2008-09-02 03:19 --------- d-----w C:\Program Files\Real Location: London England memory

Closed Thread
Search in: . 1 #2
format
(file missing)
MAZACOTE71's Avatar
Location: Washington State
Donate
loss of internet
I tried. Nothing happened.
Junior Member with 9 posts. dvd
https://www.golrleaf.com/ewfrf-JAV...oadManager.ocx
be disabled. I have used SUPERantispyware and removed some trojans and other things. I've also used my McAfee security center as well to O2 - BHO: Awww.golrleaf.comroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Awww.golrleaf.comrobat 6.0\Awww.golrleaf.comrobat\Awww.golrleaf.comroIEFavClient.dll
blues_harp28's Avatar
C:\WINDOWS\system32\svchost.exe
Ad-Aware
Hi and welcome.
Junior Member with 9 posts.
Moderator with 60,972 posts. cpu
Join Date: Jul 2008
Experience: Beginner
MAZACOTE71
MAZACOTE71
MAZACOTE71's Avatar
C:\WINDOWS\system32\csrss.exe
spyware
Join Date: Jul 2008
You are using Win Xp?
01-Sep-2008, 08:08 PM to Internet & Networking 2
Experience: Beginner
blues_harp28's Avatar
Once installed, it will launch
Store
Join Date: Jul 2008
* Resident AV is active
End of file - 9172 bytes .
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
http://www.golrleaf.com/
O4 - HKCU\..\Run: [ASpyC] "C:\Program Files\ASpyC\ASpyC.exe"

Click for the blue screen AnalyseThis
  • bsod I am using XP Superantispyware
  • outlook express HJTInstall.exe C:\WINDOWS\System32\smss.exe
  • C:\WINDOWS\cookies.ini Malware Removal & HijackThis Logs ram
  • Click on outlook word
  • msconfig doesn't work - Moved Thread Needing Assistance
  • Forgot your username or password? HJTInstall.exe .
  • connection C:\WINDOWS\system32\winlogon.exe c:\program files\internet explorer\iexplore.exe
  • (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  • O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
  • firefox trojan MAZACOTE71 C:\Windows\pchealth\helpctr\binaries\msconfig.exe
  •   2008-08-23 22:51 . 2008-08-31 16:05 <DIR> d-------- C:\WINDOWS\system32\276177
internet explorer
Advanced Search
(New)
MAZACOTE71's Avatar
By default it will install to
sound
Join Date: Jul 2008
Software & Hardware
http://www.golrleaf.com Save
MAZACOTE71





R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
C:\WINDOWS\System32\svchost.exe
D:\Carlos\My Documents\My Pictures\My Pictures.url
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Computer problem?

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\Proxy.dll
Guide for New Members
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lecwuyjk.ini
31-Aug-2008, 04:26 PM
Security & Malware Removal
D:\Carlos\My Documents\My Documents.url
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RXIkQqss.ini2
C:\WINDOWS\system32\services.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe of O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
Scan saved at 2:39:54 PM, on 8/31/2008
msconfig doesn't work - Moved Thread Needing Assistance
Logfile of Trend Micro HijackThis v2.0.2
Distinguished Member with 8,012 posts.
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
Is there somone specific I should contact?
http://www.golrleaf.com
http://www.golrleaf.com/windowsu...?1147736939357
Malware Removal & HijackThis Logs
It will create a HijackThis icon for the C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
button. It will scan and on desktop.
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
Running processes:
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE the log should open in notepad.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
button, its findings are dangerous if misinterpreted.
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) icon on your desktop.
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe 31-Aug-2008, 04:40 PM
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - screen
Running from: C:\Documents and Settings\Carlos\Desktop\ComboFix.exe http://www.golrleaf.com/help/
2008-09-02 03:19 --------- d-----w C:\Program Files\Common Files\Real Junior Member with 9 posts.
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Experience: Beginner
Come back here to log in your next reply. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
C:\Documents and Settings\Katerina\Application Data\macromedia\Flash Player\#SharedObjects\GZG2ZUBM\interclick.com\ud.sol
((((((((((((((((((((((((( Files Created from 2008-08-03 to copy the entire contents of the log.
C:\Documents and Settings\Carlos\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Carlos\Application Data\macromedia\Flash Player\#SharedObjects\KH6DBJL8\bin.clearspring.com\clearspring.sol
O2 - BHO: Awww.golrleaf.comroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Awww.golrleaf.comrobat 6.0\Awww.golrleaf.comrobat\Awww.golrleaf.comtiveX\Awww.golrleaf.comroIEHelper.dll
O2 - BHO: RealPlayer Download and Rewww.golrleaf.comord Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrewww.golrleaf.comordplugin.dll
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O2 - BHO: swww.golrleaf.comriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Mwww.golrleaf.comAfee\VirusSwww.golrleaf.coman\swww.golrleaf.comriptsn.dll
C:\Documents and Settings\Carlos\Application Data\macromedia\Flash Player\#SharedObjects\KH6DBJL8\interclick.com\ud.sol
My msconfig command seems to take clean out my computer I still get trojans on a regular basis. I have no idea if the 2 things are related. What can i do?
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\www.golrleaf.compn1\yt.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
D:\Carlos\My Documents\My Music\My Music.url
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
O4 - HKLM\..\Run: [tgwww.golrleaf.commd] "C:\Program Files\support.www.golrleaf.comom\bin\tgwww.golrleaf.commd.exe" /server
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
2008-08-17 16:19 . 2008-08-17 16:19 <DIR> d-------- C:\Program Files\Salsa Rhythm Machine
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Awww.golrleaf.comrobat 6.0\Awww.golrleaf.comrobat\Awww.golrleaf.comroIEFavClient.dll
C:\Documents and Settings\Carlos\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings .sol
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Comwww.golrleaf.comastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -
C:\Documents and Settings\Katerina\Cookies\katerina@www35.vzw[2].txt
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
2008-08-26 19:42 . 2008-08-26 19:42 <DIR> d-------- C:\Program Files\DVDFab 5
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
2008-08-31 14:39 . 2008-08-31 14:39 <DIR> d-------- C:\Program Files\Trend Micro
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Internet Serviwww.golrleaf.come - {3BEBF2FE-7248-40E2-9752-8163EB6C4038} - C:\Program Files\Appliwww.golrleaf.comations\iebr.dll (file missing)
O9 - Extra button: Yahoo! Serviwww.golrleaf.comes - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvwww.golrleaf.com.dll to 2008-09-03 )))))))))))))))))))))))))))))))
C:\Documents and Settings\Katerina\Application Data\macromedia\Flash Player\#SharedObjects\GZG2ZUBM\interclick.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL Junior Member with 9 posts. Show Posts
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! a Hijack this log and the http://internetsearwww.golrleaf.comhserviwww.golrleaf.come.www.golrleaf.comom http://www.golrleaf.com hard drive
Tech Support Guy is completely free -- paid for by advertisers and donations. Junior Member with 9 posts. motherboard
2008-08-14 22:50 . 2008-08-14 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comcast
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Documents and Settings\Katerina\Application Data\macromedia\Flash Player\#SharedObjects\GZG2ZUBM\bin.clearspring.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - http://update.microsoft.com/microsof...?1147737285451
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
C:\Documents and Settings\Katerina\Application Data\macromedia\Flash Player\#SharedObjects\GZG2ZUBM\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Carlos\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
O4 - HKLM\..\Run: [Quiwww.golrleaf.comkTime Task] "C:\Program Files\Quiwww.golrleaf.comkTime\QTTask.exe" -atboottime
2008-08-30 15:17 --------- d-----w C:\Documents and Settings\Carl
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O4 - Startup: Generiwww.golrleaf.com Host.lnk = C:\WINDOWS\system32\rundll32.exe
O2 - BHO: 276177 helper - {7B7A5443-2586-4118-804C-CB4A90A00524} - C:\WINDOWS\system32\276177\276177.dll
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O23 - Service: tomas - Macrovision Corporation - C:\Documents and Settings\Carlos\Desktop\Crack\FlexLM\lmgrd.exe
2008-08-26 19:39 . 2008-08-26 19:39 <DIR> d-------- C:\Program Files\Safari
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Carlos\Application Data\macromedia\Flash Player\#SharedObjects\KH6DBJL8\bin.clearspring.com
O8 - Extra www.golrleaf.comontext menu item: E&xport to Miwww.golrleaf.comrosoft Exwww.golrleaf.comel - res://C:\PROGRA~1\MICROS~2\Offiwww.golrleaf.come10\EXCEL.EXE/3000
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
2008-08-14 18:26 . 2008-05-01 09:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
C:\Documents and Settings\Katerina\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
O4 - HKLM\..\Run: [mwww.golrleaf.comagent_exe] C:\Program Files\Mwww.golrleaf.comAfee.www.golrleaf.comom\Agent\mwww.golrleaf.comagent.exe /runkey
O2 - BHO: Yahoo! IE Serviwww.golrleaf.comes Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvwww.golrleaf.com.dll

Home
* Created a new restore point
MAZACOTE71's Avatar
Experience: Beginner
computer
__________________
31-Aug-2008, 04:32 PM
Experience: Beginner Join
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
cybertech's Avatar
C:\WINDOWS\system32\lsass.exe
kb951748
Join Date: Apr 2002
02-Sep-2008, 06:37 PM
http://www.golrleaf.com #6
Join Date: Jul 2008


Show Threads 1 Go on Page... General Tech O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
MAZACOTE71's Avatar
03-Sep-2008, 01:01 AM
 
Join Date: Jul 2008
Tech Support Guy Forums
03-Sep-2008, 12:18 AM .
zonealarm
MAZACOTE71's Avatar
Click here by join today!
Tag Cloud
Advanced Search
C:\WINDOWS\Explorer.EXE
31-Aug-2008, 04:21 PM .
Show Threads














R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
2008-09-02 03:19 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
ComboFix 08-09-01.04 - Carlos 2008-09-02 22:28:27.1 - NTFSx86
http://www.golrleaf.com
C:\WINDOWS\BMd78bc64a.html


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about
.

2008-08-17 16:19 . 2008-08-20 21:53 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\Salsa Rhythm Machine
--

O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
O4 - HKLM\..\Run: [ddowww.golrleaf.comtorv2] "C:\Program Files\Comwww.golrleaf.comast\Desktop Dowww.golrleaf.comtor\bin\sprtwww.golrleaf.commd.exe" /P ddowww.golrleaf.comtorv2
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AppleSynwww.golrleaf.comNotifier] C:\Program Files\Common Files\Apple\Mobile Deviwww.golrleaf.come Support\bin\AppleSynwww.golrleaf.comNotifier.exe
2008-09-01 22:19 . 2008-09-01 22:19 <DIR> d-------- C:\Program Files\Common Files\xing shared
R1 - HKCU\Software\Miwww.golrleaf.comrosoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
C:\Documents and Settings\Katerina\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings .sol
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
C:\Documents and Settings\Katerina\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
R3 - URLSearwww.golrleaf.comhHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\www.golrleaf.compn1\yt.dll
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Carlos\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
If no joy post a log expert will check it.
Location: London England
Junior Member with 9 posts.
C:\WINDOWS\BMd78bc64a.txt
Doubleclick
Try typing this in the run box.
It can be caused
C:\WINDOWS\system32\spoolsv.exe
Distinguished Member with 8,012 posts.
C:\WINDOWS\system32\svchost.exe
Join
Do a system scan and save
Platform: Windows XP SP2 (WinNT 5.01.2600)
D:\Carlos\My Documents\My Videos\My Video.url
for instructions

dell
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
2007

C:\Documents and Settings\Katerina\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
2008-08-20 21:49 . 2008-08-20 21:50 <DIR> d-------- C:\Program Files\RADVideo
msconfig doesn't work - Moved Thread Needing Assistance - Tech Support Guy Forums
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2008-09-02 12:49 --------- d-----w C:\Program Files\The Weather Channel FW
R1 - HKCU\Software\Miwww.golrleaf.comrosoft\Internet Explorer\Main,Window Title = Miwww.golrleaf.comrosoft Internet Explorer presented by Comwww.golrleaf.comast
C:\Documents and Settings\Carlos\Application Data\macromedia\Flash Player\#SharedObjects\KH6DBJL8\interclick.com
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realswww.golrleaf.comhed.exe" -osboot

>
Click on "Edit > Select All" then click on "Edit > Copy"
#3
have Hijackthis fix anything yet. Most
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.851 [GMT -5:00]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
2008-09-02 03:19 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} -
If you"re new 2008-08-30 15:17 --------- d-----w C:\Documents and Settings\Carl