gdsimms Posted August 15, 2012 ID:585490 Share Posted August 15, 2012 Not sure if this is considered malware or not, but it is a progam that runs on startup and I can only find it in the windows task manager, It is always (not responding) and ties up a ton of processor space. Also I always seem to have near 100 processes running, which concerns me. Thanks in advance for your advice and the logs are attached.dds.txtattach.txt Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2012 ID:586258 Share Posted August 16, 2012 Welcome to the forum.Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller to your desktop.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.MrC Link to post Share on other sites More sharing options...
gdsimms Posted August 17, 2012 Author ID:586441 Share Posted August 17, 2012 RogueKiller V7.6.6 [08/10/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser: A93B [Admin rights]Mode: Scan -- Date: 08/17/2012 07:11:28¤¤¤ Bad processes: 3 ¤¤¤[sUSP PATH] rpcld.exe -- C:\Documents and Settings\All Users\Application Data\Rpcnet\Bin\rpcld.exe -> KILLED [TermProc][sUSP PATH] VM331_STI.EXE -- C:\WINDOWS\VM331_STI.EXE -> KILLED [TermProc][RESIDUE] CmgShieldUI.exe -- C:\WINDOWS\System32\CMGShieldUI.exe -> KILLED [TermProc]¤¤¤ Registry Entries: 4 ¤¤¤[sUSP PATH] HKLM\[...]\Run : 331BigDog (C:\WINDOWS\VM331_STI.EXE) -> FOUND[RANDOMNAME] HKLM\[...]\Run : CmgShieldUI (C:\WINDOWS\System32\CMGShieldUI.exe) -> FOUND[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver: [LOADED] ¤¤¤SSDT[71] : NtEnumerateKey @ 0x8062493C -> HOOKED (CmgShREG.sys @ 0xB9562AA4)SSDT[73] : NtEnumerateValueKey @ 0x80624BA6 -> HOOKED (CmgShREG.sys @ 0xB9562B60)SSDT[177] : NtQueryValueKey @ 0x80622314 -> HOOKED (CmgShREG.sys @ 0xB95628C6)¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: FUJITSU MHZ2080BH G2 +++++--- User ---[MBR] 74f7426acbc7cc6b9f2293d67e3dd44d[bSP] 0f6d289bc876346444a57e829a92e3c3 : Windows XP MBR CodePartition table:0 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 63 | Size: 15366 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31471335 | Size: 60949 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
MrCharlie Posted August 17, 2012 ID:586445 Share Posted August 17, 2012 Looks like it's part of aflac:mRun: [WSPPurge] c:\program files\aflac\common\WSPPurge.exeWe can disable it , let me know, MrC Link to post Share on other sites More sharing options...
gdsimms Posted August 17, 2012 Author ID:586486 Share Posted August 17, 2012 Yea. That would be great. I no longer use this computer for aflac purposes. Link to post Share on other sites More sharing options...
MrCharlie Posted August 17, 2012 ID:586489 Share Posted August 17, 2012 Please download HJT to your desktop:http://www.trendmicr.../HijackThis.exeRun HJT.exeClick on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Save the log to a convenient location.Copy and paste it into your post.MrC Link to post Share on other sites More sharing options...
gdsimms Posted August 17, 2012 Author ID:586492 Share Posted August 17, 2012 Logfile of Trend Micro HijackThis v2.0.4Scan saved at 9:13:26 AM, on 8/17/2012Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\CmgShieldSvc.exeC:\WINDOWS\system32\EMSService.exec:\Program Files\Microsoft Security Client\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Juniper Networks\Common Files\dsNcService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\o2flash.exeC:\Program Files\PC Tools Firewall Plus\FWService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\mqsvc.exeC:\WINDOWS\system32\mqtgsvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\WINDOWS\SYSTEM32\WISPTIS.EXEC:\WINDOWS\System32\tabbtnu.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exeC:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exeC:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Fujitsu\SSUtility\FJSSDMN.exeC:\Program Files\Fujitsu\Utils\FjDspMon.exeC:\Program Files\Fujitsu\Utils\fjevents.exeC:\Program Files\Fujitsu\Utils\FjMenu.exeC:\WINDOWS\system32\igfxext.exeC:\Program Files\Fujitsu\Utils\FjLidMon.exeC:\WINDOWS\system32\EmsServiceHelper.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Citrix\ICA Client\concentr.exeC:\Program Files\Citrix\ICA Client\wfcrun32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\PC Tools Firewall Plus\FirewallGUI.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\iTunes\iTunes.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exeC:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exeC:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\FreeFileViewer\FFVCheckForUpdates.exeC:\WINDOWS\system32\SearchProtocolHost.exeC:\Documents and Settings\A93B\My Documents\Downloads\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exeO4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resumeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [331BigDog] C:\WINDOWS\VM331_STI.EXEO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXEO4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exeO4 - HKLM\..\Run: [FjStrtAp] c:\Program Files\Fujitsu\Utils\FjStrtAp.exeO4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [sSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exeO4 - HKLM\..\Run: [Aflac_Do_Not_Remove] C:\Aflac2000\WSPInfo.exeO4 - HKLM\..\Run: [WSPPurge] C:\Program Files\Aflac\Common\WSPPurge.exeO4 - HKLM\..\Run: [VerifyAfariaDownload] C:\Program Files\Aflac\SNG\VerifyAfariadownload.exeO4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exeO4 - HKLM\..\Run: [CmgShieldUI] C:\WINDOWS\System32\CMGShieldUI.exeO4 - HKLM\..\Run: [EmsService] EmsServiceHelper.exeO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startupO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dllO4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -sO4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /sO4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startupO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLLO9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://us.fujitsu.com/computersO16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - https://lowes.2020.net/planner/Core/Player/2020PlayerAX_Win32.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cabO18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLLO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXEO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: CMGShield - Credant Technologies, Inc. - C:\WINDOWS\system32\CmgShieldSvc.exeO23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exeO23 - Service: EMS - CREDANT Technologies, Inc. - C:\WINDOWS\system32\EMSService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exeO23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exeO23 - Service: Remote Procedure Call (RPC) LD (rpcld) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Rpcnet\Bin\rpcld.exe (file missing)--End of file - 14324 bytes Link to post Share on other sites More sharing options...
MrCharlie Posted August 17, 2012 ID:586496 Share Posted August 17, 2012 [*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:O2 - BHO: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)O4 - HKLM\..\Run: [Aflac_Do_Not_Remove] C:\Aflac2000\WSPInfo.exeO4 - HKLM\..\Run: [WSPPurge] C:\Program Files\Aflac\Common\WSPPurge.exeO4 - HKLM\..\Run: [VerifyAfariaDownload] C:\Program Files\Aflac\SNG\VerifyAfariadownload.exeClick on Fix Checked when finished and exit HijackThis.Let me know, MrC Link to post Share on other sites More sharing options...
gdsimms Posted August 17, 2012 Author ID:586501 Share Posted August 17, 2012 Ok they are gone. My processes in Task manager is down to 84, which is the lowest I've seen recently. Link to post Share on other sites More sharing options...
MrCharlie Posted August 17, 2012 ID:586504 Share Posted August 17, 2012 Great!Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 20, 2012 ID:587582 Share Posted August 20, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts