Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

A lot of problems [CLOSED]


  • This topic is locked This topic is locked

#1
WorksopStag

WorksopStag

    New Member

  • Member
  • Pip
  • 9 posts
Tried using Ad-Aware and Spybot but to no luck with the main problems. I get around 7 or 8 pop ups when i boot, even when not online. Derbiz.com keeps popping up. Cant go on internet explorer with out me being redirected to other places or it crashes. Running alot slower than before.

I'm not great on the computer and dont really understand alot about Malware but please help. I know its not looking good.

Logfile of HijackThis v1.99.1
Scan saved at 16:09:24, on 10/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\mfcmr.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jvubf.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jvubf.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.derbiz.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jvubf.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jvubf.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jvubf.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jvubf.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://esampler.tns-...tml?harvest,AOL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {605BB929-10FB-81EB-196F-7822E1EA2567} - C:\WINDOWS\ipvo32.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteohy32.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\temp532.exe -N
O4 - HKLM\..\Run: [mfcag32.exe] C:\WINDOWS\mfcag32.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\rbjllnqn.exe
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc....kup/qdiagcc.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.co.../azesearch3.cab
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\mfcmr.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  • 0

Advertisements


#2
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://www.xtra.co.n...1916458,00.html

2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jvubf.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jvubf.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.derbiz.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jvubf.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jvubf.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jvubf.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jvubf.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {605BB929-10FB-81EB-196F-7822E1EA2567} - C:\WINDOWS\ipvo32.dll
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteohy32.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\temp532.exe -N
O4 - HKLM\..\Run: [mfcag32.exe] C:\WINDOWS\mfcag32.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.co.../azesearch3.cab
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\mfcmr.exe

4. Delete the files. (if present)

C:\WINDOWS\jvubf.dll
C:\WINDOWS\ipvo32.dll
C:\windows\system32\eliteohy32.exe < And any other file that starts with elite
C:\WINDOWS\System32\temp532.exe
C:\WINDOWS\mfcag32.exe
c:\eied_s7.cab
c:\ex.cab
C:\WINDOWS\mfcmr.exe

5. Reboot and post a new Hijackthis log here in a reply.
  • 0

#3
WorksopStag

WorksopStag

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi and thanks for your time. I fixed the items listed but couldn't find all of them. Most of them were very similar but i thought i would make sure first. Items such as:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jvubf.dll/sp.html#12345

became:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gyrfu.dll/sp.html#12345

There were a few like this, are they the same? are they ok to fix?

Here's my new Log:

Logfile of HijackThis v1.99.1
Scan saved at 21:56:08, on 10/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\mfcmr.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\apijq.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gyrfu.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gyrfu.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gyrfu.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gyrfu.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gyrfu.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gyrfu.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://esampler.tns-...tml?harvest,AOL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {03FD1E63-CC0A-B875-49EE-8252C15AA0FA} - C:\WINDOWS\atlfw32.dll
O4 - HKLM\..\Run: [apijq.exe] C:\WINDOWS\apijq.exe
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Visioneer OneTouch\OneTouchMon.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\rbjllnqn.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc....kup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE67E83D-5B0B-43D4-B40A-BD634D80603D}: NameServer = 205.188.146.145
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\mfcmr.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  • 0

#4
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
If any change this time fix them instead.

1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://www.xtra.co.n...1916458,00.html

2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gyrfu.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gyrfu.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gyrfu.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gyrfu.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gyrfu.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gyrfu.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {03FD1E63-CC0A-B875-49EE-8252C15AA0FA} - C:\WINDOWS\atlfw32.dll
O4 - HKLM\..\Run: [apijq.exe] C:\WINDOWS\apijq.exe
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\mfcmr.exe

4. Delete the files. (if present)

C:\WINDOWS\gyrfu.dll
C:\WINDOWS\apijq.exe
C:\WINDOWS\atlfw32.dll
C:\WINDOWS\mfcmr.exe

5. Reboot and post a new Hijackthis log here in a reply.
  • 0

#5
WorksopStag

WorksopStag

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Fixed all the problems listed thank you. I seem to be running ok thus far. Here is my my latest log:

Logfile of HijackThis v1.99.1
Scan saved at 23:01:57, on 10/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://esampler.tns-...tml?harvest,AOL
O2 - BHO: (no name) - {E655DD60-AB14-D8EA-6258-0B4A7FC5B627} - C:\WINDOWS\ievt32.dll
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Visioneer OneTouch\OneTouchMon.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\rbjllnqn.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc....kup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE67E83D-5B0B-43D4-B40A-BD634D80603D}: NameServer = 205.188.146.145
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\mfcmr.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  • 0

#6
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://www.xtra.co.n...1916458,00.html

2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

O2 - BHO: (no name) - {E655DD60-AB14-D8EA-6258-0B4A7FC5B627} - C:\WINDOWS\ievt32.dll
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\mfcmr.exe (file missing)

4. Delete the files. (if present)

C:\WINDOWS\ievt32.dll

5. Reboot Download about:buster by RubbeRDuckY Here.

Save the file somewhere you will remember like to the Desktop.

Please run about:buster by RubbeRDuckY:
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Boot into safemode again
  • Open About:buster again
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
6. Reboot back into normal mode and download http://osc.geekstogo...rviceremove.reg run it it will ask to merge into the registery say yes.

7. Download and run http://cwshredder.ne.../CWShredder.exe click fix.

8. Then post the about:buster log and a new Hijackthis log here in a reply.
  • 0

#7
WorksopStag

WorksopStag

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks again for youe time. Here's my new logs.

Logfile of HijackThis v1.99.1
Scan saved at 10:32:30, on 11/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eupfy.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eupfy.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eupfy.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eupfy.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eupfy.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eupfy.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://esampler.tns-...tml?harvest,AOL
O2 - BHO: (no name) - {CDD6063D-A2D3-EDA3-4C59-E4BC7D8D1E7B} - C:\WINDOWS\atlln32.dll
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Visioneer OneTouch\OneTouchMon.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [apijq.exe] C:\WINDOWS\apijq.exe
O4 - HKLM\..\RunOnce: [ntyb32.exe] C:\WINDOWS\system32\ntyb32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\rbjllnqn.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc....kup/qdiagcc.cab
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\mfcmr.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

And the aboutbuster:

Scanned at: 10:49:51 on: 11/06/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 28


Removed Data Streams:
C:\WINDOWS\msservice049291.inf:avqbg


Removed 2 Random Key Entries
Removed! : C:\WINDOWS\aaytt.dat
Removed! : C:\WINDOWS\ajyvd.dll
Removed! : C:\WINDOWS\aliam.dat
Removed! : C:\WINDOWS\amoda.dll
Removed! : C:\WINDOWS\apism.exe
Removed! : C:\WINDOWS\atcxe.dat
Removed! : C:\WINDOWS\atlyu.exe
Removed! : C:\WINDOWS\azaqt.dat
Removed! : C:\WINDOWS\bcbab.dll
Removed! : C:\WINDOWS\beaaz.dll
Removed! : C:\WINDOWS\beewo.dll
Removed! : C:\WINDOWS\bppaw.dat
Removed! : C:\WINDOWS\cbtot.dll
Removed! : C:\WINDOWS\cjwmr.dat
Removed! : C:\WINDOWS\clsdb.dll
Removed! : C:\WINDOWS\cpsyl.dll
Removed! : C:\WINDOWS\crxu.exe
Removed! : C:\WINDOWS\dpcnw.dat
Removed! : C:\WINDOWS\dwvty.dat
Removed! : C:\WINDOWS\ecfhu.dat
Removed! : C:\WINDOWS\eddve.dll
Removed! : C:\WINDOWS\ekrpn.dat
Removed! : C:\WINDOWS\evnyv.dat
Removed! : C:\WINDOWS\ewefg.dat
Removed! : C:\WINDOWS\fagdp.dat
Removed! : C:\WINDOWS\fhvwx.dll
Removed! : C:\WINDOWS\fmqdt.dat
Removed! : C:\WINDOWS\fmtnp.dll
Removed! : C:\WINDOWS\gbvau.dll
Removed! : C:\WINDOWS\ghqll.dat
Removed! : C:\WINDOWS\glwbt.dll
Removed! : C:\WINDOWS\gpsbv.dat
Removed! : C:\WINDOWS\gqjlp.dat
Removed! : C:\WINDOWS\gvfex.dll
Removed! : C:\WINDOWS\gwzml.dll
Removed! : C:\WINDOWS\hkeoo.dat
Removed! : C:\WINDOWS\hmgvf.dat
Removed! : C:\WINDOWS\hmuyx.dll
Removed! : C:\WINDOWS\hrmrw.dat
Removed! : C:\WINDOWS\ifnqr.dat
Removed! : C:\WINDOWS\iskio.dll
Removed! : C:\WINDOWS\isrzd.dll
Removed! : C:\WINDOWS\ivvas.dat
Removed! : C:\WINDOWS\javavt32.exe
Removed! : C:\WINDOWS\jgdhf.dat
Removed! : C:\WINDOWS\jhswj.dat
Removed! : C:\WINDOWS\jjafe.dat
Removed! : C:\WINDOWS\jjmrq.dll
Removed! : C:\WINDOWS\jkoxn.dat
Removed! : C:\WINDOWS\jniwh.dll
Removed! : C:\WINDOWS\jrvvf.dll
Removed! : C:\WINDOWS\jujhp.dat
Removed! : C:\WINDOWS\jvubf.dll
Removed! : C:\WINDOWS\kahka.dat
Removed! : C:\WINDOWS\kgagf.dat
Removed! : C:\WINDOWS\kiora.dat
Removed! : C:\WINDOWS\kjugo.dll
Removed! : C:\WINDOWS\lipnr.dll
Removed! : C:\WINDOWS\ljqhh.dat
Removed! : C:\WINDOWS\llbxh.dat
Removed! : C:\WINDOWS\llijl.dat
Removed! : C:\WINDOWS\lqhhg.dat
Removed! : C:\WINDOWS\ltugr.dll
Removed! : C:\WINDOWS\lxank.dll
Removed! : C:\WINDOWS\msfi.exe
Removed! : C:\WINDOWS\msqe32.exe
Removed! : C:\WINDOWS\mwbqo.dll
Removed! : C:\WINDOWS\nbuqr.dat
Removed! : C:\WINDOWS\nehcl.dll
Removed! : C:\WINDOWS\neist.dat
Removed! : C:\WINDOWS\nkxjz.dat
Removed! : C:\WINDOWS\nysmi.dat
Removed! : C:\WINDOWS\odlti.dat
Removed! : C:\WINDOWS\ofevo.dll
Removed! : C:\WINDOWS\ppgmq.dat
Removed! : C:\WINDOWS\prvhy.dat
Removed! : C:\WINDOWS\pufbp.dat
Removed! : C:\WINDOWS\pyjja.dat
Removed! : C:\WINDOWS\qaese.dat
Removed! : C:\WINDOWS\qbraw.dll
Removed! : C:\WINDOWS\qrfkn.dll
Removed! : C:\WINDOWS\qudke.dat
Removed! : C:\WINDOWS\qunhq.dat
Removed! : C:\WINDOWS\relxr.dat
Removed! : C:\WINDOWS\rftau.dat
Removed! : C:\WINDOWS\rftks.dat
Removed! : C:\WINDOWS\ribtj.dat
Removed! : C:\WINDOWS\ripbw.dll
Removed! : C:\WINDOWS\rmfzt.dat
Removed! : C:\WINDOWS\rqxlf.dll
Removed! : C:\WINDOWS\scnrc.dll
Removed! : C:\WINDOWS\sdkwo32.exe
Removed! : C:\WINDOWS\sduqp.dat
Removed! : C:\WINDOWS\sluav.dat
Removed! : C:\WINDOWS\smhfl.dll
Removed! : C:\WINDOWS\sqizh.dll
Removed! : C:\WINDOWS\sysml.exe
Removed! : C:\WINDOWS\tbgub.dat
Removed! : C:\WINDOWS\tjepa.dll
Removed! : C:\WINDOWS\ubgcy.dll
Removed! : C:\WINDOWS\udhuc.dat
Removed! : C:\WINDOWS\uvhsu.dat
Removed! : C:\WINDOWS\vcgnj.dat
Removed! : C:\WINDOWS\vdmrk.dll
Removed! : C:\WINDOWS\vkhbo.dat
Removed! : C:\WINDOWS\waywi.dll
Removed! : C:\WINDOWS\wbntz.dll
Removed! : C:\WINDOWS\wdbze.dll
Removed! : C:\WINDOWS\wdmdn.dat
Removed! : C:\WINDOWS\weqmv.dll
Removed! : C:\WINDOWS\wxbdn.dll
Removed! : C:\WINDOWS\yadep.dll
Removed! : C:\WINDOWS\ydddi.dll
Removed! : C:\WINDOWS\yecln.dll
Removed! : C:\WINDOWS\yhhwb.dat
Removed! : C:\WINDOWS\yjcgq.dll
Removed! : C:\WINDOWS\ymout.dat
Removed! : C:\WINDOWS\yqgwi.dat
Removed! : C:\WINDOWS\yrqjo.dll
Removed! : C:\WINDOWS\yxbpx.dat
Removed! : C:\WINDOWS\zengt.dat
Removed! : C:\WINDOWS\zfnqh.dat
Removed! : C:\WINDOWS\zuqwv.dll
Removed! : C:\WINDOWS\System32\aatyw.dat
Removed! : C:\WINDOWS\System32\abuup.dll
Removed! : C:\WINDOWS\System32\addee.exe
Removed! : C:\WINDOWS\System32\ajils.dat
Removed! : C:\WINDOWS\System32\anpwx.dll
Removed! : C:\WINDOWS\System32\aoonb.dat
Removed! : C:\WINDOWS\System32\atlra.exe
Removed! : C:\WINDOWS\System32\atlzi.exe
Removed! : C:\WINDOWS\System32\awewo.dll
Removed! : C:\WINDOWS\System32\awplu.dat
Removed! : C:\WINDOWS\System32\bdnoj.dat
Removed! : C:\WINDOWS\System32\bqlia.dat
Removed! : C:\WINDOWS\System32\btbxs.dat
Removed! : C:\WINDOWS\System32\bzddy.dat
Removed! : C:\WINDOWS\System32\cfweh.dat
Removed! : C:\WINDOWS\System32\clebp.dll
Removed! : C:\WINDOWS\System32\cqwuu.dll
Removed! : C:\WINDOWS\System32\d3zt32.exe
Removed! : C:\WINDOWS\System32\dfuuh.dat
Removed! : C:\WINDOWS\System32\diyxl.dat
Removed! : C:\WINDOWS\System32\dnxnj.dll
Removed! : C:\WINDOWS\System32\dpwni.dll
Removed! : C:\WINDOWS\System32\ecmnt.dat
Removed! : C:\WINDOWS\System32\enwld.dll
Removed! : C:\WINDOWS\System32\epnoe.dat
Removed! : C:\WINDOWS\System32\esemb.dat
Removed! : C:\WINDOWS\System32\eupfy.dll
Removed! : C:\WINDOWS\System32\ewmpx.dll
Removed! : C:\WINDOWS\System32\eymvo.dll
Removed! : C:\WINDOWS\System32\fanto.dat
Removed! : C:\WINDOWS\System32\ffphj.dat
Removed! : C:\WINDOWS\System32\fjmhj.dll
Removed! : C:\WINDOWS\System32\fnzzp.dll
Removed! : C:\WINDOWS\System32\fqbcx.dll
Removed! : C:\WINDOWS\System32\fzjrb.dll
Removed! : C:\WINDOWS\System32\gkrmc.dat
Removed! : C:\WINDOWS\System32\gnigh.dll
Removed! : C:\WINDOWS\System32\gnqjj.dat
Removed! : C:\WINDOWS\System32\gudeg.dat
Removed! : C:\WINDOWS\System32\hkkbt.dat
Removed! : C:\WINDOWS\System32\hmqbn.dll
Removed! : C:\WINDOWS\System32\hruta.dat
Removed! : C:\WINDOWS\System32\hzzlx.dll
Removed! : C:\WINDOWS\System32\iflqi.dll
Removed! : C:\WINDOWS\System32\ifveh.dat
Removed! : C:\WINDOWS\System32\ijyin.dat
Removed! : C:\WINDOWS\System32\ikvih.dat
Removed! : C:\WINDOWS\System32\ipbys.dat
Removed! : C:\WINDOWS\System32\ipfe32.exe
Removed! : C:\WINDOWS\System32\ipxw32.exe
Removed! : C:\WINDOWS\System32\isdyb.dat
Removed! : C:\WINDOWS\System32\iwacr.dll
Removed! : C:\WINDOWS\System32\iyvsh.dat
Removed! : C:\WINDOWS\System32\jkcjx.dll
Removed! : C:\WINDOWS\System32\jlzqn.dat
Removed! : C:\WINDOWS\System32\jmgcx.dat
Removed! : C:\WINDOWS\System32\jnrgu.dll
Removed! : C:\WINDOWS\System32\jnsoh.dll
Removed! : C:\WINDOWS\System32\kfnof.dll
Removed! : C:\WINDOWS\System32\kpxkr.dat
Removed! : C:\WINDOWS\System32\kqsmi.dll
Removed! : C:\WINDOWS\System32\krxep.dat
Removed! : C:\WINDOWS\System32\ksufr.dat
Removed! : C:\WINDOWS\System32\kxwjz.dll
Removed! : C:\WINDOWS\System32\kztaq.dat
Removed! : C:\WINDOWS\System32\lbgua.dat
Removed! : C:\WINDOWS\System32\ldzae.dat
Removed! : C:\WINDOWS\System32\leuso.dat
Removed! : C:\WINDOWS\System32\lfqsl.dat
Removed! : C:\WINDOWS\System32\lpqey.dll
Removed! : C:\WINDOWS\System32\ltgdk.dll
Removed! : C:\WINDOWS\System32\mfcam.exe
Removed! : C:\WINDOWS\System32\mfcaw.exe
Removed! : C:\WINDOWS\System32\mfcce.exe
Removed! : C:\WINDOWS\System32\mfchl32.exe
Removed! : C:\WINDOWS\System32\mfcls32.exe
Removed! : C:\WINDOWS\System32\mlarh.dat
Removed! : C:\WINDOWS\System32\mmofc.dll
Removed! : C:\WINDOWS\System32\moptm.dll
Removed! : C:\WINDOWS\System32\msns32.exe
Removed! : C:\WINDOWS\System32\mtbwj.dat
Removed! : C:\WINDOWS\System32\musbn.dll
Removed! : C:\WINDOWS\System32\mwqtt.dat
Removed! : C:\WINDOWS\System32\nhmpe.dat
Removed! : C:\WINDOWS\System32\nsoew.dat
Removed! : C:\WINDOWS\System32\ntdb.exe
Removed! : C:\WINDOWS\System32\ntokc.dat
Removed! : C:\WINDOWS\System32\ntyb32.exe
Removed! : C:\WINDOWS\System32\nzpta.dat
Removed! : C:\WINDOWS\System32\obucp.dll
Removed! : C:\WINDOWS\System32\ofdqc.dat
Removed! : C:\WINDOWS\System32\okzvk.dat
Removed! : C:\WINDOWS\System32\pgtqw.dat
Removed! : C:\WINDOWS\System32\pkntb.dll
Removed! : C:\WINDOWS\System32\plfmk.dll
Removed! : C:\WINDOWS\System32\poqjr.dat
Removed! : C:\WINDOWS\System32\pujka.dat
Removed! : C:\WINDOWS\System32\pxdua.dll
Removed! : C:\WINDOWS\System32\qdsuj.dll
Removed! : C:\WINDOWS\System32\qduwt.dll
Removed! : C:\WINDOWS\System32\qdzhg.dll
Removed! : C:\WINDOWS\System32\qqexv.dat
Removed! : C:\WINDOWS\System32\qsvlo.dll
Removed! : C:\WINDOWS\System32\qwytk.dat
Removed! : C:\WINDOWS\System32\qxtcp.dat
Removed! : C:\WINDOWS\System32\raoiz.dat
Removed! : C:\WINDOWS\System32\rmhiz.dll
Removed! : C:\WINDOWS\System32\sdkbx.exe
Removed! : C:\WINDOWS\System32\sdkqr.exe
Removed! : C:\WINDOWS\System32\sdwsl.dat
Removed! : C:\WINDOWS\System32\sfkif.dat
Removed! : C:\WINDOWS\System32\sgqjm.dll
Removed! : C:\WINDOWS\System32\snacd.dat
Removed! : C:\WINDOWS\System32\sqrly.dll
Removed! : C:\WINDOWS\System32\sysai32.exe
Removed! : C:\WINDOWS\System32\szgnh.dat
Removed! : C:\WINDOWS\System32\szjpt.dll
Removed! : C:\WINDOWS\System32\tgqfr.dll
Removed! : C:\WINDOWS\System32\tnqqa.dat
Removed! : C:\WINDOWS\System32\tqdlz.dat
Removed! : C:\WINDOWS\System32\trizh.dll
Removed! : C:\WINDOWS\System32\ttddk.dll
Removed! : C:\WINDOWS\System32\twxlz.dat
Removed! : C:\WINDOWS\System32\uiavr.dat
Removed! : C:\WINDOWS\System32\upxyt.dll
Removed! : C:\WINDOWS\System32\urqyx.dat
Removed! : C:\WINDOWS\System32\viqhb.dat
Removed! : C:\WINDOWS\System32\voxcs.dat
Removed! : C:\WINDOWS\System32\vrwdu.dat
Removed! : C:\WINDOWS\System32\vskjr.dat
Removed! : C:\WINDOWS\System32\vtsul.dll
Removed! : C:\WINDOWS\System32\waggw.dat
Removed! : C:\WINDOWS\System32\wdats.dll
Removed! : C:\WINDOWS\System32\wgxig.dat
Removed! : C:\WINDOWS\System32\winmb.exe
Removed! : C:\WINDOWS\System32\winur.exe
Removed! : C:\WINDOWS\System32\wqrlh.dat
Removed! : C:\WINDOWS\System32\wwgqa.dat
Removed! : C:\WINDOWS\System32\xdqsk.dll
Removed! : C:\WINDOWS\System32\xfobv.dat
Removed! : C:\WINDOWS\System32\xhoek.dat
Removed! : C:\WINDOWS\System32\xkcbm.dat
Removed! : C:\WINDOWS\System32\xkync.dat
Removed! : C:\WINDOWS\System32\xrauq.dat
Removed! : C:\WINDOWS\System32\xspgo.dat
Removed! : C:\WINDOWS\System32\zbpnz.dat
Removed! : C:\WINDOWS\System32\zcskr.dll
Removed! : C:\WINDOWS\System32\zpagi.dll
Removed! : C:\WINDOWS\System32\zryom.dat
Removed! : C:\WINDOWS\System32\zzotn.dll
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 28


Removed Data Streams:
C:\WINDOWS\msservice049291.inf:avqbg


Attempted Clean Of Temp folder.
Pages Reset... Done!
  • 0

#8
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Please try not to surf the Internet untill we are done will fixing you as you keep getting infected again. If anything has changed like last time fix them to.

1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://www.xtra.co.n...1916458,00.html

2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eupfy.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eupfy.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eupfy.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eupfy.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eupfy.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eupfy.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://esampler.tns-...tml?harvest,AOL
O2 - BHO: (no name) - {CDD6063D-A2D3-EDA3-4C59-E4BC7D8D1E7B} - C:\WINDOWS\atlln32.dll
O4 - HKLM\..\Run: [apijq.exe] C:\WINDOWS\apijq.exe
O4 - HKLM\..\RunOnce: [ntyb32.exe] C:\WINDOWS\system32\ntyb32.exe
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\mfcmr.exe (file missing)

4. Delete the files. (if present)

C:\WINDOWS\system32\eupfy.dll
C:\WINDOWS\atlln32.dll
C:\WINDOWS\apijq.exe
C:\WINDOWS\system32\ntyb32.exe
C:\WINDOWS\mfcmr.exe (file missing)

5. Reboot and post a new Hijackthis log here in a reply.
  • 0

#9
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP