Tech Support Forum - View Single Post

sUBs · 08-23-2005, 11:32 PM

Sorry about that. I must be suffering premature blindness

I did try looking for it but couldnt see it till now

No need to re-do the test.

Have Hijackthis fix these entries:(make sure your browser is closed before clicking Fix check)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/
O4 - HKCU\..\Run: [kmjghck] c:\windows\ehxwpcs.exe
O4 - HKCU\..\Run: [mudcwfa] c:\windows\ehxwpcs.exe
O4 - HKCU\..\Run: [oupsxwh] c:\windows\ehxwpcs.exe
O4 - HKCU\..\Run: [njsivxm] c:\windows\ehxwpcs.exe
O4 - HKCU\..\Run: [plspbqq] c:\windows\ehxwpcs.exe
O4 - HKCU\..\Run: [rxlhdxq] c:\windows\hjaxsbi.exe
O4 - HKCU\..\Run: [jyoloii] c:\windows\hjaxsbi.exe
O4 - HKCU\..\Run: [ngcsdgs] c:\windows\rumxygq.exe
O4 - HKCU\..\Run: [vvpspak] c:\windows\rumxygq.exe
O4 - HKCU\..\Run: [jddelcp] c:\windows\rsfofrr.exe
O4 - HKCU\..\Run: [kunppfw] c:\windows\jtbbphw.exe
O4 - HKCU\..\Run: [vpcnsen] c:\windows\cctvvxs.exe
O4 - HKCU\..\Run: [fogpowx] c:\windows\frdrlrw.exe
O4 - HKCU\..\Run: [bmdwtrl] c:\windows\kthtjmy.exe
O4 - HKCU\..\Run: [wgcpfaw] c:\windows\kthtjmy.exe
O4 - HKCU\..\Run: [xcuesgb] c:\windows\smcclrh.exe
O4 - HKCU\..\Run: [rmcjiid] c:\windows\smcclrh.exe
O4 - HKCU\..\Run: [vyeoexn] c:\windows\jqptcvc.exe
O4 - HKCU\..\Run: [aqkpcxd] c:\windows\wxcxmeo.exe
O4 - HKCU\..\Run: [ychrvmi] c:\windows\jqptcvc.exe
O4 - HKCU\..\Run: [eqeghbv] c:\windows\wxcxmeo.exe
O4 - HKCU\..\Run: [affijos] c:\windows\cotgdqx.exe
O4 - HKCU\..\Run: [lniltrg] c:\windows\cotgdqx.exe
O4 - HKCU\..\Run: [flqiyte] c:\windows\kvqfbsp.exe
O4 - HKCU\..\Run: [sssqsot] c:\windows\kvqfbsp.exe
O4 - HKCU\..\Run: [wscrpvw] c:\windows\kvqfbsp.exe
O4 - HKCU\..\Run: [qxqgpkq] c:\windows\crvhvod.exe
O4 - HKCU\..\Run: [meuemcx] c:\windows\ryjodny.exe
O4 - HKCU\..\Run: [prhsihs] c:\windows\ryjodny.exe
O4 - HKCU\..\Run: [ydmhyuo] c:\windows\heshvsh.exe
O4 - HKCU\..\Run: [noaapiw] c:\windows\sfbimkg.exe
O4 - HKCU\..\Run: [kqdcmrv] c:\windows\sfbimkg.exe
O4 - HKCU\..\Run: [bllwney] c:\windows\sfbimkg.exe
O4 - HKCU\..\Run: [xdfkqwf] c:\windows\iusuknl.exe
O4 - HKCU\..\Run: [jkdpmwe] c:\windows\xyhdwko.exe
O4 - HKCU\..\Run: [vnlohmb] c:\windows\xyhdwko.exe
O4 - HKCU\..\Run: [ahusrth] c:\windows\xyhdwko.exe
O4 - HKCU\..\Run: [ufslyur] c:\windows\xyhdwko.exe
O4 - HKCU\..\Run: [jfprcsj] c:\windows\xyhdwko.exe
O4 - HKCU\..\Run: [hkagimf] c:\windows\xyhdwko.exe
O4 - HKCU\..\Run: [tiyjowl] c:\windows\xyhdwko.exe
O4 - HKCU\..\Run: [pfkqdpm] c:\windows\xyhdwko.exe
O4 - HKCU\..\Run: [jekqtxx] c:\windows\xyhdwko.exe
O4 - HKCU\..\Run: [lbsngkk] c:\windows\xyhdwko.exe
O4 - HKCU\..\Run: [bxvvgae] c:\windows\xyhdwko.exe
O4 - HKCU\..\Run: [vcydumn] c:\windows\xyhdwko.exe
O4 - HKCU\..\Run: [cprdfws] c:\windows\tuhdsjx.exe
O4 - HKCU\..\Run: [qjtwblu] c:\windows\ertkloh.exe
O4 - HKCU\..\Run: [adhrbtm] c:\windows\dyakflu.exe
O4 - HKCU\..\Run: [uyxtbxi] c:\windows\dyakflu.exe
O4 - HKCU\..\Run: [gsutcyh] c:\windows\dyakflu.exe
O4 - HKCU\..\Run: [iyxraqv] c:\windows\dyakflu.exe
O4 - HKCU\..\Run: [ephvflp] c:\windows\dyakflu.exe
O4 - HKCU\..\Run: [erpouxk] c:\windows\dyakflu.exe
O4 - HKCU\..\Run: [gsdgbea] c:\windows\dyakflu.exe
O4 - HKCU\..\Run: [vhxdtmh] c:\windows\jyquhjm.exe
O4 - HKCU\..\Run: [guyxqga] c:\windows\jyquhjm.exe
O4 - HKCU\..\Run: [yarybsq] c:\windows\cdhipuc.exe
O4 - HKCU\..\Run: [lwrpujk] c:\windows\uttfmci.exe
O4 - HKCU\..\Run: [ihhqkvh] c:\windows\uttfmci.exe
O4 - HKCU\..\Run: [vluywwk] c:\windows\uttfmci.exe
O4 - HKCU\..\Run: [bxhmoaq] c:\windows\uttfmci.exe
O4 - HKCU\..\Run: [pgwmbyi] c:\windows\uttfmci.exe
O4 - HKCU\..\Run: [ijnquan] c:\windows\uttfmci.exe
O4 - HKCU\..\Run: [aynhspq] c:\windows\uttfmci.exe
O4 - HKCU\..\Run: [ttrgqlb] c:\windows\apgcqaw.exe
O4 - HKCU\..\Run: [vrubjcy] c:\windows\wtotqmx.exe
O4 - HKCU\..\Run: [kqqfxnk] c:\windows\wtotqmx.exe
O4 - HKCU\..\Run: [pliomry] c:\windows\wtotqmx.exe
O4 - HKCU\..\Run: [lepfmln] c:\windows\wtotqmx.exe
O4 - HKCU\..\Run: [temvoco] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [smydscn] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [vwxfdwv] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [drpjvij] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [sjcmrps] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [irnyxfi] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [jktnsdp] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [kqwdywc] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [fplufjn] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [fbqrdtq] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [ftdsveg] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [trqghky] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [rvbasgf] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [hxdfyll] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [mguttov] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [smxkdwr] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [xiynner] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [aeeycoj] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [gektqbp] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [oiripjt] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [lvxvylk] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [uioutex] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [avyuwrv] c:\windows\gheaqxi.exe
O4 - HKCU\..\Run: [ojxyyqd] c:\windows\uhpejci.exe
O4 - HKCU\..\Run: [wivpivr] c:\windows\uhpejci.exe
O4 - HKCU\..\Run: [hflbpns] c:\windows\uhpejci.exe
O4 - HKCU\..\Run: [osjkakv] c:\windows\uhpejci.exe
O4 - HKCU\..\Run: [nbxvfvf] c:\windows\rjjgmin.exe
O4 - HKCU\..\Run: [peswypq] c:\windows\rjjgmin.exe
O4 - HKCU\..\Run: [cnjnstf] c:\windows\rjjgmin.exe
O4 - HKCU\..\Run: [idhpwbv] c:\windows\rjjgmin.exe
O4 - HKCU\..\Run: [nqoevns] c:\windows\eixcvha.exe
O4 - HKCU\..\Run: [mbhpecc] c:\windows\eixcvha.exe
O4 - HKCU\..\Run: [mmofckl] c:\windows\eixcvha.exe
O4 - HKCU\..\Run: [awrvxxg] c:\windows\pwaxvnk.exe
O4 - HKCU\..\Run: [gemnyvx] c:\windows\pwaxvnk.exe
O4 - HKCU\..\Run: [rtqtnhj] c:\windows\wwyojgq.exe
O4 - HKCU\..\Run: [kuxmqbs] c:\windows\vpvanpj.exe
O4 - HKCU\..\Run: [yjchmgf] c:\windows\vpvanpj.exe
O4 - HKCU\..\Run: [trtbvde] c:\windows\vblgmvc.exe
O4 - HKCU\..\Run: [ccnvnck] c:\windows\vblgmvc.exe
O4 - HKCU\..\Run: [maesnfw] c:\windows\ohrlccd.exe
O4 - HKCU\..\Run: [yepqtef] c:\windows\ccxskyk.exe
O4 - HKCU\..\Run: [ctnoxnt] c:\windows\ccxskyk.exe
O4 - HKCU\..\Run: [biyttql] c:\windows\ccxskyk.exe
O4 - HKCU\..\Run: [uflbipx] c:\windows\ccxskyk.exe
O4 - HKCU\..\Run: [edxkven] c:\windows\ccxskyk.exe
O4 - HKCU\..\Run: [lpernbx] c:\windows\ytqpolh.exe
O4 - HKCU\..\Run: [kusntmr] c:\windows\ytqpolh.exe
O4 - HKCU\..\Run: [ylosaxx] c:\windows\ytqpolh.exe
O4 - HKCU\..\Run: [vvutonp] c:\windows\ytqpolh.exe
O4 - HKCU\..\Run: [rfbtlhl] c:\windows\ytqpolh.exe
O4 - HKCU\..\Run: [csgxfof] c:\windows\ytqpolh.exe
O4 - HKCU\..\Run: [nqsooqm] c:\windows\ytqpolh.exe
O4 - HKCU\..\Run: [sgdlquk] c:\windows\ytqpolh.exe
O4 - HKCU\..\Run: [dbkmgrw] c:\windows\ytqpolh.exe
O4 - HKCU\..\Run: [yubfgom] c:\windows\rjgpjsa.exe
O4 - HKCU\..\Run: [jigtpua] c:\windows\rjgpjsa.exe
O4 - HKCU\..\Run: [nwhyrdw] c:\windows\rjgpjsa.exe
O4 - HKCU\..\Run: [lkvmyvf] c:\windows\rjgpjsa.exe
O4 - HKCU\..\Run: [rcvboew] c:\windows\rjgpjsa.exe
O4 - HKCU\..\Run: [ravokft] c:\windows\rjgpjsa.exe
O4 - HKCU\..\Run: [nkkvwcr] c:\windows\rjgpjsa.exe
O4 - HKCU\..\Run: [hfxtxjp] c:\windows\rjgpjsa.exe
O4 - HKCU\..\Run: [nkigohe] c:\windows\rjgpjsa.exe
O4 - HKCU\..\Run: [ncilvci] c:\windows\krftghp.exe
O4 - HKCU\..\Run: [jbihyij] c:\windows\krftghp.exe
O4 - HKCU\..\Run: [khxaojc] c:\windows\krftghp.exe
O4 - HKCU\..\Run: [occamjm] c:\windows\krftghp.exe
O4 - HKCU\..\Run: [ujheakm] c:\windows\krftghp.exe
O4 - HKCU\..\Run: [hmrlsfh] c:\windows\krftghp.exe
O4 - HKCU\..\Run: [llsajew] c:\windows\krftghp.exe
O4 - HKCU\..\Run: [mwlvxjj] c:\windows\krftghp.exe
O4 - HKCU\..\Run: [biseeyl] c:\windows\krftghp.exe
O4 - HKCU\..\Run: [ndgnpfe] c:\windows\krftghp.exe
O4 - HKCU\..\Run: [ppasohg] c:\windows\krftghp.exe
O4 - HKCU\..\Run: [wfvwhka] c:\windows\krftghp.exe
O4 - HKCU\..\Run: [civnrsx] c:\windows\krftghp.exe
O4 - HKCU\..\Run: [afomidc] c:\windows\spcvoec.exe
O4 - HKCU\..\Run: [qdujhin] c:\windows\spcvoec.exe
O4 - HKCU\..\Run: [fbdoysk] c:\windows\spcvoec.exe
O4 - HKCU\..\Run: [xrfdhas] c:\windows\spcvoec.exe
O4 - HKCU\..\Run: [fadvvoq] c:\windows\shhpmek.exe
O4 - HKCU\..\Run: [uxhlunp] c:\windows\shhpmek.exe
O4 - HKCU\..\Run: [uttdhec] c:\windows\shhpmek.exe
O4 - HKCU\..\Run: [vjllykv] c:\windows\fswsasv.exe
O4 - HKCU\..\Run: [qjexqlw] c:\windows\fswsasv.exe
O4 - HKCU\..\Run: [ryhsumv] c:\windows\fswsasv.exe
O4 - HKCU\..\Run: [ohldvrn] c:\windows\ncvqatb.exe
O4 - HKCU\..\Run: [joithjb] c:\windows\nvbiucj.exe
O4 - HKCU\..\Run: [rinlrfk] c:\windows\nvbiucj.exe
O4 - HKCU\..\Run: [shwhgqn] c:\windows\aethrkf.exe
O4 - HKCU\..\Run: [gosjhrj] c:\windows\aethrkf.exe
O4 - HKCU\..\Run: [xebhwai] c:\windows\aethrkf.exe
O4 - HKCU\..\Run: [wpsyhff] c:\windows\aethrkf.exe
O4 - HKCU\..\Run: [hutytid] c:\windows\aethrkf.exe
O4 - HKCU\..\Run: [jhcbsdp] c:\windows\aethrkf.exe
O4 - HKCU\..\Run: [qhbtxbb] c:\windows\aethrkf.exe
O4 - HKCU\..\Run: [xfitjml] c:\windows\tlhdrcm.exe
O4 - HKCU\..\Run: [cwyljkq] c:\windows\ddrxspq.exe
O4 - HKCU\..\Run: [urhvhkv] c:\windows\ddrxspq.exe
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102/355//strpg.chm::/update.exe

Launch KillBox.exe & select the following options:

delete on Reboot
end Explorer shell while killing file
unregister dlll before deleting * if it's not grayed out

Select all the filenames below & then click on Notepad's 'Edit' menu & select Copy

C:\WINDOWS\SPCVOEC.EXE
C:\WINDOWS\KRFTGHP.EXE
C:\WINDOWS\RJGPJSA.EXE
C:\WINDOWS\YTQPOLH.EXE
C:\WINDOWS\CCXSKYK.EXE
C:\WINDOWS\OHRLCCD.EXE
C:\WINDOWS\VBLGMVC.EXE
C:\WINDOWS\VPVANPJ.EXE
C:\WINDOWS\WWYOJGQ.EXE
C:\WINDOWS\PWAXVNK.EXE
C:\windows\eixcvha.exe
C:\WINDOWS\bludtba.exe
C:\WINDOWS\bsebvfx.exe
C:\WINDOWS\fyntatb.exe
C:\WINDOWS\neiykrn.exe
C:\WINDOWS\nmawyda.exe
C:\WINDOWS\pulqfcf.exe
C:\WINDOWS\SYSTEM32\arusxaaa.exe
C:\WINDOWS\temp\ASHeuristic\dllupdate.exe.vir
C:\WINDOWS\tpuebwr.exe
C:\windows\ehxwpcs.exe
C:\windows\hjaxsbi.exe
C:\windows\rumxygq.exe
C:\windows\rsfofrr.exe
C:\windows\jtbbphw.exe
C:\windows\cctvvxs.exe
C:\windows\frdrlrw.exe
C:\windows\kthtjmy.exe
C:\windows\smcclrh.exe
C:\windows\jqptcvc.exe
C:\windows\wxcxmeo.exe
C:\windows\jqptcvc.exe
C:\windows\wxcxmeo.exe
C:\windows\cotgdqx.exe
C:\windows\kvqfbsp.exe
C:\windows\crvhvod.exe
C:\windows\ryjodny.exe
C:\windows\heshvsh.exe
C:\windows\sfbimkg.exe
C:\windows\iusuknl.exe
C:\windows\xyhdwko.exe
C:\windows\tuhdsjx.exe
C:\windows\ertkloh.exe
C:\windows\dyakflu.exe
C:\windows\jyquhjm.exe
C:\windows\cdhipuc.exe
C:\windows\uttfmci.exe
C:\windows\apgcqaw.exe
C:\windows\wtotqmx.exe
C:\windows\gheaqxi.exe
C:\windows\uhpejci.exe
C:\windows\rjjgmin.exe
C:\windows\shhpmek.exe
C:\windows\fswsasv.exe
C:\windows\ncvqatb.exe
C:\windows\nvbiucj.exe
C:\windows\aethrkf.exe
C:\windows\tlhdrcm.exe
C:\windows\ddrxspq.exe

* Go to the File menu, and choose Paste from Clipboard
* Click on the dropdown menu next to Full Path of File to Delete field.
* Verify that the filenames you pasted are found there
(dont be alarmed if some files may be missing. Just let me know which is missing)
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

Reboot your computer & perform an online scan with Internet Explorer with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
- In the scan settings make that the following are selected:
  - Scan using the following Anti-Virus database:
    - Standard
  - Scan Options:
    - Scan Archives
    - Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.

Copy and paste that information in your next post along with a fresh HJT log

* Turn off the real time scanner of any existing antivirus program while performing the online scan

08-23-2005, 11:32 PM	#8 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,333 OS: N/A	Sorry about that. I must be suffering premature blindness I did try looking for it but couldnt see it till now No need to re-do the test. Have Hijackthis fix these entries:(make sure your browser is closed before clicking Fix check) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/ O4 - HKCU\..\Run: [kmjghck] c:\windows\ehxwpcs.exe O4 - HKCU\..\Run: [mudcwfa] c:\windows\ehxwpcs.exe O4 - HKCU\..\Run: [oupsxwh] c:\windows\ehxwpcs.exe O4 - HKCU\..\Run: [njsivxm] c:\windows\ehxwpcs.exe O4 - HKCU\..\Run: [plspbqq] c:\windows\ehxwpcs.exe O4 - HKCU\..\Run: [rxlhdxq] c:\windows\hjaxsbi.exe O4 - HKCU\..\Run: [jyoloii] c:\windows\hjaxsbi.exe O4 - HKCU\..\Run: [ngcsdgs] c:\windows\rumxygq.exe O4 - HKCU\..\Run: [vvpspak] c:\windows\rumxygq.exe O4 - HKCU\..\Run: [jddelcp] c:\windows\rsfofrr.exe O4 - HKCU\..\Run: [kunppfw] c:\windows\jtbbphw.exe O4 - HKCU\..\Run: [vpcnsen] c:\windows\cctvvxs.exe O4 - HKCU\..\Run: [fogpowx] c:\windows\frdrlrw.exe O4 - HKCU\..\Run: [bmdwtrl] c:\windows\kthtjmy.exe O4 - HKCU\..\Run: [wgcpfaw] c:\windows\kthtjmy.exe O4 - HKCU\..\Run: [xcuesgb] c:\windows\smcclrh.exe O4 - HKCU\..\Run: [rmcjiid] c:\windows\smcclrh.exe O4 - HKCU\..\Run: [vyeoexn] c:\windows\jqptcvc.exe O4 - HKCU\..\Run: [aqkpcxd] c:\windows\wxcxmeo.exe O4 - HKCU\..\Run: [ychrvmi] c:\windows\jqptcvc.exe O4 - HKCU\..\Run: [eqeghbv] c:\windows\wxcxmeo.exe O4 - HKCU\..\Run: [affijos] c:\windows\cotgdqx.exe O4 - HKCU\..\Run: [lniltrg] c:\windows\cotgdqx.exe O4 - HKCU\..\Run: [flqiyte] c:\windows\kvqfbsp.exe O4 - HKCU\..\Run: [sssqsot] c:\windows\kvqfbsp.exe O4 - HKCU\..\Run: [wscrpvw] c:\windows\kvqfbsp.exe O4 - HKCU\..\Run: [qxqgpkq] c:\windows\crvhvod.exe O4 - HKCU\..\Run: [meuemcx] c:\windows\ryjodny.exe O4 - HKCU\..\Run: [prhsihs] c:\windows\ryjodny.exe O4 - HKCU\..\Run: [ydmhyuo] c:\windows\heshvsh.exe O4 - HKCU\..\Run: [noaapiw] c:\windows\sfbimkg.exe O4 - HKCU\..\Run: [kqdcmrv] c:\windows\sfbimkg.exe O4 - HKCU\..\Run: [bllwney] c:\windows\sfbimkg.exe O4 - HKCU\..\Run: [xdfkqwf] c:\windows\iusuknl.exe O4 - HKCU\..\Run: [jkdpmwe] c:\windows\xyhdwko.exe O4 - HKCU\..\Run: [vnlohmb] c:\windows\xyhdwko.exe O4 - HKCU\..\Run: [ahusrth] c:\windows\xyhdwko.exe O4 - HKCU\..\Run: [ufslyur] c:\windows\xyhdwko.exe O4 - HKCU\..\Run: [jfprcsj] c:\windows\xyhdwko.exe O4 - HKCU\..\Run: [hkagimf] c:\windows\xyhdwko.exe O4 - HKCU\..\Run: [tiyjowl] c:\windows\xyhdwko.exe O4 - HKCU\..\Run: [pfkqdpm] c:\windows\xyhdwko.exe O4 - HKCU\..\Run: [jekqtxx] c:\windows\xyhdwko.exe O4 - HKCU\..\Run: [lbsngkk] c:\windows\xyhdwko.exe O4 - HKCU\..\Run: [bxvvgae] c:\windows\xyhdwko.exe O4 - HKCU\..\Run: [vcydumn] c:\windows\xyhdwko.exe O4 - HKCU\..\Run: [cprdfws] c:\windows\tuhdsjx.exe O4 - HKCU\..\Run: [qjtwblu] c:\windows\ertkloh.exe O4 - HKCU\..\Run: [adhrbtm] c:\windows\dyakflu.exe O4 - HKCU\..\Run: [uyxtbxi] c:\windows\dyakflu.exe O4 - HKCU\..\Run: [gsutcyh] c:\windows\dyakflu.exe O4 - HKCU\..\Run: [iyxraqv] c:\windows\dyakflu.exe O4 - HKCU\..\Run: [ephvflp] c:\windows\dyakflu.exe O4 - HKCU\..\Run: [erpouxk] c:\windows\dyakflu.exe O4 - HKCU\..\Run: [gsdgbea] c:\windows\dyakflu.exe O4 - HKCU\..\Run: [vhxdtmh] c:\windows\jyquhjm.exe O4 - HKCU\..\Run: [guyxqga] c:\windows\jyquhjm.exe O4 - HKCU\..\Run: [yarybsq] c:\windows\cdhipuc.exe O4 - HKCU\..\Run: [lwrpujk] c:\windows\uttfmci.exe O4 - HKCU\..\Run: [ihhqkvh] c:\windows\uttfmci.exe O4 - HKCU\..\Run: [vluywwk] c:\windows\uttfmci.exe O4 - HKCU\..\Run: [bxhmoaq] c:\windows\uttfmci.exe O4 - HKCU\..\Run: [pgwmbyi] c:\windows\uttfmci.exe O4 - HKCU\..\Run: [ijnquan] c:\windows\uttfmci.exe O4 - HKCU\..\Run: [aynhspq] c:\windows\uttfmci.exe O4 - HKCU\..\Run: [ttrgqlb] c:\windows\apgcqaw.exe O4 - HKCU\..\Run: [vrubjcy] c:\windows\wtotqmx.exe O4 - HKCU\..\Run: [kqqfxnk] c:\windows\wtotqmx.exe O4 - HKCU\..\Run: [pliomry] c:\windows\wtotqmx.exe O4 - HKCU\..\Run: [lepfmln] c:\windows\wtotqmx.exe O4 - HKCU\..\Run: [temvoco] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [smydscn] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [vwxfdwv] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [drpjvij] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [sjcmrps] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [irnyxfi] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [jktnsdp] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [kqwdywc] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [fplufjn] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [fbqrdtq] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [ftdsveg] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [trqghky] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [rvbasgf] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [hxdfyll] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [mguttov] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [smxkdwr] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [xiynner] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [aeeycoj] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [gektqbp] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [oiripjt] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [lvxvylk] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [uioutex] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [avyuwrv] c:\windows\gheaqxi.exe O4 - HKCU\..\Run: [ojxyyqd] c:\windows\uhpejci.exe O4 - HKCU\..\Run: [wivpivr] c:\windows\uhpejci.exe O4 - HKCU\..\Run: [hflbpns] c:\windows\uhpejci.exe O4 - HKCU\..\Run: [osjkakv] c:\windows\uhpejci.exe O4 - HKCU\..\Run: [nbxvfvf] c:\windows\rjjgmin.exe O4 - HKCU\..\Run: [peswypq] c:\windows\rjjgmin.exe O4 - HKCU\..\Run: [cnjnstf] c:\windows\rjjgmin.exe O4 - HKCU\..\Run: [idhpwbv] c:\windows\rjjgmin.exe O4 - HKCU\..\Run: [nqoevns] c:\windows\eixcvha.exe O4 - HKCU\..\Run: [mbhpecc] c:\windows\eixcvha.exe O4 - HKCU\..\Run: [mmofckl] c:\windows\eixcvha.exe O4 - HKCU\..\Run: [awrvxxg] c:\windows\pwaxvnk.exe O4 - HKCU\..\Run: [gemnyvx] c:\windows\pwaxvnk.exe O4 - HKCU\..\Run: [rtqtnhj] c:\windows\wwyojgq.exe O4 - HKCU\..\Run: [kuxmqbs] c:\windows\vpvanpj.exe O4 - HKCU\..\Run: [yjchmgf] c:\windows\vpvanpj.exe O4 - HKCU\..\Run: [trtbvde] c:\windows\vblgmvc.exe O4 - HKCU\..\Run: [ccnvnck] c:\windows\vblgmvc.exe O4 - HKCU\..\Run: [maesnfw] c:\windows\ohrlccd.exe O4 - HKCU\..\Run: [yepqtef] c:\windows\ccxskyk.exe O4 - HKCU\..\Run: [ctnoxnt] c:\windows\ccxskyk.exe O4 - HKCU\..\Run: [biyttql] c:\windows\ccxskyk.exe O4 - HKCU\..\Run: [uflbipx] c:\windows\ccxskyk.exe O4 - HKCU\..\Run: [edxkven] c:\windows\ccxskyk.exe O4 - HKCU\..\Run: [lpernbx] c:\windows\ytqpolh.exe O4 - HKCU\..\Run: [kusntmr] c:\windows\ytqpolh.exe O4 - HKCU\..\Run: [ylosaxx] c:\windows\ytqpolh.exe O4 - HKCU\..\Run: [vvutonp] c:\windows\ytqpolh.exe O4 - HKCU\..\Run: [rfbtlhl] c:\windows\ytqpolh.exe O4 - HKCU\..\Run: [csgxfof] c:\windows\ytqpolh.exe O4 - HKCU\..\Run: [nqsooqm] c:\windows\ytqpolh.exe O4 - HKCU\..\Run: [sgdlquk] c:\windows\ytqpolh.exe O4 - HKCU\..\Run: [dbkmgrw] c:\windows\ytqpolh.exe O4 - HKCU\..\Run: [yubfgom] c:\windows\rjgpjsa.exe O4 - HKCU\..\Run: [jigtpua] c:\windows\rjgpjsa.exe O4 - HKCU\..\Run: [nwhyrdw] c:\windows\rjgpjsa.exe O4 - HKCU\..\Run: [lkvmyvf] c:\windows\rjgpjsa.exe O4 - HKCU\..\Run: [rcvboew] c:\windows\rjgpjsa.exe O4 - HKCU\..\Run: [ravokft] c:\windows\rjgpjsa.exe O4 - HKCU\..\Run: [nkkvwcr] c:\windows\rjgpjsa.exe O4 - HKCU\..\Run: [hfxtxjp] c:\windows\rjgpjsa.exe O4 - HKCU\..\Run: [nkigohe] c:\windows\rjgpjsa.exe O4 - HKCU\..\Run: [ncilvci] c:\windows\krftghp.exe O4 - HKCU\..\Run: [jbihyij] c:\windows\krftghp.exe O4 - HKCU\..\Run: [khxaojc] c:\windows\krftghp.exe O4 - HKCU\..\Run: [occamjm] c:\windows\krftghp.exe O4 - HKCU\..\Run: [ujheakm] c:\windows\krftghp.exe O4 - HKCU\..\Run: [hmrlsfh] c:\windows\krftghp.exe O4 - HKCU\..\Run: [llsajew] c:\windows\krftghp.exe O4 - HKCU\..\Run: [mwlvxjj] c:\windows\krftghp.exe O4 - HKCU\..\Run: [biseeyl] c:\windows\krftghp.exe O4 - HKCU\..\Run: [ndgnpfe] c:\windows\krftghp.exe O4 - HKCU\..\Run: [ppasohg] c:\windows\krftghp.exe O4 - HKCU\..\Run: [wfvwhka] c:\windows\krftghp.exe O4 - HKCU\..\Run: [civnrsx] c:\windows\krftghp.exe O4 - HKCU\..\Run: [afomidc] c:\windows\spcvoec.exe O4 - HKCU\..\Run: [qdujhin] c:\windows\spcvoec.exe O4 - HKCU\..\Run: [fbdoysk] c:\windows\spcvoec.exe O4 - HKCU\..\Run: [xrfdhas] c:\windows\spcvoec.exe O4 - HKCU\..\Run: [fadvvoq] c:\windows\shhpmek.exe O4 - HKCU\..\Run: [uxhlunp] c:\windows\shhpmek.exe O4 - HKCU\..\Run: [uttdhec] c:\windows\shhpmek.exe O4 - HKCU\..\Run: [vjllykv] c:\windows\fswsasv.exe O4 - HKCU\..\Run: [qjexqlw] c:\windows\fswsasv.exe O4 - HKCU\..\Run: [ryhsumv] c:\windows\fswsasv.exe O4 - HKCU\..\Run: [ohldvrn] c:\windows\ncvqatb.exe O4 - HKCU\..\Run: [joithjb] c:\windows\nvbiucj.exe O4 - HKCU\..\Run: [rinlrfk] c:\windows\nvbiucj.exe O4 - HKCU\..\Run: [shwhgqn] c:\windows\aethrkf.exe O4 - HKCU\..\Run: [gosjhrj] c:\windows\aethrkf.exe O4 - HKCU\..\Run: [xebhwai] c:\windows\aethrkf.exe O4 - HKCU\..\Run: [wpsyhff] c:\windows\aethrkf.exe O4 - HKCU\..\Run: [hutytid] c:\windows\aethrkf.exe O4 - HKCU\..\Run: [jhcbsdp] c:\windows\aethrkf.exe O4 - HKCU\..\Run: [qhbtxbb] c:\windows\aethrkf.exe O4 - HKCU\..\Run: [xfitjml] c:\windows\tlhdrcm.exe O4 - HKCU\..\Run: [cwyljkq] c:\windows\ddrxspq.exe O4 - HKCU\..\Run: [urhvhkv] c:\windows\ddrxspq.exe O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102/355//strpg.chm::/update.exe Launch KillBox.exe & select the following options: delete on Reboot end Explorer shell while killing file unregister dlll before deleting * if it's not grayed out Select all the filenames below & then click on Notepad's 'Edit' menu & select Copy C:\WINDOWS\SPCVOEC.EXE C:\WINDOWS\KRFTGHP.EXE C:\WINDOWS\RJGPJSA.EXE C:\WINDOWS\YTQPOLH.EXE C:\WINDOWS\CCXSKYK.EXE C:\WINDOWS\OHRLCCD.EXE C:\WINDOWS\VBLGMVC.EXE C:\WINDOWS\VPVANPJ.EXE C:\WINDOWS\WWYOJGQ.EXE C:\WINDOWS\PWAXVNK.EXE C:\windows\eixcvha.exe C:\WINDOWS\bludtba.exe C:\WINDOWS\bsebvfx.exe C:\WINDOWS\fyntatb.exe C:\WINDOWS\neiykrn.exe C:\WINDOWS\nmawyda.exe C:\WINDOWS\pulqfcf.exe C:\WINDOWS\SYSTEM32\arusxaaa.exe C:\WINDOWS\temp\ASHeuristic\dllupdate.exe.vir C:\WINDOWS\tpuebwr.exe C:\windows\ehxwpcs.exe C:\windows\hjaxsbi.exe C:\windows\rumxygq.exe C:\windows\rsfofrr.exe C:\windows\jtbbphw.exe C:\windows\cctvvxs.exe C:\windows\frdrlrw.exe C:\windows\kthtjmy.exe C:\windows\smcclrh.exe C:\windows\jqptcvc.exe C:\windows\wxcxmeo.exe C:\windows\jqptcvc.exe C:\windows\wxcxmeo.exe C:\windows\cotgdqx.exe C:\windows\kvqfbsp.exe C:\windows\crvhvod.exe C:\windows\ryjodny.exe C:\windows\heshvsh.exe C:\windows\sfbimkg.exe C:\windows\iusuknl.exe C:\windows\xyhdwko.exe C:\windows\tuhdsjx.exe C:\windows\ertkloh.exe C:\windows\dyakflu.exe C:\windows\jyquhjm.exe C:\windows\cdhipuc.exe C:\windows\uttfmci.exe C:\windows\apgcqaw.exe C:\windows\wtotqmx.exe C:\windows\gheaqxi.exe C:\windows\uhpejci.exe C:\windows\rjjgmin.exe C:\windows\shhpmek.exe C:\windows\fswsasv.exe C:\windows\ncvqatb.exe C:\windows\nvbiucj.exe C:\windows\aethrkf.exe C:\windows\tlhdrcm.exe C:\windows\ddrxspq.exe * Go to the File menu, and choose Paste from Clipboard * Click on the dropdown menu next to Full Path of File to Delete field. * Verify that the filenames you pasted are found there (dont be alarmed if some files may be missing. Just let me know which is missing) * Click the RED X button. * Click Yes at the Delete on Reboot prompt. * Click Yes at the 'Pending Operations prompt'. Reboot your computer & perform an online scan with Internet Explorer with Kaspersky WebScanner Next Click on Launch Kaspersky Anti-Virus Web Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Standard Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan:Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post along with a fresh HJT log * Turn off the real time scanner of any existing antivirus program while performing the online scan __________________ Question - what have you done for the community today?