Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Help
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 05-20-2005, 08:12 PM   #1 (permalink)
Registered User
 
Join Date: May 2005
Posts: 10
OS: XP


Help
Please analyze the attached file and make recommendations. I have the black Warning you are in danger desktop. Any and all help appreciated.

Thanks.
Attached Files
File Type: txt result.txt (18.0 KB, 4 views)
coolio2005 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 05-21-2005, 05:06 AM   #2 (permalink)
Registered User
 
Join Date: May 2005
Posts: 10
OS: XP


Proper Procedure
I didn't know if I was supposed to post the result.txt in the acutal text of my post...so here it is, if that is the case.

Thanks for any help.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 9:34:06 PM, on 5/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Barbara Mohler\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll
O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [Player Explorer] C:\WINDOWS\system32\wuauicpl.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe"
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [BPCv2] c:\Program Files\bpc_search\bpcv2.exe
O4 - HKLM\..\RunOnce: [BPCv2_re] c:\Program Files\Common Files\Java\bpc2_re_inst.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [jcstgxh] c:\windows\rwyliba.exe
O4 - HKCU\..\Run: [fpwccfx] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [hxfkvma] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [vskddre] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [ptfdgjm] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [agduhcn] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [ujcahgy] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [hglvwqp] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [eruqxkc] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [rdjeaxs] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [doswoes] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [ijkwdqx] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [rccyoua] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [kkardmr] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [bqmvtcs] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [uoyuihj] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [radfibw] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [gcnsgro] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [mvafyru] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [wbnyjph] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [psnmpyh] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [xmugjcs] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [avnxxqh] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [tuihkoh] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [gfkxvgw] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [mqewigt] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [nhuhqei] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [jlxfjhg] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [vpopbts] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [bqrsugu] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [bgrdcnw] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [vhatrqv] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [lsylqgk] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [kgikvfq] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [cabfrrs] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [ngphyto] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [xqsccbg] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [vsrtqsr] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [hfachey] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [mpqgufp] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [lmyfyuj] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [bbrcoma] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [dsediho] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [krwcqll] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [hinhfwo] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [xlctwgw] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [bfgpsnf] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [hpufrsn] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [i***mxt] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [cyguyvm] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [cpsndbx] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [oshvtlr] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [bffxvwl] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [jksvflt] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [cnsgchg] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [makrefb] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [cboecmk] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [dslsmkm] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [hcyhqtc] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [svoltbw] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [oypccit] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [wblhoty] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [rntvupm] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [qshuorr] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [tldylyy] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [naadpfi] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [ocyqunx] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [vwewdoa] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [fixwtio] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [ysidlhb] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [shspqbw] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [pyxabgk] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [nqrldqh] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [khtfftf] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [fdqkqtb] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [gxejjjk] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [vhjmygr] c:\windows\wfrwdoj.exe
O4 - HKCU\..\Run: [uaykora] c:\windows\wfrwdoj.exe
O4 - HKCU\..\Run: [xcbdqcm] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [wxkbcae] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [nsdqfnh] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [nriwxsj] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [iugwvej] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [vdlmqic] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [oxbggxa] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [oxxprxs] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [lyvexex] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [vvluckr] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [tgwndiy] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [jmfftwr] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [tmmmfkg] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [vfdguad] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [jwybbth] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [valfhmt] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [mnmydrv] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [cpthhnb] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [cmkmolu] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [sgdihnb] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [dfaivto] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [eeprumr] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [yuiolfm] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [fkeknch] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [fsltcry] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [jhtdgye] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [sdwlhxn] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [cwpisvi] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [eojhuok] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [dogccwc] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [spyonhm] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [afbmrgs] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [leasxsr] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [xcjplfd] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [enqpktg] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [gpwxmrb] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [ooqyojn] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [odtvjvt] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [oockoes] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [oelcidi] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [wmbyfmf] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [fsxxwgg] c:\windows\basrtpb.exe
O4 - HKCU\..\Run: [fvwdrxf] c:\windows\basrtpb.exe
O4 - HKCU\..\Run: [gbaqyud] c:\windows\basrtpb.exe
O4 - HKCU\..\Run: [vrdcfbm] c:\windows\basrtpb.exe
O4 - HKCU\..\Run: [wiwsefn] c:\windows\basrtpb.exe
O4 - HKCU\..\Run: [pjludad] c:\windows\basrtpb.exe
O4 - HKCU\..\Run: [eapkrfv] c:\windows\pynwjeq.exe
O4 - HKCU\..\Run: [bklbaob] c:\windows\knpvmmv.exe
O4 - HKCU\..\Run: [qcdlbpi] c:\windows\knpvmmv.exe
O4 - HKCU\..\Run: [frmpmed] c:\windows\knpvmmv.exe
O4 - HKCU\..\Run: [cfmedtw] c:\windows\knpvmmv.exe
O4 - HKCU\..\Run: [fxdfdmv] c:\windows\knpvmmv.exe
O4 - HKCU\..\Run: [vppgttd] c:\windows\knpvmmv.exe
O4 - HKCU\..\Run: [rgafbrq] c:\windows\knpvmmv.exe
O4 - HKCU\..\Run: [gsjbpnt] c:\windows\knpvmmv.exe
O4 - HKCU\..\Run: [yvamcyt] c:\windows\knpvmmv.exe
O4 - HKCU\..\Run: [xtmugpa] c:\windows\mkkaypt.exe
O4 - HKCU\..\Run: [ijcncmi] c:\windows\mkkaypt.exe
O4 - HKCU\..\Run: [xjyctud] c:\windows\mkkaypt.exe
O4 - HKCU\..\Run: [busjyso] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [xwyyxpf] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [idhfffw] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [ekonidy] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [lqbbdxj] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [ryxmxwf] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [ddewtnt] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [gqlojjv] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [wxfmpll] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [yadlprf] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [yfdenwm] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [ydvcktf] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [rmvjivp] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [ranguyg] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [ojffqto] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [mjskqbo] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [ttuusbw] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [hpvvheg] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [ihcenko] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [edxhhns] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [xbffkfb] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [dcumdex] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [wrionby] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [akepccw] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [jtkwmda] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [cvujdrw] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [aekuexw] c:\windows\uqpysnx.exe
O4 - HKCU\..\Run: [rckuxaj] c:\windows\uqpysnx.exe
O4 - HKCU\..\Run: [bbgybdx] c:\windows\uqpysnx.exe
O4 - HKCU\..\Run: [bousqwx] c:\windows\uqpysnx.exe
O4 - HKCU\..\Run: [hbdjpxl] c:\windows\uqpysnx.exe
O4 - HKCU\..\Run: [hukmfog] c:\windows\uqpysnx.exe
O4 - HKCU\..\Run: [yeacpeu] c:\windows\uqpysnx.exe
O4 - HKCU\..\Run: [rmcuhne] c:\windows\nufgbae.exe
O4 - HKCU\..\Run: [pexcimy] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [rvopfvg] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [hvafhom] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [jobmtjp] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [qpnltsk] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [bomjpal] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [yutdfqg] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [mfmhnte] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ednfphp] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [bwpvdqi] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [fmarhoc] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [xqrlcpu] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ldwcygy] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [fppleyi] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ikjrthj] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [hgtywas] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [upnlidr] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [dgtloun] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [cacywtd] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [vphkasg] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [hpfaswk] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [adukarj] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [dtmagdb] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [hyjmuhn] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [wkplmfl] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ctuxtxs] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [glkrkrf] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [bclxdfq] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [dnyelrl] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [awhksyv] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [xesxcif] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [qrfbvek] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [jckclyq] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [jrbtdnf] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [vunjwny] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [gmtlkdm] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [jvmcubn] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [babxvrm] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [exadmsu] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [dnhpbre] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [qokvthv] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [smluygp] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [dejmfkf] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [yfdwkch] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ycxpvsq] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [gwoqbtl] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [jjskkey] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [kmtuxmj] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [rncqihc] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ecqarva] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [jtfmyfx] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [lgnbfgi] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [jllesum] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ajbjxhe] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [bbqlpfa] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [vhwyovo] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ydsvgld] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [xpxqreu] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [wutunre] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [rqbjkjv] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [nqyobqj] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [yljdeho] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [smxupfi] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ppdeonf] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [kdlfwnj] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [nnecibv] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [xretblf] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ldxabvy] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [xxlcmyg] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ypyhjyw] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [yiccqlm] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [pubcbxp] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ovjyxsv] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [utyxbmj] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [uvwrkvl] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ihpttor] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [pgpmcut] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [hoyegou] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ihcvuye] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [dcstrem] c:\windows\ucbokpw.exe
O4 - HKCU\..\Run: [csjmjbo] c:\windows\ucbokpw.exe
O4 - HKCU\..\Run: [gelxsby] c:\windows\ucbokpw.exe
O4 - HKCU\..\Run: [svkcjmd] c:\windows\ucbokpw.exe
O4 - HKCU\..\Run: [kuwavys] c:\windows\ucbokpw.exe
O4 - HKCU\..\Run: [eknrlti] c:\windows\ucbokpw.exe
O4 - HKCU\..\Run: [nxwffkn] c:\windows\hacnwlj.exe
O4 - HKCU\..\Run: [ojivcta] c:\windows\hacnwlj.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: Net Monitor.lnk = C:\Program Files\Free NetMon\NetMon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {85F414BE-4394-417E-8684-C2364B3F5C24} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {85F414BE-4394-417E-8684-C2364B3F5C24} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O16 - DPF: {34AB150A-1AB7-78EE-5934-207F335A6C87} - http://69.50.182.94/1/gdnUS1882.exe
O16 - DPF: {540B9C63-7084-47F8-601C-4B54215DF45B} - http://69.50.182.94/1/gdnUS1882.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{70DA72ED-6DD1-4630-B177-23AE4E8FA11D}: NameServer = 67.36.128.26 206.141.192.60
O21 - SSODL: Client Security - {E863F62D-640E-429B-9E49-100B989407E6} - C:\WINDOWS\system32\msrertm.dll
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe


End of KRC HijackThis Analyzer Log.
====================================================================
Last edited by jgvernonco; 05-22-2005 at 12:27 AM.
coolio2005 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-22-2005, 12:43 AM   #3 (permalink)
Old Timer
 
jgvernonco's Avatar
 
Join Date: Sep 2003
Location: Northern Arizona
Posts: 7,958
OS: Vista Home Premium, SP 27


Hello, and welcome to TSF!


Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

===============

Download, unzip to your desktop CWShredder and run it, then:

1. Click "Check For Update"

(If an update isn't available, skip to step #4.)

2. Click "Click here to Download the upate".
3. When the new version has been downloaded, click "Save".
4. Click "Fix ->"


===============

Download LSPFix and unzip to your desktop, then run it. Now, we need to:

1. check(tick) "I know what i'm doing".
2. click on (highlight) each occurance of the following, one at a time:

flsmngr.dll

3. then click ">>", mo'ing each one, individually, to the 'Remove' pane.
4. (double-check, and make sure that only the above files are in the 'Remove'pane.)
5. click "Finish >>"


===============

Now, let's open a command prompt and unregister the dll(s) we're going to remove, by entering the following:

regsvr32 /u MYSRCHAS.DLL
regsvr32 /u fla.dll
regsvr32 /u BHOmod.dll

It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm

O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll
O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll (file missing)

O4 - HKLM\..\Run: [Player Explorer] C:\WINDOWS\system32\wuauicpl.exe
O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe"
O4 - HKLM\..\Run: [BPCv2] c:\Program Files\bpc_search\bpcv2.exe
O4 - HKLM\..\RunOnce: [BPCv2_re] c:\Program Files\Common Files\Java\bpc2_re_inst.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [jcstgxh] c:\windows\rwyliba.exe
O4 - HKCU\..\Run: [fpwccfx] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [hxfkvma] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [vskddre] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [ptfdgjm] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [agduhcn] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [ujcahgy] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [hglvwqp] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [eruqxkc] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [rdjeaxs] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [doswoes] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [ijkwdqx] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [rccyoua] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [kkardmr] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [bqmvtcs] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [uoyuihj] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [radfibw] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [gcnsgro] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [mvafyru] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [wbnyjph] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [psnmpyh] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [xmugjcs] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [avnxxqh] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [tuihkoh] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [gfkxvgw] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [mqewigt] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [nhuhqei] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [jlxfjhg] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [vpopbts] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [bqrsugu] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [bgrdcnw] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [vhatrqv] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [lsylqgk] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [kgikvfq] c:\windows\vnopywf.exe
O4 - HKCU\..\Run: [cabfrrs] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [ngphyto] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [xqsccbg] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [vsrtqsr] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [hfachey] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [mpqgufp] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [lmyfyuj] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [bbrcoma] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [dsediho] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [krwcqll] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [hinhfwo] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [xlctwgw] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [bfgpsnf] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [hpufrsn] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [i***mxt] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [cyguyvm] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [cpsndbx] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [oshvtlr] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [bffxvwl] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [jksvflt] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [cnsgchg] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [makrefb] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [cboecmk] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [dslsmkm] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [hcyhqtc] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [svoltbw] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [oypccit] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [wblhoty] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [rntvupm] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [qshuorr] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [tldylyy] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [naadpfi] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [ocyqunx] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [vwewdoa] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [fixwtio] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [ysidlhb] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [shspqbw] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [pyxabgk] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [nqrldqh] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [khtfftf] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [fdqkqtb] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [gxejjjk] c:\windows\pxwnwcf.exe
O4 - HKCU\..\Run: [vhjmygr] c:\windows\wfrwdoj.exe
O4 - HKCU\..\Run: [uaykora] c:\windows\wfrwdoj.exe
O4 - HKCU\..\Run: [xcbdqcm] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [wxkbcae] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [nsdqfnh] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [nriwxsj] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [iugwvej] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [vdlmqic] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [oxbggxa] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [oxxprxs] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [lyvexex] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [vvluckr] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [tgwndiy] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [jmfftwr] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [tmmmfkg] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [vfdguad] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [jwybbth] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [valfhmt] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [mnmydrv] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [cpthhnb] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [cmkmolu] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [sgdihnb] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [dfaivto] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [eeprumr] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [yuiolfm] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [fkeknch] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [fsltcry] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [jhtdgye] c:\windows\nttubyu.exe
O4 - HKCU\..\Run: [sdwlhxn] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [cwpisvi] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [eojhuok] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [dogccwc] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [spyonhm] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [afbmrgs] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [leasxsr] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [xcjplfd] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [enqpktg] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [gpwxmrb] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [ooqyojn] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [odtvjvt] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [oockoes] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [oelcidi] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [wmbyfmf] c:\windows\wwqhcmo.exe
O4 - HKCU\..\Run: [fsxxwgg] c:\windows\basrtpb.exe
O4 - HKCU\..\Run: [fvwdrxf] c:\windows\basrtpb.exe
O4 - HKCU\..\Run: [gbaqyud] c:\windows\basrtpb.exe
O4 - HKCU\..\Run: [vrdcfbm] c:\windows\basrtpb.exe
O4 - HKCU\..\Run: [wiwsefn] c:\windows\basrtpb.exe
O4 - HKCU\..\Run: [pjludad] c:\windows\basrtpb.exe
O4 - HKCU\..\Run: [eapkrfv] c:\windows\pynwjeq.exe
O4 - HKCU\..\Run: [bklbaob] c:\windows\knpvmmv.exe
O4 - HKCU\..\Run: [qcdlbpi] c:\windows\knpvmmv.exe
O4 - HKCU\..\Run: [frmpmed] c:\windows\knpvmmv.exe
O4 - HKCU\..\Run: [cfmedtw] c:\windows\knpvmmv.exe
O4 - HKCU\..\Run: [fxdfdmv] c:\windows\knpvmmv.exe
O4 - HKCU\..\Run: [vppgttd] c:\windows\knpvmmv.exe
O4 - HKCU\..\Run: [rgafbrq] c:\windows\knpvmmv.exe
O4 - HKCU\..\Run: [gsjbpnt] c:\windows\knpvmmv.exe
O4 - HKCU\..\Run: [yvamcyt] c:\windows\knpvmmv.exe
O4 - HKCU\..\Run: [xtmugpa] c:\windows\mkkaypt.exe
O4 - HKCU\..\Run: [ijcncmi] c:\windows\mkkaypt.exe
O4 - HKCU\..\Run: [xjyctud] c:\windows\mkkaypt.exe
O4 - HKCU\..\Run: [busjyso] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [xwyyxpf] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [idhfffw] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [ekonidy] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [lqbbdxj] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [ryxmxwf] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [ddewtnt] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [gqlojjv] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [wxfmpll] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [yadlprf] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [yfdenwm] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [ydvcktf] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [rmvjivp] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [ranguyg] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [ojffqto] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [mjskqbo] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [ttuusbw] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [hpvvheg] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [ihcenko] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [edxhhns] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [xbffkfb] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [dcumdex] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [wrionby] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [akepccw] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [jtkwmda] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [cvujdrw] c:\windows\qekrrhf.exe
O4 - HKCU\..\Run: [aekuexw] c:\windows\uqpysnx.exe
O4 - HKCU\..\Run: [rckuxaj] c:\windows\uqpysnx.exe
O4 - HKCU\..\Run: [bbgybdx] c:\windows\uqpysnx.exe
O4 - HKCU\..\Run: [bousqwx] c:\windows\uqpysnx.exe
O4 - HKCU\..\Run: [hbdjpxl] c:\windows\uqpysnx.exe
O4 - HKCU\..\Run: [hukmfog] c:\windows\uqpysnx.exe
O4 - HKCU\..\Run: [yeacpeu] c:\windows\uqpysnx.exe
O4 - HKCU\..\Run: [rmcuhne] c:\windows\nufgbae.exe
O4 - HKCU\..\Run: [pexcimy] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [rvopfvg] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [hvafhom] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [jobmtjp] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [qpnltsk] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [bomjpal] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [yutdfqg] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [mfmhnte] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ednfphp] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [bwpvdqi] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [fmarhoc] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [xqrlcpu] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ldwcygy] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [fppleyi] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ikjrthj] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [hgtywas] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [upnlidr] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [dgtloun] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [cacywtd] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [vphkasg] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [hpfaswk] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [adukarj] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [dtmagdb] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [hyjmuhn] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [wkplmfl] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ctuxtxs] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [glkrkrf] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [bclxdfq] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [dnyelrl] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [awhksyv] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [xesxcif] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [qrfbvek] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [jckclyq] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [jrbtdnf] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [vunjwny] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [gmtlkdm] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [jvmcubn] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [babxvrm] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [exadmsu] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [dnhpbre] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [qokvthv] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [smluygp] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [dejmfkf] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [yfdwkch] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ycxpvsq] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [gwoqbtl] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [jjskkey] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [kmtuxmj] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [rncqihc] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ecqarva] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [jtfmyfx] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [lgnbfgi] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [jllesum] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ajbjxhe] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [bbqlpfa] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [vhwyovo] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ydsvgld] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [xpxqreu] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [wutunre] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [rqbjkjv] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [nqyobqj] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [yljdeho] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [smxupfi] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ppdeonf] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [kdlfwnj] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [nnecibv] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [xretblf] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ldxabvy] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [xxlcmyg] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ypyhjyw] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [yiccqlm] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [pubcbxp] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ovjyxsv] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [utyxbmj] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [uvwrkvl] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ihpttor] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [pgpmcut] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [hoyegou] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [ihcvuye] c:\windows\idptqpo.exe
O4 - HKCU\..\Run: [dcstrem] c:\windows\ucbokpw.exe
O4 - HKCU\..\Run: [csjmjbo] c:\windows\ucbokpw.exe
O4 - HKCU\..\Run: [gelxsby] c:\windows\ucbokpw.exe
O4 - HKCU\..\Run: [svkcjmd] c:\windows\ucbokpw.exe
O4 - HKCU\..\Run: [kuwavys] c:\windows\ucbokpw.exe
O4 - HKCU\..\Run: [eknrlti] c:\windows\ucbokpw.exe
O4 - HKCU\..\Run: [nxwffkn] c:\windows\hacnwlj.exe
O4 - HKCU\..\Run: [ojivcta] c:\windows\hacnwlj.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: PowerReg Scheduler V3.exe

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)

O16 - DPF: {34AB150A-1AB7-78EE-5934-207F335A6C87} - http://69.50.182.94/1/gdnUS1882.exe
O16 - DPF: {540B9C63-7084-47F8-601C-4B54215DF45B} - http://69.50.182.94/1/gdnUS1882.exe

O21 - SSODL: Client Security - {E863F62D-640E-429B-9E49-100B989407E6} - C:\WINDOWS\system32\msrertm.dll


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...

C:\Program Files\MyWay
c:\Program Files\Fla
c:\Program Files\bpc_search

files...

c:\windows\system\BHOmod.dll
C:\WINDOWS\system32\wuauicpl.exe
C:\Program Files\Common Files\Java\flncpy.exe
c:\Program Files\Common Files\Java\bpc2_re_inst.exe
C:\WINDOWS\System32\spoolsrv32.exe
c:\windows\rwyliba.exe
c:\windows\vnopywf.exe
c:\windows\pxwnwcf.exe
c:\windows\wfrwdoj.exe
c:\windows\nttubyu.exe
c:\windows\wwqhcmo.exe
c:\windows\basrtpb.exe
c:\windows\pynwjeq.exe
c:\windows\knpvmmv.exe
c:\windows\mkkaypt.exe
c:\windows\qekrrhf.exe
c:\windows\uqpysnx.exe
c:\windows\nufgbae.exe
c:\windows\idptqpo.exe
c:\windows\ucbokpw.exe
c:\windows\hacnwlj.exe
c:\windows\system32\flsmngr.dll
C:\WINDOWS\system32\msrertm.dll

Search for...

V3.exe

...using "Start | Search...".

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".

===============

Post back a new log, and let us know how everything goes.
jgvernonco is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-03-2005, 02:00 PM   #4 (permalink)
Registered User
 
Join Date: May 2005
Posts: 10
OS: XP


2nd Hijack this output
I took me a while to implement the changes. I also installed an antivirus that found some stuff also. Here is the late Hijack This file. I seem to doing pretty well except the desktop background list and scroll bar are locked up and some of the buttons are grayed out. What do I do next?


Logfile of HijackThis v1.99.1
Scan saved at 3:56:22 PM, on 6/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Barbara Mohler\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Unknown owner - C:\WINDOWS\System32\NMSSvc.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
coolio2005 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-03-2005, 08:17 PM   #5 (permalink)
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,965
OS: Windows XP-Pro SP2


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
Next step....

Download Hoster http://www.greyknight17.com/spy/Hoster.exe
Download and install CleanUp http://cleanup.stevengould.org/

Download the attachment I posted here DANGER: SPYWARE...Smart Security 59.95$ called fixsec.txt. Save it to your desktop. Now rename it to fixsec.reg. DO NOT run it yet.


Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Now locate and delete the following files...

**Note** You may not have all these...but check for each.

C:\WINDOWS2\winpos.exe
C:\WINDOWS2\System32\vbsys2.dll
c:\WINDOWS\Aja.html
c:\WINDOWS\Cjr.exe
c:\WINDOWS\desktop.html
c:\WINDOWS\popup.html
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _46.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _48.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _50.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _52.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _54.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _56.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _57.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _58.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _60.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _62.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _64.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _66.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _68.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _70.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _72.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _73.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _74.xml
c:\WINDOWS\PCHEALTH\HELPCTR\DataColl\CollectedData _75.xml
c:\WINDOWS\system32\Hcc.exe
c:\WINDOWS\PCHEALT <--folder

FDI.EXE <--locate and delete that one!!

Open the hoster file and run the program and select "Restore hosts file".

(If XP) Navigate to the C:\Windows\Prefetch folder and delete all files in that folder

Run the cleanup utility and reboot/logoff when prompted.

Reboot back to normal mode. Now double click that fixsec.reg file we made and merge it into the registry. If it asks you..say YES to merge.

Once thats merged...Reboot the PC.

Now..once your back to normal windows..right click on the desktop..select properties...desktop..customize desktop...web..and uncheck anything listed. Now highlight and delete any entry that says security..or anything other then the default "My Current Homepage". Leave that entry be.

Run the cleanup utility again...Reboot. Once back to normal windows post another hijackthis log. If those 04 entrys are back...repeat the process as you missed a file for deletion. You MUST get them all..otherwise this thing reinstalls itself.

**Note** The fixsec.reg file MUST be run as this restores the entry keys that this hijacker disables. You can also review the fix I did at the post were the fixsec.reg file has been attached
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!





Spyware/Adware Removal Tools
Hijackthis
Ad-aware SE
Spybot Search&Destroy
SpywareBlaster
CWShredder
MicroBell is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-04-2005, 07:03 PM   #6 (permalink)
Registered User
 
Join Date: May 2005
Posts: 10
OS: XP


Worked like the proverbial charm....
Thanks for the assistance. Thank goodness for every Darth Vader there is a Luke Skywalker. You guys and gals definitely work on the light side of force. May the Force continue to be with you.
coolio2005 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 05:15 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84