Tech Support Forum - View Single Post - Please, please help, HijackThis Log included

CTSNKY · 02-25-2005, 10:03 PM

Wow, this is a "rugged" SOB.......we'll try another round before contemplating a course change. You're doing very well, hang in there.

=========

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Right click on My Computer and go to Manage. Then click on the Services entry to expand it. Click on it again to get the list of Services running. Look for these:

qpiwefxoivhk
geoqgdug
ciyzyxbqmlmz

Once found, click on them once and click on the Stop service link on the upper left. Then double click on it to open it up. On the drop down box, choose the disable option. Close Services when done with each.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. While in the Registry Editor, navigate to:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
and delete the "Rfand" key.

HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\
and delete the [1ef5b2c3-29ea-4037-9222-dc7669d0059f] key.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
and delete each of these:
{03A08522-1426-409B-7534-34DFE546E811}
{0FA37060-7A7A-2F4C-EE64-BF3652FFAD81}
{2718DD6D-E6FA-1188-2501-F0813784A5F3}
{8B138AE2-2BF0-4315-8220-9DCCA0BB9FA1}
{8E5DA144-B0C4-4CBD-9309-2666F6D7AD77}
{B54DA59F-5766-DB0B-2F4A-4E40B009C7B0}
{F5A35E7E-A94F-C946-C01A-9E563E708D87}

Close the Registry Editor now.

Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot):

C:\WINNT\system32\tjkhyoro6.exe
C:\WINNT\System32\drivers\geoqgdug.sys
C:\WINNT\system32\shqybxyj6.exe
C:\WINNT\System32\folder.htt
C:\WINNT\System32\desktop.ini

If you have Windows XP, go to C:\Windows\Prefetch and delete everything inside that Prefetch folder.

Run the CleanUp program now and choose Yes when it asks if you want to log off.

Restart and run these programs/scripts again - HijackThis (both the scan log and the StartupList), Silent Runners, Find-qoologic, DllCompare and Find-It. Post those new logs here.

02-25-2005, 10:03 PM	#15 (permalink)
CTSNKY Knower of all that is MS Join Date: Aug 2004 Posts: 10,755 OS: (multiple machines) 95, 98, 2K & XP Home & Pro	Wow, this is a "rugged" SOB.......we'll try another round before contemplating a course change. You're doing very well, hang in there. ========= Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below. Right click on My Computer and go to Manage. Then click on the Services entry to expand it. Click on it again to get the list of Services running. Look for these: qpiwefxoivhk geoqgdug ciyzyxbqmlmz Once found, click on them once and click on the Stop service link on the upper left. Then double click on it to open it up. On the drop down box, choose the disable option. Close Services when done with each. Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. While in the Registry Editor, navigate to: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ and delete the "Rfand" key. HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\ and delete the [1ef5b2c3-29ea-4037-9222-dc7669d0059f] key. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ and delete each of these: {03A08522-1426-409B-7534-34DFE546E811} {0FA37060-7A7A-2F4C-EE64-BF3652FFAD81} {2718DD6D-E6FA-1188-2501-F0813784A5F3} {8B138AE2-2BF0-4315-8220-9DCCA0BB9FA1} {8E5DA144-B0C4-4CBD-9309-2666F6D7AD77} {B54DA59F-5766-DB0B-2F4A-4E40B009C7B0} {F5A35E7E-A94F-C946-C01A-9E563E708D87} Close the Registry Editor now. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot): C:\WINNT\system32\tjkhyoro6.exe C:\WINNT\System32\drivers\geoqgdug.sys C:\WINNT\system32\shqybxyj6.exe C:\WINNT\System32\folder.htt C:\WINNT\System32\desktop.ini If you have Windows XP, go to C:\Windows\Prefetch and delete everything inside that Prefetch folder. Run the CleanUp program now and choose Yes when it asks if you want to log off. Restart and run these programs/scripts again - HijackThis (both the scan log and the StartupList), Silent Runners, Find-qoologic, DllCompare and Find-It. Post those new logs here. __________________ GO BIG BLUE!!