Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windupdate Removal


  • This topic is locked This topic is locked
2 replies to this topic

#1 dbolton1221

dbolton1221

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 06 April 2005 - 04:10 PM

I was able to successfully remove malware Windupdate (at least it appeared that way to me). I still have a process Urlbrowser that automatically starts when I start my computer. The following is my HighjackThis log

Logfile of HijackThis v1.99.1
Scan saved at 4:02:16 PM, on 4/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\tnercyod.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\kibbt\attfmrr.exe
C:\WINDOWS\System32\ejxgp\mkyoqkqv.exe
C:\WINDOWS\System32\nnxndmf\neuslfw.exe
C:\WINDOWS\System32\nnxndmf\neuslfw.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hxogl\ewyqsd.exe
C:\WINDOWS\System32\hxogl\ewyqsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\xibiis.exe
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\WINDOWS\System32\qxmugya\pfoxpx.exe
C:\WINDOWS\System32\kjvlmu\onnuaiug.exe
C:\WINDOWS\System32\hxogl\ewyqsd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\hxogl\ewyqsd.exe
C:\WINDOWS\System32\hxogl\ewyqsd.exe
C:\WINDOWS\System32\hxogl\ewyqsd.exe
C:\WINDOWS\System32\nnxndmf\neuslfw.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\cisppp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\nnxndmf\neuslfw.exe
C:\WINDOWS\System32\hxogl\ewyqsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Admin\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Admin\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 66.180.173.39 www.alexa.com alexa.com
O1 - Hosts: 66.180.173.39 search.ninemsn.com.au
O1 - Hosts: 66.180.173.39 search.xtramsn.co.nz
O1 - Hosts: 66.180.173.39 beta.search.ninemsn.com.au
O1 - Hosts: 66.180.173.39 beta.search.xtramsn.co.nz
O1 - Hosts: 66.180.173.39 search.ninemsn.com.au
O1 - Hosts: 66.180.173.39 search.xtramsn.co.nz
O1 - Hosts: 66.180.173.39 beta.search.ninemsn.com.au
O1 - Hosts: 66.180.173.39 beta.search.xtramsn.co.nz
O1 - Hosts: 66.180.173.39 search.ninemsn.com.au
O1 - Hosts: 66.180.173.39 search.xtramsn.co.nz
O1 - Hosts: 66.180.173.39 beta.search.ninemsn.com.au
O1 - Hosts: 66.180.173.39 beta.search.xtramsn.co.nz
O1 - Hosts: 216.39.69.102 view.atdmt.com
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\System32\pacis.exe
O4 - HKLM\..\Run: [C:\WINDOWS\IEXPLOR.EXE] C:\WINDOWS\IEXPLOR.EXE
O4 - HKLM\..\Run: [AtxBrw] C:\WINDOWS\IEXPLOR.exe
O4 - HKLM\..\Run: [bfnhgvfgrgldhqzasnddjtrowj] C:\WINDOWS\tnercyod.exe
O4 - HKLM\..\Run: [scrsvc] C:\WINDOWS\System32\scrsvc.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteutt32.exe
O4 - HKLM\..\Run: [ffavvjb] C:\WINDOWS\System32\padrv\ffavvjb.exe
O4 - HKLM\..\Run: [epxphl] C:\WINDOWS\System32\fhvufbxl\epxphl.exe
O4 - HKLM\..\Run: [dmul] C:\WINDOWS\System32\xuhkox\dmul.exe
O4 - HKLM\..\Run: [lejg] C:\WINDOWS\System32\fmvxamk\lejg.exe
O4 - HKLM\..\Run: [xxndw] C:\WINDOWS\System32\rqxk\xxndw.exe
O4 - HKLM\..\Run: [fchgj] C:\WINDOWS\System32\ahxwaqv\fchgj.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iscggcg] C:\WINDOWS\System32\kteuqr\iscggcg.exe
O4 - HKLM\..\Run: [gnxy] C:\WINDOWS\System32\gfpxxsoo\gnxy.exe
O4 - HKLM\..\Run: [skyhn] C:\DOCUME~1\Admin\LOCALS~1\Temp\xibiis.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [smvn] C:\WINDOWS\System32\conu\smvn.exe
O4 - HKLM\..\Run: [attfmrr] C:\WINDOWS\System32\kibbt\attfmrr.exe
O4 - HKLM\..\Run: [mkyoqkqv] C:\WINDOWS\System32\ejxgp\mkyoqkqv.exe
O4 - HKLM\..\Run: [vryo] C:\WINDOWS\System32\dckfu\vryo.exe
O4 - HKLM\..\Run: [rbyr] C:\WINDOWS\System32\cmnyspja\rbyr.exe
O4 - HKLM\..\Run: [ewyqsd] C:\WINDOWS\System32\hxogl\ewyqsd.exe
O4 - HKLM\..\Run: [pfoxpx] C:\WINDOWS\System32\qxmugya\pfoxpx.exe
O4 - HKLM\..\Run: [onnuaiug] C:\WINDOWS\System32\kjvlmu\onnuaiug.exe
O4 - HKLM\..\Run: [neuslfw] C:\WINDOWS\System32\nnxndmf\neuslfw.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [dor5RVJ5Q] cisppp.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0332c4ab5db479...ip/RdxIE601.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF4FF3F2-D925-4F8D-9087-2087A6E404A5}: NameServer = 10.0.0.4,10.0.0.6
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dmulxuhkox - Unknown owner - C:\WINDOWS\System32\xuhkox\dmul.exe
O23 - Service: ewyqsdhxogl - Unknown owner - C:\WINDOWS\System32\hxogl\ewyqsd.exe
O23 - Service: fchgjahxwaqv - Unknown owner - C:\WINDOWS\System32\ahxwaqv\fchgj.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: rbyrcmnyspja - Unknown owner - C:\WINDOWS\System32\cmnyspja\rbyr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: xxndwrqxk - Unknown owner - C:\WINDOWS\System32\rqxk\xxndw.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:18 PM

Posted 07 April 2005 - 03:40 PM

Hi there,

Nice collection you have in here.
Better to print out the next instructions or save it in notepad, because you'll have to work in safe mode too and this page wouldn't be available then.
Please follow all my steps in the right order and don't miss any!!

We also need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes.

Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck: Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck: Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

* Download and install CCleaner
Do not use it yet.

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

* Download LQfix.zip
Unzip it and save it to your desktop, don't use it yet!!

* Download CWShredder. Start CWShredder and click FIX

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Admin\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Admin\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 66.180.173.39 www.alexa.com alexa.com
O1 - Hosts: 66.180.173.39 search.ninemsn.com.au
O1 - Hosts: 66.180.173.39 search.xtramsn.co.nz
O1 - Hosts: 66.180.173.39 beta.search.ninemsn.com.au
O1 - Hosts: 66.180.173.39 beta.search.xtramsn.co.nz
O1 - Hosts: 66.180.173.39 search.ninemsn.com.au
O1 - Hosts: 66.180.173.39 search.xtramsn.co.nz
O1 - Hosts: 66.180.173.39 beta.search.ninemsn.com.au
O1 - Hosts: 66.180.173.39 beta.search.xtramsn.co.nz
O1 - Hosts: 66.180.173.39 search.ninemsn.com.au
O1 - Hosts: 66.180.173.39 search.xtramsn.co.nz
O1 - Hosts: 66.180.173.39 beta.search.ninemsn.com.au
O1 - Hosts: 66.180.173.39 beta.search.xtramsn.co.nz
O1 - Hosts: 216.39.69.102 view.atdmt.com
O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\System32\pacis.exe
O4 - HKLM\..\Run: [C:\WINDOWS\IEXPLOR.EXE] C:\WINDOWS\IEXPLOR.EXE
O4 - HKLM\..\Run: [AtxBrw] C:\WINDOWS\IEXPLOR.exe
O4 - HKLM\..\Run: [bfnhgvfgrgldhqzasnddjtrowj] C:\WINDOWS\tnercyod.exe
O4 - HKLM\..\Run: [scrsvc] C:\WINDOWS\System32\scrsvc.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteutt32.exe
O4 - HKLM\..\Run: [ffavvjb] C:\WINDOWS\System32\padrv\ffavvjb.exe
O4 - HKLM\..\Run: [epxphl] C:\WINDOWS\System32\fhvufbxl\epxphl.exe
O4 - HKLM\..\Run: [dmul] C:\WINDOWS\System32\xuhkox\dmul.exe
O4 - HKLM\..\Run: [lejg] C:\WINDOWS\System32\fmvxamk\lejg.exe
O4 - HKLM\..\Run: [xxndw] C:\WINDOWS\System32\rqxk\xxndw.exe
O4 - HKLM\..\Run: [fchgj] C:\WINDOWS\System32\ahxwaqv\fchgj.exe
O4 - HKLM\..\Run: [iscggcg] C:\WINDOWS\System32\kteuqr\iscggcg.exe
O4 - HKLM\..\Run: [gnxy] C:\WINDOWS\System32\gfpxxsoo\gnxy.exe
O4 - HKLM\..\Run: [skyhn] C:\DOCUME~1\Admin\LOCALS~1\Temp\xibiis.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [smvn] C:\WINDOWS\System32\conu\smvn.exe
O4 - HKLM\..\Run: [attfmrr] C:\WINDOWS\System32\kibbt\attfmrr.exe
O4 - HKLM\..\Run: [mkyoqkqv] C:\WINDOWS\System32\ejxgp\mkyoqkqv.exe
O4 - HKLM\..\Run: [vryo] C:\WINDOWS\System32\dckfu\vryo.exe
O4 - HKLM\..\Run: [rbyr] C:\WINDOWS\System32\cmnyspja\rbyr.exe
O4 - HKLM\..\Run: [ewyqsd] C:\WINDOWS\System32\hxogl\ewyqsd.exe
O4 - HKLM\..\Run: [pfoxpx] C:\WINDOWS\System32\qxmugya\pfoxpx.exe
O4 - HKLM\..\Run: [onnuaiug] C:\WINDOWS\System32\kjvlmu\onnuaiug.exe
O4 - HKLM\..\Run: [neuslfw] C:\WINDOWS\System32\nnxndmf\neuslfw.exe
O4 - HKCU\..\Run: [dor5RVJ5Q] cisppp.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0332c4ab5db479...ip/RdxIE601.cab
O23 - Service: dmulxuhkox - Unknown owner - C:\WINDOWS\System32\xuhkox\dmul.exe
O23 - Service: ewyqsdhxogl - Unknown owner - C:\WINDOWS\System32\hxogl\ewyqsd.exe
O23 - Service: fchgjahxwaqv - Unknown owner - C:\WINDOWS\System32\ahxwaqv\fchgj.exe
O23 - Service: rbyrcmnyspja - Unknown owner - C:\WINDOWS\System32\cmnyspja\rbyr.exe
O23 - Service: xxndwrqxk - Unknown owner - C:\WINDOWS\System32\rqxk\xxndw.exe


* Click on Fix Checked when finished and exit HijackThis.

* Reboot into Safe Mode`:
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.


Using Windows Explorer, locate the following files and delete them:

C:\WINDOWS\tnercyod.exe
C:\WINDOWS\System32\cisppp.exe
C:\WINDOWS\System32\pacis.exe
C:\WINDOWS\IEXPLOR.EXE <== watch the spelling!!
C:\WINDOWS\System32\scrsvc.exe

* Locate the following folders and delete them:

C:\WINDOWS\System32\padrv
C:\WINDOWS\System32\fhvufbxl
C:\WINDOWS\System32\xuhkox
C:\WINDOWS\System32\fmvxamk
C:\WINDOWS\System32\rqxk
C:\WINDOWS\System32\ahxwaqv
C:\WINDOWS\System32\kteuqr
C:\WINDOWS\System32\gfpxxsoo
C:\WINDOWS\System32\conu
C:\WINDOWS\System32\dckf
C:\WINDOWS\System32\cmnyspja
C:\WINDOWS\System32\kibbt
C:\WINDOWS\System32\ejxgp
C:\WINDOWS\System32\nnxndmf
C:\WINDOWS\System32\hxogl
C:\WINDOWS\System32\nsvsvc
C:\WINDOWS\System32\qxmugya
C:\WINDOWS\System32\kjvlmu

* Doubleclick LQfix.bat that you saved on your desktop before.
A doswindow will open and close again, this is normal.


* Start Ccleaner and click Run Cleaner

* Reboot your system back to normal mode.

* Start Microsoft antispyware, update it and let it perform a full scan and delete everything it is finding!!

Reboot again.

Post back a fresh HijackThis log and I'll take another look.

If you had any problems with deleting files or noticed any other problems during your fix, let me also know in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:18 PM

Posted 01 May 2005 - 03:10 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
an email with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users