Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hijack this log [CLOSED]

Started by radiofriendly , May 13 2005 07:40 AM

  • This topic is locked This topic is locked

#1
radiofriendly
Posted 13 May 2005 - 07:40 AM

radiofriendly

    New Member

  • Member
  • Pip
  • 2 posts
and something messed up my windows media player, it won't open at all. i also haven't been able to shut down, i have to turn it off manually.

Logfile of HijackThis v1.99.1
Scan saved at 11:09:21 PM, on 5/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\uemhkef\huxucjvr.exe
C:\WINDOWS\System32\acgvybo\iqxa.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\wggjgv\qpkofx.exe
C:\WINDOWS\System32\vpccvyd\nmuurcyn.exe
C:\WINDOWS\System32\yrqsos\sarrrnlr.exe
C:\WINDOWS\System32\pyxsxmbs\pbqfqd.exe
C:\WINDOWS\System32\smhft\oakeo.exe
C:\WINDOWS\System32\rxbnktfn\nctcrt.exe
C:\WINDOWS\System32\kswgsc\nmsn.exe
C:\WINDOWS\System32\bcdlnm\xdfg.exe
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\WINDOWS\System32\tfblsibl\uxnoo.exe
C:\WINDOWS\System32\dgyexu\kads.exe
C:\WINDOWS\System32\agdfuet\ekoybwfa.exe
C:\WINDOWS\System32\ahteqg\ggjxn.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\bjhjveh\odtlk.exe
C:\WINDOWS\System32\cpwxci\giuol.exe
C:\WINDOWS\System32\qpsllrx\xpdwawqd.exe
C:\WINDOWS\System32\tletwhw\bbvkeiu.exe
C:\WINDOWS\System32\xfjqheu\tlqfqmo.exe
C:\WINDOWS\System32\cabfib\trjwg.exe
C:\WINDOWS\System32\fyhjsb\uhigjx.exe
C:\WINDOWS\System32\obdaw\exuvgf.exe
C:\WINDOWS\System32\vmchkx\phstit.exe
C:\WINDOWS\System32\meifhyc\dgfqja.exe
C:\WINDOWS\System32\jjqnfmy\hyeeaqt.exe
C:\WINDOWS\System32\feyasud\cnfyxlvn.exe
C:\WINDOWS\System32\tgltm\wpdcutk.exe
C:\WINDOWS\System32\lcrqkj\iwyac.exe
C:\WINDOWS\System32\dmrr\flvisraa.exe
C:\WINDOWS\System32\mowtl\lyfpbe.exe
C:\WINDOWS\System32\ejrimaec\bjlcgvrm.exe
C:\WINDOWS\System32\kwyxmyd\whuylrq.exe
C:\WINDOWS\System32\bhpu\cxotq.exe
C:\WINDOWS\System32\aivsay\xccfai.exe
C:\WINDOWS\System32\bhdmob\xclkj.exe
C:\WINDOWS\System32\ayskg\rkutfmwa.exe
C:\WINDOWS\System32\bpmaujx\evhnj.exe
C:\WINDOWS\System32\lwsqphfx\jtuib.exe
C:\WINDOWS\System32\vfwc\ubvm.exe
C:\WINDOWS\System32\hrsjyrcs\jfhkrlyq.exe
C:\WINDOWS\System32\urjf\vvpconq.exe
C:\WINDOWS\System32\nyccs\aqpg.exe
C:\WINDOWS\System32\dcprt\anfui.exe
C:\WINDOWS\System32\qsis\iapwbjhm.exe
C:\WINDOWS\System32\uonlx\rrmav.exe
C:\WINDOWS\system\ngfxedjd.exe
C:\Program Files\Trillian\trillian.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\clirovau.exe
C:\WINDOWS\System32\dbgrac32.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\user\Desktop\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing)
O2 - BHO: (no name) - {21E74F0B-CAB4-DCD9-D247-33613873D69C} - C:\WINDOWS\System32\kahnregh\mvdtgcvt.dll
O2 - BHO: (no name) - {2233456E-FE11-ACF9-CEF6-3D0BEB8AD112} - C:\WINDOWS\System32\napwqayi\xaypdeku.dll
O2 - BHO: (no name) - {360AA94B-9AEA-3EE6-8F86-F624767DB38C} - C:\WINDOWS\System32\hsubqxlq\nmutydlq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {69DBCCE2-7F09-2DDB-DFDC-04A861F802B7} - C:\WINDOWS\System32\wugghpxu\lsolniqb.dll
O2 - BHO: (no name) - {884C9E59-C3F8-15A1-38A0-0D13EA288BEE} - C:\WINDOWS\System32\xmjnqnre\rkynfvqw.dll
O2 - BHO: (no name) - {8A53DC6E-CF53-CE71-442B-28A0BD7C1B49} - C:\WINDOWS\System32\csaqxqdf\tpkaxqyl.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\rtneg.dll (file missing)
O2 - BHO: (no name) - {9EAC4FA4-5F2E-7438-BF7E-A08BD5A249E5} - C:\WINDOWS\System32\epqyippb\mhmpskyw.dll
O2 - BHO: (no name) - {B9C8E53F-2531-A556-ADDC-CB4A723AF039} - C:\WINDOWS\System32\csgbmsle\liddbgaf.dll
O2 - BHO: (no name) - {ED77FCA8-6D01-A5D6-9FF2-55B1B20611BE} - C:\WINDOWS\System32\hmaffljf\drwhblmr.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [azqjyp] C:\WINDOWS\azqjyp.exe
O4 - HKLM\..\Run: [htrr] C:\WINDOWS\System32\nbscd\htrr.exe
O4 - HKLM\..\Run: [gejfw] C:\WINDOWS\System32\hgpvc\gejfw.exe
O4 - HKLM\..\Run: [dqtiwvu] C:\WINDOWS\System32\hsvlfl\dqtiwvu.exe
O4 - HKLM\..\Run: [dvjojht] C:\WINDOWS\System32\scgnixgr\dvjojht.exe
O4 - HKLM\..\Run: [pxgf] C:\WINDOWS\System32\rmbbwrn\pxgf.exe
O4 - HKLM\..\Run: [ckexelm] C:\WINDOWS\System32\tqxm\ckexelm.exe
O4 - HKLM\..\Run: [xwmrbcsu] C:\WINDOWS\System32\raca\xwmrbcsu.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [jvhrg] C:\WINDOWS\System32\vqutlhg\jvhrg.exe
O4 - HKLM\..\Run: [xxijyvsu] C:\WINDOWS\System32\aibq\xxijyvsu.exe
O4 - HKLM\..\Run: [bjmxey] C:\WINDOWS\System32\xcuvswf\bjmxey.exe
O4 - HKLM\..\Run: [sarrrnlr] C:\WINDOWS\System32\yrqsos\sarrrnlr.exe
O4 - HKLM\..\Run: [nibe] C:\WINDOWS\System32\verr\nibe.exe
O4 - HKLM\..\Run: [uqxqy] C:\WINDOWS\System32\aefj\uqxqy.exe
O4 - HKLM\..\Run: [skyhn] C:\DOCUME~1\user\LOCALS~1\Temp\dmca.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKLM\..\Run: [oakeo] C:\WINDOWS\System32\smhft\oakeo.exe
O4 - HKLM\..\Run: [llkixg] C:\WINDOWS\System32\skkcuuvg\llkixg.exe
O4 - HKLM\..\Run: [nmsn] C:\WINDOWS\System32\kswgsc\nmsn.exe
O4 - HKLM\..\Run: [xdfg] C:\WINDOWS\System32\bcdlnm\xdfg.exe
O4 - HKLM\..\Run: [jpsls] C:\WINDOWS\System32\ukxlb\jpsls.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - HKLM\..\Run: [abtspe] C:\WINDOWS\System32\felsgk\abtspe.exe
O4 - HKLM\..\Run: [fvejfc] C:\WINDOWS\System32\wiok\fvejfc.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [uxnoo] C:\WINDOWS\System32\tfblsibl\uxnoo.exe
O4 - HKLM\..\Run: [kads] C:\WINDOWS\System32\dgyexu\kads.exe
O4 - HKLM\..\Run: [ekoybwfa] C:\WINDOWS\System32\agdfuet\ekoybwfa.exe
O4 - HKLM\..\Run: [dvng] C:\WINDOWS\System32\mcnv\dvng.exe
O4 - HKLM\..\Run: [ggjxn] C:\WINDOWS\System32\ahteqg\ggjxn.exe
O4 - HKLM\..\Run: [pahso] C:\WINDOWS\System32\vsxqil\pahso.exe
O4 - HKLM\..\Run: [qlwql] C:\WINDOWS\System32\jhktcg\qlwql.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\user\LOCALS~1\Temp\giac.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [regfvr] c:\windows\system32\bcllolw.exe
O4 - HKLM\..\Run: [ncbrx] C:\WINDOWS\System32\lbyerkj\ncbrx.exe
O4 - HKLM\..\Run: [odtlk] C:\WINDOWS\System32\bjhjveh\odtlk.exe
O4 - HKLM\..\Run: [giuol] C:\WINDOWS\System32\cpwxci\giuol.exe
O4 - HKLM\..\Run: [xpdwawqd] C:\WINDOWS\System32\qpsllrx\xpdwawqd.exe
O4 - HKLM\..\Run: [pqnxat] C:\WINDOWS\System32\gpsxdr\pqnxat.exe
O4 - HKLM\..\Run: [bnatoeon] C:\WINDOWS\System32\tijg\bnatoeon.exe
O4 - HKLM\..\Run: [rtps] C:\WINDOWS\System32\axoxy\rtps.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitesik32.exe
O4 - HKLM\..\Run: [ayrmc] C:\WINDOWS\System32\swicel\ayrmc.exe
O4 - HKLM\..\Run: [bbvkeiu] C:\WINDOWS\System32\tletwhw\bbvkeiu.exe
O4 - HKLM\..\Run: [tlqfqmo] C:\WINDOWS\System32\xfjqheu\tlqfqmo.exe
O4 - HKLM\..\Run: [trjwg] C:\WINDOWS\System32\cabfib\trjwg.exe
O4 - HKLM\..\Run: [uhigjx] C:\WINDOWS\System32\fyhjsb\uhigjx.exe
O4 - HKLM\..\Run: [exuvgf] C:\WINDOWS\System32\obdaw\exuvgf.exe
O4 - HKLM\..\Run: [xyaann] C:\WINDOWS\System32\kakaamf\xyaann.exe
O4 - HKLM\..\Run: [oemlhb] C:\WINDOWS\System32\jrofim\oemlhb.exe
O4 - HKLM\..\Run: [ylmkpu] C:\WINDOWS\System32\dumsneck\ylmkpu.exe
O4 - HKLM\..\Run: [phstit] C:\WINDOWS\System32\vmchkx\phstit.exe
O4 - HKLM\..\Run: [kxcl] C:\WINDOWS\System32\yjkofmb\kxcl.exe
O4 - HKLM\..\Run: [dgfqja] C:\WINDOWS\System32\meifhyc\dgfqja.exe
O4 - HKLM\..\Run: [hyeeaqt] C:\WINDOWS\System32\jjqnfmy\hyeeaqt.exe
O4 - HKLM\..\Run: [vjhhq] C:\WINDOWS\System32\olsrndwi\vjhhq.exe
O4 - HKLM\..\Run: [tlgna] C:\WINDOWS\System32\xgtsos\tlgna.exe
O4 - HKLM\..\Run: [cnfyxlvn] C:\WINDOWS\System32\feyasud\cnfyxlvn.exe
O4 - HKLM\..\Run: [wpdcutk] C:\WINDOWS\System32\tgltm\wpdcutk.exe
O4 - HKLM\..\Run: [iwyac] C:\WINDOWS\System32\lcrqkj\iwyac.exe
O4 - HKLM\..\Run: [flvisraa] C:\WINDOWS\System32\dmrr\flvisraa.exe
O4 - HKLM\..\Run: [kuxqrff] C:\WINDOWS\System32\vbgpepdc\kuxqrff.exe
O4 - HKLM\..\Run: [lyfpbe] C:\WINDOWS\System32\mowtl\lyfpbe.exe
O4 - HKLM\..\Run: [bjlcgvrm] C:\WINDOWS\System32\ejrimaec\bjlcgvrm.exe
O4 - HKLM\..\Run: [whuylrq] C:\WINDOWS\System32\kwyxmyd\whuylrq.exe
O4 - HKLM\..\Run: [orxjh] C:\WINDOWS\System32\ktms\orxjh.exe
O4 - HKLM\..\Run: [cxotq] C:\WINDOWS\System32\bhpu\cxotq.exe
O4 - HKLM\..\Run: [xccfai] C:\WINDOWS\System32\aivsay\xccfai.exe
O4 - HKLM\..\Run: [xclkj] C:\WINDOWS\System32\bhdmob\xclkj.exe
O4 - HKLM\..\Run: [lgvhkna] C:\WINDOWS\System32\yfwda\lgvhkna.exe
O4 - HKLM\..\Run: [rkutfmwa] C:\WINDOWS\System32\ayskg\rkutfmwa.exe
O4 - HKLM\..\Run: [evhnj] C:\WINDOWS\System32\bpmaujx\evhnj.exe
O4 - HKLM\..\Run: [dndppxyq] C:\WINDOWS\System32\yywf\dndppxyq.exe
O4 - HKLM\..\Run: [xrqvuary] C:\WINDOWS\System32\cthk\xrqvuary.exe
O4 - HKLM\..\Run: [eepkgs] C:\WINDOWS\System32\ttkrhs\eepkgs.exe
O4 - HKLM\..\Run: [jtuib] C:\WINDOWS\System32\lwsqphfx\jtuib.exe
O4 - HKLM\..\Run: [ubvm] C:\WINDOWS\System32\vfwc\ubvm.exe
O4 - HKLM\..\Run: [jfhkrlyq] C:\WINDOWS\System32\hrsjyrcs\jfhkrlyq.exe
O4 - HKLM\..\Run: [xabycnv] C:\WINDOWS\System32\kntmrruq\xabycnv.exe
O4 - HKLM\..\Run: [ryqc] C:\WINDOWS\System32\wdqufrd\ryqc.exe
O4 - HKLM\..\Run: [eybb] C:\WINDOWS\System32\ehykkw\eybb.exe
O4 - HKLM\..\Run: [vvpconq] C:\WINDOWS\System32\urjf\vvpconq.exe
O4 - HKLM\..\Run: [aqpg] C:\WINDOWS\System32\nyccs\aqpg.exe
O4 - HKLM\..\Run: [Wirehog] C:\Program Files\Wirehog\Run.lnk
O4 - HKLM\..\Run: [cnee] C:\WINDOWS\System32\wjis\cnee.exe
O4 - HKLM\..\Run: [quitd] C:\WINDOWS\System32\trlahfv\quitd.exe
O4 - HKLM\..\Run: [anfui] C:\WINDOWS\System32\dcprt\anfui.exe
O4 - HKLM\..\Run: [iapwbjhm] C:\WINDOWS\System32\qsis\iapwbjhm.exe
O4 - HKLM\..\Run: [osbfox] C:\WINDOWS\System32\rthfk\osbfox.exe
O4 - HKLM\..\Run: [rrmav] C:\WINDOWS\System32\uonlx\rrmav.exe
O4 - HKLM\..\Run: [nmuurcyn] C:\WINDOWS\System32\vpccvyd\nmuurcyn.exe
O4 - HKLM\..\Run: [huxucjvr] C:\WINDOWS\System32\uemhkef\huxucjvr.exe
O4 - HKLM\..\Run: [pbqfqd] C:\WINDOWS\System32\pyxsxmbs\pbqfqd.exe
O4 - HKLM\..\Run: [nctcrt] C:\WINDOWS\System32\rxbnktfn\nctcrt.exe
O4 - HKLM\..\Run: [qpkofx] C:\WINDOWS\System32\wggjgv\qpkofx.exe
O4 - HKLM\..\Run: [gysmbl] C:\WINDOWS\System32\qhtt\gysmbl.exe
O4 - HKLM\..\Run: [iqxa] C:\WINDOWS\System32\acgvybo\iqxa.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [x3nX37O] dbgrac32.exe
O4 - HKCU\..\Run: [g047RXiml] clirovau.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O23 - Service: bjmxeyxcuvswf - Unknown owner - C:\WINDOWS\System32\xcuvswf\bjmxey.exe
O23 - Service: ckexelmtqxm - Unknown owner - C:\WINDOWS\System32\tqxm\ckexelm.exe
O23 - Service: cneewjis - Unknown owner - C:\WINDOWS\System32\wjis\cnee.exe
O23 - Service: dqtiwvuhsvlfl - Unknown owner - C:\WINDOWS\System32\hsvlfl\dqtiwvu.exe
O23 - Service: dvngmcnv - Unknown owner - C:\WINDOWS\System32\mcnv\dvng.exe
O23 - Service: eepkgsttkrhs - Unknown owner - C:\WINDOWS\System32\ttkrhs\eepkgs.exe
O23 - Service: eybbehykkw - Unknown owner - C:\WINDOWS\System32\ehykkw\eybb.exe
O23 - Service: fvejfcwiok - Unknown owner - C:\WINDOWS\System32\wiok\fvejfc.exe
O23 - Service: gejfwhgpvc - Unknown owner - C:\WINDOWS\System32\hgpvc\gejfw.exe
O23 - Service: greenstdSystem32 - Unknown owner - C:\WINDOWS\System32\greenstd.exe (file missing)
O23 - Service: huxucjvruemhkef - Unknown owner - C:\WINDOWS\System32\uemhkef\huxucjvr.exe
O23 - Service: iqxaacgvybo - Unknown owner - C:\WINDOWS\System32\acgvybo\iqxa.exe
O23 - Service: jpslsukxlb - Unknown owner - C:\WINDOWS\System32\ukxlb\jpsls.exe
O23 - Service: lgvhknayfwda - Unknown owner - C:\WINDOWS\System32\yfwda\lgvhkna.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: pqnxatgpsxdr - Unknown owner - C:\WINDOWS\System32\gpsxdr\pqnxat.exe
O23 - Service: qlwqljhktcg - Unknown owner - C:\WINDOWS\System32\jhktcg\qlwql.exe
O23 - Service: quitdtrlahfv - Unknown owner - C:\WINDOWS\System32\trlahfv\quitd.exe
O23 - Service: rtpsaxoxy - Unknown owner - C:\WINDOWS\System32\axoxy\rtps.exe
O23 - Service: ryqcwdqufrd - Unknown owner - C:\WINDOWS\System32\wdqufrd\ryqc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: tlgnaxgtsos - Unknown owner - C:\WINDOWS\System32\xgtsos\tlgna.exe
O23 - Service: xwmrbcsuraca - Unknown owner - C:\WINDOWS\System32\raca\xwmrbcsu.exe
O23 - Service: xxijyvsuaibq - Unknown owner - C:\WINDOWS\System32\aibq\xxijyvsu.exe
O23 - Service: ylmkpudumsneck - Unknown owner - C:\WINDOWS\System32\dumsneck\ylmkpu.exe
  • 0

Advertisements

#2
greyknight17
Posted 13 May 2005 - 09:46 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please do not post duplicate topics. Stay with this one.

Did you put this in your hosts file?

O1 - Hosts: 216.39.69.102 view.atdmt.com

Any idea what that WireHog program is for?

This one is going to be a pain to remove. I will try to make it simpler for you for the deletions part, but it's still going to be a lot of checking off in HijackThis.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Download ETRemover and unzip it. Don't run it yet.

Download KillBox http://www.greyknigh...spy/KillBox.exe. Don't run it yet.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/Cleanup.exe ) and install it. Don't run it yet.

Reboot into Safe Mode by hitting the F8 key until menu shows up. In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing)
O2 - BHO: (no name) - {21E74F0B-CAB4-DCD9-D247-33613873D69C} - C:\WINDOWS\System32\kahnregh\mvdtgcvt.dll
O2 - BHO: (no name) - {2233456E-FE11-ACF9-CEF6-3D0BEB8AD112} - C:\WINDOWS\System32\napwqayi\xaypdeku.dll
O2 - BHO: (no name) - {360AA94B-9AEA-3EE6-8F86-F624767DB38C} - C:\WINDOWS\System32\hsubqxlq\nmutydlq.dll
O2 - BHO: (no name) - {69DBCCE2-7F09-2DDB-DFDC-04A861F802B7} - C:\WINDOWS\System32\wugghpxu\lsolniqb.dll
O2 - BHO: (no name) - {884C9E59-C3F8-15A1-38A0-0D13EA288BEE} - C:\WINDOWS\System32\xmjnqnre\rkynfvqw.dll
O2 - BHO: (no name) - {8A53DC6E-CF53-CE71-442B-28A0BD7C1B49} - C:\WINDOWS\System32\csaqxqdf\tpkaxqyl.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\rtneg.dll (file missing)
O2 - BHO: (no name) - {9EAC4FA4-5F2E-7438-BF7E-A08BD5A249E5} - C:\WINDOWS\System32\epqyippb\mhmpskyw.dll
O2 - BHO: (no name) - {B9C8E53F-2531-A556-ADDC-CB4A723AF039} - C:\WINDOWS\System32\csgbmsle\liddbgaf.dll
O2 - BHO: (no name) - {ED77FCA8-6D01-A5D6-9FF2-55B1B20611BE} - C:\WINDOWS\System32\hmaffljf\drwhblmr.dll
O4 - HKLM\..\Run: [azqjyp] C:\WINDOWS\azqjyp.exe
O4 - HKLM\..\Run: [htrr] C:\WINDOWS\System32\nbscd\htrr.exe
O4 - HKLM\..\Run: [gejfw] C:\WINDOWS\System32\hgpvc\gejfw.exe
O4 - HKLM\..\Run: [dqtiwvu] C:\WINDOWS\System32\hsvlfl\dqtiwvu.exe
O4 - HKLM\..\Run: [dvjojht] C:\WINDOWS\System32\scgnixgr\dvjojht.exe
O4 - HKLM\..\Run: [pxgf] C:\WINDOWS\System32\rmbbwrn\pxgf.exe
O4 - HKLM\..\Run: [ckexelm] C:\WINDOWS\System32\tqxm\ckexelm.exe
O4 - HKLM\..\Run: [xwmrbcsu] C:\WINDOWS\System32\raca\xwmrbcsu.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [jvhrg] C:\WINDOWS\System32\vqutlhg\jvhrg.exe
O4 - HKLM\..\Run: [xxijyvsu] C:\WINDOWS\System32\aibq\xxijyvsu.exe
O4 - HKLM\..\Run: [bjmxey] C:\WINDOWS\System32\xcuvswf\bjmxey.exe
O4 - HKLM\..\Run: [sarrrnlr] C:\WINDOWS\System32\yrqsos\sarrrnlr.exe
O4 - HKLM\..\Run: [nibe] C:\WINDOWS\System32\verr\nibe.exe
O4 - HKLM\..\Run: [uqxqy] C:\WINDOWS\System32\aefj\uqxqy.exe
O4 - HKLM\..\Run: [skyhn] C:\DOCUME~1\user\LOCALS~1\Temp\dmca.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKLM\..\Run: [oakeo] C:\WINDOWS\System32\smhft\oakeo.exe
O4 - HKLM\..\Run: [llkixg] C:\WINDOWS\System32\skkcuuvg\llkixg.exe
O4 - HKLM\..\Run: [nmsn] C:\WINDOWS\System32\kswgsc\nmsn.exe
O4 - HKLM\..\Run: [xdfg] C:\WINDOWS\System32\bcdlnm\xdfg.exe
O4 - HKLM\..\Run: [jpsls] C:\WINDOWS\System32\ukxlb\jpsls.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - HKLM\..\Run: [abtspe] C:\WINDOWS\System32\felsgk\abtspe.exe
O4 - HKLM\..\Run: [fvejfc] C:\WINDOWS\System32\wiok\fvejfc.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [uxnoo] C:\WINDOWS\System32\tfblsibl\uxnoo.exe
O4 - HKLM\..\Run: [kads] C:\WINDOWS\System32\dgyexu\kads.exe
O4 - HKLM\..\Run: [ekoybwfa] C:\WINDOWS\System32\agdfuet\ekoybwfa.exe
O4 - HKLM\..\Run: [dvng] C:\WINDOWS\System32\mcnv\dvng.exe
O4 - HKLM\..\Run: [ggjxn] C:\WINDOWS\System32\ahteqg\ggjxn.exe
O4 - HKLM\..\Run: [pahso] C:\WINDOWS\System32\vsxqil\pahso.exe
O4 - HKLM\..\Run: [qlwql] C:\WINDOWS\System32\jhktcg\qlwql.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\user\LOCALS~1\Temp\giac.exe
O4 - HKLM\..\Run: [regfvr] c:\windows\system32\bcllolw.exe
O4 - HKLM\..\Run: [ncbrx] C:\WINDOWS\System32\lbyerkj\ncbrx.exe
O4 - HKLM\..\Run: [odtlk] C:\WINDOWS\System32\bjhjveh\odtlk.exe
O4 - HKLM\..\Run: [giuol] C:\WINDOWS\System32\cpwxci\giuol.exe
O4 - HKLM\..\Run: [xpdwawqd] C:\WINDOWS\System32\qpsllrx\xpdwawqd.exe
O4 - HKLM\..\Run: [pqnxat] C:\WINDOWS\System32\gpsxdr\pqnxat.exe
O4 - HKLM\..\Run: [bnatoeon] C:\WINDOWS\System32\tijg\bnatoeon.exe
O4 - HKLM\..\Run: [rtps] C:\WINDOWS\System32\axoxy\rtps.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitesik32.exe
O4 - HKLM\..\Run: [ayrmc] C:\WINDOWS\System32\swicel\ayrmc.exe
O4 - HKLM\..\Run: [bbvkeiu] C:\WINDOWS\System32\tletwhw\bbvkeiu.exe
O4 - HKLM\..\Run: [tlqfqmo] C:\WINDOWS\System32\xfjqheu\tlqfqmo.exe
O4 - HKLM\..\Run: [trjwg] C:\WINDOWS\System32\cabfib\trjwg.exe
O4 - HKLM\..\Run: [uhigjx] C:\WINDOWS\System32\fyhjsb\uhigjx.exe
O4 - HKLM\..\Run: [exuvgf] C:\WINDOWS\System32\obdaw\exuvgf.exe
O4 - HKLM\..\Run: [xyaann] C:\WINDOWS\System32\kakaamf\xyaann.exe
O4 - HKLM\..\Run: [oemlhb] C:\WINDOWS\System32\jrofim\oemlhb.exe
O4 - HKLM\..\Run: [ylmkpu] C:\WINDOWS\System32\dumsneck\ylmkpu.exe
O4 - HKLM\..\Run: [phstit] C:\WINDOWS\System32\vmchkx\phstit.exe
O4 - HKLM\..\Run: [kxcl] C:\WINDOWS\System32\yjkofmb\kxcl.exe
O4 - HKLM\..\Run: [dgfqja] C:\WINDOWS\System32\meifhyc\dgfqja.exe
O4 - HKLM\..\Run: [hyeeaqt] C:\WINDOWS\System32\jjqnfmy\hyeeaqt.exe
O4 - HKLM\..\Run: [vjhhq] C:\WINDOWS\System32\olsrndwi\vjhhq.exe
O4 - HKLM\..\Run: [tlgna] C:\WINDOWS\System32\xgtsos\tlgna.exe
O4 - HKLM\..\Run: [cnfyxlvn] C:\WINDOWS\System32\feyasud\cnfyxlvn.exe
O4 - HKLM\..\Run: [wpdcutk] C:\WINDOWS\System32\tgltm\wpdcutk.exe
O4 - HKLM\..\Run: [iwyac] C:\WINDOWS\System32\lcrqkj\iwyac.exe
O4 - HKLM\..\Run: [flvisraa] C:\WINDOWS\System32\dmrr\flvisraa.exe
O4 - HKLM\..\Run: [kuxqrff] C:\WINDOWS\System32\vbgpepdc\kuxqrff.exe
O4 - HKLM\..\Run: [lyfpbe] C:\WINDOWS\System32\mowtl\lyfpbe.exe
O4 - HKLM\..\Run: [bjlcgvrm] C:\WINDOWS\System32\ejrimaec\bjlcgvrm.exe
O4 - HKLM\..\Run: [whuylrq] C:\WINDOWS\System32\kwyxmyd\whuylrq.exe
O4 - HKLM\..\Run: [orxjh] C:\WINDOWS\System32\ktms\orxjh.exe
O4 - HKLM\..\Run: [cxotq] C:\WINDOWS\System32\bhpu\cxotq.exe
O4 - HKLM\..\Run: [xccfai] C:\WINDOWS\System32\aivsay\xccfai.exe
O4 - HKLM\..\Run: [xclkj] C:\WINDOWS\System32\bhdmob\xclkj.exe
O4 - HKLM\..\Run: [lgvhkna] C:\WINDOWS\System32\yfwda\lgvhkna.exe
O4 - HKLM\..\Run: [rkutfmwa] C:\WINDOWS\System32\ayskg\rkutfmwa.exe
O4 - HKLM\..\Run: [evhnj] C:\WINDOWS\System32\bpmaujx\evhnj.exe
O4 - HKLM\..\Run: [dndppxyq] C:\WINDOWS\System32\yywf\dndppxyq.exe
O4 - HKLM\..\Run: [xrqvuary] C:\WINDOWS\System32\cthk\xrqvuary.exe
O4 - HKLM\..\Run: [eepkgs] C:\WINDOWS\System32\ttkrhs\eepkgs.exe
O4 - HKLM\..\Run: [jtuib] C:\WINDOWS\System32\lwsqphfx\jtuib.exe
O4 - HKLM\..\Run: [ubvm] C:\WINDOWS\System32\vfwc\ubvm.exe
O4 - HKLM\..\Run: [jfhkrlyq] C:\WINDOWS\System32\hrsjyrcs\jfhkrlyq.exe
O4 - HKLM\..\Run: [xabycnv] C:\WINDOWS\System32\kntmrruq\xabycnv.exe
O4 - HKLM\..\Run: [ryqc] C:\WINDOWS\System32\wdqufrd\ryqc.exe
O4 - HKLM\..\Run: [eybb] C:\WINDOWS\System32\ehykkw\eybb.exe
O4 - HKLM\..\Run: [vvpconq] C:\WINDOWS\System32\urjf\vvpconq.exe
O4 - HKLM\..\Run: [aqpg] C:\WINDOWS\System32\nyccs\aqpg.exe
O4 - HKLM\..\Run: [cnee] C:\WINDOWS\System32\wjis\cnee.exe
O4 - HKLM\..\Run: [quitd] C:\WINDOWS\System32\trlahfv\quitd.exe
O4 - HKLM\..\Run: [anfui] C:\WINDOWS\System32\dcprt\anfui.exe
O4 - HKLM\..\Run: [iapwbjhm] C:\WINDOWS\System32\qsis\iapwbjhm.exe
O4 - HKLM\..\Run: [osbfox] C:\WINDOWS\System32\rthfk\osbfox.exe
O4 - HKLM\..\Run: [rrmav] C:\WINDOWS\System32\uonlx\rrmav.exe
O4 - HKLM\..\Run: [nmuurcyn] C:\WINDOWS\System32\vpccvyd\nmuurcyn.exe
O4 - HKLM\..\Run: [huxucjvr] C:\WINDOWS\System32\uemhkef\huxucjvr.exe
O4 - HKLM\..\Run: [pbqfqd] C:\WINDOWS\System32\pyxsxmbs\pbqfqd.exe
O4 - HKLM\..\Run: [nctcrt] C:\WINDOWS\System32\rxbnktfn\nctcrt.exe
O4 - HKLM\..\Run: [qpkofx] C:\WINDOWS\System32\wggjgv\qpkofx.exe
O4 - HKLM\..\Run: [gysmbl] C:\WINDOWS\System32\qhtt\gysmbl.exe
O4 - HKLM\..\Run: [iqxa] C:\WINDOWS\System32\acgvybo\iqxa.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [x3nX37O] dbgrac32.exe
O4 - HKCU\..\Run: [g047RXiml] clirovau.exe
O23 - Service: bjmxeyxcuvswf - Unknown owner - C:\WINDOWS\System32\xcuvswf\bjmxey.exe
O23 - Service: ckexelmtqxm - Unknown owner - C:\WINDOWS\System32\tqxm\ckexelm.exe
O23 - Service: cneewjis - Unknown owner - C:\WINDOWS\System32\wjis\cnee.exe
O23 - Service: dqtiwvuhsvlfl - Unknown owner - C:\WINDOWS\System32\hsvlfl\dqtiwvu.exe
O23 - Service: dvngmcnv - Unknown owner - C:\WINDOWS\System32\mcnv\dvng.exe
O23 - Service: eepkgsttkrhs - Unknown owner - C:\WINDOWS\System32\ttkrhs\eepkgs.exe
O23 - Service: eybbehykkw - Unknown owner - C:\WINDOWS\System32\ehykkw\eybb.exe
O23 - Service: fvejfcwiok - Unknown owner - C:\WINDOWS\System32\wiok\fvejfc.exe
O23 - Service: gejfwhgpvc - Unknown owner - C:\WINDOWS\System32\hgpvc\gejfw.exe
O23 - Service: greenstdSystem32 - Unknown owner - C:\WINDOWS\System32\greenstd.exe (file missing)
O23 - Service: huxucjvruemhkef - Unknown owner - C:\WINDOWS\System32\uemhkef\huxucjvr.exe
O23 - Service: iqxaacgvybo - Unknown owner - C:\WINDOWS\System32\acgvybo\iqxa.exe
O23 - Service: jpslsukxlb - Unknown owner - C:\WINDOWS\System32\ukxlb\jpsls.exe
O23 - Service: lgvhknayfwda - Unknown owner - C:\WINDOWS\System32\yfwda\lgvhkna.exe
O23 - Service: pqnxatgpsxdr - Unknown owner - C:\WINDOWS\System32\gpsxdr\pqnxat.exe
O23 - Service: qlwqljhktcg - Unknown owner - C:\WINDOWS\System32\jhktcg\qlwql.exe
O23 - Service: quitdtrlahfv - Unknown owner - C:\WINDOWS\System32\trlahfv\quitd.exe
O23 - Service: rtpsaxoxy - Unknown owner - C:\WINDOWS\System32\axoxy\rtps.exe
O23 - Service: ryqcwdqufrd - Unknown owner - C:\WINDOWS\System32\wdqufrd\ryqc.exe
O23 - Service: tlgnaxgtsos - Unknown owner - C:\WINDOWS\System32\xgtsos\tlgna.exe
O23 - Service: xwmrbcsuraca - Unknown owner - C:\WINDOWS\System32\raca\xwmrbcsu.exe
O23 - Service: xxijyvsuaibq - Unknown owner - C:\WINDOWS\System32\aibq\xxijyvsu.exe
O23 - Service: ylmkpudumsneck - Unknown owner - C:\WINDOWS\System32\dumsneck\ylmkpu.exe

Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy the below in bold and go back to KillBox. Go to File->Paste from Clipboard and then hit the red circle with a white X button. Confirm to delete, but say no when asked to reboot.

C:\Program Files\CxtPls\
C:\WINDOWS\azqjyp.exe
C:\WINDOWS\system\ngfxedjd.exe
C:\WINDOWS\System32\abasa5jrp.exe
C:\WINDOWS\System32\acgvybo\
C:\WINDOWS\System32\acgvybo\
C:\WINDOWS\System32\aefj\
C:\WINDOWS\System32\agdfuet
C:\WINDOWS\System32\ahteqg\
C:\WINDOWS\System32\aibq\
C:\WINDOWS\System32\aivsay\
C:\WINDOWS\System32\ap9h4qmo.exe
C:\WINDOWS\System32\axoxy\
C:\WINDOWS\System32\ayskg\
C:\WINDOWS\System32\bcdlnm\
c:\windows\system32\bcllolw.exe
C:\WINDOWS\System32\bhdmob\
C:\WINDOWS\System32\bhpu\
C:\WINDOWS\System32\bjhjveh\
C:\WINDOWS\System32\bpmaujx\
C:\WINDOWS\System32\cabfib\
C:\WINDOWS\System32\clirovau.exe
C:\WINDOWS\System32\cpwxci\
C:\WINDOWS\System32\csaqxqdf\
C:\WINDOWS\System32\csgbmsle\
C:\WINDOWS\System32\cthk\
C:\WINDOWS\System32\dbgrac32.exe
C:\WINDOWS\System32\dcprt\
C:\WINDOWS\System32\dgyexu\
C:\WINDOWS\System32\dmrr\
C:\WINDOWS\System32\dumsneck\
C:\WINDOWS\System32\ehykkw\
C:\WINDOWS\System32\ejrimaec\
C:\windows\system32\elitesik32.exe
C:\WINDOWS\System32\epqyippb\
C:\WINDOWS\System32\felsgk\
C:\WINDOWS\System32\feyasud\
C:\WINDOWS\System32\fyhjsb\
C:\WINDOWS\System32\gah95on6.exe
C:\WINDOWS\System32\gpsxdr\
C:\WINDOWS\System32\greenstd.exe
C:\WINDOWS\System32\hgpvc\
C:\WINDOWS\System32\hmaffljf\
C:\WINDOWS\System32\hrsjyrcs\
C:\WINDOWS\System32\hsubqxlq\
C:\WINDOWS\System32\hsvlfl\
C:\WINDOWS\System32\jhktcg\
C:\WINDOWS\System32\jjqnfmy\
C:\WINDOWS\System32\jrofim\
C:\WINDOWS\System32\kahnregh\
C:\WINDOWS\System32\kakaamf\
C:\WINDOWS\System32\kntmrruq\
C:\WINDOWS\System32\kswgsc\
C:\WINDOWS\System32\ktms\
C:\WINDOWS\System32\kwyxmyd\
C:\WINDOWS\System32\lbyerkj\
C:\WINDOWS\System32\lcrqkj\
C:\WINDOWS\System32\lwsqphfx\
C:\WINDOWS\System32\mcnv\
C:\WINDOWS\System32\meifhyc\
C:\WINDOWS\System32\mowtl\
C:\WINDOWS\System32\napwqayi\
C:\WINDOWS\System32\nbscd\
C:\WINDOWS\System32\nsvsvc\
C:\WINDOWS\System32\nyccs\
C:\WINDOWS\System32\obdaw\
C:\WINDOWS\System32\olsrndwi\
C:\WINDOWS\System32\pyxsxmbs\
C:\WINDOWS\System32\qhtt\
C:\WINDOWS\System32\qpsllrx\
C:\WINDOWS\System32\qsis\
C:\WINDOWS\System32\raca\
C:\WINDOWS\System32\rmbbwrn\
C:\WINDOWS\System32\rthfk\
C:\WINDOWS\System32\rtneg.dll
C:\WINDOWS\System32\rxbnktfn\
C:\WINDOWS\System32\scgnixgr\
C:\WINDOWS\System32\skkcuuvg\
C:\WINDOWS\System32\smhft\
C:\WINDOWS\System32\swicel\
C:\WINDOWS\System32\tfblsibl\
C:\WINDOWS\System32\tgltm\
C:\WINDOWS\System32\tijg\
C:\WINDOWS\System32\tletwhw\
C:\WINDOWS\System32\tqxm\
C:\WINDOWS\System32\trlahfv\
C:\WINDOWS\System32\ttkrhs\
C:\WINDOWS\System32\uemhkef\
C:\WINDOWS\System32\ukxlb\
C:\WINDOWS\System32\uonlx\
C:\WINDOWS\System32\urjf\
C:\WINDOWS\System32\vbgpepdc\
C:\WINDOWS\System32\verr\
C:\WINDOWS\System32\vfwc\
C:\WINDOWS\System32\vmchkx\
C:\WINDOWS\System32\vpccvyd\
C:\WINDOWS\System32\vqutlhg\
C:\WINDOWS\System32\vsxqil\
C:\WINDOWS\System32\wdqufrd\
C:\WINDOWS\System32\wggjgv\
C:\WINDOWS\System32\wiok\
C:\WINDOWS\System32\wjis\
C:\WINDOWS\System32\wugghpxu\
C:\WINDOWS\System32\xcuvswf\
C:\WINDOWS\System32\xfjqheu\
C:\WINDOWS\System32\xgtsos\
C:\WINDOWS\System32\xmjnqnre\
C:\WINDOWS\System32\yfwda\
C:\WINDOWS\System32\yjkofmb\
C:\WINDOWS\System32\yrqsos\
C:\WINDOWS\System32\yywf\
C:\WINDOWS\VCMnet11.exe

Run ETRemover.exe now. Again, do not reboot yet.

Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Reboot into Normal Mode run a new HijackThis scan. Save the log file and post it here.
  • 0

#3
greyknight17
Posted 22 June 2005 - 07:04 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP