Tech Support Forum - View Single Post

**jgvernonco** · 05-22-2005, 02:14 AM

Greetings, and welcome to TSF!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

===============

Download, unzip to your desktop CWShredder and run it, then:

1. Click "Check For Update"

(If an update isn't available, skip to step #4.)

2. Click "Click here to Download the upate".
3. When the new version has been downloaded, click "Save".
4. Click "Fix ->"

===============

Download LSPFix and unzip to your desktop, then run it. Now, we need to:

1. check(tick) "I know what i'm doing".
2. click on (highlight) each occurance of the following, one at a time:

flsmngr.dll

3. then click ">>", mo'ing each one, individually, to the 'Remove' pane.
4. (double-check, and make sure that only the above files are in the 'Remove'pane.)
5. click "Finish >>"

===============

Run HiJackThis then:

1. Click "Config..."
2. Click "Misc Tools"
3. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\PROGRA~1\SPYSPO~1\SpySpotter.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.

Also move the "Backups" folder, for HiJackThis, if present.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe -onreboot
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [fejbeuq] c:\windows\symtgaf.exe
O4 - HKCU\..\Run: [lyughpv] c:\windows\hdfybnj.exe
O4 - HKCU\..\Run: [gyyskwb] c:\windows\lwtjkxv.exe
O4 - HKCU\..\Run: [gccohva] c:\windows\lwtjkxv.exe
O4 - HKCU\..\Run: [jempwxj] c:\windows\lwtjkxv.exe
O4 - HKCU\..\Run: [pykrgcp] c:\windows\lwtjkxv.exe
O4 - HKCU\..\Run: [uqpkulj] c:\windows\lwtjkxv.exe
O4 - HKCU\..\Run: [txuhgut] c:\windows\lwtjkxv.exe
O4 - HKCU\..\Run: [qsojgsp] c:\windows\weqregl.exe
O4 - HKCU\..\Run: [evxkbfn] c:\windows\weqregl.exe
O4 - HKCU\..\Run: [cyxmneg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rfkqiga] c:\windows\xsxiqgc.exe
O4 - HKCU\..\Run: [efmetur] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [leclhue] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [thalmnt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [grgshug] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gvntqpi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [pewstyf] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [mynyqby] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kcjssht] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [iemuhny] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [foydeak] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [bpecidq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gbkcrkt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ljuplfg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [nqydyjo] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [fxqyatg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [trerqaw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hgjcbwn] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uochnrn] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kcpscyv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qubmcjh] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lipnlox] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [tpdaldh] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ecsedeh] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qtxcbfq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uwidcbf] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ylihyht] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [salklix] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gxhmmye] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ekrwukr] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gdniprv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gwbpnat] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [trvusxk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ombbgxc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ejugksh] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [khnrjte] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [dswvamg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qibamkt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [mwounbq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [vfrvbfb] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [bdtwpfw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hpnvdhi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [oipbloe] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kltmbfm] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qtglsgs] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [vygdexs] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uouystw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wprttcb] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [seernhi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [swfnbrf] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ebefdvi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [emugxvk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kallttg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [tedniff] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kqvvhar] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uextbil] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [icerhhf] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rxwccog] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sewxyjp] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [oegvuhc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hsfghnt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lxyigjy] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [djlismd] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qpfrnvk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [oqnpwpm] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wotieea] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [telfdis] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [eppqqkk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lmuklds] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [whjrxix] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [pvpxfod] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [tegwbax] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [mtqhdpn] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [dpmfwnf] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ohnqcph] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [xqgirls] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gfhpihu] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ekkrcte] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gbkxhbl] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hrpcukl] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kupxysb] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gaymrpt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [eqcpcpv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hqlfnwg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lefvesg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jmmiiiv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gsahclv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ppslfbe] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wmctjoc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [btqwrds] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jfcdqjt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jpixxqr] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wxuidhp] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [numpxii] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [omtpgvv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uwysxew] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rsjjgsf] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jxhewpe] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [srtyykh] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [pbbqyxk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wjcjlwt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ttolxbc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wsfgwta] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jdpywjd] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [yvmkoxi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [cqyaylk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qqlpqyr] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [cblyygk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [utmohmd] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gtiufmt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rsyismr] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lmttiqw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [boauixq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [cfiyjvy] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [fpnfxsy] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kijwnlk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lqfrygk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [aiulinc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [govnxtc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [nrmdthy] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ntftnox] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [fwhrjwi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [grqomac] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [odpymtr] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uxdqsfs] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gdigrxy] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [mdrjdyk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [taqnwur] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [iuyneve] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kcepxkh] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lboimsx] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gjscbre] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [dupstro] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [dtswkem] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hdpapar] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rjdwrfd] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [oitqhsv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ngrhudq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [gocrqje] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [nkgrnam] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [yvvgmxv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [uaecjpt] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [dfuhckw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [lgnpnrw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sgwwwiv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [pyxdonm] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [syhrhxn] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [agnqpyu] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [cwnvciv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [mseohme] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [hspuugu] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sqonwwi] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kwbdcui] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [mvknmbw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wuiybcl] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [unwgfbc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [pebgxjg] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kvrvnue] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [wwmvmee] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ofpxori] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qvsoxly] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [goctqtd] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [klmxgbk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rinhnbs] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [vfllioe] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sibniji] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [stcjlmn] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sddnrjl] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ocannot] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [tydfutr] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sdfprpq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [smmwbey] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jvjrqoa] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [sfaepwl] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [kfdblam] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [jfhnnly] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [rvroxne] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [cvibqvc] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [exduqbk] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qgsvlun] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [chdigbq] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qsredwj] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [ixoivcj] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [etiotus] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [tsbjivw] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [feqmnrb] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qqvbxks] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [qmceswv] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [cbrymti] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [taoaipd] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [pmkfjsl] c:\windows\lhugqol.exe
O4 - HKCU\..\Run: [bstfnik] c:\windows\obeyyub.exe
O4 - HKCU\..\Run: [dteceto] c:\windows\obeyyub.exe
O4 - HKCU\..\Run: [aqcnxpd] c:\windows\obeyyub.exe
O4 - HKCU\..\Run: [oiktnuq] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [whtsbrs] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [jxayvcd] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [xkhxoyw] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [muocsmk] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [tmxjyyh] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [guqbcqi] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [paywrnp] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [lkcrroc] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [fkcgwsf] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [swdttvd] c:\windows\oklpreo.exe
O4 - HKCU\..\Run: [ikqbdem] c:\windows\epakolm.exe
O4 - HKCU\..\Run: [ymjkvms] c:\windows\epakolm.exe
O4 - HKCU\..\Run: [lnlswdw] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [phbvjxv] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [knocoqf] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [mmubhqi] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [xwcessp] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [nvniyfh] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [olomiwb] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [dqnesoo] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [munvhku] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [oapdrtg] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [skypiiq] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [wdkdolb] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [xbccncy] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [vcwnkcy] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [npxkjxg] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [govfket] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [wkltmhg] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [skmixep] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [lhfpwqm] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [jvguncv] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [wqkrqrt] c:\windows\drltrib.exe
O4 - HKCU\..\Run: [udijwbp] c:\windows\jaoeggr.exe
O4 - HKCU\..\Run: [wjnpxwl] c:\windows\jaoeggr.exe
O4 - HKCU\..\Run: [pikxqrx] c:\windows\jaoeggr.exe
O4 - HKCU\..\Run: [oakmlku] c:\windows\jaoeggr.exe
O4 - HKCU\..\Run: [ybbvfhu] c:\windows\jaoeggr.exe
O4 - HKCU\..\Run: [rlmiile] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [mesipni] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [ascwkoq] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [ejhocri] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [ljnmmqd] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [ipaymdp] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [rxqsjhh] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [tfqiixq] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [ljmyfuw] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [baijlxv] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [bfkplbs] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [guaisaj] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [iokkcmb] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [tfeanag] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [ospnruc] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [lskrsrq] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [lbnitkg] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [kldvdhc] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [yvrybpy] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [epiysap] c:\windows\rjokesl.exe
O4 - HKCU\..\Run: [rwsbmdo] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [hjpwlxv] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [yucwgur] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [dqsjxgb] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [fukxixa] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [gfknyfs] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [smrcjsg] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [xjfchuq] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [ttfikoo] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [kgxasfo] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [bgsdmgm] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [caqlyhn] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [phuoooi] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [icqfbwc] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [wlscxrr] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [hlxrvrp] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [bkhtlxq] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [ouuljpv] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [uxkdvht] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [jhchnot] c:\windows\iodoeap.exe
O4 - HKCU\..\Run: [xgssvji] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [qbfghmy] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [ruadtma] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [hknjnkj] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [vwcgsjy] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [olqroqc] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [fceagkm] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [sixhmdg] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [xdmfmel] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [wgkjmlk] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [ructxgk] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [ijibvxi] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [gmnseyu] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [eclvdaj] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [jkcwayd] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [vqlfcyj] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [nyipymy] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [ysktgum] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [etoxqoq] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [twnhtst] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [jhmaodj] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [gwmqbqk] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [grtyims] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [rnlnyek] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [ucxyrhf] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [wsmqjxt] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [jwvobpr] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [uvomryo] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [pxaimle] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [asmbgvd] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [fgueenk] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [ihpyhqb] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [vtghwjo] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [nfbchov] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [byibktf] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [xkqiatw] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [gxnyeja] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [lgcpelf] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [yutvsxu] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [elcmihm] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [sltkkko] c:\windows\mvkvtkq.exe
O4 - HKCU\..\Run: [tkufndn] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [fdxkuji] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [keobibo] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [sclouew] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [nbkpsji] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [xocahgu] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [eqquuxt] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [xkuoggg] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [iupvvja] c:\windows\jhlwmnb.exe
O4 - HKCU\..\Run: [mvqiawk] c:\windows\gckttet.exe
O4 - HKCU\..\Run: [flhuxrv] c:\windows\vqedhqv.exe
O4 - HKCU\..\Run: [pnwixwa] c:\windows\tiwwdng.exe
O4 - HKCU\..\Run: [xiayqte] c:\windows\ujthqsa.exe
O4 - HKCU\..\Run: [bagaott] c:\windows\iqgkbcm.exe
O4 - HKCU\..\Run: [trtysto] c:\windows\iciehjm.exe
O4 - HKCU\..\Run: [ielhcwv] c:\windows\tuyqjvg.exe
O4 - HKCU\..\Run: [qgsdjvm] c:\windows\ucjmatd.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?

O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - http://plugin.euro-infomedia.com/mpv0.cab

Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...

C:\PROGRA~1\SPYSPO~1

files...

C:\WINDOWS\System32\spoolsrv32.exe
c:\windows\symtgaf.exe
c:\windows\hdfybnj.exe
c:\windows\lwtjkxv.exe
c:\windows\weqregl.exe
c:\windows\lhugqol.exe
c:\windows\xsxiqgc.exe
c:\windows\obeyyub.exe
c:\windows\oklpreo.exe
c:\windows\epakolm.exe
c:\windows\drltrib.exe
c:\windows\jaoeggr.exe
c:\windows\rjokesl.exe
c:\windows\iodoeap.exe
c:\windows\mvkvtkq.exe
c:\windows\jhlwmnb.exe
c:\windows\gckttet.exe
c:\windows\vqedhqv.exe
c:\windows\tiwwdng.exe
c:\windows\ujthqsa.exe
c:\windows\iqgkbcm.exe
c:\windows\iciehjm.exe
c:\windows\tuyqjvg.exe
c:\windows\ucjmatd.exe
c:\windows\system32\flsmngr.dll

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".

===============

Post back a new log, and let us know how everything goes.

05-22-2005, 02:14 AM	#2 (permalink)
jgvernonco Old Timer Join Date: Sep 2003 Location: Northern Arizona Posts: 7,958 OS: Vista Home Premium, SP 27	Greetings, and welcome to TSF! Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked. For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep). =============== Download, unzip to your desktop CWShredder and run it, then: 1. Click "*Check For Update" (If an update isn't available, skip to step #4.) 2. Click "Click here to Download the upate". 3. When the new version has been downloaded, click "Save". 4. Click "Fix ->" =============== Download LSPFix and unzip to your desktop, then run it. Now, we need to: 1. check(tick) "I know what i'm doing". 2. click on (highlight) each occurance of the following, one at a time: flsmngr.dll* 3. then click ">>", mo'ing each one, individually, to the 'Remove' pane. 4. (double-check, and make sure that only the above files are in the 'Remove'pane.) 5. click "*Finish >>" =============== Run HiJackThis* then: 1. Click "*Config..." 2. Click "Misc Tools" 3. Click "Open Process manager" - Next, while holding down the CTRL* key, locate (if present) and click on (highlight) each of the following: C:\PROGRA~1\SPYSPO~1\SpySpotter.exe Now double-check and make sure that only those item(s) above are highlighted, then click "*Kill process". Now, click "Refresh", check again, and repeat this step if any remain. =============== Before we begin, let's move HiJackThis* to it's own folder; like c:\HJT. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later. Also move the "*Backups" folder, for HiJackThis, if present. =============== Run HiJackThis* and click "*Scan", then check(tick) the following, if present: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm* R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe -onreboot O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe O4 - HKCU\..\Run: [fejbeuq] c:\windows\symtgaf.exe O4 - HKCU\..\Run: [lyughpv] c:\windows\hdfybnj.exe O4 - HKCU\..\Run: [gyyskwb] c:\windows\lwtjkxv.exe O4 - HKCU\..\Run: [gccohva] c:\windows\lwtjkxv.exe O4 - HKCU\..\Run: [jempwxj] c:\windows\lwtjkxv.exe O4 - HKCU\..\Run: [pykrgcp] c:\windows\lwtjkxv.exe O4 - HKCU\..\Run: [uqpkulj] c:\windows\lwtjkxv.exe O4 - HKCU\..\Run: [txuhgut] c:\windows\lwtjkxv.exe O4 - HKCU\..\Run: [qsojgsp] c:\windows\weqregl.exe O4 - HKCU\..\Run: [evxkbfn] c:\windows\weqregl.exe O4 - HKCU\..\Run: [cyxmneg] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [rfkqiga] c:\windows\xsxiqgc.exe O4 - HKCU\..\Run: [efmetur] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [leclhue] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [thalmnt] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [grgshug] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [gvntqpi] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [pewstyf] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [mynyqby] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [kcjssht] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [iemuhny] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [foydeak] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [bpecidq] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [gbkcrkt] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [ljuplfg] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [nqydyjo] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [fxqyatg] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [trerqaw] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [hgjcbwn] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [uochnrn] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [kcpscyv] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [qubmcjh] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [lipnlox] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [tpdaldh] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [ecsedeh] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [qtxcbfq] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [uwidcbf] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [ylihyht] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [salklix] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [gxhmmye] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [ekrwukr] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [gdniprv] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [gwbpnat] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [trvusxk] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [ombbgxc] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [ejugksh] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [khnrjte] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [dswvamg] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [qibamkt] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [mwounbq] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [vfrvbfb] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [bdtwpfw] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [hpnvdhi] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [oipbloe] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [kltmbfm] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [qtglsgs] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [vygdexs] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [uouystw] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [wprttcb] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [seernhi] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [swfnbrf] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [ebefdvi] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [emugxvk] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [kallttg] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [tedniff] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [kqvvhar] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [uextbil] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [icerhhf] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [rxwccog] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [sewxyjp] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [oegvuhc] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [hsfghnt] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [lxyigjy] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [djlismd] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [qpfrnvk] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [oqnpwpm] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [wotieea] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [telfdis] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [eppqqkk] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [lmuklds] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [whjrxix] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [pvpxfod] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [tegwbax] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [mtqhdpn] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [dpmfwnf] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [ohnqcph] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [xqgirls] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [gfhpihu] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [ekkrcte] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [gbkxhbl] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [hrpcukl] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [kupxysb] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [gaymrpt] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [eqcpcpv] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [hqlfnwg] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [lefvesg] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [jmmiiiv] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [gsahclv] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [ppslfbe] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [wmctjoc] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [btqwrds] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [jfcdqjt] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [jpixxqr] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [wxuidhp] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [numpxii] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [omtpgvv] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [uwysxew] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [rsjjgsf] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [jxhewpe] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [srtyykh] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [pbbqyxk] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [wjcjlwt] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [ttolxbc] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [wsfgwta] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [jdpywjd] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [yvmkoxi] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [cqyaylk] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [qqlpqyr] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [cblyygk] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [utmohmd] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [gtiufmt] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [rsyismr] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [lmttiqw] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [boauixq] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [cfiyjvy] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [fpnfxsy] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [kijwnlk] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [lqfrygk] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [aiulinc] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [govnxtc] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [nrmdthy] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [ntftnox] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [fwhrjwi] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [grqomac] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [odpymtr] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [uxdqsfs] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [gdigrxy] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [mdrjdyk] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [taqnwur] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [iuyneve] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [kcepxkh] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [lboimsx] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [gjscbre] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [dupstro] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [dtswkem] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [hdpapar] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [rjdwrfd] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [oitqhsv] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [ngrhudq] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [gocrqje] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [nkgrnam] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [yvvgmxv] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [uaecjpt] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [dfuhckw] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [lgnpnrw] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [sgwwwiv] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [pyxdonm] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [syhrhxn] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [agnqpyu] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [cwnvciv] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [mseohme] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [hspuugu] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [sqonwwi] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [kwbdcui] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [mvknmbw] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [wuiybcl] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [unwgfbc] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [pebgxjg] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [kvrvnue] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [wwmvmee] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [ofpxori] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [qvsoxly] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [goctqtd] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [klmxgbk] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [rinhnbs] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [vfllioe] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [sibniji] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [stcjlmn] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [sddnrjl] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [ocannot] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [tydfutr] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [sdfprpq] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [smmwbey] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [jvjrqoa] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [sfaepwl] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [kfdblam] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [jfhnnly] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [rvroxne] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [cvibqvc] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [exduqbk] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [qgsvlun] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [chdigbq] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [qsredwj] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [ixoivcj] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [etiotus] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [tsbjivw] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [feqmnrb] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [qqvbxks] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [qmceswv] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [cbrymti] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [taoaipd] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [pmkfjsl] c:\windows\lhugqol.exe O4 - HKCU\..\Run: [bstfnik] c:\windows\obeyyub.exe O4 - HKCU\..\Run: [dteceto] c:\windows\obeyyub.exe O4 - HKCU\..\Run: [aqcnxpd] c:\windows\obeyyub.exe O4 - HKCU\..\Run: [oiktnuq] c:\windows\oklpreo.exe O4 - HKCU\..\Run: [whtsbrs] c:\windows\oklpreo.exe O4 - HKCU\..\Run: [jxayvcd] c:\windows\oklpreo.exe O4 - HKCU\..\Run: [xkhxoyw] c:\windows\oklpreo.exe O4 - HKCU\..\Run: [muocsmk] c:\windows\oklpreo.exe O4 - HKCU\..\Run: [tmxjyyh] c:\windows\oklpreo.exe O4 - HKCU\..\Run: [guqbcqi] c:\windows\oklpreo.exe O4 - HKCU\..\Run: [paywrnp] c:\windows\oklpreo.exe O4 - HKCU\..\Run: [lkcrroc] c:\windows\oklpreo.exe O4 - HKCU\..\Run: [fkcgwsf] c:\windows\oklpreo.exe O4 - HKCU\..\Run: [swdttvd] c:\windows\oklpreo.exe O4 - HKCU\..\Run: [ikqbdem] c:\windows\epakolm.exe O4 - HKCU\..\Run: [ymjkvms] c:\windows\epakolm.exe O4 - HKCU\..\Run: [lnlswdw] c:\windows\drltrib.exe O4 - HKCU\..\Run: [phbvjxv] c:\windows\drltrib.exe O4 - HKCU\..\Run: [knocoqf] c:\windows\drltrib.exe O4 - HKCU\..\Run: [mmubhqi] c:\windows\drltrib.exe O4 - HKCU\..\Run: [xwcessp] c:\windows\drltrib.exe O4 - HKCU\..\Run: [nvniyfh] c:\windows\drltrib.exe O4 - HKCU\..\Run: [olomiwb] c:\windows\drltrib.exe O4 - HKCU\..\Run: [dqnesoo] c:\windows\drltrib.exe O4 - HKCU\..\Run: [munvhku] c:\windows\drltrib.exe O4 - HKCU\..\Run: [oapdrtg] c:\windows\drltrib.exe O4 - HKCU\..\Run: [skypiiq] c:\windows\drltrib.exe O4 - HKCU\..\Run: [wdkdolb] c:\windows\drltrib.exe O4 - HKCU\..\Run: [xbccncy] c:\windows\drltrib.exe O4 - HKCU\..\Run: [vcwnkcy] c:\windows\drltrib.exe O4 - HKCU\..\Run: [npxkjxg] c:\windows\drltrib.exe O4 - HKCU\..\Run: [govfket] c:\windows\drltrib.exe O4 - HKCU\..\Run: [wkltmhg] c:\windows\drltrib.exe O4 - HKCU\..\Run: [skmixep] c:\windows\drltrib.exe O4 - HKCU\..\Run: [lhfpwqm] c:\windows\drltrib.exe O4 - HKCU\..\Run: [jvguncv] c:\windows\drltrib.exe O4 - HKCU\..\Run: [wqkrqrt] c:\windows\drltrib.exe O4 - HKCU\..\Run: [udijwbp] c:\windows\jaoeggr.exe O4 - HKCU\..\Run: [wjnpxwl] c:\windows\jaoeggr.exe O4 - HKCU\..\Run: [pikxqrx] c:\windows\jaoeggr.exe O4 - HKCU\..\Run: [oakmlku] c:\windows\jaoeggr.exe O4 - HKCU\..\Run: [ybbvfhu] c:\windows\jaoeggr.exe O4 - HKCU\..\Run: [rlmiile] c:\windows\rjokesl.exe O4 - HKCU\..\Run: [mesipni] c:\windows\rjokesl.exe O4 - HKCU\..\Run: [ascwkoq] c:\windows\rjokesl.exe O4 - HKCU\..\Run: [ejhocri] c:\windows\rjokesl.exe O4 - HKCU\..\Run: [ljnmmqd] c:\windows\rjokesl.exe O4 - HKCU\..\Run: [ipaymdp] c:\windows\rjokesl.exe O4 - HKCU\..\Run: [rxqsjhh] c:\windows\rjokesl.exe O4 - HKCU\..\Run: [tfqiixq] c:\windows\rjokesl.exe O4 - HKCU\..\Run: [ljmyfuw] c:\windows\rjokesl.exe O4 - HKCU\..\Run: [baijlxv] c:\windows\rjokesl.exe O4 - HKCU\..\Run: [bfkplbs] c:\windows\rjokesl.exe O4 - HKCU\..\Run: [guaisaj] c:\windows\rjokesl.exe O4 - HKCU\..\Run: [iokkcmb] c:\windows\rjokesl.exe O4 - HKCU\..\Run: [tfeanag] c:\windows\rjokesl.exe O4 - HKCU\..\Run: [ospnruc] c:\windows\rjokesl.exe O4 - HKCU\..\Run: [lskrsrq] c:\windows\rjokesl.exe O4 - HKCU\..\Run: [lbnitkg] c:\windows\rjokesl.exe O4 - HKCU\..\Run: [kldvdhc] c:\windows\rjokesl.exe O4 - HKCU\..\Run: [yvrybpy] c:\windows\rjokesl.exe O4 - HKCU\..\Run: [epiysap] c:\windows\rjokesl.exe O4 - HKCU\..\Run: [rwsbmdo] c:\windows\iodoeap.exe O4 - HKCU\..\Run: [hjpwlxv] c:\windows\iodoeap.exe O4 - HKCU\..\Run: [yucwgur] c:\windows\iodoeap.exe O4 - HKCU\..\Run: [dqsjxgb] c:\windows\iodoeap.exe O4 - HKCU\..\Run: [fukxixa] c:\windows\iodoeap.exe O4 - HKCU\..\Run: [gfknyfs] c:\windows\iodoeap.exe O4 - HKCU\..\Run: [smrcjsg] c:\windows\iodoeap.exe O4 - HKCU\..\Run: [xjfchuq] c:\windows\iodoeap.exe O4 - HKCU\..\Run: [ttfikoo] c:\windows\iodoeap.exe O4 - HKCU\..\Run: [kgxasfo] c:\windows\iodoeap.exe O4 - HKCU\..\Run: [bgsdmgm] c:\windows\iodoeap.exe O4 - HKCU\..\Run: [caqlyhn] c:\windows\iodoeap.exe O4 - HKCU\..\Run: [phuoooi] c:\windows\iodoeap.exe O4 - HKCU\..\Run: [icqfbwc] c:\windows\iodoeap.exe O4 - HKCU\..\Run: [wlscxrr] c:\windows\iodoeap.exe O4 - HKCU\..\Run: [hlxrvrp] c:\windows\iodoeap.exe O4 - HKCU\..\Run: [bkhtlxq] c:\windows\iodoeap.exe O4 - HKCU\..\Run: [ouuljpv] c:\windows\iodoeap.exe O4 - HKCU\..\Run: [uxkdvht] c:\windows\iodoeap.exe O4 - HKCU\..\Run: [jhchnot] c:\windows\iodoeap.exe O4 - HKCU\..\Run: [xgssvji] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [qbfghmy] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [ruadtma] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [hknjnkj] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [vwcgsjy] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [olqroqc] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [fceagkm] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [sixhmdg] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [xdmfmel] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [wgkjmlk] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [ructxgk] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [ijibvxi] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [gmnseyu] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [eclvdaj] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [jkcwayd] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [vqlfcyj] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [nyipymy] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [ysktgum] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [etoxqoq] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [twnhtst] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [jhmaodj] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [gwmqbqk] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [grtyims] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [rnlnyek] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [ucxyrhf] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [wsmqjxt] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [jwvobpr] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [uvomryo] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [pxaimle] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [asmbgvd] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [fgueenk] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [ihpyhqb] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [vtghwjo] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [nfbchov] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [byibktf] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [xkqiatw] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [gxnyeja] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [lgcpelf] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [yutvsxu] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [elcmihm] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [sltkkko] c:\windows\mvkvtkq.exe O4 - HKCU\..\Run: [tkufndn] c:\windows\jhlwmnb.exe O4 - HKCU\..\Run: [fdxkuji] c:\windows\jhlwmnb.exe O4 - HKCU\..\Run: [keobibo] c:\windows\jhlwmnb.exe O4 - HKCU\..\Run: [sclouew] c:\windows\jhlwmnb.exe O4 - HKCU\..\Run: [nbkpsji] c:\windows\jhlwmnb.exe O4 - HKCU\..\Run: [xocahgu] c:\windows\jhlwmnb.exe O4 - HKCU\..\Run: [eqquuxt] c:\windows\jhlwmnb.exe O4 - HKCU\..\Run: [xkuoggg] c:\windows\jhlwmnb.exe O4 - HKCU\..\Run: [iupvvja] c:\windows\jhlwmnb.exe O4 - HKCU\..\Run: [mvqiawk] c:\windows\gckttet.exe O4 - HKCU\..\Run: [flhuxrv] c:\windows\vqedhqv.exe O4 - HKCU\..\Run: [pnwixwa] c:\windows\tiwwdng.exe O4 - HKCU\..\Run: [xiayqte] c:\windows\ujthqsa.exe O4 - HKCU\..\Run: [bagaott] c:\windows\iqgkbcm.exe O4 - HKCU\..\Run: [trtysto] c:\windows\iciehjm.exe O4 - HKCU\..\Run: [ielhcwv] c:\windows\tuyqjvg.exe O4 - HKCU\..\Run: [qgsdjvm] c:\windows\ucjmatd.exe O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ? O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - http://plugin.euro-infomedia.com/mpv0.cab Now, with all windows closed except HiJackThis, click "*Fix checked". =============== Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders: folders...* C:\PROGRA~1\SPYSPO~1 files... C:\WINDOWS\System32\spoolsrv32.exe c:\windows\symtgaf.exe c:\windows\hdfybnj.exe c:\windows\lwtjkxv.exe c:\windows\weqregl.exe c:\windows\lhugqol.exe c:\windows\xsxiqgc.exe c:\windows\obeyyub.exe c:\windows\oklpreo.exe c:\windows\epakolm.exe c:\windows\drltrib.exe c:\windows\jaoeggr.exe c:\windows\rjokesl.exe c:\windows\iodoeap.exe c:\windows\mvkvtkq.exe c:\windows\jhlwmnb.exe c:\windows\gckttet.exe c:\windows\vqedhqv.exe c:\windows\tiwwdng.exe c:\windows\ujthqsa.exe c:\windows\iqgkbcm.exe c:\windows\iciehjm.exe c:\windows\tuyqjvg.exe c:\windows\ucjmatd.exe c:\windows\system32\flsmngr.dll - Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode". =============== Post back a new log, and let us know how everything goes. __________________ Donations keep TSF moving forward. Please help. http://www.myspace.com/speedbumpthecelt