Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Me With My Hijack Scan Index...at My Wits End


  • Please log in to reply
3 replies to this topic

#1 Compupgrade22

Compupgrade22

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 12 November 2005 - 01:38 PM

Hi, Im not an idiot when it comes to computers, infact my knowledge is well indowed indeed, but as of recent my computer has had its browser hijacked. I use IE, I get several popups all the times, have used just about every spyware removal program, read about 50 different sites on how to remove looked over my hijacked log about a million times any help would be appreciated Thanks. Ok here it goes, check out all these system32 files lol i know something cant be right

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\bnalm\nqvjubya.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O1 - Hosts: ound.net
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKLM\..\Run: [lotm] C:\WINDOWS\system32\glmnd\lotm.exe
O4 - HKLM\..\Run: [rvnkwcsk] C:\WINDOWS\system32\clgklh\rvnkwcsk.exe
O4 - HKLM\..\Run: [xdukfyo] C:\WINDOWS\system32\fhbltkvd\xdukfyo.exe
O4 - HKLM\..\Run: [chmoo] C:\WINDOWS\system32\magvouab\chmoo.exe
O4 - HKLM\..\Run: [gcoqwsjt] C:\WINDOWS\system32\mkbaua\gcoqwsjt.exe
O4 - HKLM\..\Run: [yjctar] C:\WINDOWS\system32\nygxy\yjctar.exe
O4 - HKLM\..\Run: [lmkorsme] C:\WINDOWS\system32\taxwn\lmkorsme.exe
O4 - HKLM\..\Run: [nung] C:\WINDOWS\system32\thqwdch\nung.exe
O4 - HKLM\..\Run: [ckylh] C:\WINDOWS\system32\itxwpbn\ckylh.exe
O4 - HKLM\..\Run: [ssedx] C:\WINDOWS\system32\vxtej\ssedx.exe
O4 - HKLM\..\Run: [skkl] C:\WINDOWS\system32\xghkhn\skkl.exe
O4 - HKLM\..\Run: [lfwsh] C:\WINDOWS\system32\vrsvqjaf\lfwsh.exe
O4 - HKLM\..\Run: [gkxf] C:\WINDOWS\system32\sbudyhe\gkxf.exe
O4 - HKLM\..\Run: [jjqdf] C:\WINDOWS\system32\faittrs\jjqdf.exe
O4 - HKLM\..\Run: [ymfk] C:\WINDOWS\system32\saudd\ymfk.exe
O4 - HKLM\..\Run: [idirnn] C:\WINDOWS\system32\orijx\idirnn.exe
O4 - HKLM\..\Run: [sasm] C:\WINDOWS\system32\xgfcono\sasm.exe
O4 - HKLM\..\Run: [cnrd] C:\WINDOWS\system32\rervxi\cnrd.exe
O4 - HKLM\..\Run: [hetunmh] C:\WINDOWS\system32\dnsfqx\hetunmh.exe
O4 - HKLM\..\Run: [ryqbkpvp] C:\WINDOWS\system32\sxvm\ryqbkpvp.exe
O4 - HKLM\..\Run: [poxwpwt] C:\WINDOWS\system32\bbrv\poxwpwt.exe
O4 - HKLM\..\Run: [qjkwre] C:\WINDOWS\system32\jiyshdr\qjkwre.exe
O4 - HKLM\..\Run: [elund] C:\WINDOWS\system32\rtdenrdn\elund.exe
O4 - HKLM\..\Run: [gyxmajoe] C:\WINDOWS\system32\mgtrai\gyxmajoe.exe
O4 - HKLM\..\Run: [qvpdhhwe] C:\WINDOWS\system32\mcdwmivb\qvpdhhwe.exe
O4 - HKLM\..\Run: [lrsw] C:\WINDOWS\system32\akftjq\lrsw.exe
O4 - HKLM\..\Run: [bfgxkuf] C:\WINDOWS\system32\gawiuccj\bfgxkuf.exe
O4 - HKLM\..\Run: [rvvextdx] C:\WINDOWS\system32\ogwmbrbp\rvvextdx.exe
O4 - HKLM\..\Run: [qojdk] C:\WINDOWS\system32\jvnujb\qojdk.exe
O4 - HKLM\..\Run: [wtqq] C:\WINDOWS\system32\cklmtsw\wtqq.exe
O4 - HKLM\..\Run: [yaky] C:\WINDOWS\system32\oogmua\yaky.exe
O4 - HKLM\..\Run: [lrrkv] C:\WINDOWS\system32\hsidxfon\lrrkv.exe
O4 - HKLM\..\Run: [smbgsko] C:\WINDOWS\system32\jriqics\smbgsko.exe
O4 - HKLM\..\Run: [wqflsaem] C:\WINDOWS\system32\bowoakxh\wqflsaem.exe
O4 - HKLM\..\Run: [lkwcmyy] C:\WINDOWS\system32\dwecd\lkwcmyy.exe
O4 - HKLM\..\Run: [eywk] C:\WINDOWS\system32\keuujqc\eywk.exe
O4 - HKLM\..\Run: [baeq] C:\WINDOWS\system32\ddnbfvt\baeq.exe
O4 - HKLM\..\Run: [cccvp] C:\WINDOWS\system32\okoodkr\cccvp.exe
O4 - HKLM\..\Run: [vxlhf] C:\WINDOWS\system32\refsvsfp\vxlhf.exe
O4 - HKLM\..\Run: [ckcekxpt] C:\WINDOWS\system32\lwujwhc\ckcekxpt.exe
O4 - HKLM\..\Run: [vnkjy] C:\WINDOWS\system32\edjiku\vnkjy.exe
O4 - HKLM\..\Run: [kqaco] C:\WINDOWS\system32\iktd\kqaco.exe
O4 - HKLM\..\Run: [jghq] C:\WINDOWS\system32\dmneuc\jghq.exe
O4 - HKLM\..\Run: [itlu] C:\WINDOWS\system32\ugvf\itlu.exe
O4 - HKLM\..\Run: [qksd] C:\WINDOWS\system32\trnwycjy\qksd.exe
O4 - HKLM\..\Run: [kbglij] C:\WINDOWS\system32\mskt\kbglij.exe
O4 - HKLM\..\Run: [kghck] C:\WINDOWS\system32\reht\kghck.exe
O4 - HKLM\..\Run: [gmqeoe] C:\WINDOWS\system32\absi\gmqeoe.exe
O4 - HKLM\..\Run: [aiqjvief] C:\WINDOWS\system32\aqna\aiqjvief.exe
O4 - HKLM\..\Run: [iqxl] C:\WINDOWS\system32\okttdbop\iqxl.exe
O4 - HKLM\..\Run: [uleovxi] C:\WINDOWS\system32\spwmjmfd\uleovxi.exe
O4 - HKLM\..\Run: [jxal] C:\WINDOWS\system32\poxrfniq\jxal.exe
O4 - HKLM\..\Run: [jjnreja] C:\WINDOWS\system32\rvvwmy\jjnreja.exe
O4 - HKLM\..\Run: [fgno] C:\WINDOWS\system32\ivvol\fgno.exe
O4 - HKLM\..\Run: [kjvxnuht] C:\WINDOWS\system32\jrmix\kjvxnuht.exe
O4 - HKLM\..\Run: [sdjaxrk] C:\WINDOWS\system32\sodcurhg\sdjaxrk.exe
O4 - HKLM\..\Run: [cfvuq] C:\WINDOWS\system32\kjnrr\cfvuq.exe
O4 - HKLM\..\Run: [ujcekewg] C:\WINDOWS\system32\wptpfa\ujcekewg.exe
O4 - HKLM\..\Run: [nfcgx] C:\WINDOWS\system32\dtxggp\nfcgx.exe
O4 - HKLM\..\Run: [pdrx] C:\WINDOWS\system32\cgnjde\pdrx.exe
O4 - HKLM\..\Run: [qcdhuj] C:\WINDOWS\system32\clpwtl\qcdhuj.exe
O4 - HKLM\..\Run: [blsrtn] C:\WINDOWS\system32\fpqxlqc\blsrtn.exe
O4 - HKLM\..\Run: [dutlfykp] C:\WINDOWS\system32\anrkx\dutlfykp.exe
O4 - HKLM\..\Run: [amgwpj] C:\WINDOWS\system32\upmx\amgwpj.exe
O4 - HKLM\..\Run: [hvox] C:\WINDOWS\system32\sootscss\hvox.exe
O4 - HKLM\..\Run: [krrjj] C:\WINDOWS\system32\gsnavi\krrjj.exe
O4 - HKLM\..\Run: [vuixupi] C:\WINDOWS\system32\xnlxyw\vuixupi.exe
O4 - HKLM\..\Run: [pmhq] C:\WINDOWS\system32\ujwfs\pmhq.exe
O4 - HKLM\..\Run: [ipxu] C:\WINDOWS\system32\ubwgoyx\ipxu.exe
O4 - HKLM\..\Run: [eohvfk] C:\WINDOWS\system32\nksoewbc\eohvfk.exe
O4 - HKLM\..\Run: [bxrmqx] C:\WINDOWS\system32\kmixfo\bxrmqx.exe
O4 - HKLM\..\Run: [luiko] C:\WINDOWS\system32\uujg\luiko.exe
O4 - HKLM\..\Run: [kpfsdgau] C:\WINDOWS\system32\udfgdhto\kpfsdgau.exe
O4 - HKLM\..\Run: [ivpyyl] C:\WINDOWS\system32\rbhpfkmr\ivpyyl.exe
O4 - HKLM\..\Run: [vfricoi] C:\WINDOWS\system32\nair\vfricoi.exe
O4 - HKLM\..\Run: [xhgpxnxq] C:\WINDOWS\system32\xsyaqo\xhgpxnxq.exe
O4 - HKLM\..\Run: [lailxcvg] C:\WINDOWS\system32\akukgd\lailxcvg.exe
O4 - HKLM\..\Run: [kkbl] C:\WINDOWS\system32\ppoe\kkbl.exe
O4 - HKLM\..\Run: [urmbgf] C:\WINDOWS\system32\foovw\urmbgf.exe
O4 - HKLM\..\Run: [rhka] C:\WINDOWS\system32\frolr\rhka.exe
O4 - HKLM\..\Run: [iskt] C:\WINDOWS\system32\woxlej\iskt.exe
O4 - HKLM\..\Run: [pcsb] C:\WINDOWS\system32\cufl\pcsb.exe
O4 - HKLM\..\Run: [yqlnrj] C:\WINDOWS\system32\gijyx\yqlnrj.exe
O4 - HKLM\..\Run: [yenruabm] C:\WINDOWS\system32\bvhsiu\yenruabm.exe
O4 - HKLM\..\Run: [ddfpllp] C:\WINDOWS\system32\njuy\ddfpllp.exe
O4 - HKLM\..\Run: [bxkwa] C:\WINDOWS\system32\fjslpt\bxkwa.exe
O4 - HKLM\..\Run: [tvci] C:\WINDOWS\system32\prfuuc\tvci.exe
O4 - HKLM\..\Run: [luqino] C:\WINDOWS\system32\ngcpcebv\luqino.exe
O4 - HKLM\..\Run: [grdscw] C:\WINDOWS\system32\fxgixdo\grdscw.exe
O4 - HKLM\..\Run: [nbxfv] C:\WINDOWS\system32\vvebeb\nbxfv.exe
O4 - HKLM\..\Run: [usftc] C:\WINDOWS\system32\yyemqxj\usftc.exe
O4 - HKLM\..\Run: [kovoelwn] C:\WINDOWS\system32\nsmm\kovoelwn.exe
O4 - HKLM\..\Run: [kkpb] C:\WINDOWS\system32\kelmjp\kkpb.exe
O4 - HKLM\..\Run: [hgbhy] C:\WINDOWS\system32\khpawm\hgbhy.exe
O4 - HKLM\..\Run: [hlfsvkv] C:\WINDOWS\system32\rmnwkca\hlfsvkv.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [qlkyb] C:\WINDOWS\system32\gmumew\qlkyb.exe
O4 - HKLM\..\Run: [riom] C:\WINDOWS\system32\sietnt\riom.exe
O4 - HKLM\..\Run: [nfvkidw] C:\WINDOWS\system32\xrbkyuwv\nfvkidw.exe
O4 - HKLM\..\Run: [xmibm] C:\WINDOWS\system32\eycnh\xmibm.exe
O4 - HKLM\..\Run: [maknfj] C:\WINDOWS\system32\mvppiyft\maknfj.exe
O4 - HKLM\..\Run: [goge] C:\WINDOWS\system32\ampfol\goge.exe
O4 - HKLM\..\Run: [lptc] C:\WINDOWS\system32\ywpb\lptc.exe
O4 - HKLM\..\Run: [pqmwmh] C:\WINDOWS\system32\amdaclvp\pqmwmh.exe
O4 - HKLM\..\Run: [cwuagni] C:\WINDOWS\system32\pfbter\cwuagni.exe
O4 - HKLM\..\Run: [gbjgjv] C:\WINDOWS\system32\banqgwn\gbjgjv.exe
O4 - HKLM\..\Run: [ixluyaj] C:\WINDOWS\system32\higcgkst\ixluyaj.exe
O4 - HKLM\..\Run: [ewhjgpj] C:\WINDOWS\system32\vags\ewhjgpj.exe
O4 - HKLM\..\Run: [sqhml] C:\WINDOWS\system32\iojuy\sqhml.exe
O4 - HKLM\..\Run: [wljth] C:\WINDOWS\system32\mvhlet\wljth.exe
O4 - HKLM\..\Run: [aelyi] C:\WINDOWS\system32\cmrcowtr\aelyi.exe
O4 - HKLM\..\Run: [nxtc] C:\WINDOWS\system32\ncfqn\nxtc.exe
O4 - HKLM\..\Run: [bmssp] C:\WINDOWS\system32\srypy\bmssp.exe
O4 - HKLM\..\Run: [haog] C:\WINDOWS\system32\wwrdoj\haog.exe
O4 - HKLM\..\Run: [sxwslbe] C:\WINDOWS\system32\rpgjcj\sxwslbe.exe
O4 - HKLM\..\Run: [hdcjvfc] C:\WINDOWS\system32\wicd\hdcjvfc.exe
O4 - HKLM\..\Run: [lfowj] C:\WINDOWS\system32\nlkettth\lfowj.exe
O4 - HKLM\..\Run: [jmmp] C:\WINDOWS\system32\rlqcpirk\jmmp.exe
O4 - HKLM\..\Run: [pjti] C:\WINDOWS\system32\invthlsn\pjti.exe
O4 - HKLM\..\Run: [igyy] C:\WINDOWS\system32\gbvx\igyy.exe
O4 - HKLM\..\Run: [dhllkwp] C:\WINDOWS\system32\nsqao\dhllkwp.exe
O4 - HKLM\..\Run: [ruoljfeh] C:\WINDOWS\system32\qwjcdf\ruoljfeh.exe
O4 - HKLM\..\Run: [myytvr] C:\WINDOWS\system32\ujva\myytvr.exe
O4 - HKLM\..\Run: [jptju] C:\WINDOWS\system32\xibgl\jptju.exe
O4 - HKLM\..\Run: [wweo] C:\WINDOWS\system32\lwfi\wweo.exe
O4 - HKLM\..\Run: [fpdvwm] C:\WINDOWS\system32\qsir\fpdvwm.exe
O4 - HKLM\..\Run: [iraufyt] C:\WINDOWS\system32\whjgklwa\iraufyt.exe
O4 - HKLM\..\Run: [pfnvwmqg] C:\WINDOWS\system32\qqiq\pfnvwmqg.exe
O4 - HKLM\..\Run: [esqij] C:\WINDOWS\system32\ydqtgu\esqij.exe
O4 - HKLM\..\Run: [yuvskvrh] C:\WINDOWS\system32\bvjkpt\yuvskvrh.exe
O4 - HKLM\..\Run: [jnmsqga] C:\WINDOWS\system32\luyauyr\jnmsqga.exe
O4 - HKLM\..\Run: [xfbuq] C:\WINDOWS\system32\pqfrqo\xfbuq.exe
O4 - HKLM\..\Run: [wkljgg] C:\WINDOWS\system32\besf\wkljgg.exe
O4 - HKLM\..\Run: [kogwl] C:\WINDOWS\system32\rnaudfhi\kogwl.exe
O4 - HKLM\..\Run: [agrh] C:\WINDOWS\system32\bveifx\agrh.exe
O4 - HKLM\..\Run: [xutqq] C:\WINDOWS\system32\bxsgk\xutqq.exe
O4 - HKLM\..\Run: [cagwdenf] C:\WINDOWS\system32\uudmyprn\cagwdenf.exe
O4 - HKLM\..\Run: [jdobds] C:\WINDOWS\system32\etkdktyb\jdobds.exe
O4 - HKLM\..\Run: [cmvl] C:\WINDOWS\system32\tumpeyr\cmvl.exe
O4 - HKLM\..\Run: [ukmamttt] C:\WINDOWS\system32\klhoken\ukmamttt.exe
O4 - HKLM\..\Run: [yxcn] C:\WINDOWS\system32\rwvlpje\yxcn.exe
O4 - HKLM\..\Run: [iqdmf] C:\WINDOWS\system32\chneie\iqdmf.exe
O4 - HKLM\..\Run: [xncksi] C:\WINDOWS\system32\ktnre\xncksi.exe
O4 - HKLM\..\Run: [bovb] C:\WINDOWS\system32\uthcbesa\bovb.exe
O4 - HKLM\..\Run: [wxjo] C:\WINDOWS\system32\tdejyegt\wxjo.exe
O4 - HKLM\..\Run: [dxgcx] C:\WINDOWS\system32\bswgcuye\dxgcx.exe
O4 - HKLM\..\Run: [kneqb] C:\WINDOWS\system32\swmrj\kneqb.exe
O4 - HKLM\..\Run: [kyer] C:\WINDOWS\system32\bmjhgr\kyer.exe
O4 - HKLM\..\Run: [tunfiexe] C:\WINDOWS\system32\culwq\tunfiexe.exe
O4 - HKLM\..\Run: [tlvh] C:\WINDOWS\system32\murxy\tlvh.exe
O4 - HKLM\..\Run: [xutdod] C:\WINDOWS\system32\fotry\xutdod.exe
O4 - HKLM\..\Run: [xaqgr] C:\WINDOWS\system32\rydfjf\xaqgr.exe
O4 - HKLM\..\Run: [upqj] C:\WINDOWS\system32\ewsiqcj\upqj.exe
O4 - HKLM\..\Run: [alqv] C:\WINDOWS\system32\cosxblxp\alqv.exe
O4 - HKLM\..\Run: [qqyaq] C:\WINDOWS\system32\lfdey\qqyaq.exe
O4 - HKLM\..\Run: [reuh] C:\WINDOWS\system32\ciix\reuh.exe
O4 - HKLM\..\Run: [yvxuuy] C:\WINDOWS\system32\igepyqn\yvxuuy.exe
O4 - HKLM\..\Run: [wpwtwvkk] C:\WINDOWS\system32\knci\wpwtwvkk.exe
O4 - HKLM\..\Run: [rwnwtrrj] C:\WINDOWS\system32\ivyvuixe\rwnwtrrj.exe
O4 - HKLM\..\Run: [sybonnwk] C:\WINDOWS\system32\wncya\sybonnwk.exe
O4 - HKLM\..\Run: [eheq] C:\WINDOWS\system32\jlgmwfp\eheq.exe
O4 - HKLM\..\Run: [nqjnmefw] C:\WINDOWS\system32\fbbshg\nqjnmefw.exe
O4 - HKLM\..\Run: [gqyua] C:\WINDOWS\system32\pdhbky\gqyua.exe
O4 - HKLM\..\Run: [tkncaxs] C:\WINDOWS\system32\dpfq\tkncaxs.exe
O4 - HKLM\..\Run: [jtomtowx] C:\WINDOWS\system32\bvvrmb\jtomtowx.exe
O4 - HKLM\..\Run: [ksbnxj] C:\WINDOWS\system32\vnkp\ksbnxj.exe
O4 - HKLM\..\Run: [iuiqpffd] C:\WINDOWS\system32\rbloim\iuiqpffd.exe
O4 - HKLM\..\Run: [yhvljfy] C:\WINDOWS\system32\jctjt\yhvljfy.exe
O4 - HKLM\..\Run: [mjviyww] C:\WINDOWS\system32\igji\mjviyww.exe
O4 - HKLM\..\Run: [ygum] C:\WINDOWS\system32\xhoyaqy\ygum.exe
O4 - HKLM\..\Run: [dmylweyl] C:\WINDOWS\system32\hgqgpr\dmylweyl.exe
O4 - HKLM\..\Run: [jtuspi] C:\WINDOWS\system32\sdudjr\jtuspi.exe
O4 - HKLM\..\Run: [urgexq] C:\WINDOWS\system32\eagg\urgexq.exe
O4 - HKLM\..\Run: [glnqfdxb] C:\WINDOWS\system32\gydpnuv\glnqfdxb.exe
O4 - HKLM\..\Run: [qgauuk] C:\WINDOWS\system32\gjpuggot\qgauuk.exe
O4 - HKLM\..\Run: [thdpky] C:\WINDOWS\system32\viqcqoj\thdpky.exe
O4 - HKLM\..\Run: [vqrgdi] C:\WINDOWS\system32\pcby\vqrgdi.exe
O4 - HKLM\..\Run: [fgrwna] C:\WINDOWS\system32\xrjahpw\fgrwna.exe
O4 - HKLM\..\Run: [hgnyxani] C:\WINDOWS\system32\glpevneb\hgnyxani.exe
O4 - HKLM\..\Run: [swyvxpj] C:\WINDOWS\system32\vnxuteu\swyvxpj.exe
O4 - HKLM\..\Run: [gwooy] C:\WINDOWS\system32\qesgkrjn\gwooy.exe
O4 - HKLM\..\Run: [ksbecfvy] C:\WINDOWS\system32\wnvr\ksbecfvy.exe
O4 - HKLM\..\Run: [yspgmju] C:\WINDOWS\system32\fxnescyu\yspgmju.exe
O4 - HKLM\..\Run: [dwvodhts] C:\WINDOWS\system32\ckeonv\dwvodhts.exe
O4 - HKLM\..\Run: [vtqccaq] C:\WINDOWS\system32\awtthym\vtqccaq.exe
O4 - HKLM\..\Run: [rmjlwkeg] C:\WINDOWS\system32\wqqufjet\rmjlwkeg.exe
O4 - HKLM\..\Run: [hfwpshp] C:\WINDOWS\system32\hkhws\hfwpshp.exe
O4 - HKLM\..\Run: [udxloki] C:\WINDOWS\system32\anyca\udxloki.exe
O4 - HKLM\..\Run: [bgesc] C:\WINDOWS\system32\gwxrj\bgesc.exe
O4 - HKLM\..\Run: [qdwenw] C:\WINDOWS\system32\wjbp\qdwenw.exe
O4 - HKLM\..\Run: [wfrqx] C:\WINDOWS\system32\yejilorx\wfrqx.exe
O4 - HKLM\..\Run: [bporeyib] C:\WINDOWS\system32\efcwehbe\bporeyib.exe
O4 - HKLM\..\Run: [bbfw] C:\WINDOWS\system32\mtkjfux\bbfw.exe
O4 - HKLM\..\Run: [qbjcfses] C:\WINDOWS\system32\eehuxb\qbjcfses.exe
O4 - HKLM\..\Run: [qgxosm] C:\WINDOWS\system32\xpqqng\qgxosm.exe
O4 - HKLM\..\Run: [wglqvdde] C:\WINDOWS\system32\hyxffo\wglqvdde.exe
O4 - HKLM\..\Run: [kqur] C:\WINDOWS\system32\sndmn\kqur.exe
O4 - HKLM\..\Run: [gwiwm] C:\WINDOWS\system32\xqyi\gwiwm.exe
O4 - HKLM\..\Run: [ypvg] C:\WINDOWS\system32\jsgbv\ypvg.exe
O4 - HKLM\..\Run: [esvojoqw] C:\WINDOWS\system32\xltqp\esvojoqw.exe
O4 - HKLM\..\Run: [fcitht] C:\WINDOWS\system32\fmqnepri\fcitht.exe
O4 - HKLM\..\Run: [akiihkkn] C:\WINDOWS\system32\gekprv\akiihkkn.exe
O4 - HKLM\..\Run: [exauiyp] C:\WINDOWS\system32\kupia\exauiyp.exe
O4 - HKLM\..\Run: [cnruqng] C:\WINDOWS\system32\pthi\cnruqng.exe
O4 - HKLM\..\Run: [vdqpdood] C:\WINDOWS\system32\xhnfy\vdqpdood.exe
O4 - HKLM\..\Run: [drriub] C:\WINDOWS\system32\ehjpo\drriub.exe
O4 - HKLM\..\Run: [wvvtadth] C:\WINDOWS\system32\lheswmhw\wvvtadth.exe
O4 - HKLM\..\Run: [ebhhanwe] C:\WINDOWS\system32\mvdwipk\ebhhanwe.exe
O4 - HKLM\..\Run: [khclul] C:\WINDOWS\system32\habtk\khclul.exe
O4 - HKLM\..\Run: [bsmtof] C:\WINDOWS\system32\whfd\bsmtof.exe
O4 - HKLM\..\Run: [kior] C:\WINDOWS\system32\fatkh\kior.exe
O4 - HKLM\..\Run: [adikrqgc] C:\WINDOWS\system32\ejcijf\adikrqgc.exe
O4 - HKLM\..\Run: [nffvm] C:\WINDOWS\system32\asvximkn\nffvm.exe
O4 - HKLM\..\Run: [umxrc] C:\WINDOWS\system32\wrlq\umxrc.exe
O4 - HKLM\..\Run: [bssdeera] C:\WINDOWS\system32\svhqma\bssdeera.exe
O4 - HKLM\..\Run: [sehhwbf] C:\WINDOWS\system32\uqjmxhrp\sehhwbf.exe
O4 - HKLM\..\Run: [nucuwilj] C:\WINDOWS\system32\buee\nucuwilj.exe
O4 - HKLM\..\Run: [qbem] C:\WINDOWS\system32\vvwyafk\qbem.exe
O4 - HKLM\..\Run: [pchwceqc] C:\WINDOWS\system32\fjtohgn\pchwceqc.exe
O4 - HKLM\..\Run: [tgoep] C:\WINDOWS\system32\viyyx\tgoep.exe
O4 - HKLM\..\Run: [gvmtvq] C:\WINDOWS\system32\sqqxmjcm\gvmtvq.exe
O4 - HKLM\..\Run: [phubrdiq] C:\WINDOWS\system32\yhaev\phubrdiq.exe
O4 - HKLM\..\Run: [wyagxky] C:\WINDOWS\system32\nclyl\wyagxky.exe
O4 - HKLM\..\Run: [bbljd] C:\WINDOWS\system32\yndxd\bbljd.exe
O4 - HKLM\..\Run: [icvt] C:\WINDOWS\system32\pnwobeje\icvt.exe
O4 - HKLM\..\Run: [yodg] C:\WINDOWS\system32\mnvja\yodg.exe
O4 - HKLM\..\Run: [auuqscmg] C:\WINDOWS\system32\kkpfjky\auuqscmg.exe
O4 - HKLM\..\Run: [dahg] C:\WINDOWS\system32\yxsr\dahg.exe
O4 - HKLM\..\Run: [qtypxi] C:\WINDOWS\system32\cnrt\qtypxi.exe
O4 - HKLM\..\Run: [csjxo] C:\WINDOWS\system32\gigeamqy\csjxo.exe
O4 - HKLM\..\Run: [pgloxypt] C:\WINDOWS\system32\dsnqwhkn\pgloxypt.exe
O4 - HKLM\..\Run: [orogy] C:\WINDOWS\system32\beupqut\orogy.exe
O4 - HKLM\..\Run: [prdd] C:\WINDOWS\system32\invdddr\prdd.exe
O4 - HKLM\..\Run: [ywjyv] C:\WINDOWS\system32\vffdb\ywjyv.exe
O4 - HKLM\..\Run: [tifpo] C:\WINDOWS\system32\yktts\tifpo.exe
O4 - HKLM\..\Run: [ixtwc] C:\WINDOWS\system32\wfbl\ixtwc.exe
O4 - HKLM\..\Run: [ximssn] C:\WINDOWS\system32\moyip\ximssn.exe
O4 - HKLM\..\Run: [kekgpif] C:\WINDOWS\system32\yumegg\kekgpif.exe
O4 - HKLM\..\Run: [ekfaf] C:\WINDOWS\system32\hrmc\ekfaf.exe
O4 - HKLM\..\Run: [pgfjau] C:\WINDOWS\system32\xaqi\pgfjau.exe
O4 - HKLM\..\Run: [ikkn] C:\WINDOWS\system32\uwcr\ikkn.exe
O4 - HKLM\..\Run: [qrhbnv] C:\WINDOWS\system32\wcxcg\qrhbnv.exe
O4 - HKLM\..\Run: [byweyfmx] C:\WINDOWS\system32\cgdp\byweyfmx.exe
O4 - HKLM\..\Run: [fkoip] C:\WINDOWS\system32\xuaddrs\fkoip.exe
O4 - HKLM\..\Run: [uhxaijeg] C:\WINDOWS\system32\jxwkei\uhxaijeg.exe
O4 - HKLM\..\Run: [cpokjo] C:\WINDOWS\system32\adqjw\cpokjo.exe
O4 - HKLM\..\Run: [mkgq] C:\WINDOWS\system32\fgaxd\mkgq.exe
O4 - HKLM\..\Run: [jmgj] C:\WINDOWS\system32\cfjy\jmgj.exe
O4 - HKLM\..\Run: [mwhtvngs] C:\WINDOWS\system32\pcpouem\mwhtvngs.exe
O4 - HKLM\..\Run: [wabbmvt] C:\WINDOWS\system32\wdwmpgen\wabbmvt.exe
O4 - HKLM\..\Run: [bbipqo] C:\WINDOWS\system32\cimev\bbipqo.exe
O4 - HKLM\..\Run: [ajlyc] C:\WINDOWS\system32\tiux\ajlyc.exe
O4 - HKLM\..\Run: [bdrvj] C:\WINDOWS\system32\pkdaxfyu\bdrvj.exe
O4 - HKLM\..\Run: [bmuinkys] C:\WINDOWS\system32\eqjdx\bmuinkys.exe
O4 - HKLM\..\Run: [dktnkanl] C:\WINDOWS\system32\fgsv\dktnkanl.exe
O4 - HKLM\..\Run: [eexenb] C:\WINDOWS\system32\htjfk\eexenb.exe
O4 - HKLM\..\Run: [rkrio] C:\WINDOWS\system32\ihpi\rkrio.exe
O4 - HKLM\..\Run: [nelekbki] C:\WINDOWS\system32\qgnsxmv\nelekbki.exe
O4 - HKLM\..\Run: [aknselq] C:\WINDOWS\system32\wqcabea\aknselq.exe
O4 - HKLM\..\Run: [hmpopjg] C:\WINDOWS\system32\stwlmttk\hmpopjg.exe
O4 - HKLM\..\Run: [kqreiuje] C:\WINDOWS\system32\xxkqr\kqreiuje.exe
O4 - HKLM\..\Run: [uqvrean] C:\WINDOWS\system32\slqwd\uqvrean.exe
O4 - HKLM\..\Run: [bcjyjva] C:\WINDOWS\system32\kvikv\bcjyjva.exe
O4 - HKLM\..\Run: [pecags] C:\WINDOWS\system32\neiva\pecags.exe
O4 - HKLM\..\Run: [bicca] C:\WINDOWS\system32\fipr\bicca.exe
O4 - HKLM\..\Run: [yermfnm] C:\WINDOWS\system32\kpmfddf\yermfnm.exe
O4 - HKLM\..\Run: [vypraaki] C:\WINDOWS\system32\tfughml\vypraaki.exe
O4 - HKLM\..\Run: [tcgyvix] C:\WINDOWS\system32\nxesarwk\tcgyvix.exe
O4 - HKLM\..\Run: [sqmxb] C:\WINDOWS\system32\susfemyw\sqmxb.exe
O4 - HKLM\..\Run: [ltpphekv] C:\WINDOWS\system32\ptbnme\ltpphekv.exe
O4 - HKLM\..\Run: [yfyj] C:\WINDOWS\system32\tilw\yfyj.exe
O4 - HKLM\..\Run: [wrksxxnd] C:\WINDOWS\system32\mvego\wrksxxnd.exe
O4 - HKLM\..\Run: [valpcjx] C:\WINDOWS\system32\urnykoby\valpcjx.exe
O4 - HKLM\..\Run: [pyjjo] C:\WINDOWS\system32\hnmpmqdm\pyjjo.exe
O4 - HKLM\..\Run: [wjmsbn] C:\WINDOWS\system32\doupopgp\wjmsbn.exe
O4 - HKLM\..\Run: [ctdkwa] C:\WINDOWS\system32\rdigm\ctdkwa.exe
O4 - HKLM\..\Run: [apjvy] C:\WINDOWS\system32\rpsocd\apjvy.exe
O4 - HKLM\..\Run: [hylh] C:\WINDOWS\system32\numxf\hylh.exe
O4 - HKLM\..\Run: [jypbpkq] C:\WINDOWS\system32\tpes\jypbpkq.exe
O4 - HKLM\..\Run: [fnim] C:\WINDOWS\system32\xtubjy\fnim.exe
O4 - HKLM\..\Run: [kwnuke] C:\WINDOWS\system32\dfookapx\kwnuke.exe
O4 - HKLM\..\Run: [rypxrt] C:\WINDOWS\system32\wloomrr\rypxrt.exe
O4 - HKLM\..\Run: [whpf] C:\WINDOWS\system32\wmsc\whpf.exe
O4 - HKLM\..\Run: [jtfi] C:\WINDOWS\system32\udjf\jtfi.exe
O4 - HKLM\..\Run: [kcvugycq] C:\WINDOWS\system32\ttnqycmd\kcvugycq.exe
O4 - HKLM\..\Run: [nqvjubya] C:\WINDOWS\system32\bnalm\nqvjubya.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\hrl0053me.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: KLBLMain - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

yea i know lol please help any would be appreciated TY

BC AdBot (Login to Remove)

 


m

#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:43 AM

Posted 12 November 2005 - 04:02 PM

WOW! :thumbsup:

First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

To Get rid of NewDotNet, go to:

Start > Control Panel > Add or Remove Programs and remove the following:

New.Net Applications or New.Net Domains (anything that says New.Net)

If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.
_____________________________

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then post back with new HJT log
David

#3 Compupgrade22

Compupgrade22
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 12 November 2005 - 04:30 PM

WOW! :thumbsup:

First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

To Get rid of NewDotNet, go to:

Start > Control Panel > Add or Remove Programs and remove the following:

New.Net Applications or New.Net Domains (anything that says New.Net)

If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.
_____________________________

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then post back with new HJT log
David

TYVM for your help i will try it and let ya know TY again

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:43 AM

Posted 12 November 2005 - 04:55 PM

:thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users