|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
05-20-2005, 04:21 AM
|
#1 (permalink) |
|
Registered User
Join Date: May 2005
Posts: 5
OS: Win XP
|
Win Min problem
Hello,
every time I want to shut down my computer a Win Min error occurs. Also, my homepage changes to http://abcsearch4u.com/index.htm there's also a bunch of trojans I can't seem to get rid of. I ran Hijack This, this is the log: Logfile of HijackThis v1.99.1 Scan saved at 12:14:20, on 20-5-2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\windows\lgxbdon.exe D:\My Downloads\Spyware Doctor\swdoctor.exe D:\Program\weernieuwespyware\AVGUARD.EXE D:\Program\weernieuwespyware\AVWUPSRV.EXE c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Casema SnelHelp\bin\mpbtn.exe D:\Program\emule v 42\eMule\emule.exe D:\Privacy Guardian\pg.exe C:\WINDOWS\explorer.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Program\hijack this\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe D:\Program\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/index.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://klant.casema.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://klant.casema.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {282D55EA-F8DF-431B-9432-B3C6FAE30168} - (no file) O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\MYDOWN~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: (no name) - {7F6828CA-9E42-462C-BC60-418C8144012C} - (no file) O2 - BHO: (no name) - {89C460EB-D82E-415D-AB1F-CBB600D032E2} - (no file) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\MYDOWN~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: (no name) - {C5FC92B1-7FBF-4FCF-B97F-EB696A61C419} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CASEMA~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [WinampAgent] D:\Program\Winamp3\Winampnew\winampa.exe O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe O4 - HKLM\..\Run: [AVGCtrl] "D:\Program\weernieuwespyware\AVGNT.EXE" /min O4 - HKLM\..\Run: [THGuard] "D:\My Downloads\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe O4 - HKLM\..\RunOnce: [PrivacyGuardianIndex] D:\Privacy Guardian\PgIndex.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [rddbqsv] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [xotbwuq] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [Spyware Doctor] "D:\My Downloads\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [uhheahh] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [ufrlfno] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [lafwqck] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [hnistjw] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [dtwacdh] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [mngyreh] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [gahrawp] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [rphjauh] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [ivfaocg] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [supjcgs] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [kfvktfq] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [afgbplk] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [nhvdeyn] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [xxdpael] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [jevfdbm] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [cytuski] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [uxtkvnv] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [vykwssk] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [mbndufe] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [juynaot] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [sxjqnoj] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [uogmacb] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [dxpuotj] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [cdvigbq] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [rtgbgej] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [iuqnegg] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [kyxhrco] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [vfvpqdk] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [nsjytvm] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [ntokvwd] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [klplidy] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [cdbkgpq] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [svrpbsl] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [mkfsgwd] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [qfvyymh] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [jcbhmvi] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [bfksnsb] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [rxmaphu] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [sqatytw] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [botxnem] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [wbrfrvd] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [nxkbpox] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [mxiwuop] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [knqwtug] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [sluobgl] c:\windows\dbqbkri.exe O4 - HKCU\..\Run: [sexwhpq] c:\windows\vreljli.exe O4 - HKCU\..\Run: [uwqamnu] c:\windows\vreljli.exe O4 - HKCU\..\Run: [hogtwcs] c:\windows\vreljli.exe O4 - HKCU\..\Run: [kuebqff] c:\windows\vreljli.exe O4 - HKCU\..\Run: [hymrtkr] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ksonift] c:\windows\vreljli.exe O4 - HKCU\..\Run: [pmccakr] c:\windows\vreljli.exe O4 - HKCU\..\Run: [reysmrq] c:\windows\vreljli.exe O4 - HKCU\..\Run: [snbmqof] c:\windows\vreljli.exe O4 - HKCU\..\Run: [beorvxh] c:\windows\vreljli.exe O4 - HKCU\..\Run: [wqgitge] c:\windows\vreljli.exe O4 - HKCU\..\Run: [wnbwrfr] c:\windows\vreljli.exe O4 - HKCU\..\Run: [qjllygo] c:\windows\vreljli.exe O4 - HKCU\..\Run: [qtfywfo] c:\windows\vreljli.exe O4 - HKCU\..\Run: [sedabxw] c:\windows\vreljli.exe O4 - HKCU\..\Run: [xoypiya] c:\windows\vreljli.exe O4 - HKCU\..\Run: [cigbygo] c:\windows\vreljli.exe O4 - HKCU\..\Run: [qstbspq] c:\windows\vreljli.exe O4 - HKCU\..\Run: [nemrmsc] c:\windows\vreljli.exe O4 - HKCU\..\Run: [yscljer] c:\windows\vreljli.exe O4 - HKCU\..\Run: [gyuvops] c:\windows\vreljli.exe O4 - HKCU\..\Run: [sconums] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ehigpdr] c:\windows\vreljli.exe O4 - HKCU\..\Run: [hryqdgm] c:\windows\vreljli.exe O4 - HKCU\..\Run: [dcmokth] c:\windows\vreljli.exe O4 - HKCU\..\Run: [kmcyhbd] c:\windows\vreljli.exe O4 - HKCU\..\Run: [sdknenp] c:\windows\vreljli.exe O4 - HKCU\..\Run: [vvkrcmw] c:\windows\vreljli.exe O4 - HKCU\..\Run: [hfwycjm] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ujhyyer] c:\windows\vreljli.exe O4 - HKCU\..\Run: [eqgiynt] c:\windows\vreljli.exe O4 - HKCU\..\Run: [boqnrgn] c:\windows\vreljli.exe O4 - HKCU\..\Run: [mtatihu] c:\windows\vreljli.exe O4 - HKCU\..\Run: [gnotsnu] c:\windows\vreljli.exe O4 - HKCU\..\Run: [anjophl] c:\windows\vreljli.exe O4 - HKCU\..\Run: [kvpissf] c:\windows\vreljli.exe O4 - HKCU\..\Run: [lwkofkc] c:\windows\vreljli.exe O4 - HKCU\..\Run: [clemjer] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ysjvcfj] c:\windows\vreljli.exe O4 - HKCU\..\Run: [gperjac] c:\windows\vreljli.exe O4 - HKCU\..\Run: [jmkyhwt] c:\windows\vreljli.exe O4 - HKCU\..\Run: [gvgaeyp] c:\windows\vreljli.exe O4 - HKCU\..\Run: [uxjtkcx] c:\windows\vreljli.exe O4 - HKCU\..\Run: [iebdouy] c:\windows\vreljli.exe O4 - HKCU\..\Run: [uaidvqy] c:\windows\vreljli.exe O4 - HKCU\..\Run: [bcbstbv] c:\windows\vreljli.exe O4 - HKCU\..\Run: [tvypoti] c:\windows\vreljli.exe O4 - HKCU\..\Run: [pujmxtj] c:\windows\vreljli.exe O4 - HKCU\..\Run: [iqpdauu] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ungtrff] c:\windows\vreljli.exe O4 - HKCU\..\Run: [otlgumx] c:\windows\vreljli.exe O4 - HKCU\..\Run: [wwnpiwu] c:\windows\vreljli.exe O4 - HKCU\..\Run: [bvaqcao] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ldvqbha] c:\windows\vreljli.exe O4 - HKCU\..\Run: [sadktid] c:\windows\vreljli.exe O4 - HKCU\..\Run: [oqqhpax] c:\windows\vreljli.exe O4 - HKCU\..\Run: [lwvxmes] c:\windows\vreljli.exe O4 - HKCU\..\Run: [kqtmitg] c:\windows\vreljli.exe O4 - HKCU\..\Run: [pgiftpw] c:\windows\vreljli.exe O4 - HKCU\..\Run: [elmhgir] c:\windows\vreljli.exe O4 - HKCU\..\Run: [dbduhll] c:\windows\vreljli.exe O4 - HKCU\..\Run: [cipqxaw] c:\windows\vreljli.exe O4 - HKCU\..\Run: [vbtisms] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ffwecqp] c:\windows\vreljli.exe O4 - HKCU\..\Run: [hftowej] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ugdybxb] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ghpyvdx] c:\windows\vreljli.exe O4 - HKCU\..\Run: [vwwlaww] c:\windows\vreljli.exe O4 - HKCU\..\Run: [oirxwwf] c:\windows\vreljli.exe O4 - HKCU\..\Run: [epimeed] c:\windows\vreljli.exe O4 - HKCU\..\Run: [gnqogks] c:\windows\vreljli.exe O4 - HKCU\..\Run: [kxsgnqq] c:\windows\vreljli.exe O4 - HKCU\..\Run: [sueyoap] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ylqluux] c:\windows\vreljli.exe O4 - HKCU\..\Run: [tprbnep] c:\windows\vreljli.exe O4 - HKCU\..\Run: [jsikrma] c:\windows\vreljli.exe O4 - HKCU\..\Run: [hvxargo] c:\windows\vreljli.exe O4 - HKCU\..\Run: [wufhima] c:\windows\vreljli.exe O4 - HKCU\..\Run: [wuklssi] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ryfknjn] c:\windows\vreljli.exe O4 - HKCU\..\Run: [gdiqdym] c:\windows\vreljli.exe O4 - HKCU\..\Run: [aivnmev] c:\windows\vreljli.exe O4 - HKCU\..\Run: [kqvctje] c:\windows\vreljli.exe O4 - HKCU\..\Run: [vcxgwhb] c:\windows\vreljli.exe O4 - HKCU\..\Run: [sxoqopj] c:\windows\vreljli.exe O4 - HKCU\..\Run: [tsmqdku] c:\windows\vreljli.exe O4 - HKCU\..\Run: [raljjqe] c:\windows\vreljli.exe O4 - HKCU\..\Run: [hubmcle] c:\windows\vreljli.exe O4 - HKCU\..\Run: [rwvvgga] c:\windows\vreljli.exe O4 - HKCU\..\Run: [icfeyrr] c:\windows\vreljli.exe O4 - HKCU\..\Run: [isfvkyi] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ellbpvg] c:\windows\vreljli.exe O4 - HKCU\..\Run: [rfocqwj] c:\windows\vreljli.exe O4 - HKCU\..\Run: [njlmdeo] c:\windows\vreljli.exe O4 - HKCU\..\Run: [pyyyyvq] c:\windows\vreljli.exe O4 - HKCU\..\Run: [dnmgsrr] c:\windows\vreljli.exe O4 - HKCU\..\Run: [keoiack] c:\windows\vreljli.exe O4 - HKCU\..\Run: [lviuasf] c:\windows\vreljli.exe O4 - HKCU\..\Run: [puogvpm] c:\windows\vreljli.exe O4 - HKCU\..\Run: [wafshwe] c:\windows\vreljli.exe O4 - HKCU\..\Run: [mofggdo] c:\windows\vreljli.exe O4 - HKCU\..\Run: [cnndusd] c:\windows\vreljli.exe O4 - HKCU\..\Run: [mjcyfnp] c:\windows\vreljli.exe O4 - HKCU\..\Run: [wtkijhq] c:\windows\vreljli.exe O4 - HKCU\..\Run: [eesnntu] c:\windows\vreljli.exe O4 - HKCU\..\Run: [dsveijx] c:\windows\vreljli.exe O4 - HKCU\..\Run: [jqtjhno] c:\windows\vreljli.exe O4 - HKCU\..\Run: [egbbxjt] c:\windows\vreljli.exe O4 - HKCU\..\Run: [xdepxjx] c:\windows\vreljli.exe O4 - HKCU\..\Run: [nfehqxg] c:\windows\vreljli.exe O4 - HKCU\..\Run: [coqhgko] c:\windows\vreljli.exe O4 - HKCU\..\Run: [wpgdmow] c:\windows\vreljli.exe O4 - HKCU\..\Run: [flvpfop] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ixplsne] c:\windows\vreljli.exe O4 - HKCU\..\Run: [rtjjplc] c:\windows\vreljli.exe O4 - HKCU\..\Run: [bjntwqi] c:\windows\vreljli.exe O4 - HKCU\..\Run: [dijjkpq] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ehxcdgj] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ftlwcso] c:\windows\vreljli.exe O4 - HKCU\..\Run: [fryewfo] c:\windows\vreljli.exe O4 - HKCU\..\Run: [euuhpud] c:\windows\vreljli.exe O4 - HKCU\..\Run: [fqkeuve] c:\windows\vreljli.exe O4 - HKCU\..\Run: [lnrqiqd] c:\windows\vreljli.exe O4 - HKCU\..\Run: [dyolyfl] c:\windows\vreljli.exe O4 - HKCU\..\Run: [uwcjpyt] c:\windows\vreljli.exe O4 - HKCU\..\Run: [nskbpaw] c:\windows\vreljli.exe O4 - HKCU\..\Run: [nwaylgg] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ndepwef] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ghvyouw] c:\windows\vreljli.exe O4 - HKCU\..\Run: [dceieuw] c:\windows\vreljli.exe O4 - HKCU\..\Run: [qyypuui] c:\windows\vreljli.exe O4 - HKCU\..\Run: [tfwnlvx] c:\windows\vreljli.exe O4 - HKCU\..\Run: [cryasmq] c:\windows\vreljli.exe O4 - HKCU\..\Run: [iniakgy] c:\windows\vreljli.exe O4 - HKCU\..\Run: [tqsuqet] c:\windows\vreljli.exe O4 - HKCU\..\Run: [jpbtfop] c:\windows\vreljli.exe O4 - HKCU\..\Run: [aglqbxj] c:\windows\vreljli.exe O4 - HKCU\..\Run: [rnwgjog] c:\windows\vreljli.exe O4 - HKCU\..\Run: [fyiyxga] c:\windows\vreljli.exe O4 - HKCU\..\Run: [atpmdrd] c:\windows\vreljli.exe O4 - HKCU\..\Run: [maxkbgo] c:\windows\vreljli.exe O4 - HKCU\..\Run: [mqmivuq] c:\windows\vreljli.exe O4 - HKCU\..\Run: [mnuvujx] c:\windows\vreljli.exe O4 - HKCU\..\Run: [wigpeyw] c:\windows\vreljli.exe O4 - HKCU\..\Run: [mhnygkf] c:\windows\vreljli.exe O4 - HKCU\..\Run: [qcpqydw] c:\windows\vreljli.exe O4 - HKCU\..\Run: [xboklty] c:\windows\vreljli.exe O4 - HKCU\..\Run: [quomdbo] c:\windows\vreljli.exe O4 - HKCU\..\Run: [chghdkx] c:\windows\vreljli.exe O4 - HKCU\..\Run: [dbspdhs] c:\windows\vreljli.exe O4 - HKCU\..\Run: [hrirrcd] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ywfciyp] c:\windows\vreljli.exe O4 - HKCU\..\Run: [fhehosd] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ydmpkdh] c:\windows\vreljli.exe O4 - HKCU\..\Run: [pplvsro] c:\windows\vreljli.exe O4 - HKCU\..\Run: [eadsene] c:\windows\vreljli.exe O4 - HKCU\..\Run: [igobsag] c:\windows\vreljli.exe O4 - HKCU\..\Run: [puyymax] c:\windows\vreljli.exe O4 - HKCU\..\Run: [rfcbudh] c:\windows\vreljli.exe O4 - HKCU\..\Run: [cosdwqn] c:\windows\vreljli.exe O4 - HKCU\..\Run: [dhanpgv] c:\windows\vreljli.exe O4 - HKCU\..\Run: [vwtsddt] c:\windows\vreljli.exe O4 - HKCU\..\Run: [atljwtu] c:\windows\vreljli.exe O4 - HKCU\..\Run: [rpehhad] c:\windows\vreljli.exe O4 - HKCU\..\Run: [eytrtga] c:\windows\vreljli.exe O4 - HKCU\..\Run: [jwgubdr] c:\windows\vreljli.exe O4 - HKCU\..\Run: [euvtiwx] c:\windows\vreljli.exe O4 - HKCU\..\Run: [pbilkgu] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ptuhdhh] c:\windows\vreljli.exe O4 - HKCU\..\Run: [qpsumko] c:\windows\vreljli.exe O4 - HKCU\..\Run: [umycrjg] c:\windows\vreljli.exe O4 - HKCU\..\Run: [cifbcpa] c:\windows\vreljli.exe O4 - HKCU\..\Run: [xqcwmhy] c:\windows\vreljli.exe O4 - HKCU\..\Run: [gkqaxnj] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ebcwede] c:\windows\vreljli.exe O4 - HKCU\..\Run: [lpbpwgw] c:\windows\vreljli.exe O4 - HKCU\..\Run: [njstfii] c:\windows\vreljli.exe O4 - HKCU\..\Run: [yqtfuwo] c:\windows\vreljli.exe O4 - HKCU\..\Run: [sjekpkb] c:\windows\vreljli.exe O4 - HKCU\..\Run: [xkkunsr] c:\windows\vreljli.exe O4 - HKCU\..\Run: [mxeweft] c:\windows\vreljli.exe O4 - HKCU\..\Run: [dijufwd] c:\windows\vreljli.exe O4 - HKCU\..\Run: [bfenwhq] c:\windows\vreljli.exe O4 - HKCU\..\Run: [hymfulp] c:\windows\vreljli.exe O4 - HKCU\..\Run: [eaivbty] c:\windows\vreljli.exe O4 - HKCU\..\Run: [oijpkmr] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ivcsvex] c:\windows\vreljli.exe O4 - HKCU\..\Run: [npijcbj] c:\windows\vreljli.exe O4 - HKCU\..\Run: [brwwfwp] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [rjcpcsj] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [swocmrk] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [bhtyjlx] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [xuvbrjq] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ugenvcu] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [jmmhowt] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [cybqqej] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [qnlxgtc] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [tuftqld] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [bvhpser] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [dbicaeb] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [jgyswhi] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [jlgvrtw] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [riebvls] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ypkdkcy] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [sxqilng] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [qrafxkb] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [glccjfv] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [mawtroy] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [yhdehrh] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [nshepja] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [mhvshxs] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [knmplpd] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [djmaahr] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [oqauctx] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [kaljmha] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [tochqds] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [gyocchp] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [pcjaikw] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [gcastag] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [vicughp] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [pbyxrsm] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [mqghtax] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [xcewhwi] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [rbmhabf] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [rekigey] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [rdcuwtn] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [vshcilr] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [xoevdlx] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [vxufdyj] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ahjhaum] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [romtdke] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [huxtxgd] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ulntkap] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [kwqxvoi] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [tkvlhyq] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [nytfmem] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [otoentp] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [mprjifj] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [bpusskv] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ugdglma] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [xgrpybi] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [hytofdx] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [sqbedju] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [qcyupjl] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [jbrfwgb] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [xfwwsjq] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [vnxfvku] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [otbnqih] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [lqmayxm] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [kkvvkbk] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [bfneljv] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [pqyvtqx] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [uckvwed] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [delfpvt] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [hayfnwo] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [gupulxc] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [qohjfxe] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [rvutjhb] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ldlcftp] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [viabcks] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [mvtvwsw] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [neimwkm] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [cymkaks] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ptwsujl] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [urjfdtu] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [qldgkan] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [drdeliy] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [btllvtn] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [vfraxqw] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [hhbwvdw] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [lodcsox] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [sdygomg] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [dlsfwrp] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ntwbjov] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [smghmyw] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [brrnbsw] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [iswhugh] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [fesihgk] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [yhdhjwy] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [tjdvqte] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ubgdkkf] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [hbuwnrj] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [iivyulj] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [wvgbuye] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [irvwbgv] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [wabrmks] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [rvwnryp] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ewpftor] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [wlryhhy] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [pxbhojs] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [liijcpp] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [wxqiexl] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [fgbatax] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [omiscky] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [eedbumv] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ohtosae] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [mkptsds] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [vpmrrtv] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [dvihgis] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [uawgmik] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [nfqtqag] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [ghpvfvb] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [wtbiiss] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [ybxsdgv] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [qolmrjr] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [wovijeq] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [haclyqm] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [ccnmaxb] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [tknpbvp] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [abmkvnm] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [sytepfj] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [xwenfxp] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [kowmfnl] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [gsgxyth] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [almlogy] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [yvixnab] c:\windows\yjupuns.exe O4 - Global Startup: Casema SnelHelp.lnk = C:\Program Files\Casema SnelHelp\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program\Nieuwe map\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Program\NIEUWE~1\Office10\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\MYDOWN~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Microsoft AntiSpyware helper - {7388DE5F-97EF-4107-ADCA-6ED7CF378596} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7388DE5F-97EF-4107-ADCA-6ED7CF378596} - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3066B4CF-EBCE-01F7-AB0F-732F578C8C32} - http://69.50.182.94/1/gdnNL1882.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/097fe471...p/RdxIE601.cab O16 - DPF: {74EFAA7A-3CEA-3119-1F68-738A1D399AE5} - http://69.50.182.94/1/gdnNL1882.exe O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} (VOGWeb2 Class) - http://engine.vogclub.com/activex/vogweb29.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Program\weernieuwespyware\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program\weernieuwespyware\AVWUPSRV.EXE O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe Thanks in advance |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
05-20-2005, 08:15 AM
|
#2 (permalink) |
|
Moderator, Microsoft Support
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,481
OS: XP SP2
|
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.
Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked. For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep). Go to Start->Run and type in services.msc and hit OK. Then look for System Startup Service (SvcProc) and double click on it. Click on the Stop button and under Startup type, choose Disabled. Download LSPFix http://www.greyknight17.com/spy/LSPFix.exe and run it. Click on flsmngr.dll on the left window and click on the arrow pointing to the right. Click Finish and follow the prompts. Reboot into Safe Mode by hitting the F8 key until menu shows up. In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click 'Kill process' for each one if they are still listed (they shouldn't be - but double check): C:\windows\lgxbdon.exe Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {282D55EA-F8DF-431B-9432-B3C6FAE30168} - (no file) O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - (no file) O2 - BHO: (no name) - {7F6828CA-9E42-462C-BC60-418C8144012C} - (no file) O2 - BHO: (no name) - {89C460EB-D82E-415D-AB1F-CBB600D032E2} - (no file) O2 - BHO: (no name) - {C5FC92B1-7FBF-4FCF-B97F-EB696A61C419} - (no file) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe O4 - HKCU\..\Run: [rddbqsv] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [xotbwuq] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [uhheahh] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [ufrlfno] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [lafwqck] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [hnistjw] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [dtwacdh] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [mngyreh] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [gahrawp] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [rphjauh] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [ivfaocg] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [supjcgs] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [kfvktfq] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [afgbplk] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [nhvdeyn] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [xxdpael] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [jevfdbm] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [cytuski] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [uxtkvnv] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [vykwssk] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [mbndufe] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [juynaot] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [sxjqnoj] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [uogmacb] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [dxpuotj] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [cdvigbq] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [rtgbgej] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [iuqnegg] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [kyxhrco] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [vfvpqdk] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [nsjytvm] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [ntokvwd] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [klplidy] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [cdbkgpq] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [svrpbsl] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [mkfsgwd] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [qfvyymh] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [jcbhmvi] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [bfksnsb] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [rxmaphu] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [sqatytw] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [botxnem] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [wbrfrvd] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [nxkbpox] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [mxiwuop] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [knqwtug] c:\windows\lgxbdon.exe O4 - HKCU\..\Run: [sluobgl] c:\windows\dbqbkri.exe O4 - HKCU\..\Run: [sexwhpq] c:\windows\vreljli.exe O4 - HKCU\..\Run: [uwqamnu] c:\windows\vreljli.exe O4 - HKCU\..\Run: [hogtwcs] c:\windows\vreljli.exe O4 - HKCU\..\Run: [kuebqff] c:\windows\vreljli.exe O4 - HKCU\..\Run: [hymrtkr] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ksonift] c:\windows\vreljli.exe O4 - HKCU\..\Run: [pmccakr] c:\windows\vreljli.exe O4 - HKCU\..\Run: [reysmrq] c:\windows\vreljli.exe O4 - HKCU\..\Run: [snbmqof] c:\windows\vreljli.exe O4 - HKCU\..\Run: [beorvxh] c:\windows\vreljli.exe O4 - HKCU\..\Run: [wqgitge] c:\windows\vreljli.exe O4 - HKCU\..\Run: [wnbwrfr] c:\windows\vreljli.exe O4 - HKCU\..\Run: [qjllygo] c:\windows\vreljli.exe O4 - HKCU\..\Run: [qtfywfo] c:\windows\vreljli.exe O4 - HKCU\..\Run: [sedabxw] c:\windows\vreljli.exe O4 - HKCU\..\Run: [xoypiya] c:\windows\vreljli.exe O4 - HKCU\..\Run: [cigbygo] c:\windows\vreljli.exe O4 - HKCU\..\Run: [qstbspq] c:\windows\vreljli.exe O4 - HKCU\..\Run: [nemrmsc] c:\windows\vreljli.exe O4 - HKCU\..\Run: [yscljer] c:\windows\vreljli.exe O4 - HKCU\..\Run: [gyuvops] c:\windows\vreljli.exe O4 - HKCU\..\Run: [sconums] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ehigpdr] c:\windows\vreljli.exe O4 - HKCU\..\Run: [hryqdgm] c:\windows\vreljli.exe O4 - HKCU\..\Run: [dcmokth] c:\windows\vreljli.exe O4 - HKCU\..\Run: [kmcyhbd] c:\windows\vreljli.exe O4 - HKCU\..\Run: [sdknenp] c:\windows\vreljli.exe O4 - HKCU\..\Run: [vvkrcmw] c:\windows\vreljli.exe O4 - HKCU\..\Run: [hfwycjm] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ujhyyer] c:\windows\vreljli.exe O4 - HKCU\..\Run: [eqgiynt] c:\windows\vreljli.exe O4 - HKCU\..\Run: [boqnrgn] c:\windows\vreljli.exe O4 - HKCU\..\Run: [mtatihu] c:\windows\vreljli.exe O4 - HKCU\..\Run: [gnotsnu] c:\windows\vreljli.exe O4 - HKCU\..\Run: [anjophl] c:\windows\vreljli.exe O4 - HKCU\..\Run: [kvpissf] c:\windows\vreljli.exe O4 - HKCU\..\Run: [lwkofkc] c:\windows\vreljli.exe O4 - HKCU\..\Run: [clemjer] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ysjvcfj] c:\windows\vreljli.exe O4 - HKCU\..\Run: [gperjac] c:\windows\vreljli.exe O4 - HKCU\..\Run: [jmkyhwt] c:\windows\vreljli.exe O4 - HKCU\..\Run: [gvgaeyp] c:\windows\vreljli.exe O4 - HKCU\..\Run: [uxjtkcx] c:\windows\vreljli.exe O4 - HKCU\..\Run: [iebdouy] c:\windows\vreljli.exe O4 - HKCU\..\Run: [uaidvqy] c:\windows\vreljli.exe O4 - HKCU\..\Run: [bcbstbv] c:\windows\vreljli.exe O4 - HKCU\..\Run: [tvypoti] c:\windows\vreljli.exe O4 - HKCU\..\Run: [pujmxtj] c:\windows\vreljli.exe O4 - HKCU\..\Run: [iqpdauu] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ungtrff] c:\windows\vreljli.exe O4 - HKCU\..\Run: [otlgumx] c:\windows\vreljli.exe O4 - HKCU\..\Run: [wwnpiwu] c:\windows\vreljli.exe O4 - HKCU\..\Run: [bvaqcao] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ldvqbha] c:\windows\vreljli.exe O4 - HKCU\..\Run: [sadktid] c:\windows\vreljli.exe O4 - HKCU\..\Run: [oqqhpax] c:\windows\vreljli.exe O4 - HKCU\..\Run: [lwvxmes] c:\windows\vreljli.exe O4 - HKCU\..\Run: [kqtmitg] c:\windows\vreljli.exe O4 - HKCU\..\Run: [pgiftpw] c:\windows\vreljli.exe O4 - HKCU\..\Run: [elmhgir] c:\windows\vreljli.exe O4 - HKCU\..\Run: [dbduhll] c:\windows\vreljli.exe O4 - HKCU\..\Run: [cipqxaw] c:\windows\vreljli.exe O4 - HKCU\..\Run: [vbtisms] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ffwecqp] c:\windows\vreljli.exe O4 - HKCU\..\Run: [hftowej] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ugdybxb] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ghpyvdx] c:\windows\vreljli.exe O4 - HKCU\..\Run: [vwwlaww] c:\windows\vreljli.exe O4 - HKCU\..\Run: [oirxwwf] c:\windows\vreljli.exe O4 - HKCU\..\Run: [epimeed] c:\windows\vreljli.exe O4 - HKCU\..\Run: [gnqogks] c:\windows\vreljli.exe O4 - HKCU\..\Run: [kxsgnqq] c:\windows\vreljli.exe O4 - HKCU\..\Run: [sueyoap] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ylqluux] c:\windows\vreljli.exe O4 - HKCU\..\Run: [tprbnep] c:\windows\vreljli.exe O4 - HKCU\..\Run: [jsikrma] c:\windows\vreljli.exe O4 - HKCU\..\Run: [hvxargo] c:\windows\vreljli.exe O4 - HKCU\..\Run: [wufhima] c:\windows\vreljli.exe O4 - HKCU\..\Run: [wuklssi] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ryfknjn] c:\windows\vreljli.exe O4 - HKCU\..\Run: [gdiqdym] c:\windows\vreljli.exe O4 - HKCU\..\Run: [aivnmev] c:\windows\vreljli.exe O4 - HKCU\..\Run: [kqvctje] c:\windows\vreljli.exe O4 - HKCU\..\Run: [vcxgwhb] c:\windows\vreljli.exe O4 - HKCU\..\Run: [sxoqopj] c:\windows\vreljli.exe O4 - HKCU\..\Run: [tsmqdku] c:\windows\vreljli.exe O4 - HKCU\..\Run: [raljjqe] c:\windows\vreljli.exe O4 - HKCU\..\Run: [hubmcle] c:\windows\vreljli.exe O4 - HKCU\..\Run: [rwvvgga] c:\windows\vreljli.exe O4 - HKCU\..\Run: [icfeyrr] c:\windows\vreljli.exe O4 - HKCU\..\Run: [isfvkyi] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ellbpvg] c:\windows\vreljli.exe O4 - HKCU\..\Run: [rfocqwj] c:\windows\vreljli.exe O4 - HKCU\..\Run: [njlmdeo] c:\windows\vreljli.exe O4 - HKCU\..\Run: [pyyyyvq] c:\windows\vreljli.exe O4 - HKCU\..\Run: [dnmgsrr] c:\windows\vreljli.exe O4 - HKCU\..\Run: [keoiack] c:\windows\vreljli.exe O4 - HKCU\..\Run: [lviuasf] c:\windows\vreljli.exe O4 - HKCU\..\Run: [puogvpm] c:\windows\vreljli.exe O4 - HKCU\..\Run: [wafshwe] c:\windows\vreljli.exe O4 - HKCU\..\Run: [mofggdo] c:\windows\vreljli.exe O4 - HKCU\..\Run: [cnndusd] c:\windows\vreljli.exe O4 - HKCU\..\Run: [mjcyfnp] c:\windows\vreljli.exe O4 - HKCU\..\Run: [wtkijhq] c:\windows\vreljli.exe O4 - HKCU\..\Run: [eesnntu] c:\windows\vreljli.exe O4 - HKCU\..\Run: [dsveijx] c:\windows\vreljli.exe O4 - HKCU\..\Run: [jqtjhno] c:\windows\vreljli.exe O4 - HKCU\..\Run: [egbbxjt] c:\windows\vreljli.exe O4 - HKCU\..\Run: [xdepxjx] c:\windows\vreljli.exe O4 - HKCU\..\Run: [nfehqxg] c:\windows\vreljli.exe O4 - HKCU\..\Run: [coqhgko] c:\windows\vreljli.exe O4 - HKCU\..\Run: [wpgdmow] c:\windows\vreljli.exe O4 - HKCU\..\Run: [flvpfop] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ixplsne] c:\windows\vreljli.exe O4 - HKCU\..\Run: [rtjjplc] c:\windows\vreljli.exe O4 - HKCU\..\Run: [bjntwqi] c:\windows\vreljli.exe O4 - HKCU\..\Run: [dijjkpq] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ehxcdgj] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ftlwcso] c:\windows\vreljli.exe O4 - HKCU\..\Run: [fryewfo] c:\windows\vreljli.exe O4 - HKCU\..\Run: [euuhpud] c:\windows\vreljli.exe O4 - HKCU\..\Run: [fqkeuve] c:\windows\vreljli.exe O4 - HKCU\..\Run: [lnrqiqd] c:\windows\vreljli.exe O4 - HKCU\..\Run: [dyolyfl] c:\windows\vreljli.exe O4 - HKCU\..\Run: [uwcjpyt] c:\windows\vreljli.exe O4 - HKCU\..\Run: [nskbpaw] c:\windows\vreljli.exe O4 - HKCU\..\Run: [nwaylgg] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ndepwef] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ghvyouw] c:\windows\vreljli.exe O4 - HKCU\..\Run: [dceieuw] c:\windows\vreljli.exe O4 - HKCU\..\Run: [qyypuui] c:\windows\vreljli.exe O4 - HKCU\..\Run: [tfwnlvx] c:\windows\vreljli.exe O4 - HKCU\..\Run: [cryasmq] c:\windows\vreljli.exe O4 - HKCU\..\Run: [iniakgy] c:\windows\vreljli.exe O4 - HKCU\..\Run: [tqsuqet] c:\windows\vreljli.exe O4 - HKCU\..\Run: [jpbtfop] c:\windows\vreljli.exe O4 - HKCU\..\Run: [aglqbxj] c:\windows\vreljli.exe O4 - HKCU\..\Run: [rnwgjog] c:\windows\vreljli.exe O4 - HKCU\..\Run: [fyiyxga] c:\windows\vreljli.exe O4 - HKCU\..\Run: [atpmdrd] c:\windows\vreljli.exe O4 - HKCU\..\Run: [maxkbgo] c:\windows\vreljli.exe O4 - HKCU\..\Run: [mqmivuq] c:\windows\vreljli.exe O4 - HKCU\..\Run: [mnuvujx] c:\windows\vreljli.exe O4 - HKCU\..\Run: [wigpeyw] c:\windows\vreljli.exe O4 - HKCU\..\Run: [mhnygkf] c:\windows\vreljli.exe O4 - HKCU\..\Run: [qcpqydw] c:\windows\vreljli.exe O4 - HKCU\..\Run: [xboklty] c:\windows\vreljli.exe O4 - HKCU\..\Run: [quomdbo] c:\windows\vreljli.exe O4 - HKCU\..\Run: [chghdkx] c:\windows\vreljli.exe O4 - HKCU\..\Run: [dbspdhs] c:\windows\vreljli.exe O4 - HKCU\..\Run: [hrirrcd] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ywfciyp] c:\windows\vreljli.exe O4 - HKCU\..\Run: [fhehosd] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ydmpkdh] c:\windows\vreljli.exe O4 - HKCU\..\Run: [pplvsro] c:\windows\vreljli.exe O4 - HKCU\..\Run: [eadsene] c:\windows\vreljli.exe O4 - HKCU\..\Run: [igobsag] c:\windows\vreljli.exe O4 - HKCU\..\Run: [puyymax] c:\windows\vreljli.exe O4 - HKCU\..\Run: [rfcbudh] c:\windows\vreljli.exe O4 - HKCU\..\Run: [cosdwqn] c:\windows\vreljli.exe O4 - HKCU\..\Run: [dhanpgv] c:\windows\vreljli.exe O4 - HKCU\..\Run: [vwtsddt] c:\windows\vreljli.exe O4 - HKCU\..\Run: [atljwtu] c:\windows\vreljli.exe O4 - HKCU\..\Run: [rpehhad] c:\windows\vreljli.exe O4 - HKCU\..\Run: [eytrtga] c:\windows\vreljli.exe O4 - HKCU\..\Run: [jwgubdr] c:\windows\vreljli.exe O4 - HKCU\..\Run: [euvtiwx] c:\windows\vreljli.exe O4 - HKCU\..\Run: [pbilkgu] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ptuhdhh] c:\windows\vreljli.exe O4 - HKCU\..\Run: [qpsumko] c:\windows\vreljli.exe O4 - HKCU\..\Run: [umycrjg] c:\windows\vreljli.exe O4 - HKCU\..\Run: [cifbcpa] c:\windows\vreljli.exe O4 - HKCU\..\Run: [xqcwmhy] c:\windows\vreljli.exe O4 - HKCU\..\Run: [gkqaxnj] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ebcwede] c:\windows\vreljli.exe O4 - HKCU\..\Run: [lpbpwgw] c:\windows\vreljli.exe O4 - HKCU\..\Run: [njstfii] c:\windows\vreljli.exe O4 - HKCU\..\Run: [yqtfuwo] c:\windows\vreljli.exe O4 - HKCU\..\Run: [sjekpkb] c:\windows\vreljli.exe O4 - HKCU\..\Run: [xkkunsr] c:\windows\vreljli.exe O4 - HKCU\..\Run: [mxeweft] c:\windows\vreljli.exe O4 - HKCU\..\Run: [dijufwd] c:\windows\vreljli.exe O4 - HKCU\..\Run: [bfenwhq] c:\windows\vreljli.exe O4 - HKCU\..\Run: [hymfulp] c:\windows\vreljli.exe O4 - HKCU\..\Run: [eaivbty] c:\windows\vreljli.exe O4 - HKCU\..\Run: [oijpkmr] c:\windows\vreljli.exe O4 - HKCU\..\Run: [ivcsvex] c:\windows\vreljli.exe O4 - HKCU\..\Run: [npijcbj] c:\windows\vreljli.exe O4 - HKCU\..\Run: [brwwfwp] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [rjcpcsj] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [swocmrk] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [bhtyjlx] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [xuvbrjq] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ugenvcu] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [jmmhowt] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [cybqqej] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [qnlxgtc] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [tuftqld] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [bvhpser] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [dbicaeb] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [jgyswhi] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [jlgvrtw] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [riebvls] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ypkdkcy] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [sxqilng] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [qrafxkb] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [glccjfv] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [mawtroy] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [yhdehrh] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [nshepja] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [mhvshxs] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [knmplpd] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [djmaahr] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [oqauctx] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [kaljmha] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [tochqds] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [gyocchp] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [pcjaikw] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [gcastag] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [vicughp] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [pbyxrsm] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [mqghtax] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [xcewhwi] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [rbmhabf] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [rekigey] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [rdcuwtn] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [vshcilr] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [xoevdlx] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [vxufdyj] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ahjhaum] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [romtdke] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [huxtxgd] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ulntkap] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [kwqxvoi] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [tkvlhyq] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [nytfmem] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [otoentp] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [mprjifj] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [bpusskv] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ugdglma] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [xgrpybi] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [hytofdx] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [sqbedju] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [qcyupjl] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [jbrfwgb] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [xfwwsjq] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [vnxfvku] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [otbnqih] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [lqmayxm] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [kkvvkbk] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [bfneljv] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [pqyvtqx] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [uckvwed] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [delfpvt] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [hayfnwo] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [gupulxc] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [qohjfxe] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [rvutjhb] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ldlcftp] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [viabcks] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [mvtvwsw] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [neimwkm] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [cymkaks] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ptwsujl] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [urjfdtu] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [qldgkan] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [drdeliy] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [btllvtn] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [vfraxqw] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [hhbwvdw] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [lodcsox] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [sdygomg] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [dlsfwrp] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ntwbjov] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [smghmyw] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [brrnbsw] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [iswhugh] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [fesihgk] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [yhdhjwy] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [tjdvqte] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ubgdkkf] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [hbuwnrj] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [iivyulj] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [wvgbuye] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [irvwbgv] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [wabrmks] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [rvwnryp] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ewpftor] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [wlryhhy] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [pxbhojs] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [liijcpp] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [wxqiexl] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [fgbatax] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [omiscky] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [eedbumv] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [ohtosae] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [mkptsds] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [vpmrrtv] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [dvihgis] c:\windows\ooiapcf.exe O4 - HKCU\..\Run: [uawgmik] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [nfqtqag] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [ghpvfvb] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [wtbiiss] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [ybxsdgv] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [qolmrjr] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [wovijeq] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [haclyqm] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [ccnmaxb] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [tknpbvp] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [abmkvnm] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [sytepfj] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [xwenfxp] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [kowmfnl] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [gsgxyth] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [almlogy] c:\windows\yjupuns.exe O4 - HKCU\..\Run: [yvixnab] c:\windows\yjupuns.exe O9 - Extra button: Microsoft AntiSpyware helper - {7388DE5F-97EF-4107-ADCA-6ED7CF378596} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7388DE5F-97EF-4107-ADCA-6ED7CF378596} - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O16 - DPF: {3066B4CF-EBCE-01F7-AB0F-732F578C8C32} - http://69.50.182.94/1/gdnNL1882.exe O16 - DPF: {74EFAA7A-3CEA-3119-1F68-738A1D399AE5} - http://69.50.182.94/1/gdnNL1882.exe O16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} (VOGWeb2 Class) - http://engine.vogclub.com/activex/vogweb29.cab O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist: C:\WINDOWS\isrvs\ c:\windows\system32\flsmngr.dll c:\windows\yjupuns.exe c:\windows\ooiapcf.exe c:\windows\vreljli.exe c:\windows\lgxbdon.exe C:\WINDOWS\svcproc.exe Reboot into Normal Mode run a new HijackThis scan. Save the log file and run KRC HijackThis Analyzer http://www.greyknight17.com/spy/KRC%...20Analyzer.zip in the same folder to get the result.txt log. Just post the contents of the result.txt file in your next reply. If any of the above files give you trouble: Download KillBox http://www.greyknight17.com/spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot): c:\windows\system32\flsmngr.dll c:\windows\yjupuns.exe c:\windows\ooiapcf.exe c:\windows\vreljli.exe c:\windows\lgxbdon.exe C:\WINDOWS\svcproc.exe Let's use a program to scan for any trojans that may exist. Download TDS-3 http://tds.diamondcs.com.au/index.php?page=download. Learn how to use it at http://tds.diamondcs.com.au/index.php?page=easytouse. Make sure to update it after you installed it. You can get the manual updates at http://tds.diamondcs.com.au/index.php?page=update. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to 'System Testing' on the menu and choose 'Full System Scan'. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top). If any alarms are found, it will be listed in the bottom window. Please copy and paste that here also if it applies. If you have problems copying the text, look (or search) for a file named scandump.txt and see if that has the alarms - post that here.
__________________
  |
|
|
|
|
05-20-2005, 08:13 PM
|
#3 (permalink) |
|
Registered User
Join Date: May 2005
Posts: 5
OS: Win XP
|
Thanks a lot!
After following your instructions, it seems the Win Min problem has been solved, this is the analyzation Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 18:44:16, on 20-5-2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe C:\PROGRA~1\CASEMA~1\SMARTB~1\MotiveSB.exe D:\Program\Winamp3\Winampnew\winampa.exe D:\Program\weernieuwespyware\AVGNT.EXE C:\progra~1\mcafee\MCAFEE~1\MssCli.exe D:\My Downloads\Spyware Doctor\swdoctor.exe C:\Program Files\Casema SnelHelp\bin\mpbtn.exe D:\Program\weernieuwespyware\AVGUARD.EXE D:\Program\weernieuwespyware\AVWUPSRV.EXE c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe D:\Program\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://klant.casema.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://klant.casema.nl/ O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\MYDOWN~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\MYDOWN~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CASEMA~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [WinampAgent] D:\Program\Winamp3\Winampnew\winampa.exe O4 - HKLM\..\Run: [AVGCtrl] "D:\Program\weernieuwespyware\AVGNT.EXE" /min O4 - HKLM\..\Run: [THGuard] "D:\My Downloads\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe O4 - HKCU\..\Run: [Spyware Doctor] "D:\My Downloads\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: Casema SnelHelp.lnk = C:\Program Files\Casema SnelHelp\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program\Nieuwe map\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Program\NIEUWE~1\Office10\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\MYDOWN~1\SPYWAR~1\tools\iesdpb.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/097fe471...p/RdxIE601.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Program\weernieuwespyware\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program\weernieuwespyware\AVWUPSRV.EXE O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe End of KRC HijackThis Analyzer Log. ==================================================================== Concerning the trojans, this is the result of TD53 This is the TD53 logfile 18:56:38 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED) 18:56:38 [Init] Started 20-05-05 18:56:38 West-Europa (standaardtijd) (UTC: -1), Internet Time @747,66 18:56:38 [Init] Loading TDS-3 Systems ... 18:56:38 [Init] Token successfully adjusted. 18:56:38 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum 18:56:38 [Init] • Plugins : OK. Loaded 13 18:56:38 [Init] • Exec Protection : Not Installed 18:56:38 [Init] WARNING: Your Radius.TD3 database needs to be updated! 18:56:38 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3 18:56:38 [Init] Licensed users can use the Update facility from the TDS menu 18:56:38 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs> 18:56:42 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families 18:56:42 [Init] • Systems Initialised [39471 references - 16560 primaries/10873 traces/12038 variants/other] 18:56:42 [Init] Radius Systems loaded. <Databases updated 14-10-2004> 18:56:42 [Init] TDS-3 Ready. <Flo@83.83.36.133, 127.0.0.1 - Nederland> 18:56:42 [Tip Of The Day] When using the TCP Connect or UDP Broadcast utilities, you can access the full ASCII character set by typing $$char$$, for example: Hello$$13$$$$10$$ <- The $$13$$$$10$$ bit would be replaced with Chr$(13) and Chr$(10) (carriage return & line-feed respectively) 18:56:42 [TDS] Good evening Flo. What time do you finish work tonight? 18:56:45 [Mutex Memory Scan] Started... 18:56:46 [Mutex Memory Scan] Finished (no trojan mutexes found). 18:56:46 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering. 18:57:06 [CRC32] Started - verifying 29 files ... 18:57:07 [CRC32] File doesn't exist: C:\autoexec.bat 18:57:09 [CRC32] Test finished. 18:57:48 [Memory Scan] Memory scan started, please wait a moment ... 18:57:49 [Memory Scan] Memory scan complete. 18:57:49 [Mutex Memory Scan] Started... 18:57:51 [Mutex Memory Scan] Finished (no trojan mutexes found). 18:57:51 [Trace Scan] Started... 18:57:56 [Trace Scan] Finished. 18:57:56 [ServiceScan] Scanning for services and drivers ... 18:58:07 [Locked File] Couldn't open c:\windows\svcproc.exe for read access, file is locked 18:58:08 [ServiceScan] Scanned 274 services and drivers. 18:58:08 [File Scan] Scanning in A:\ ... 18:58:09 [File Scan] Scanned 0 files: 0 alarms in 1,1875 seconds (Avg 1, files/sec) 18:58:09 [File Scan] Scanning in C:\ ... 19:00:55 [Locked File] Couldn't open c:\windows\dstart51.exe for read access, file is locked 19:00:56 [Locked File] Couldn't open c:\windows\dstart52.exe for read access, file is locked 19:00:57 [Locked File] Couldn't open c:\windows\dstart61.exe for read access, file is locked 19:00:57 [Locked File] Couldn't open c:\windows\dstart62.exe for read access, file is locked 19:01:13 [Locked File] Couldn't open c:\windows\svcproc.exe for read access, file is locked 19:04:07 [Locked File] Couldn't open c:\windows\downloaded program files\f10213.exe for read access, file is locked 19:05:14 [Locked File] Couldn't open c:\windows\isrvs\edmond.exe for read access, file is locked 23:21:34 [TDS] Good evening Flo. 23:32:33 [File Scan] Scanned 19232 files: 2 alarms in 16462,23 seconds (Avg 2,17 files/sec) 23:32:35 [File Scan] Scanning in D:\ ... 23:58:02 [File Scan] Scanned 33941 files: 356 alarms in 1526,891 seconds (Avg 23,23 files/sec) 23:58:02 [File Scan] Scanning in E:\ ... 23:58:02 [File Scan] Scanned 0 files: 356 alarms in 0,015625 seconds (Avg 1, files/sec) 23:58:02 [File Scan] Scanning in F:\ ... 23:58:02 [File Scan] Scanned 0 files: 356 alarms in 0 seconds (Avg -1,#IND files/sec) 23:58:02 [Scan] Finished. The alarms are posted here: Scan Control Dumped @ 03:56:51 21-05-05 Suspicious Filename: HTA file in suspicious location File: c:\d25c119d.hta Positive identification: Pornware.Dialer.Star.e File: c:\windows\p2p[p2p-10116,de,1].exe Positive identification: Trojan.Win32.Likes File: d:\program\weernieuwespyware\infected\a0056788.exe.vir Positive identification: Trojan.Win32.Likes File: d:\program\weernieuwespyware\infected\a0056789.exe.vir Positive identification: Trojan.Win32.Likes File: d:\program\weernieuwespyware\infected\a0056790.exe.vir Positive identification: Trojan.Win32.Likes File: d:\program\weernieuwespyware\infected\a0056795.exe.vir Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\a0056796.dll.vir Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\a0056797.dll.vir Positive identification: Trojan.Win32.Likes File: d:\program\weernieuwespyware\infected\a0060514.exe.vir Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\a0062515.dll.vir Positive identification: Trojan.Win32.Likes File: d:\program\weernieuwespyware\infected\a0062516.exe.vir Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\a0062876.dll.vir Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\a0063915.dll.vir Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\a0063916.dll.vir Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\a0063974.dll.vir Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\a0063975.dll.vir Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.002 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.003 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.004 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.005 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.006 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.007 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.008 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.009 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.010 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.011 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.012 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.013 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.014 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.015 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.016 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.017 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.018 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.019 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.020 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.021 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.022 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.023 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.024 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.025 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.026 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.027 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.028 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.029 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.030 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.bin.vir Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.dll.002 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.dll.003 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.dll.004 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.dll.005 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.dll.006 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.dll.007 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.dll.008 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.dll.vir Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.tmp.002 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.tmp.003 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.tmp.004 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.tmp.005 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.tmp.006 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.tmp.007 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.tmp.008 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.tmp.009 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.tmp.010 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.tmp.011 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.tmp.012 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.tmp.013 Positive identification (embedded in file): Trojan.Win32.StartPage.ix1 (dll) File: d:\program\weernieuwespyware\infected\ap0.tmp.014 |
|
|
|
|
05-21-2005, 04:21 AM
|
#4 (permalink) |
|
Moderator, Microsoft Support
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,481
OS: XP SP2
|
Empty this folder:
d:\program\weernieuwespyware\infected\ And then fix the other Positive items in TDS-3. You should be able to right click in the alarm window and delete them. Reboot, Rescan and report back..
__________________
|
|
|
|
|
05-21-2005, 04:21 PM
|
#5 (permalink) |
|
Registered User
Join Date: May 2005
Posts: 5
OS: Win XP
|
Could it be...
 I think the problem is solved, after the reboot there were no more alarms, Just to make sure, this is the log 23:30:33 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED) 23:30:34 [Init] Started 21-05-05 23:30:34 West-Europa (standaardtijd) (UTC: -1), Internet Time @937,89 23:30:34 [Init] Loading TDS-3 Systems ... 23:30:34 [Init] Token successfully adjusted. 23:30:34 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum 23:30:34 [Init] • Plugins : OK. Loaded 13 23:30:34 [Init] • Exec Protection : Not Installed 23:30:34 [Init] WARNING: Your Radius.TD3 database needs to be updated! 23:30:34 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3 23:30:34 [Init] Licensed users can use the Update facility from the TDS menu 23:30:34 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs> 23:30:38 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families 23:30:38 [Init] • Systems Initialised [39471 references - 16560 primaries/10873 traces/12038 variants/other] 23:30:38 [Init] Radius Systems loaded. <Databases updated 14-10-2004> 23:30:38 [Init] TDS-3 Ready. <Flo@83.83.36.133, 127.0.0.1 - Nederland> 23:30:38 [Tip Of The Day] Did you know? - You can use DiamondCS Port Explorer to see which ports are being used by which processes, and even packet-sniff processes and sockets! See http://www.diamondcs.com.au/portexplorer/ 23:30:38 [Init] NOTICE A change has been detected in the autostart registry. Press Ctrl+A to view the autostart registry 23:30:38 [TDS] Good evening Flo. 23:30:53 [Mutex Memory Scan] Started... 23:30:55 [Mutex Memory Scan] Finished (no trojan mutexes found). 23:30:55 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering. 23:31:13 [CRC32] Started - verifying 29 files ... 23:31:14 [CRC32] File doesn't exist: C:\autoexec.bat 23:31:15 [CRC32] Test finished. 23:32:19 [Memory Scan] Memory scan started, please wait a moment ... 23:32:20 [Memory Scan] Memory scan complete. 23:32:20 [Mutex Memory Scan] Started... 23:32:22 [Mutex Memory Scan] Finished (no trojan mutexes found). 23:32:22 [Trace Scan] Started... 23:32:27 [Trace Scan] Finished. 23:32:27 [ServiceScan] Scanning for services and drivers ... 23:32:30 [ServiceScan] Scanned 271 services and drivers. 23:32:30 [File Scan] Scanning in A:\ ... 23:32:31 [File Scan] Scanned 0 files: 0 alarms in 1,015625 seconds (Avg 1, files/sec) 23:32:31 [File Scan] Scanning in C:\ ... 23:48:32 [File Scan] Scanned 21803 files: 0 alarms in 961,2656 seconds (Avg 23,68 files/sec) 23:48:32 [File Scan] Scanning in D:\ ... 00:05:43 [File Scan] Scanned 33354 files: 0 alarms in -85369,33 seconds (Avg ,61 files/sec) 00:05:43 [File Scan] Scanning in E:\ ... 00:05:43 [File Scan] Scanned 0 files: 0 alarms in 1,501465E-02 seconds (Avg 1, files/sec) 00:05:43 [File Scan] Scanning in F:\ ... 00:05:43 [File Scan] Scanned 0 files: 0 alarms in 0 seconds (Avg -1,#IND files/sec) 00:05:43 [Scan] Finished. The trojans seem to have annilhilated and I can control my start page. you really helped me out here, thanks a lot! |
|
|
|
|
05-23-2005, 02:43 PM
|
#7 (permalink) |
|
Registered User
Join Date: May 2005
Posts: 5
OS: Win XP
|
Of course, here it is
Logfile of HijackThis v1.99.1 Scan saved at 22:42:03, on 23-5-2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe C:\PROGRA~1\CASEMA~1\SMARTB~1\MotiveSB.exe D:\Program\Winamp3\Winampnew\winampa.exe C:\progra~1\mcafee\MCAFEE~1\MssCli.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe D:\My Downloads\Spyware Doctor\swdoctor.exe C:\Program Files\Casema SnelHelp\bin\mpbtn.exe c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe D:\Program\Winamp3\Winampnew\Winamp.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Program\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://klant.casema.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://klant.casema.nl/ F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\MYDOWN~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\MYDOWN~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CASEMA~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [WinampAgent] D:\Program\Winamp3\Winampnew\winampa.exe O4 - HKLM\..\Run: [THGuard] "D:\My Downloads\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [Spyware Doctor] "D:\My Downloads\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: Casema SnelHelp.lnk = C:\Program Files\Casema SnelHelp\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program\Nieuwe map\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Program\NIEUWE~1\Office10\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\MYDOWN~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/097fe471...p/RdxIE601.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe |
|
|
|
|
05-23-2005, 03:17 PM
|
#8 (permalink) |
|
Moderator, Microsoft Support
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,481
OS: XP SP2
|
Your log is clean.
Please clear your System Restore Points by doing the following: To turn off System Restore,Click Start > right-click My Computer and then click Properties. Click the System Restore tab > Check "Turn off System Restore" or "Turn off System Restore on all drives". Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. Click OK. Reboot your System. Now create a new Restore Point: To turn on System Restore,Click Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK. To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial http://www.greyknight17.com/spyware.htm#prevent and use the tools provided. Are there any problems now? If not, you should be set to go.
__________________
|
|
|
|
| Thread Tools | |
|
|
