Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

bookedspace and ebates plus[RESOLVED]


  • This topic is locked This topic is locked

#1
randijean

randijean

    New Member

  • Member
  • Pip
  • 3 posts
I am running xp home edition sp1. Do not want to upgrade to sp2 until system is cleaned up. I think I'm close but cannot get rid of bookedspace or ebates. Also suspect that I may have more because, at startup, tons of processes execute that look like junk processes. Afraid to delete until I get advice. Also, what do I do about system Restore setting? Should I be turning off?

I have followed all steps prior to this post including:
1) Ran latest Ad-aware SE with customized settings,
2) Ran latest Spybot S&D,
3) Ran Norton AV, latest definitions,
4) Ran CW Shredder,
5) Downloaded all WXP Critical Updates except sp2,
6) Ran disk cleanup.

Results: Everytime I reboot and run ad-aware, Spybot, or Norton AV, I pick up something. Ad-aware says it deletes bookedspace and ebates, but it comes back. Spybot says it deletes IE Plugin and Elitum.Elitebar, but it comes back. Norton AV says no viruses but seems to find different adaware threats everytime (mostly Ziocom). I can always delete but something comes back next reboot.

There are four users on my PC and I've done the same process for all users with the same results. Just can't get rid of this stuff. Also, did as much as I could in Safe Mode.

Please help. Am I close or do you think I need to reinstall OS???
Here is the Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:19:32 AM, on 4/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\rkgg\xdobwmvf.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\DAYPDLL.EXE
C:\WINDOWS\DAYPENC.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\munxsguo\pxdi.exe
C:\WINDOWS\System32\yevrr\rnsxtd.exe
C:\WINDOWS\System32\fquu\hylb.exe
C:\WINDOWS\System32\pgvarimw\eklwcap.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\jbyadfyn\lthxh.exe
C:\WINDOWS\System32\rlglkpm\tbgpvk.exe
C:\WINDOWS\System32\qssnetdp\dbhnk.exe
C:\WINDOWS\System32\ukrf\ihxgwbia.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\okupadf\thcva.exe
C:\WINDOWS\System32\jyarcagm\gfxvtu.exe
C:\WINDOWS\System32\aocgcgw\wijo.exe
C:\WINDOWS\System32\usselnc\niqkj.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\cabdlnc\pbgfsfy.exe
C:\WINDOWS\System32\fquu\hylb.exe
C:\WINDOWS\System32\mpxbc\grevvwi.exe
C:\Program Files\Messenger\msmsgs.exe
C:\My Music\aim.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Daniel\My Documents\hijackthis\HijackThis.exe
C:\Documents and Settings\Daniel\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6A8AC108-D9BC-54F1-457E-ADE63319FE58} - C:\WINDOWS\System32\rlixrwgx\wkhukvio.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O4 - HKLM\..\Run: [DAYPDLL] C:\WINDOWS\DAYPDLL.EXE
O4 - HKLM\..\Run: [DAYPENC] C:\WINDOWS\DAYPENC.EXE
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [anfh] C:\WINDOWS\System32\fmog\anfh.exe
O4 - HKLM\..\Run: [xrgkev] C:\WINDOWS\System32\mnjvy\xrgkev.exe
O4 - HKLM\..\Run: [eoklinw] C:\WINDOWS\System32\ician\eoklinw.exe
O4 - HKLM\..\Run: [polqly] C:\WINDOWS\System32\wnjjin\polqly.exe
O4 - HKLM\..\Run: [phibbbi] C:\WINDOWS\System32\grnysqi\phibbbi.exe
O4 - HKLM\..\Run: [qqqkeg] C:\WINDOWS\System32\jdhugg\qqqkeg.exe
O4 - HKLM\..\Run: [fmlxqvb] C:\WINDOWS\System32\xdsj\fmlxqvb.exe
O4 - HKLM\..\Run: [vadtth] C:\WINDOWS\System32\roskjh\vadtth.exe
O4 - HKLM\..\Run: [sscg] C:\WINDOWS\System32\xshv\sscg.exe
O4 - HKLM\..\Run: [pptwcauf] C:\WINDOWS\System32\olhumch\pptwcauf.exe
O4 - HKLM\..\Run: [grqe] C:\WINDOWS\System32\cxhbl\grqe.exe
O4 - HKLM\..\Run: [lmudmool] C:\WINDOWS\System32\tfyg\lmudmool.exe
O4 - HKLM\..\Run: [avdv] C:\WINDOWS\System32\vnbiu\avdv.exe
O4 - HKLM\..\Run: [mhiwaxcq] C:\WINDOWS\System32\ymrbreol\mhiwaxcq.exe
O4 - HKLM\..\Run: [jweib] C:\WINDOWS\System32\uqknbts\jweib.exe
O4 - HKLM\..\Run: [vkakkcdp] C:\WINDOWS\System32\eeagarnv\vkakkcdp.exe
O4 - HKLM\..\Run: [mxqpow] C:\WINDOWS\System32\maasrh\mxqpow.exe
O4 - HKLM\..\Run: [qvbhuu] C:\WINDOWS\System32\krsi\qvbhuu.exe
O4 - HKLM\..\Run: [xgwlfr] C:\WINDOWS\System32\lqxm\xgwlfr.exe
O4 - HKLM\..\Run: [afwgnq] C:\WINDOWS\System32\qcqfa\afwgnq.exe
O4 - HKLM\..\Run: [xbocixaq] C:\WINDOWS\System32\qkdjtjb\xbocixaq.exe
O4 - HKLM\..\Run: [hmsd] C:\WINDOWS\System32\oersjwx\hmsd.exe
O4 - HKLM\..\Run: [htgtibq] C:\WINDOWS\System32\wlvhhmj\htgtibq.exe
O4 - HKLM\..\Run: [ldykhkgr] C:\WINDOWS\System32\nuivrkqv\ldykhkgr.exe
O4 - HKLM\..\Run: [ujtijw] C:\WINDOWS\System32\rwcbso\ujtijw.exe
O4 - HKLM\..\Run: [hmqj] C:\WINDOWS\System32\cain\hmqj.exe
O4 - HKLM\..\Run: [vqvmgweb] C:\WINDOWS\System32\chivcbw\vqvmgweb.exe
O4 - HKLM\..\Run: [tvlmrvsi] C:\WINDOWS\System32\dwiuqc\tvlmrvsi.exe
O4 - HKLM\..\Run: [nfknl] C:\WINDOWS\System32\bryi\nfknl.exe
O4 - HKLM\..\Run: [txlugy] C:\WINDOWS\System32\reioafh\txlugy.exe
O4 - HKLM\..\Run: [nupeice] C:\WINDOWS\System32\qxab\nupeice.exe
O4 - HKLM\..\Run: [uqccse] C:\WINDOWS\System32\xtbsoru\uqccse.exe
O4 - HKLM\..\Run: [ifjoibqw] C:\WINDOWS\System32\pahtpmf\ifjoibqw.exe
O4 - HKLM\..\Run: [fgeaaom] C:\WINDOWS\System32\bolsgcew\fgeaaom.exe
O4 - HKLM\..\Run: [oavymqtt] C:\WINDOWS\System32\yqdvopwh\oavymqtt.exe
O4 - HKLM\..\Run: [xqwm] C:\WINDOWS\System32\qosgdjp\xqwm.exe
O4 - HKLM\..\Run: [eklwcap] C:\WINDOWS\System32\pgvarimw\eklwcap.exe
O4 - HKLM\..\Run: [kfbhyoir] C:\WINDOWS\System32\lrhejyqq\kfbhyoir.exe
O4 - HKLM\..\Run: [aibtu] C:\WINDOWS\System32\mvptmwmh\aibtu.exe
O4 - HKLM\..\Run: [xvpkc] C:\WINDOWS\System32\jchc\xvpkc.exe
O4 - HKLM\..\Run: [lthxh] C:\WINDOWS\System32\jbyadfyn\lthxh.exe
O4 - HKLM\..\Run: [ldpdh] C:\WINDOWS\System32\kewm\ldpdh.exe
O4 - HKLM\..\Run: [akrgrs] C:\WINDOWS\System32\yuoot\akrgrs.exe
O4 - HKLM\..\Run: [tkpwp] C:\WINDOWS\System32\fkjswmyg\tkpwp.exe
O4 - HKLM\..\Run: [dbhnk] C:\WINDOWS\System32\qssnetdp\dbhnk.exe
O4 - HKLM\..\Run: [ngsg] C:\WINDOWS\System32\elqo\ngsg.exe
O4 - HKLM\..\Run: [ihxgwbia] C:\WINDOWS\System32\ukrf\ihxgwbia.exe
O4 - HKLM\..\Run: [ubpdfuh] C:\WINDOWS\System32\yledtoe\ubpdfuh.exe
O4 - HKLM\..\Run: [pcqwai] C:\WINDOWS\System32\doqw\pcqwai.exe
O4 - HKLM\..\Run: [gfxvtu] C:\WINDOWS\System32\jyarcagm\gfxvtu.exe
O4 - HKLM\..\Run: [axeke] C:\WINDOWS\System32\rkyyqpjr\axeke.exe
O4 - HKLM\..\Run: [dgdrijnt] C:\WINDOWS\System32\jrprecbd\dgdrijnt.exe
O4 - HKLM\..\Run: [rnsxtd] C:\WINDOWS\System32\yevrr\rnsxtd.exe
O4 - HKLM\..\Run: [pxdi] C:\WINDOWS\System32\munxsguo\pxdi.exe
O4 - HKLM\..\Run: [flwcmt] C:\WINDOWS\System32\arvrsy\flwcmt.exe
O4 - HKLM\..\Run: [cqyqdp] C:\WINDOWS\System32\gjpttlq\cqyqdp.exe
O4 - HKLM\..\Run: [wijo] C:\WINDOWS\System32\aocgcgw\wijo.exe
O4 - HKLM\..\Run: [dgsyfag] C:\WINDOWS\System32\chpb\dgsyfag.exe
O4 - HKLM\..\Run: [niqkj] C:\WINDOWS\System32\usselnc\niqkj.exe
O4 - HKLM\..\Run: [tlymhmqn] C:\WINDOWS\System32\dfbqe\tlymhmqn.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteipr32.exe
O4 - HKLM\..\Run: [ypfb] C:\WINDOWS\System32\sknyxb\ypfb.exe
O4 - HKLM\..\Run: [yjbrivgo] C:\WINDOWS\System32\dlsko\yjbrivgo.exe
O4 - HKLM\..\Run: [xwbkyo] C:\WINDOWS\System32\hggtrbpj\xwbkyo.exe
O4 - HKLM\..\Run: [xutlkgan] C:\WINDOWS\System32\fpviet\xutlkgan.exe
O4 - HKLM\..\Run: [xdobwmvf] C:\WINDOWS\System32\rkgg\xdobwmvf.exe
O4 - HKLM\..\Run: [woxpkkj] C:\WINDOWS\System32\imlvm\woxpkkj.exe
O4 - HKLM\..\Run: [wialsok] C:\WINDOWS\System32\hcliljc\wialsok.exe
O4 - HKLM\..\Run: [wcpc] C:\WINDOWS\System32\ldesa\wcpc.exe
O4 - HKLM\..\Run: [vucwq] C:\WINDOWS\System32\oglhto\vucwq.exe
O4 - HKLM\..\Run: [vtpq] C:\WINDOWS\System32\kxepkfoi\vtpq.exe
O4 - HKLM\..\Run: [vofohof] C:\WINDOWS\System32\sriccrka\vofohof.exe
O4 - HKLM\..\Run: [vnaqkot] C:\WINDOWS\System32\dhvbmt\vnaqkot.exe
O4 - HKLM\..\Run: [vfctsr] C:\WINDOWS\System32\oynp\vfctsr.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [uwfatrfe] C:\WINDOWS\System32\kvdrkiy\uwfatrfe.exe
O4 - HKLM\..\Run: [upidolgq] C:\WINDOWS\System32\yprehc\upidolgq.exe
O4 - HKLM\..\Run: [thcva] C:\WINDOWS\System32\okupadf\thcva.exe
O4 - HKLM\..\Run: [tbmlcov] C:\WINDOWS\System32\cpbuuh\tbmlcov.exe
O4 - HKLM\..\Run: [tbgpvk] C:\WINDOWS\System32\rlglkpm\tbgpvk.exe
O4 - HKLM\..\Run: [talie] C:\WINDOWS\System32\nsopsq\talie.exe
O4 - HKLM\..\Run: [svjfnq] C:\WINDOWS\System32\ewacgrcx\svjfnq.exe
O4 - HKLM\..\Run: [suhgrgr] C:\WINDOWS\System32\odmu\suhgrgr.exe
O4 - HKLM\..\Run: [slifj] C:\WINDOWS\System32\frewufdo\slifj.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\Daniel\LOCALS~1\Temp\ovdu.exe
O4 - HKLM\..\Run: [siqge] C:\WINDOWS\System32\xejt\siqge.exe
O4 - HKLM\..\Run: [sedlkgf] C:\WINDOWS\System32\xofxkhe\sedlkgf.exe
O4 - HKLM\..\Run: [rqps] C:\WINDOWS\System32\deafml\rqps.exe
O4 - HKLM\..\Run: [rfaogpkj] C:\WINDOWS\System32\apbqqp\rfaogpkj.exe
O4 - HKLM\..\Run: [rdhbd] C:\WINDOWS\System32\irfh\rdhbd.exe
O4 - HKLM\..\Run: [raomv] C:\WINDOWS\System32\srauq\raomv.exe
O4 - HKLM\..\Run: [qilt] C:\WINDOWS\System32\kilgdjo\qilt.exe
O4 - HKLM\..\Run: [pullai] C:\WINDOWS\System32\lwejnwbh\pullai.exe
O4 - HKLM\..\Run: [pbgfsfy] C:\WINDOWS\System32\cabdlnc\pbgfsfy.exe
O4 - HKLM\..\Run: [paewy] C:\WINDOWS\System32\obeenqld\paewy.exe
O4 - HKLM\..\Run: [owvmtrmw] C:\WINDOWS\System32\cbod\owvmtrmw.exe
O4 - HKLM\..\Run: [ownsafmh] C:\WINDOWS\System32\gctgfox\ownsafmh.exe
O4 - HKLM\..\Run: [oudefyw] C:\WINDOWS\System32\uife\oudefyw.exe
O4 - HKLM\..\Run: [opmgfdr] C:\WINDOWS\System32\yygmur\opmgfdr.exe
O4 - HKLM\..\Run: [ogeiw] C:\WINDOWS\System32\ekhdsgha\ogeiw.exe
O4 - HKLM\..\Run: [nchhrm] C:\WINDOWS\System32\skjgueft\nchhrm.exe
O4 - HKLM\..\Run: [mlwksrq] C:\WINDOWS\System32\sokaqaq\mlwksrq.exe
O4 - HKLM\..\Run: [mdcpmv] C:\WINDOWS\System32\hygb\mdcpmv.exe
O4 - HKLM\..\Run: [mcwsxa] C:\WINDOWS\System32\yuhcjj\mcwsxa.exe
O4 - HKLM\..\Run: [mcrhswo] C:\WINDOWS\System32\wejoekx\mcrhswo.exe
O4 - HKLM\..\Run: [mbhnx] C:\WINDOWS\System32\ojrajkus\mbhnx.exe
O4 - HKLM\..\Run: [lmokmk] C:\WINDOWS\System32\gmvwpnby\lmokmk.exe
O4 - HKLM\..\Run: [lkhpg] C:\WINDOWS\System32\klcyic\lkhpg.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rlvzzp.exe
O4 - HKLM\..\Run: [jylvfcg] C:\WINDOWS\System32\qekljihg\jylvfcg.exe
O4 - HKLM\..\Run: [jtlme] C:\WINDOWS\System32\xhfj\jtlme.exe
O4 - HKLM\..\Run: [jievh] C:\WINDOWS\System32\mykmma\jievh.exe
O4 - HKLM\..\Run: [jdxacfpn] C:\WINDOWS\System32\itpej\jdxacfpn.exe
O4 - HKLM\..\Run: [jcsnv] C:\WINDOWS\System32\cenp\jcsnv.exe
O4 - HKLM\..\Run: [iugcefkh] C:\WINDOWS\System32\vjpsbbq\iugcefkh.exe
O4 - HKLM\..\Run: [isrq] C:\WINDOWS\System32\tjxaq\isrq.exe
O4 - HKLM\..\Run: [iqniwuxl] C:\WINDOWS\System32\ymvj\iqniwuxl.exe
O4 - HKLM\..\Run: [ihdmxxo] C:\WINDOWS\System32\qtjtivhs\ihdmxxo.exe
O4 - HKLM\..\Run: [icbsy] C:\WINDOWS\System32\roqed\icbsy.exe
O4 - HKLM\..\Run: [hylb] C:\WINDOWS\System32\fquu\hylb.exe
O4 - HKLM\..\Run: [hshnin] C:\DOCUME~1\Daniel\LOCALS~1\Temp\wbpmmvhd.exe
O4 - HKLM\..\Run: [hhmcxo] C:\WINDOWS\System32\ctfca\hhmcxo.exe
O4 - HKLM\..\Run: [habgxnf] C:\WINDOWS\System32\esjhhn\habgxnf.exe
O4 - HKLM\..\Run: [gsmsaufq] C:\WINDOWS\System32\bouiq\gsmsaufq.exe
O4 - HKLM\..\Run: [grevvwi] C:\WINDOWS\System32\mpxbc\grevvwi.exe
O4 - HKLM\..\Run: [gfyscuc] C:\WINDOWS\System32\bclqgbf\gfyscuc.exe
O4 - HKLM\..\Run: [gbdra] C:\WINDOWS\System32\wvjmgvbx\gbdra.exe
O4 - HKLM\..\Run: [fwlrjfkx] C:\WINDOWS\System32\wdjg\fwlrjfkx.exe
O4 - HKLM\..\Run: [ftymmff] C:\WINDOWS\System32\caopulxw\ftymmff.exe
O4 - HKLM\..\Run: [frbnqpo] C:\WINDOWS\System32\glnhdjuf\frbnqpo.exe
O4 - HKLM\..\Run: [ffir] C:\WINDOWS\System32\yjmg\ffir.exe
O4 - HKLM\..\Run: [faqlucne] C:\WINDOWS\System32\kbhmlbcy\faqlucne.exe
O4 - HKLM\..\Run: [exkttqci] C:\WINDOWS\System32\dlmqe\exkttqci.exe
O4 - HKLM\..\Run: [erdpbte] C:\WINDOWS\System32\xckasx\erdpbte.exe
O4 - HKLM\..\Run: [emhk] C:\WINDOWS\System32\ypiw\emhk.exe
O4 - HKLM\..\Run: [elktkym] C:\WINDOWS\System32\swpp\elktkym.exe
O4 - HKLM\..\Run: [dwvfind] C:\WINDOWS\System32\lqptv\dwvfind.exe
O4 - HKLM\..\Run: [drlu] C:\WINDOWS\System32\rhifsbq\drlu.exe
O4 - HKLM\..\Run: [drivyne] C:\WINDOWS\System32\auidd\drivyne.exe
O4 - HKLM\..\Run: [ddtbkqw] C:\WINDOWS\System32\leskw\ddtbkqw.exe
O4 - HKLM\..\Run: [damq] C:\WINDOWS\System32\fksmtf\damq.exe
O4 - HKLM\..\Run: [bvvt] C:\WINDOWS\System32\xgdc\bvvt.exe
O4 - HKLM\..\Run: [bqdfnxd] C:\WINDOWS\System32\mpwfny\bqdfnxd.exe
O4 - HKLM\..\Run: [bogwdclw] C:\WINDOWS\System32\ooinqkev\bogwdclw.exe
O4 - HKLM\..\Run: [blfvhl] C:\WINDOWS\System32\fiotm\blfvhl.exe
O4 - HKLM\..\Run: [ayorg] C:\WINDOWS\System32\edggw\ayorg.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKLM\..\Run: [alln] C:\WINDOWS\System32\mmovjac\alln.exe
O4 - HKLM\..\Run: [ahqcijh] C:\WINDOWS\System32\lqrdtpdp\ahqcijh.exe
O4 - HKLM\..\Run: [ahjaet] C:\WINDOWS\System32\lxkb\ahjaet.exe
O4 - HKLM\..\Run: [agwfuia] C:\WINDOWS\System32\iyasp\agwfuia.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\My Music\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Zw3pRhanO] ilsefilt.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\My Music\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c135.cab
O23 - Service: bqdfnxdmpwfny - Unknown owner - C:\WINDOWS\System32\mpwfny\bqdfnxd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: damqfksmtf - Unknown owner - C:\WINDOWS\System32\fksmtf\damq.exe (file missing)
O23 - Service: ftymmffcaopulxw - Unknown owner - C:\WINDOWS\System32\caopulxw\ftymmff.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: jdxacfpnitpej - Unknown owner - C:\WINDOWS\System32\itpej\jdxacfpn.exe (file missing)
O23 - Service: jweibuqknbts - Unknown owner - C:\WINDOWS\System32\uqknbts\jweib.exe
O23 - Service: mdcpmvhygb - Unknown owner - C:\WINDOWS\System32\hygb\mdcpmv.exe
O23 - Service: mhiwaxcqymrbreol - Unknown owner - C:\WINDOWS\System32\ymrbreol\mhiwaxcq.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: opmgfdryygmur - Unknown owner - C:\WINDOWS\System32\yygmur\opmgfdr.exe (file missing)
O23 - Service: owvmtrmwcbod - Unknown owner - C:\WINDOWS\System32\cbod\owvmtrmw.exe
O23 - Service: raomvsrauq - Unknown owner - C:\WINDOWS\System32\srauq\raomv.exe (file missing)
O23 - Service: rdhbdirfh - Unknown owner - C:\WINDOWS\System32\irfh\rdhbd.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: vnaqkotdhvbmt - Unknown owner - C:\WINDOWS\System32\dhvbmt\vnaqkot.exe
O23 - Service: vucwqoglhto - Unknown owner - C:\WINDOWS\System32\oglhto\vucwq.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: wttnjbgwhqt - Unknown owner - C:\WINDOWS\System32\jbgwhqt\wttn.exe (file missing)
O23 - Service: xdobwmvfrkgg - Unknown owner - C:\WINDOWS\System32\rkgg\xdobwmvf.exe
O23 - Service: xwbkyohggtrbpj - Unknown owner - C:\WINDOWS\System32\hggtrbpj\xwbkyo.exe (file missing)
O23 - Service: ypfbsknyxb - Unknown owner - C:\WINDOWS\System32\sknyxb\ypfb.exe
O23 - Service: yschtmaynf - Unknown owner - C:\WINDOWS\System32\aynf\yschtm.exe (file missing)
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 17,344 posts
  • MVP
Hi randijean,

Can you please download TDS-3 from http://tds.diamondcs...p?page=download
and update it following the instructions here:
http://tds.diamondcs...php?page=update
Then click System Testing > Full System scan.
Have it remove everything it gives you a positive identification of.

Then reboot and check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll

O2 - BHO: (no name) - {6A8AC108-D9BC-54F1-457E-ADE63319FE58} - C:\WINDOWS\System32\rlixrwgx\wkhukvio.dll

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O4 - HKLM\..\Run: [DAYPDLL] C:\WINDOWS\DAYPDLL.EXE
O4 - HKLM\..\Run: [DAYPENC] C:\WINDOWS\DAYPENC.EXE
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun

O4 - HKLM\..\Run: [anfh] C:\WINDOWS\System32\fmog\anfh.exe
O4 - HKLM\..\Run: [xrgkev] C:\WINDOWS\System32\mnjvy\xrgkev.exe
O4 - HKLM\..\Run: [eoklinw] C:\WINDOWS\System32\ician\eoklinw.exe
O4 - HKLM\..\Run: [polqly] C:\WINDOWS\System32\wnjjin\polqly.exe
O4 - HKLM\..\Run: [phibbbi] C:\WINDOWS\System32\grnysqi\phibbbi.exe
O4 - HKLM\..\Run: [qqqkeg] C:\WINDOWS\System32\jdhugg\qqqkeg.exe
O4 - HKLM\..\Run: [fmlxqvb] C:\WINDOWS\System32\xdsj\fmlxqvb.exe
O4 - HKLM\..\Run: [vadtth] C:\WINDOWS\System32\roskjh\vadtth.exe
O4 - HKLM\..\Run: [sscg] C:\WINDOWS\System32\xshv\sscg.exe
O4 - HKLM\..\Run: [pptwcauf] C:\WINDOWS\System32\olhumch\pptwcauf.exe
O4 - HKLM\..\Run: [grqe] C:\WINDOWS\System32\cxhbl\grqe.exe
O4 - HKLM\..\Run: [lmudmool] C:\WINDOWS\System32\tfyg\lmudmool.exe
O4 - HKLM\..\Run: [avdv] C:\WINDOWS\System32\vnbiu\avdv.exe
O4 - HKLM\..\Run: [mhiwaxcq] C:\WINDOWS\System32\ymrbreol\mhiwaxcq.exe
O4 - HKLM\..\Run: [jweib] C:\WINDOWS\System32\uqknbts\jweib.exe
O4 - HKLM\..\Run: [vkakkcdp] C:\WINDOWS\System32\eeagarnv\vkakkcdp.exe
O4 - HKLM\..\Run: [mxqpow] C:\WINDOWS\System32\maasrh\mxqpow.exe
O4 - HKLM\..\Run: [qvbhuu] C:\WINDOWS\System32\krsi\qvbhuu.exe
O4 - HKLM\..\Run: [xgwlfr] C:\WINDOWS\System32\lqxm\xgwlfr.exe
O4 - HKLM\..\Run: [afwgnq] C:\WINDOWS\System32\qcqfa\afwgnq.exe
O4 - HKLM\..\Run: [xbocixaq] C:\WINDOWS\System32\qkdjtjb\xbocixaq.exe
O4 - HKLM\..\Run: [hmsd] C:\WINDOWS\System32\oersjwx\hmsd.exe
O4 - HKLM\..\Run: [htgtibq] C:\WINDOWS\System32\wlvhhmj\htgtibq.exe
O4 - HKLM\..\Run: [ldykhkgr] C:\WINDOWS\System32\nuivrkqv\ldykhkgr.exe
O4 - HKLM\..\Run: [ujtijw] C:\WINDOWS\System32\rwcbso\ujtijw.exe
O4 - HKLM\..\Run: [hmqj] C:\WINDOWS\System32\cain\hmqj.exe
O4 - HKLM\..\Run: [vqvmgweb] C:\WINDOWS\System32\chivcbw\vqvmgweb.exe
O4 - HKLM\..\Run: [tvlmrvsi] C:\WINDOWS\System32\dwiuqc\tvlmrvsi.exe
O4 - HKLM\..\Run: [nfknl] C:\WINDOWS\System32\bryi\nfknl.exe
O4 - HKLM\..\Run: [txlugy] C:\WINDOWS\System32\reioafh\txlugy.exe
O4 - HKLM\..\Run: [nupeice] C:\WINDOWS\System32\qxab\nupeice.exe
O4 - HKLM\..\Run: [uqccse] C:\WINDOWS\System32\xtbsoru\uqccse.exe
O4 - HKLM\..\Run: [ifjoibqw] C:\WINDOWS\System32\pahtpmf\ifjoibqw.exe
O4 - HKLM\..\Run: [fgeaaom] C:\WINDOWS\System32\bolsgcew\fgeaaom.exe
O4 - HKLM\..\Run: [oavymqtt] C:\WINDOWS\System32\yqdvopwh\oavymqtt.exe
O4 - HKLM\..\Run: [xqwm] C:\WINDOWS\System32\qosgdjp\xqwm.exe
O4 - HKLM\..\Run: [eklwcap] C:\WINDOWS\System32\pgvarimw\eklwcap.exe
O4 - HKLM\..\Run: [kfbhyoir] C:\WINDOWS\System32\lrhejyqq\kfbhyoir.exe
O4 - HKLM\..\Run: [aibtu] C:\WINDOWS\System32\mvptmwmh\aibtu.exe
O4 - HKLM\..\Run: [xvpkc] C:\WINDOWS\System32\jchc\xvpkc.exe
O4 - HKLM\..\Run: [lthxh] C:\WINDOWS\System32\jbyadfyn\lthxh.exe
O4 - HKLM\..\Run: [ldpdh] C:\WINDOWS\System32\kewm\ldpdh.exe
O4 - HKLM\..\Run: [akrgrs] C:\WINDOWS\System32\yuoot\akrgrs.exe
O4 - HKLM\..\Run: [tkpwp] C:\WINDOWS\System32\fkjswmyg\tkpwp.exe
O4 - HKLM\..\Run: [dbhnk] C:\WINDOWS\System32\qssnetdp\dbhnk.exe
O4 - HKLM\..\Run: [ngsg] C:\WINDOWS\System32\elqo\ngsg.exe
O4 - HKLM\..\Run: [ihxgwbia] C:\WINDOWS\System32\ukrf\ihxgwbia.exe
O4 - HKLM\..\Run: [ubpdfuh] C:\WINDOWS\System32\yledtoe\ubpdfuh.exe
O4 - HKLM\..\Run: [pcqwai] C:\WINDOWS\System32\doqw\pcqwai.exe
O4 - HKLM\..\Run: [gfxvtu] C:\WINDOWS\System32\jyarcagm\gfxvtu.exe
O4 - HKLM\..\Run: [axeke] C:\WINDOWS\System32\rkyyqpjr\axeke.exe
O4 - HKLM\..\Run: [dgdrijnt] C:\WINDOWS\System32\jrprecbd\dgdrijnt.exe
O4 - HKLM\..\Run: [rnsxtd] C:\WINDOWS\System32\yevrr\rnsxtd.exe
O4 - HKLM\..\Run: [pxdi] C:\WINDOWS\System32\munxsguo\pxdi.exe
O4 - HKLM\..\Run: [flwcmt] C:\WINDOWS\System32\arvrsy\flwcmt.exe
O4 - HKLM\..\Run: [cqyqdp] C:\WINDOWS\System32\gjpttlq\cqyqdp.exe
O4 - HKLM\..\Run: [wijo] C:\WINDOWS\System32\aocgcgw\wijo.exe
O4 - HKLM\..\Run: [dgsyfag] C:\WINDOWS\System32\chpb\dgsyfag.exe
O4 - HKLM\..\Run: [niqkj] C:\WINDOWS\System32\usselnc\niqkj.exe
O4 - HKLM\..\Run: [tlymhmqn] C:\WINDOWS\System32\dfbqe\tlymhmqn.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteipr32.exe
O4 - HKLM\..\Run: [ypfb] C:\WINDOWS\System32\sknyxb\ypfb.exe
O4 - HKLM\..\Run: [yjbrivgo] C:\WINDOWS\System32\dlsko\yjbrivgo.exe
O4 - HKLM\..\Run: [xwbkyo] C:\WINDOWS\System32\hggtrbpj\xwbkyo.exe
O4 - HKLM\..\Run: [xutlkgan] C:\WINDOWS\System32\fpviet\xutlkgan.exe
O4 - HKLM\..\Run: [xdobwmvf] C:\WINDOWS\System32\rkgg\xdobwmvf.exe
O4 - HKLM\..\Run: [woxpkkj] C:\WINDOWS\System32\imlvm\woxpkkj.exe
O4 - HKLM\..\Run: [wialsok] C:\WINDOWS\System32\hcliljc\wialsok.exe
O4 - HKLM\..\Run: [wcpc] C:\WINDOWS\System32\ldesa\wcpc.exe
O4 - HKLM\..\Run: [vucwq] C:\WINDOWS\System32\oglhto\vucwq.exe
O4 - HKLM\..\Run: [vtpq] C:\WINDOWS\System32\kxepkfoi\vtpq.exe
O4 - HKLM\..\Run: [vofohof] C:\WINDOWS\System32\sriccrka\vofohof.exe
O4 - HKLM\..\Run: [vnaqkot] C:\WINDOWS\System32\dhvbmt\vnaqkot.exe
O4 - HKLM\..\Run: [vfctsr] C:\WINDOWS\System32\oynp\vfctsr.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [uwfatrfe] C:\WINDOWS\System32\kvdrkiy\uwfatrfe.exe
O4 - HKLM\..\Run: [upidolgq] C:\WINDOWS\System32\yprehc\upidolgq.exe
O4 - HKLM\..\Run: [thcva] C:\WINDOWS\System32\okupadf\thcva.exe
O4 - HKLM\..\Run: [tbmlcov] C:\WINDOWS\System32\cpbuuh\tbmlcov.exe
O4 - HKLM\..\Run: [tbgpvk] C:\WINDOWS\System32\rlglkpm\tbgpvk.exe
O4 - HKLM\..\Run: [talie] C:\WINDOWS\System32\nsopsq\talie.exe
O4 - HKLM\..\Run: [svjfnq] C:\WINDOWS\System32\ewacgrcx\svjfnq.exe
O4 - HKLM\..\Run: [suhgrgr] C:\WINDOWS\System32\odmu\suhgrgr.exe
O4 - HKLM\..\Run: [slifj] C:\WINDOWS\System32\frewufdo\slifj.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\Daniel\LOCALS~1\Temp\ovdu.exe
O4 - HKLM\..\Run: [siqge] C:\WINDOWS\System32\xejt\siqge.exe
O4 - HKLM\..\Run: [sedlkgf] C:\WINDOWS\System32\xofxkhe\sedlkgf.exe
O4 - HKLM\..\Run: [rqps] C:\WINDOWS\System32\deafml\rqps.exe
O4 - HKLM\..\Run: [rfaogpkj] C:\WINDOWS\System32\apbqqp\rfaogpkj.exe
O4 - HKLM\..\Run: [rdhbd] C:\WINDOWS\System32\irfh\rdhbd.exe
O4 - HKLM\..\Run: [raomv] C:\WINDOWS\System32\srauq\raomv.exe
O4 - HKLM\..\Run: [qilt] C:\WINDOWS\System32\kilgdjo\qilt.exe
O4 - HKLM\..\Run: [pullai] C:\WINDOWS\System32\lwejnwbh\pullai.exe
O4 - HKLM\..\Run: [pbgfsfy] C:\WINDOWS\System32\cabdlnc\pbgfsfy.exe
O4 - HKLM\..\Run: [paewy] C:\WINDOWS\System32\obeenqld\paewy.exe
O4 - HKLM\..\Run: [owvmtrmw] C:\WINDOWS\System32\cbod\owvmtrmw.exe
O4 - HKLM\..\Run: [ownsafmh] C:\WINDOWS\System32\gctgfox\ownsafmh.exe
O4 - HKLM\..\Run: [oudefyw] C:\WINDOWS\System32\uife\oudefyw.exe
O4 - HKLM\..\Run: [opmgfdr] C:\WINDOWS\System32\yygmur\opmgfdr.exe
O4 - HKLM\..\Run: [ogeiw] C:\WINDOWS\System32\ekhdsgha\ogeiw.exe
O4 - HKLM\..\Run: [nchhrm] C:\WINDOWS\System32\skjgueft\nchhrm.exe
O4 - HKLM\..\Run: [mlwksrq] C:\WINDOWS\System32\sokaqaq\mlwksrq.exe
O4 - HKLM\..\Run: [mdcpmv] C:\WINDOWS\System32\hygb\mdcpmv.exe
O4 - HKLM\..\Run: [mcwsxa] C:\WINDOWS\System32\yuhcjj\mcwsxa.exe
O4 - HKLM\..\Run: [mcrhswo] C:\WINDOWS\System32\wejoekx\mcrhswo.exe
O4 - HKLM\..\Run: [mbhnx] C:\WINDOWS\System32\ojrajkus\mbhnx.exe
O4 - HKLM\..\Run: [lmokmk] C:\WINDOWS\System32\gmvwpnby\lmokmk.exe
O4 - HKLM\..\Run: [lkhpg] C:\WINDOWS\System32\klcyic\lkhpg.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rlvzzp.exe
O4 - HKLM\..\Run: [jylvfcg] C:\WINDOWS\System32\qekljihg\jylvfcg.exe
O4 - HKLM\..\Run: [jtlme] C:\WINDOWS\System32\xhfj\jtlme.exe
O4 - HKLM\..\Run: [jievh] C:\WINDOWS\System32\mykmma\jievh.exe
O4 - HKLM\..\Run: [jdxacfpn] C:\WINDOWS\System32\itpej\jdxacfpn.exe
O4 - HKLM\..\Run: [jcsnv] C:\WINDOWS\System32\cenp\jcsnv.exe
O4 - HKLM\..\Run: [iugcefkh] C:\WINDOWS\System32\vjpsbbq\iugcefkh.exe
O4 - HKLM\..\Run: [isrq] C:\WINDOWS\System32\tjxaq\isrq.exe
O4 - HKLM\..\Run: [iqniwuxl] C:\WINDOWS\System32\ymvj\iqniwuxl.exe
O4 - HKLM\..\Run: [ihdmxxo] C:\WINDOWS\System32\qtjtivhs\ihdmxxo.exe
O4 - HKLM\..\Run: [icbsy] C:\WINDOWS\System32\roqed\icbsy.exe
O4 - HKLM\..\Run: [hylb] C:\WINDOWS\System32\fquu\hylb.exe
O4 - HKLM\..\Run: [hshnin] C:\DOCUME~1\Daniel\LOCALS~1\Temp\wbpmmvhd.exe
O4 - HKLM\..\Run: [hhmcxo] C:\WINDOWS\System32\ctfca\hhmcxo.exe
O4 - HKLM\..\Run: [habgxnf] C:\WINDOWS\System32\esjhhn\habgxnf.exe
O4 - HKLM\..\Run: [gsmsaufq] C:\WINDOWS\System32\bouiq\gsmsaufq.exe
O4 - HKLM\..\Run: [grevvwi] C:\WINDOWS\System32\mpxbc\grevvwi.exe
O4 - HKLM\..\Run: [gfyscuc] C:\WINDOWS\System32\bclqgbf\gfyscuc.exe
O4 - HKLM\..\Run: [gbdra] C:\WINDOWS\System32\wvjmgvbx\gbdra.exe
O4 - HKLM\..\Run: [fwlrjfkx] C:\WINDOWS\System32\wdjg\fwlrjfkx.exe
O4 - HKLM\..\Run: [ftymmff] C:\WINDOWS\System32\caopulxw\ftymmff.exe
O4 - HKLM\..\Run: [frbnqpo] C:\WINDOWS\System32\glnhdjuf\frbnqpo.exe
O4 - HKLM\..\Run: [ffir] C:\WINDOWS\System32\yjmg\ffir.exe
O4 - HKLM\..\Run: [faqlucne] C:\WINDOWS\System32\kbhmlbcy\faqlucne.exe
O4 - HKLM\..\Run: [exkttqci] C:\WINDOWS\System32\dlmqe\exkttqci.exe
O4 - HKLM\..\Run: [erdpbte] C:\WINDOWS\System32\xckasx\erdpbte.exe
O4 - HKLM\..\Run: [emhk] C:\WINDOWS\System32\ypiw\emhk.exe
O4 - HKLM\..\Run: [elktkym] C:\WINDOWS\System32\swpp\elktkym.exe
O4 - HKLM\..\Run: [dwvfind] C:\WINDOWS\System32\lqptv\dwvfind.exe
O4 - HKLM\..\Run: [drlu] C:\WINDOWS\System32\rhifsbq\drlu.exe
O4 - HKLM\..\Run: [drivyne] C:\WINDOWS\System32\auidd\drivyne.exe
O4 - HKLM\..\Run: [ddtbkqw] C:\WINDOWS\System32\leskw\ddtbkqw.exe
O4 - HKLM\..\Run: [damq] C:\WINDOWS\System32\fksmtf\damq.exe
O4 - HKLM\..\Run: [bvvt] C:\WINDOWS\System32\xgdc\bvvt.exe
O4 - HKLM\..\Run: [bqdfnxd] C:\WINDOWS\System32\mpwfny\bqdfnxd.exe
O4 - HKLM\..\Run: [bogwdclw] C:\WINDOWS\System32\ooinqkev\bogwdclw.exe
O4 - HKLM\..\Run: [blfvhl] C:\WINDOWS\System32\fiotm\blfvhl.exe
O4 - HKLM\..\Run: [ayorg] C:\WINDOWS\System32\edggw\ayorg.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKLM\..\Run: [alln] C:\WINDOWS\System32\mmovjac\alln.exe
O4 - HKLM\..\Run: [ahqcijh] C:\WINDOWS\System32\lqrdtpdp\ahqcijh.exe
O4 - HKLM\..\Run: [ahjaet] C:\WINDOWS\System32\lxkb\ahjaet.exe
O4 - HKLM\..\Run: [agwfuia] C:\WINDOWS\System32\iyasp\agwfuia.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe

O4 - HKCU\..\Run: [Zw3pRhanO] ilsefilt.exe
O4 - Startup: PowerReg Scheduler.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c135.cab
O23 - Service: bqdfnxdmpwfny - Unknown owner - C:\WINDOWS\System32\mpwfny\bqdfnxd.exe

O23 - Service: damqfksmtf - Unknown owner - C:\WINDOWS\System32\fksmtf\damq.exe (file missing)
O23 - Service: ftymmffcaopulxw - Unknown owner - C:\WINDOWS\System32\caopulxw\ftymmff.exe

O23 - Service: jdxacfpnitpej - Unknown owner - C:\WINDOWS\System32\itpej\jdxacfpn.exe (file missing)
O23 - Service: jweibuqknbts - Unknown owner - C:\WINDOWS\System32\uqknbts\jweib.exe
O23 - Service: mdcpmvhygb - Unknown owner - C:\WINDOWS\System32\hygb\mdcpmv.exe
O23 - Service: mhiwaxcqymrbreol - Unknown owner - C:\WINDOWS\System32\ymrbreol\mhiwaxcq.exe

O23 - Service: opmgfdryygmur - Unknown owner - C:\WINDOWS\System32\yygmur\opmgfdr.exe (file missing)
O23 - Service: owvmtrmwcbod - Unknown owner - C:\WINDOWS\System32\cbod\owvmtrmw.exe
O23 - Service: raomvsrauq - Unknown owner - C:\WINDOWS\System32\srauq\raomv.exe (file missing)
O23 - Service: rdhbdirfh - Unknown owner - C:\WINDOWS\System32\irfh\rdhbd.exe (file missing)

O23 - Service: vnaqkotdhvbmt - Unknown owner - C:\WINDOWS\System32\dhvbmt\vnaqkot.exe
O23 - Service: vucwqoglhto - Unknown owner - C:\WINDOWS\System32\oglhto\vucwq.exe

O23 - Service: wttnjbgwhqt - Unknown owner - C:\WINDOWS\System32\jbgwhqt\wttn.exe (file missing)
O23 - Service: xdobwmvfrkgg - Unknown owner - C:\WINDOWS\System32\rkgg\xdobwmvf.exe
O23 - Service: xwbkyohggtrbpj - Unknown owner - C:\WINDOWS\System32\hggtrbpj\xwbkyo.exe (file missing)
O23 - Service: ypfbsknyxb - Unknown owner - C:\WINDOWS\System32\sknyxb\ypfb.exe
O23 - Service: yschtmaynf - Unknown owner - C:\WINDOWS\System32\aynf\yschtm.exe (file missing)

Reboot and post a new HijackThis log.
There will be more left to do.

Regards,

Pieter
  • 0

#3
randijean

randijean

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I have completed these tasks. Here is the new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:54:13 PM, on 5/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Archive April 22 05\Dannys Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\My Music\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exev
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,674 posts
Your log is clean. Is your computer behaving as well?

This would be a good time to install SP2

Please do have a look at my site about removing and preventing spyware.

Regards,
  • 0

#5
randijean

randijean

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
All is well again. Nasty stuff. I thank you again, I have learned much. I did check out your site and found it very useful. It is one of my favorite bookmarks....
Take care,
randijean
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,674 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP