Tech Support Forum - View Single Post - Please, please help, HijackThis Log included

CTSNKY · 02-25-2005, 07:22 AM

No, this is fine.....we're used to reading them this way. Thx....

============

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it):[b]

C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\yttkhn.exe

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O2 - BHO: (no name) - {03A08522-1426-409B-7534-34DFE546E811} - (no file)
O2 - BHO: (no name) - {0FA37060-7A7A-2F4C-EE64-BF3652FFAD81} - (no file)
O2 - BHO: (no name) - {2718DD6D-E6FA-1188-2501-F0813784A5F3} - (no file)
O2 - BHO: (no name) - {8B138AE2-2BF0-4315-8220-9DCCA0BB9FA1} - (no file)
O2 - BHO: (no name) - {8E5DA144-B0C4-4CBD-9309-2666F6D7AD77} - (no file)
O2 - BHO: (no name) - {B54DA59F-5766-DB0B-2F4A-4E40B009C7B0} - (no file)
O2 - BHO: (no name) - {F5A35E7E-A94F-C946-C01A-9E563E708D87} - (no file)
O23 - Service: qpiwefxoivhk (dtbhxjyi6) - Unknown owner - C:\WINNT\system32\tjkhyoro6.exe (file missing)

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. While in the Registry Editor, navigate to:

HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\
and delete the [1ef5b2c3-29ea-4037-9222-dc7669d0059f] key.

Close the Registry Editor now.

Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot):

C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\yttkhn.exe
C:\WINNT\system32\goolcp.dll
C:\WINNT\system32\pwwlhq.exe
C:\WINNT\system32\zbbiea.dll
C:\WINNT\system32\qbbwpv.dat
C:\WINNT\system32\yrrvwk.exe
C:\WINNT\System32\{272A38F9-84C9-4998-A2E6-DD5F6A9674EF}.dat
C:\WINNT\System32\{0FFB2E85-55A8-42F7-8EDD-BABFC68ABB78}.dat
C:\WINNT\System32\{3E45FD8A-51B8-4547-80EE-C92D86539A7E}.dat
C:\WINNT\System32\{4E7027B1-4D79-46D7-B715-6188CA4A803C}.dat
C:\WINNT\System32\{54381AD4-D2C3-40A0-8C03-9F9A4670C515}.dat
C:\WINNT\System32\sosgb.dat
C:\WINNT\System32\hvztz.dat
C:\WINNT\System32\vmss\
C:\WINNT\System32\guard.tmp

If you have Windows XP, go to C:\Windows\Prefetch and delete everything inside that Prefetch folder.

Run the CleanUp program now and choose Yes when it asks if you want to log off.

Restart and run these programs/scripts again - HijackThis (both the scan log and the StartupList), Silent Runners, Find-qoologic, DllCompare and Find-It. Post those new logs here.

02-25-2005, 07:22 AM	#13 (permalink)
CTSNKY Knower of all that is MS Join Date: Aug 2004 Posts: 10,755 OS: (multiple machines) 95, 98, 2K & XP Home & Pro	No, this is fine.....we're used to reading them this way. Thx.... ============ Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below. Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it):[b] C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\yttkhn.exe Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): O2 - BHO: (no name) - {03A08522-1426-409B-7534-34DFE546E811} - (no file) O2 - BHO: (no name) - {0FA37060-7A7A-2F4C-EE64-BF3652FFAD81} - (no file) O2 - BHO: (no name) - {2718DD6D-E6FA-1188-2501-F0813784A5F3} - (no file) O2 - BHO: (no name) - {8B138AE2-2BF0-4315-8220-9DCCA0BB9FA1} - (no file) O2 - BHO: (no name) - {8E5DA144-B0C4-4CBD-9309-2666F6D7AD77} - (no file) O2 - BHO: (no name) - {B54DA59F-5766-DB0B-2F4A-4E40B009C7B0} - (no file) O2 - BHO: (no name) - {F5A35E7E-A94F-C946-C01A-9E563E708D87} - (no file) O23 - Service: qpiwefxoivhk (dtbhxjyi6) - Unknown owner - C:\WINNT\system32\tjkhyoro6.exe (file missing) Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. While in the Registry Editor, navigate to: HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\ and delete the [1ef5b2c3-29ea-4037-9222-dc7669d0059f] key. Close the Registry Editor now. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot): C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\yttkhn.exe C:\WINNT\system32\goolcp.dll C:\WINNT\system32\pwwlhq.exe C:\WINNT\system32\zbbiea.dll C:\WINNT\system32\qbbwpv.dat C:\WINNT\system32\yrrvwk.exe C:\WINNT\System32\{272A38F9-84C9-4998-A2E6-DD5F6A9674EF}.dat C:\WINNT\System32\{0FFB2E85-55A8-42F7-8EDD-BABFC68ABB78}.dat C:\WINNT\System32\{3E45FD8A-51B8-4547-80EE-C92D86539A7E}.dat C:\WINNT\System32\{4E7027B1-4D79-46D7-B715-6188CA4A803C}.dat C:\WINNT\System32\{54381AD4-D2C3-40A0-8C03-9F9A4670C515}.dat C:\WINNT\System32\sosgb.dat C:\WINNT\System32\hvztz.dat C:\WINNT\System32\vmss\ C:\WINNT\System32\guard.tmp If you have Windows XP, go to C:\Windows\Prefetch and delete everything inside that Prefetch folder. Run the CleanUp program now and choose Yes when it asks if you want to log off. Restart and run these programs/scripts again - HijackThis (both the scan log and the StartupList), Silent Runners, Find-qoologic, DllCompare and Find-It. Post those new logs here. __________________ GO BIG BLUE!!