Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Vundo and other problems [CLOSED]

Started by Ster0phonic , Nov 05 2005 06:30 PM

  • This topic is locked This topic is locked

#1
Ster0phonic
Posted 05 November 2005 - 06:30 PM

Ster0phonic

    New Member

  • Member
  • Pip
  • 2 posts
I went through all the steps to clean it out, and still won't leave me alone...this message pops up over and over again...from Symantec Antivirus



Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Vundo
File: C:\WINDOWS\SYSTEM32\awtst.dll
Location: C:\WINDOWS\SYSTEM32
Computer: DELL-DIMENSION
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Saturday, November 05, 2005 5:09:03 PM




Heres my hijack this log...not sure what to delete....Sorry it's so long



Logfile of HijackThis v1.99.1
Scan saved at 7:31:50 PM, on 11/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\MARNANE\My Documents\Sean\Virus Stuff\TrojanHunter 4.2\THGuard.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Washer\washer.exe
C:\PROGRA~1\SYSTEM~1\soap.exe
C:\WINDOWS\system32\n?svc32.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\MARNANE\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\awtst.dll
O2 - BHO: (no name) - {95606A76-D6BB-854E-E06C-FA7AE1B70DC2} - C:\WINDOWS\system32\ras.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Search - {ACB1823E-8DE3-8C5C-3238-D9693BF7AA7B} - C:\WINDOWS\Qoqmspuw.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [BS Player] WNUTZRJP.EXE
O4 - HKLM\..\Run: [gecgrsi] C:\WINDOWS\System32\akljwln.exe
O4 - HKLM\..\Run: [smfzyd] C:\WINDOWS\System32\siirf.exe
O4 - HKLM\..\Run: [rfyey] C:\WINDOWS\System32\iunymev.exe
O4 - HKLM\..\Run: [gwfnqq] C:\WINDOWS\System32\soain.exe
O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe
O4 - HKLM\..\Run: [Qfgwad] C:\WINDOWS\Iwyqswv.exe
O4 - HKLM\..\Run: [ovtr] C:\WINDOWS\System32\yojpb.exe
O4 - HKLM\..\Run: [czphz] C:\WINDOWS\System32\iioz.exe
O4 - HKLM\..\Run: [nblraim] C:\WINDOWS\System32\yjwjl.exe
O4 - HKLM\..\Run: [bpqzgcc] C:\WINDOWS\System32\peocb.exe
O4 - HKLM\..\Run: [lpxb] C:\WINDOWS\System32\kwxz.exe
O4 - HKLM\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe
O4 - HKLM\..\Run: [lbfws] C:\WINDOWS\System32\yvxv.exe
O4 - HKLM\..\Run: [kavz] C:\WINDOWS\System32\ipcncem.exe
O4 - HKLM\..\Run: [yqjzk] C:\WINDOWS\System32\lmubnze.exe
O4 - HKLM\..\Run: [wsyfg] C:\WINDOWS\System32\tztkp.exe
O4 - HKLM\..\Run: [hzftkxxa] C:\WINDOWS\System32\dzbozzzw.exe
O4 - HKLM\..\Run: [yaprkdyl] C:\WINDOWS\System32\obhzas.exe
O4 - HKLM\..\Run: [rbnzims] C:\WINDOWS\System32\unjbnh.exe
O4 - HKLM\..\Run: [knrx] C:\WINDOWS\System32\xaish.exe
O4 - HKLM\..\Run: [qljmwlj] C:\WINDOWS\System32\trnizrs.exe
O4 - HKLM\..\Run: [wchkctk] C:\WINDOWS\system32\mprzat.exe
O4 - HKLM\..\Run: [pvnooeds] C:\WINDOWS\system32\uiug.exe
O4 - HKLM\..\Run: [opmrrbmq] C:\WINDOWS\system32\jpvamswf.exe
O4 - HKLM\..\Run: [ddvfzcjf] C:\WINDOWS\system32\bsrbya.exe
O4 - HKLM\..\Run: [ikiscmta] C:\WINDOWS\system32\qvddw.exe
O4 - HKLM\..\Run: [nbbg] C:\WINDOWS\system32\cnii.exe
O4 - HKLM\..\Run: [suhjqhle] C:\WINDOWS\system32\oopd.exe
O4 - HKLM\..\Run: [yzqp] C:\WINDOWS\system32\yjvwjleb.exe
O4 - HKLM\..\Run: [zpnjvkf] C:\WINDOWS\system32\dspdxd.exe
O4 - HKLM\..\Run: [cxngdi] C:\WINDOWS\system32\aggdgw.exe
O4 - HKLM\..\Run: [clwtz] C:\WINDOWS\system32\nqjy.exe
O4 - HKLM\..\Run: [nkfnjqtx] C:\WINDOWS\system32\jwcnjp.exe
O4 - HKLM\..\Run: [nzraqf] C:\WINDOWS\system32\buyvpyu.exe
O4 - HKLM\..\Run: [rrjkb] C:\WINDOWS\system32\yqqu.exe
O4 - HKLM\..\Run: [poxr] C:\WINDOWS\system32\hqixojoq.exe
O4 - HKLM\..\Run: [alxt] C:\WINDOWS\system32\scdhrqb.exe
O4 - HKLM\..\Run: [jpwefpqp] C:\WINDOWS\system32\pzboxld.exe
O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [yqkopukj] C:\WINDOWS\system32\xrdb.exe
O4 - HKLM\..\Run: [lbewbrt] C:\WINDOWS\system32\vwgw.exe
O4 - HKLM\..\Run: [ovfu] C:\WINDOWS\system32\mfokh.exe
O4 - HKLM\..\Run: [norw] C:\WINDOWS\system32\xngzi.exe
O4 - HKLM\..\Run: [jmjlumch] C:\WINDOWS\system32\ruol.exe
O4 - HKLM\..\Run: [guje] C:\WINDOWS\system32\udqosbk.exe
O4 - HKLM\..\Run: [akzl] C:\WINDOWS\system32\tbfmedf.exe
O4 - HKLM\..\Run: [smmyr] C:\WINDOWS\system32\pabra.exe
O4 - HKLM\..\Run: [tioerbrt] C:\WINDOWS\system32\llwray.exe
O4 - HKLM\..\Run: [qtnw] C:\WINDOWS\system32\vobj.exe
O4 - HKLM\..\Run: [lrcizwdq] C:\WINDOWS\system32\ohghhp.exe
O4 - HKLM\..\Run: [rrlhui] C:\WINDOWS\system32\gmvipvs.exe
O4 - HKLM\..\Run: [tdcpmhb] C:\WINDOWS\system32\jfescnac.exe
O4 - HKLM\..\Run: [uuvv] C:\WINDOWS\system32\zcexm.exe
O4 - HKLM\..\Run: [yleqitfj] C:\WINDOWS\system32\ipiyd.exe
O4 - HKLM\..\Run: [jupcq] C:\WINDOWS\system32\wvgfo.exe
O4 - HKLM\..\Run: [bpmjrjs] C:\WINDOWS\system32\ambsw.exe
O4 - HKLM\..\Run: [hwjliwu] C:\WINDOWS\system32\kmsf.exe
O4 - HKLM\..\Run: [aqkveku] C:\WINDOWS\system32\gejp.exe
O4 - HKLM\..\Run: [bdnfc] C:\WINDOWS\system32\umqqpfwi.exe
O4 - HKLM\..\Run: [ugyneq] C:\WINDOWS\system32\hoxjjts.exe
O4 - HKLM\..\Run: [lgoibfdb] C:\WINDOWS\system32\oyqhjqrt.exe
O4 - HKLM\..\Run: [iplfec] C:\WINDOWS\system32\usmhahsz.exe
O4 - HKLM\..\Run: [hthkzhl] C:\WINDOWS\system32\wusymyty.exe
O4 - HKLM\..\Run: [epwqxiyk] C:\WINDOWS\system32\dhjqhytb.exe
O4 - HKLM\..\Run: [vwxgzw] C:\WINDOWS\system32\ldydzm.exe
O4 - HKLM\..\Run: [qvutot] C:\WINDOWS\system32\vgeos.exe
O4 - HKLM\..\Run: [fkybwio] C:\WINDOWS\system32\pmdbn.exe
O4 - HKLM\..\Run: [ttaizvt] C:\WINDOWS\system32\xmespjs.exe
O4 - HKLM\..\Run: [lyntecyv] C:\WINDOWS\system32\wpryvxms.exe
O4 - HKLM\..\Run: [byehvct] C:\WINDOWS\system32\vxcqbecc.exe
O4 - HKLM\..\Run: [jzszfx] C:\WINDOWS\system32\ealgaaba.exe
O4 - HKLM\..\Run: [zoifnrqs] C:\WINDOWS\system32\hppngg.exe
O4 - HKLM\..\Run: [nvtgol] C:\WINDOWS\system32\aycxyo.exe
O4 - HKLM\..\Run: [qfsopn] C:\WINDOWS\system32\ojdhnh.exe
O4 - HKLM\..\Run: [nxoyj] C:\WINDOWS\system32\vtgf.exe
O4 - HKLM\..\Run: [jzbboy] C:\WINDOWS\system32\rnalutd.exe
O4 - HKLM\..\Run: [rgnum] C:\WINDOWS\system32\kciyy.exe
O4 - HKLM\..\Run: [xczul] C:\WINDOWS\system32\rboqc.exe
O4 - HKLM\..\Run: [wliy] C:\WINDOWS\system32\mbak.exe
O4 - HKLM\..\Run: [vamxmt] C:\WINDOWS\system32\nseuosl.exe
O4 - HKLM\..\Run: [redruzy] C:\WINDOWS\system32\zmmmvyc.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [kojt] C:\WINDOWS\system32\gpxm.exe
O4 - HKLM\..\Run: [nlbfy] C:\WINDOWS\system32\fbot.exe
O4 - HKLM\..\Run: [aovwmz] C:\WINDOWS\system32\whlfdt.exe
O4 - HKLM\..\Run: [rtild] C:\WINDOWS\system32\gmfvlbk.exe
O4 - HKLM\..\Run: [vdxc] C:\WINDOWS\system32\mdre.exe
O4 - HKLM\..\Run: [fumq] C:\WINDOWS\system32\gzmo.exe
O4 - HKLM\..\Run: [ohkiazx] C:\WINDOWS\system32\szhmseme.exe
O4 - HKLM\..\Run: [nWkMrkGp] C:\documents and settings\marnane\local settings\temp\nWkMrkGp.exe
O4 - HKLM\..\Run: [sxplrm] C:\WINDOWS\system32\vvqpudtq.exe
O4 - HKLM\..\Run: [s] C:\documents and settings\marnane\local settings\temp\s.exe
O4 - HKLM\..\Run: [X6NB7c] C:\documents and settings\marnane\local settings\temp\X6NB7c.exe
O4 - HKLM\..\Run: [vnhbi] C:\WINDOWS\system32\kddp.exe
O4 - HKLM\..\Run: [jkndvbt] C:\WINDOWS\system32\xdat.exe
O4 - HKLM\..\Run: [chrnh] C:\WINDOWS\system32\bzkp.exe
O4 - HKLM\..\Run: [plhxlc] C:\WINDOWS\system32\aeuz.exe
O4 - HKLM\..\Run: [nwiv] C:\WINDOWS\system32\tkkx.exe
O4 - HKLM\..\Run: [byzmipxj] C:\WINDOWS\system32\lmcc.exe
O4 - HKLM\..\Run: [svtnl] C:\WINDOWS\system32\afkli.exe
O4 - HKLM\..\Run: [arwewv] C:\WINDOWS\system32\uqmz.exe
O4 - HKLM\..\Run: [wgbsrh] C:\WINDOWS\system32\hqjqtkom.exe
O4 - HKLM\..\Run: [mdrxss] C:\WINDOWS\system32\yyujqv.exe
O4 - HKLM\..\Run: [voar] C:\WINDOWS\system32\efpxmq.exe
O4 - HKLM\..\Run: [pqdivgic] C:\WINDOWS\system32\rkjrnfp.exe
O4 - HKLM\..\Run: [gxvoaee] C:\WINDOWS\system32\dzvupkn.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [qveylzdq] C:\WINDOWS\system32\yzgsnegj.exe
O4 - HKLM\..\Run: [whkuo] C:\WINDOWS\system32\kjixr.exe
O4 - HKLM\..\Run: [jgkzlr] C:\WINDOWS\system32\lwujjp.exe
O4 - HKLM\..\Run: [weycebb] C:\WINDOWS\system32\hykaqx.exe
O4 - HKLM\..\Run: [msedicjv] C:\WINDOWS\system32\dlrrd.exe
O4 - HKLM\..\Run: [afik] C:\WINDOWS\system32\vvqxe.exe
O4 - HKLM\..\Run: [enddgl] C:\WINDOWS\system32\nnvvzp.exe
O4 - HKLM\..\Run: [raqw] C:\WINDOWS\system32\ipwpf.exe
O4 - HKLM\..\Run: [ccrjtvi] C:\WINDOWS\system32\atyupl.exe
O4 - HKLM\..\Run: [tifwwa] C:\WINDOWS\system32\soixkurg.exe
O4 - HKLM\..\Run: [vxzt] C:\WINDOWS\system32\sltpexr.exe
O4 - HKLM\..\Run: [wwog] C:\WINDOWS\system32\wpmpyy.exe
O4 - HKLM\..\Run: [eeqazi] C:\WINDOWS\system32\udmfztyi.exe
O4 - HKLM\..\Run: [bdpul] C:\WINDOWS\system32\plbu.exe
O4 - HKLM\..\Run: [poixesus] C:\WINDOWS\system32\eifrjgge.exe
O4 - HKLM\..\Run: [gdfbf] C:\WINDOWS\system32\jpejnpnw.exe
O4 - HKLM\..\Run: [gymqxec] C:\WINDOWS\system32\xxcbqupi.exe
O4 - HKLM\..\Run: [olupcw] C:\WINDOWS\system32\ourmgj.exe
O4 - HKLM\..\Run: [armgovv] C:\WINDOWS\system32\mxtwbs.exe
O4 - HKLM\..\Run: [ynkh] C:\WINDOWS\system32\pgfdizyy.exe
O4 - HKLM\..\Run: [bkgvb] C:\WINDOWS\system32\yawjxcp.exe
O4 - HKLM\..\Run: [AMD 64 Bit Processor] AMD64.EXE
O4 - HKLM\..\Run: [zinan] C:\WINDOWS\system32\dhfgutzo.exe
O4 - HKLM\..\Run: [bpiqe] C:\WINDOWS\system32\mvbgjc.exe
O4 - HKLM\..\Run: [enusfrs] C:\WINDOWS\system32\rsizyg.exe
O4 - HKLM\..\Run: [cqdhgca] C:\WINDOWS\system32\nvndcip.exe
O4 - HKLM\..\Run: [lsmzwqza] C:\WINDOWS\system32\zfzckc.exe
O4 - HKLM\..\Run: [uwssig] C:\WINDOWS\system32\bszrg.exe
O4 - HKLM\..\Run: [rxpw] C:\WINDOWS\system32\lwmbdcfg.exe
O4 - HKLM\..\Run: [bmxrhgn] C:\WINDOWS\system32\feyzwxw.exe
O4 - HKLM\..\Run: [ykpvovo] C:\WINDOWS\system32\xdujixpa.exe
O4 - HKLM\..\Run: [mkede] C:\WINDOWS\system32\tpgglq.exe
O4 - HKLM\..\Run: [hhfynuct] C:\WINDOWS\system32\nfxv.exe
O4 - HKLM\..\Run: [uczn] C:\WINDOWS\system32\fwius.exe
O4 - HKLM\..\Run: [hpow] C:\WINDOWS\system32\pnxmoss.exe
O4 - HKLM\..\Run: [mkhb] C:\WINDOWS\system32\glnygah.exe
O4 - HKLM\..\Run: [lzdhj] C:\WINDOWS\system32\zsyhd.exe
O4 - HKLM\..\Run: [remlrakh] C:\WINDOWS\system32\ibixybv.exe
O4 - HKLM\..\Run: [hesfchyu] C:\WINDOWS\system32\knxu.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Documents and Settings\MARNANE\My Documents\Sean\Virus Stuff\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "MARNANE"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [ksromroe] C:\WINDOWS\System32\nurdtvng.exe k:ksromroe:
O4 - HKCU\..\Run: [fidm] C:\WINDOWS\System32\djbosd.exe k:fidm:
O4 - HKCU\..\Run: [iaotzb] C:\WINDOWS\System32\lbfjdd.exe k:iaotzb:
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\eqertx.exe
O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\MARNANE\Application Data\eetu.exe
O4 - HKCU\..\Run: [Xdyot] C:\WINDOWS\system32\n?svc32.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: SirSearch - file://C:\Program Files\PWRSMND1\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} - http://www.jraun.com...ActivexTest.ocx
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.../dwnldr_ext.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://quantifacts..../ra/ieatgpc.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://download.winf...nnerInstall.cab
O20 - Winlogon Notify: awtst - C:\WINDOWS\system32\awtst.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe





What should i do?! Any help is much appreciated!
  • 0

Advertisements

#2
OwNt
Posted 05 November 2005 - 09:12 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, Ster0phonic.

Please DELETE your current HJT program from its present location.

Download and run the following HijackThis autoinstall program from Here . Please choose the default location of C:\Program Files\ as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident

Run HijackThis

Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')
  • 0

#3
Ster0phonic
Posted 10 November 2005 - 04:06 PM

Ster0phonic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:05:28 PM, on 11/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\MARNANE\My Documents\Sean\Virus Stuff\TrojanHunter 4.2\THGuard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Washer\washer.exe
C:\PROGRA~1\SYSTEM~1\soap.exe
C:\WINDOWS\system32\n?svc32.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPC32.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\awtst.dll
O2 - BHO: (no name) - {95606A76-D6BB-854E-E06C-FA7AE1B70DC2} - C:\WINDOWS\system32\ras.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Search - {ACB1823E-8DE3-8C5C-3238-D9693BF7AA7B} - C:\WINDOWS\Qoqmspuw.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [BS Player] WNUTZRJP.EXE
O4 - HKLM\..\Run: [gecgrsi] C:\WINDOWS\System32\akljwln.exe
O4 - HKLM\..\Run: [smfzyd] C:\WINDOWS\System32\siirf.exe
O4 - HKLM\..\Run: [rfyey] C:\WINDOWS\System32\iunymev.exe
O4 - HKLM\..\Run: [gwfnqq] C:\WINDOWS\System32\soain.exe
O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe
O4 - HKLM\..\Run: [Qfgwad] C:\WINDOWS\Iwyqswv.exe
O4 - HKLM\..\Run: [ovtr] C:\WINDOWS\System32\yojpb.exe
O4 - HKLM\..\Run: [czphz] C:\WINDOWS\System32\iioz.exe
O4 - HKLM\..\Run: [nblraim] C:\WINDOWS\System32\yjwjl.exe
O4 - HKLM\..\Run: [bpqzgcc] C:\WINDOWS\System32\peocb.exe
O4 - HKLM\..\Run: [lpxb] C:\WINDOWS\System32\kwxz.exe
O4 - HKLM\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe
O4 - HKLM\..\Run: [lbfws] C:\WINDOWS\System32\yvxv.exe
O4 - HKLM\..\Run: [kavz] C:\WINDOWS\System32\ipcncem.exe
O4 - HKLM\..\Run: [yqjzk] C:\WINDOWS\System32\lmubnze.exe
O4 - HKLM\..\Run: [wsyfg] C:\WINDOWS\System32\tztkp.exe
O4 - HKLM\..\Run: [hzftkxxa] C:\WINDOWS\System32\dzbozzzw.exe
O4 - HKLM\..\Run: [yaprkdyl] C:\WINDOWS\System32\obhzas.exe
O4 - HKLM\..\Run: [rbnzims] C:\WINDOWS\System32\unjbnh.exe
O4 - HKLM\..\Run: [knrx] C:\WINDOWS\System32\xaish.exe
O4 - HKLM\..\Run: [qljmwlj] C:\WINDOWS\System32\trnizrs.exe
O4 - HKLM\..\Run: [wchkctk] C:\WINDOWS\system32\mprzat.exe
O4 - HKLM\..\Run: [pvnooeds] C:\WINDOWS\system32\uiug.exe
O4 - HKLM\..\Run: [opmrrbmq] C:\WINDOWS\system32\jpvamswf.exe
O4 - HKLM\..\Run: [ddvfzcjf] C:\WINDOWS\system32\bsrbya.exe
O4 - HKLM\..\Run: [ikiscmta] C:\WINDOWS\system32\qvddw.exe
O4 - HKLM\..\Run: [nbbg] C:\WINDOWS\system32\cnii.exe
O4 - HKLM\..\Run: [suhjqhle] C:\WINDOWS\system32\oopd.exe
O4 - HKLM\..\Run: [yzqp] C:\WINDOWS\system32\yjvwjleb.exe
O4 - HKLM\..\Run: [zpnjvkf] C:\WINDOWS\system32\dspdxd.exe
O4 - HKLM\..\Run: [cxngdi] C:\WINDOWS\system32\aggdgw.exe
O4 - HKLM\..\Run: [clwtz] C:\WINDOWS\system32\nqjy.exe
O4 - HKLM\..\Run: [nkfnjqtx] C:\WINDOWS\system32\jwcnjp.exe
O4 - HKLM\..\Run: [nzraqf] C:\WINDOWS\system32\buyvpyu.exe
O4 - HKLM\..\Run: [rrjkb] C:\WINDOWS\system32\yqqu.exe
O4 - HKLM\..\Run: [poxr] C:\WINDOWS\system32\hqixojoq.exe
O4 - HKLM\..\Run: [alxt] C:\WINDOWS\system32\scdhrqb.exe
O4 - HKLM\..\Run: [jpwefpqp] C:\WINDOWS\system32\pzboxld.exe
O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [yqkopukj] C:\WINDOWS\system32\xrdb.exe
O4 - HKLM\..\Run: [lbewbrt] C:\WINDOWS\system32\vwgw.exe
O4 - HKLM\..\Run: [ovfu] C:\WINDOWS\system32\mfokh.exe
O4 - HKLM\..\Run: [norw] C:\WINDOWS\system32\xngzi.exe
O4 - HKLM\..\Run: [jmjlumch] C:\WINDOWS\system32\ruol.exe
O4 - HKLM\..\Run: [guje] C:\WINDOWS\system32\udqosbk.exe
O4 - HKLM\..\Run: [akzl] C:\WINDOWS\system32\tbfmedf.exe
O4 - HKLM\..\Run: [smmyr] C:\WINDOWS\system32\pabra.exe
O4 - HKLM\..\Run: [tioerbrt] C:\WINDOWS\system32\llwray.exe
O4 - HKLM\..\Run: [qtnw] C:\WINDOWS\system32\vobj.exe
O4 - HKLM\..\Run: [lrcizwdq] C:\WINDOWS\system32\ohghhp.exe
O4 - HKLM\..\Run: [rrlhui] C:\WINDOWS\system32\gmvipvs.exe
O4 - HKLM\..\Run: [tdcpmhb] C:\WINDOWS\system32\jfescnac.exe
O4 - HKLM\..\Run: [uuvv] C:\WINDOWS\system32\zcexm.exe
O4 - HKLM\..\Run: [yleqitfj] C:\WINDOWS\system32\ipiyd.exe
O4 - HKLM\..\Run: [jupcq] C:\WINDOWS\system32\wvgfo.exe
O4 - HKLM\..\Run: [bpmjrjs] C:\WINDOWS\system32\ambsw.exe
O4 - HKLM\..\Run: [hwjliwu] C:\WINDOWS\system32\kmsf.exe
O4 - HKLM\..\Run: [aqkveku] C:\WINDOWS\system32\gejp.exe
O4 - HKLM\..\Run: [bdnfc] C:\WINDOWS\system32\umqqpfwi.exe
O4 - HKLM\..\Run: [ugyneq] C:\WINDOWS\system32\hoxjjts.exe
O4 - HKLM\..\Run: [lgoibfdb] C:\WINDOWS\system32\oyqhjqrt.exe
O4 - HKLM\..\Run: [iplfec] C:\WINDOWS\system32\usmhahsz.exe
O4 - HKLM\..\Run: [hthkzhl] C:\WINDOWS\system32\wusymyty.exe
O4 - HKLM\..\Run: [epwqxiyk] C:\WINDOWS\system32\dhjqhytb.exe
O4 - HKLM\..\Run: [vwxgzw] C:\WINDOWS\system32\ldydzm.exe
O4 - HKLM\..\Run: [qvutot] C:\WINDOWS\system32\vgeos.exe
O4 - HKLM\..\Run: [fkybwio] C:\WINDOWS\system32\pmdbn.exe
O4 - HKLM\..\Run: [ttaizvt] C:\WINDOWS\system32\xmespjs.exe
O4 - HKLM\..\Run: [lyntecyv] C:\WINDOWS\system32\wpryvxms.exe
O4 - HKLM\..\Run: [byehvct] C:\WINDOWS\system32\vxcqbecc.exe
O4 - HKLM\..\Run: [jzszfx] C:\WINDOWS\system32\ealgaaba.exe
O4 - HKLM\..\Run: [zoifnrqs] C:\WINDOWS\system32\hppngg.exe
O4 - HKLM\..\Run: [nvtgol] C:\WINDOWS\system32\aycxyo.exe
O4 - HKLM\..\Run: [qfsopn] C:\WINDOWS\system32\ojdhnh.exe
O4 - HKLM\..\Run: [nxoyj] C:\WINDOWS\system32\vtgf.exe
O4 - HKLM\..\Run: [jzbboy] C:\WINDOWS\system32\rnalutd.exe
O4 - HKLM\..\Run: [rgnum] C:\WINDOWS\system32\kciyy.exe
O4 - HKLM\..\Run: [xczul] C:\WINDOWS\system32\rboqc.exe
O4 - HKLM\..\Run: [wliy] C:\WINDOWS\system32\mbak.exe
O4 - HKLM\..\Run: [vamxmt] C:\WINDOWS\system32\nseuosl.exe
O4 - HKLM\..\Run: [redruzy] C:\WINDOWS\system32\zmmmvyc.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [kojt] C:\WINDOWS\system32\gpxm.exe
O4 - HKLM\..\Run: [nlbfy] C:\WINDOWS\system32\fbot.exe
O4 - HKLM\..\Run: [aovwmz] C:\WINDOWS\system32\whlfdt.exe
O4 - HKLM\..\Run: [rtild] C:\WINDOWS\system32\gmfvlbk.exe
O4 - HKLM\..\Run: [vdxc] C:\WINDOWS\system32\mdre.exe
O4 - HKLM\..\Run: [fumq] C:\WINDOWS\system32\gzmo.exe
O4 - HKLM\..\Run: [ohkiazx] C:\WINDOWS\system32\szhmseme.exe
O4 - HKLM\..\Run: [nWkMrkGp] C:\documents and settings\marnane\local settings\temp\nWkMrkGp.exe
O4 - HKLM\..\Run: [sxplrm] C:\WINDOWS\system32\vvqpudtq.exe
O4 - HKLM\..\Run: [s] C:\documents and settings\marnane\local settings\temp\s.exe
O4 - HKLM\..\Run: [X6NB7c] C:\documents and settings\marnane\local settings\temp\X6NB7c.exe
O4 - HKLM\..\Run: [vnhbi] C:\WINDOWS\system32\kddp.exe
O4 - HKLM\..\Run: [jkndvbt] C:\WINDOWS\system32\xdat.exe
O4 - HKLM\..\Run: [chrnh] C:\WINDOWS\system32\bzkp.exe
O4 - HKLM\..\Run: [plhxlc] C:\WINDOWS\system32\aeuz.exe
O4 - HKLM\..\Run: [nwiv] C:\WINDOWS\system32\tkkx.exe
O4 - HKLM\..\Run: [byzmipxj] C:\WINDOWS\system32\lmcc.exe
O4 - HKLM\..\Run: [svtnl] C:\WINDOWS\system32\afkli.exe
O4 - HKLM\..\Run: [arwewv] C:\WINDOWS\system32\uqmz.exe
O4 - HKLM\..\Run: [wgbsrh] C:\WINDOWS\system32\hqjqtkom.exe
O4 - HKLM\..\Run: [mdrxss] C:\WINDOWS\system32\yyujqv.exe
O4 - HKLM\..\Run: [voar] C:\WINDOWS\system32\efpxmq.exe
O4 - HKLM\..\Run: [pqdivgic] C:\WINDOWS\system32\rkjrnfp.exe
O4 - HKLM\..\Run: [gxvoaee] C:\WINDOWS\system32\dzvupkn.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [qveylzdq] C:\WINDOWS\system32\yzgsnegj.exe
O4 - HKLM\..\Run: [whkuo] C:\WINDOWS\system32\kjixr.exe
O4 - HKLM\..\Run: [jgkzlr] C:\WINDOWS\system32\lwujjp.exe
O4 - HKLM\..\Run: [weycebb] C:\WINDOWS\system32\hykaqx.exe
O4 - HKLM\..\Run: [msedicjv] C:\WINDOWS\system32\dlrrd.exe
O4 - HKLM\..\Run: [afik] C:\WINDOWS\system32\vvqxe.exe
O4 - HKLM\..\Run: [enddgl] C:\WINDOWS\system32\nnvvzp.exe
O4 - HKLM\..\Run: [raqw] C:\WINDOWS\system32\ipwpf.exe
O4 - HKLM\..\Run: [ccrjtvi] C:\WINDOWS\system32\atyupl.exe
O4 - HKLM\..\Run: [tifwwa] C:\WINDOWS\system32\soixkurg.exe
O4 - HKLM\..\Run: [vxzt] C:\WINDOWS\system32\sltpexr.exe
O4 - HKLM\..\Run: [wwog] C:\WINDOWS\system32\wpmpyy.exe
O4 - HKLM\..\Run: [eeqazi] C:\WINDOWS\system32\udmfztyi.exe
O4 - HKLM\..\Run: [bdpul] C:\WINDOWS\system32\plbu.exe
O4 - HKLM\..\Run: [poixesus] C:\WINDOWS\system32\eifrjgge.exe
O4 - HKLM\..\Run: [gdfbf] C:\WINDOWS\system32\jpejnpnw.exe
O4 - HKLM\..\Run: [gymqxec] C:\WINDOWS\system32\xxcbqupi.exe
O4 - HKLM\..\Run: [olupcw] C:\WINDOWS\system32\ourmgj.exe
O4 - HKLM\..\Run: [armgovv] C:\WINDOWS\system32\mxtwbs.exe
O4 - HKLM\..\Run: [ynkh] C:\WINDOWS\system32\pgfdizyy.exe
O4 - HKLM\..\Run: [bkgvb] C:\WINDOWS\system32\yawjxcp.exe
O4 - HKLM\..\Run: [AMD 64 Bit Processor] AMD64.EXE
O4 - HKLM\..\Run: [zinan] C:\WINDOWS\system32\dhfgutzo.exe
O4 - HKLM\..\Run: [bpiqe] C:\WINDOWS\system32\mvbgjc.exe
O4 - HKLM\..\Run: [enusfrs] C:\WINDOWS\system32\rsizyg.exe
O4 - HKLM\..\Run: [cqdhgca] C:\WINDOWS\system32\nvndcip.exe
O4 - HKLM\..\Run: [lsmzwqza] C:\WINDOWS\system32\zfzckc.exe
O4 - HKLM\..\Run: [uwssig] C:\WINDOWS\system32\bszrg.exe
O4 - HKLM\..\Run: [rxpw] C:\WINDOWS\system32\lwmbdcfg.exe
O4 - HKLM\..\Run: [bmxrhgn] C:\WINDOWS\system32\feyzwxw.exe
O4 - HKLM\..\Run: [ykpvovo] C:\WINDOWS\system32\xdujixpa.exe
O4 - HKLM\..\Run: [mkede] C:\WINDOWS\system32\tpgglq.exe
O4 - HKLM\..\Run: [hhfynuct] C:\WINDOWS\system32\nfxv.exe
O4 - HKLM\..\Run: [uczn] C:\WINDOWS\system32\fwius.exe
O4 - HKLM\..\Run: [hpow] C:\WINDOWS\system32\pnxmoss.exe
O4 - HKLM\..\Run: [mkhb] C:\WINDOWS\system32\glnygah.exe
O4 - HKLM\..\Run: [lzdhj] C:\WINDOWS\system32\zsyhd.exe
O4 - HKLM\..\Run: [remlrakh] C:\WINDOWS\system32\ibixybv.exe
O4 - HKLM\..\Run: [hesfchyu] C:\WINDOWS\system32\knxu.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Documents and Settings\MARNANE\My Documents\Sean\Virus Stuff\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "MARNANE"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [ksromroe] C:\WINDOWS\System32\nurdtvng.exe k:ksromroe:
O4 - HKCU\..\Run: [fidm] C:\WINDOWS\System32\djbosd.exe k:fidm:
O4 - HKCU\..\Run: [iaotzb] C:\WINDOWS\System32\lbfjdd.exe k:iaotzb:
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\eqertx.exe
O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\MARNANE\Application Data\eetu.exe
O4 - HKCU\..\Run: [Xdyot] C:\WINDOWS\system32\n?svc32.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: SirSearch - file://C:\Program Files\PWRSMND1\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} - http://www.jraun.com...ActivexTest.ocx
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.../dwnldr_ext.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://quantifacts..../ra/ieatgpc.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://download.winf...nnerInstall.cab
O20 - Winlogon Notify: awtst - C:\WINDOWS\system32\awtst.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe



sorry for the delay. Did what you said...that's the log i got
  • 0

#4
OwNt
Posted 10 November 2005 - 10:48 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, Ster0phonic.

Please print these instructions out or save them in notepad for use in Safe Mode.
(Start > Programs > Accessories > Notepad)

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:

    Please Type in the filepath as instructed by the forum staff
    and then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\awtst.dll
  • Press Enter to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum
    staff then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\tstwa.*
  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:R3 - Default URLSearchHook is missing
    O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\awtst.dll
    O2 - BHO: (no name) - {95606A76-D6BB-854E-E06C-FA7AE1B70DC2} - C:\WINDOWS\system32\ras.dll (file missing)
    O3 - Toolbar: Search - {ACB1823E-8DE3-8C5C-3238-D9693BF7AA7B} - C:\WINDOWS\Qoqmspuw.dll (file missing)
    O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
    O4 - HKLM\..\Run: [gecgrsi] C:\WINDOWS\System32\akljwln.exe
    O4 - HKLM\..\Run: [smfzyd] C:\WINDOWS\System32\siirf.exe
    O4 - HKLM\..\Run: [rfyey] C:\WINDOWS\System32\iunymev.exe
    O4 - HKLM\..\Run: [gwfnqq] C:\WINDOWS\System32\soain.exe
    O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe
    O4 - HKLM\..\Run: [Qfgwad] C:\WINDOWS\Iwyqswv.exe
    O4 - HKLM\..\Run: [ovtr] C:\WINDOWS\System32\yojpb.exe
    O4 - HKLM\..\Run: [czphz] C:\WINDOWS\System32\iioz.exe
    O4 - HKLM\..\Run: [nblraim] C:\WINDOWS\System32\yjwjl.exe
    O4 - HKLM\..\Run: [bpqzgcc] C:\WINDOWS\System32\peocb.exe
    O4 - HKLM\..\Run: [lpxb] C:\WINDOWS\System32\kwxz.exe
    O4 - HKLM\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe
    O4 - HKLM\..\Run: [lbfws] C:\WINDOWS\System32\yvxv.exe
    O4 - HKLM\..\Run: [kavz] C:\WINDOWS\System32\ipcncem.exe
    O4 - HKLM\..\Run: [yqjzk] C:\WINDOWS\System32\lmubnze.exe
    O4 - HKLM\..\Run: [wsyfg] C:\WINDOWS\System32\tztkp.exe
    O4 - HKLM\..\Run: [hzftkxxa] C:\WINDOWS\System32\dzbozzzw.exe
    O4 - HKLM\..\Run: [yaprkdyl] C:\WINDOWS\System32\obhzas.exe
    O4 - HKLM\..\Run: [rbnzims] C:\WINDOWS\System32\unjbnh.exe
    O4 - HKLM\..\Run: [knrx] C:\WINDOWS\System32\xaish.exe
    O4 - HKLM\..\Run: [qljmwlj] C:\WINDOWS\System32\trnizrs.exe
    O4 - HKLM\..\Run: [wchkctk] C:\WINDOWS\system32\mprzat.exe
    O4 - HKLM\..\Run: [pvnooeds] C:\WINDOWS\system32\uiug.exe
    O4 - HKLM\..\Run: [opmrrbmq] C:\WINDOWS\system32\jpvamswf.exe
    O4 - HKLM\..\Run: [ddvfzcjf] C:\WINDOWS\system32\bsrbya.exe
    O4 - HKLM\..\Run: [ikiscmta] C:\WINDOWS\system32\qvddw.exe
    O4 - HKLM\..\Run: [nbbg] C:\WINDOWS\system32\cnii.exe
    O4 - HKLM\..\Run: [suhjqhle] C:\WINDOWS\system32\oopd.exe
    O4 - HKLM\..\Run: [yzqp] C:\WINDOWS\system32\yjvwjleb.exe
    O4 - HKLM\..\Run: [zpnjvkf] C:\WINDOWS\system32\dspdxd.exe
    O4 - HKLM\..\Run: [cxngdi] C:\WINDOWS\system32\aggdgw.exe
    O4 - HKLM\..\Run: [clwtz] C:\WINDOWS\system32\nqjy.exe
    O4 - HKLM\..\Run: [nkfnjqtx] C:\WINDOWS\system32\jwcnjp.exe
    O4 - HKLM\..\Run: [nzraqf] C:\WINDOWS\system32\buyvpyu.exe
    O4 - HKLM\..\Run: [rrjkb] C:\WINDOWS\system32\yqqu.exe
    O4 - HKLM\..\Run: [poxr] C:\WINDOWS\system32\hqixojoq.exe
    O4 - HKLM\..\Run: [alxt] C:\WINDOWS\system32\scdhrqb.exe
    O4 - HKLM\..\Run: [jpwefpqp] C:\WINDOWS\system32\pzboxld.exe
    O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
    O4 - HKLM\..\Run: [yqkopukj] C:\WINDOWS\system32\xrdb.exe
    O4 - HKLM\..\Run: [lbewbrt] C:\WINDOWS\system32\vwgw.exe
    O4 - HKLM\..\Run: [ovfu] C:\WINDOWS\system32\mfokh.exe
    O4 - HKLM\..\Run: [norw] C:\WINDOWS\system32\xngzi.exe
    O4 - HKLM\..\Run: [jmjlumch] C:\WINDOWS\system32\ruol.exe
    O4 - HKLM\..\Run: [guje] C:\WINDOWS\system32\udqosbk.exe
    O4 - HKLM\..\Run: [akzl] C:\WINDOWS\system32\tbfmedf.exe
    O4 - HKLM\..\Run: [smmyr] C:\WINDOWS\system32\pabra.exe
    O4 - HKLM\..\Run: [tioerbrt] C:\WINDOWS\system32\llwray.exe
    O4 - HKLM\..\Run: [qtnw] C:\WINDOWS\system32\vobj.exe
    O4 - HKLM\..\Run: [lrcizwdq] C:\WINDOWS\system32\ohghhp.exe
    O4 - HKLM\..\Run: [rrlhui] C:\WINDOWS\system32\gmvipvs.exe
    O4 - HKLM\..\Run: [tdcpmhb] C:\WINDOWS\system32\jfescnac.exe
    O4 - HKLM\..\Run: [uuvv] C:\WINDOWS\system32\zcexm.exe
    O4 - HKLM\..\Run: [yleqitfj] C:\WINDOWS\system32\ipiyd.exe
    O4 - HKLM\..\Run: [jupcq] C:\WINDOWS\system32\wvgfo.exe
    O4 - HKLM\..\Run: [bpmjrjs] C:\WINDOWS\system32\ambsw.exe
    O4 - HKLM\..\Run: [hwjliwu] C:\WINDOWS\system32\kmsf.exe
    O4 - HKLM\..\Run: [aqkveku] C:\WINDOWS\system32\gejp.exe
    O4 - HKLM\..\Run: [bdnfc] C:\WINDOWS\system32\umqqpfwi.exe
    O4 - HKLM\..\Run: [ugyneq] C:\WINDOWS\system32\hoxjjts.exe
    O4 - HKLM\..\Run: [lgoibfdb] C:\WINDOWS\system32\oyqhjqrt.exe
    O4 - HKLM\..\Run: [iplfec] C:\WINDOWS\system32\usmhahsz.exe
    O4 - HKLM\..\Run: [hthkzhl] C:\WINDOWS\system32\wusymyty.exe
    O4 - HKLM\..\Run: [epwqxiyk] C:\WINDOWS\system32\dhjqhytb.exe
    O4 - HKLM\..\Run: [vwxgzw] C:\WINDOWS\system32\ldydzm.exe
    O4 - HKLM\..\Run: [qvutot] C:\WINDOWS\system32\vgeos.exe
    O4 - HKLM\..\Run: [fkybwio] C:\WINDOWS\system32\pmdbn.exe
    O4 - HKLM\..\Run: [ttaizvt] C:\WINDOWS\system32\xmespjs.exe
    O4 - HKLM\..\Run: [lyntecyv] C:\WINDOWS\system32\wpryvxms.exe
    O4 - HKLM\..\Run: [byehvct] C:\WINDOWS\system32\vxcqbecc.exe
    O4 - HKLM\..\Run: [jzszfx] C:\WINDOWS\system32\ealgaaba.exe
    O4 - HKLM\..\Run: [zoifnrqs] C:\WINDOWS\system32\hppngg.exe
    O4 - HKLM\..\Run: [nvtgol] C:\WINDOWS\system32\aycxyo.exe
    O4 - HKLM\..\Run: [qfsopn] C:\WINDOWS\system32\ojdhnh.exe
    O4 - HKLM\..\Run: [nxoyj] C:\WINDOWS\system32\vtgf.exe
    O4 - HKLM\..\Run: [jzbboy] C:\WINDOWS\system32\rnalutd.exe
    O4 - HKLM\..\Run: [rgnum] C:\WINDOWS\system32\kciyy.exe
    O4 - HKLM\..\Run: [xczul] C:\WINDOWS\system32\rboqc.exe
    O4 - HKLM\..\Run: [wliy] C:\WINDOWS\system32\mbak.exe
    O4 - HKLM\..\Run: [vamxmt] C:\WINDOWS\system32\nseuosl.exe
    O4 - HKLM\..\Run: [redruzy] C:\WINDOWS\system32\zmmmvyc.exe
    O4 - HKLM\..\Run: [kojt] C:\WINDOWS\system32\gpxm.exe
    O4 - HKLM\..\Run: [nlbfy] C:\WINDOWS\system32\fbot.exe
    O4 - HKLM\..\Run: [aovwmz] C:\WINDOWS\system32\whlfdt.exe
    O4 - HKLM\..\Run: [rtild] C:\WINDOWS\system32\gmfvlbk.exe
    O4 - HKLM\..\Run: [vdxc] C:\WINDOWS\system32\mdre.exe
    O4 - HKLM\..\Run: [fumq] C:\WINDOWS\system32\gzmo.exe
    O4 - HKLM\..\Run: [ohkiazx] C:\WINDOWS\system32\szhmseme.exe
    O4 - HKLM\..\Run: [nWkMrkGp] C:\documents and settings\marnane\local settings\temp\nWkMrkGp.exe
    O4 - HKLM\..\Run: [sxplrm] C:\WINDOWS\system32\vvqpudtq.exe
    O4 - HKLM\..\Run: [s] C:\documents and settings\marnane\local settings\temp\s.exe
    O4 - HKLM\..\Run: [X6NB7c] C:\documents and settings\marnane\local settings\temp\X6NB7c.exe
    O4 - HKLM\..\Run: [vnhbi] C:\WINDOWS\system32\kddp.exe
    O4 - HKLM\..\Run: [jkndvbt] C:\WINDOWS\system32\xdat.exe
    O4 - HKLM\..\Run: [chrnh] C:\WINDOWS\system32\bzkp.exe
    O4 - HKLM\..\Run: [plhxlc] C:\WINDOWS\system32\aeuz.exe
    O4 - HKLM\..\Run: [nwiv] C:\WINDOWS\system32\tkkx.exe
    O4 - HKLM\..\Run: [byzmipxj] C:\WINDOWS\system32\lmcc.exe
    O4 - HKLM\..\Run: [svtnl] C:\WINDOWS\system32\afkli.exe
    O4 - HKLM\..\Run: [arwewv] C:\WINDOWS\system32\uqmz.exe
    O4 - HKLM\..\Run: [wgbsrh] C:\WINDOWS\system32\hqjqtkom.exe
    O4 - HKLM\..\Run: [mdrxss] C:\WINDOWS\system32\yyujqv.exe
    O4 - HKLM\..\Run: [voar] C:\WINDOWS\system32\efpxmq.exe
    O4 - HKLM\..\Run: [pqdivgic] C:\WINDOWS\system32\rkjrnfp.exe
    O4 - HKLM\..\Run: [gxvoaee] C:\WINDOWS\system32\dzvupkn.exe
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    O4 - HKLM\..\Run: [qveylzdq] C:\WINDOWS\system32\yzgsnegj.exe
    O4 - HKLM\..\Run: [whkuo] C:\WINDOWS\system32\kjixr.exe
    O4 - HKLM\..\Run: [jgkzlr] C:\WINDOWS\system32\lwujjp.exe
    O4 - HKLM\..\Run: [weycebb] C:\WINDOWS\system32\hykaqx.exe
    O4 - HKLM\..\Run: [msedicjv] C:\WINDOWS\system32\dlrrd.exe
    O4 - HKLM\..\Run: [afik] C:\WINDOWS\system32\vvqxe.exe
    O4 - HKLM\..\Run: [enddgl] C:\WINDOWS\system32\nnvvzp.exe
    O4 - HKLM\..\Run: [raqw] C:\WINDOWS\system32\ipwpf.exe
    O4 - HKLM\..\Run: [ccrjtvi] C:\WINDOWS\system32\atyupl.exe
    O4 - HKLM\..\Run: [tifwwa] C:\WINDOWS\system32\soixkurg.exe
    O4 - HKLM\..\Run: [vxzt] C:\WINDOWS\system32\sltpexr.exe
    O4 - HKLM\..\Run: [wwog] C:\WINDOWS\system32\wpmpyy.exe
    O4 - HKLM\..\Run: [eeqazi] C:\WINDOWS\system32\udmfztyi.exe
    O4 - HKLM\..\Run: [bdpul] C:\WINDOWS\system32\plbu.exe
    O4 - HKLM\..\Run: [poixesus] C:\WINDOWS\system32\eifrjgge.exe
    O4 - HKLM\..\Run: [gdfbf] C:\WINDOWS\system32\jpejnpnw.exe
    O4 - HKLM\..\Run: [gymqxec] C:\WINDOWS\system32\xxcbqupi.exe
    O4 - HKLM\..\Run: [olupcw] C:\WINDOWS\system32\ourmgj.exe
    O4 - HKLM\..\Run: [armgovv] C:\WINDOWS\system32\mxtwbs.exe
    O4 - HKLM\..\Run: [ynkh] C:\WINDOWS\system32\pgfdizyy.exe
    O4 - HKLM\..\Run: [bkgvb] C:\WINDOWS\system32\yawjxcp.exe
    O4 - HKLM\..\Run: [AMD 64 Bit Processor] AMD64.EXE
    O4 - HKLM\..\Run: [zinan] C:\WINDOWS\system32\dhfgutzo.exe
    O4 - HKLM\..\Run: [bpiqe] C:\WINDOWS\system32\mvbgjc.exe
    O4 - HKLM\..\Run: [enusfrs] C:\WINDOWS\system32\rsizyg.exe
    O4 - HKLM\..\Run: [cqdhgca] C:\WINDOWS\system32\nvndcip.exe
    O4 - HKLM\..\Run: [lsmzwqza] C:\WINDOWS\system32\zfzckc.exe
    O4 - HKLM\..\Run: [uwssig] C:\WINDOWS\system32\bszrg.exe
    O4 - HKLM\..\Run: [rxpw] C:\WINDOWS\system32\lwmbdcfg.exe
    O4 - HKLM\..\Run: [bmxrhgn] C:\WINDOWS\system32\feyzwxw.exe
    O4 - HKLM\..\Run: [ykpvovo] C:\WINDOWS\system32\xdujixpa.exe
    O4 - HKLM\..\Run: [mkede] C:\WINDOWS\system32\tpgglq.exe
    O4 - HKLM\..\Run: [hhfynuct] C:\WINDOWS\system32\nfxv.exe
    O4 - HKLM\..\Run: [uczn] C:\WINDOWS\system32\fwius.exe
    O4 - HKLM\..\Run: [hpow] C:\WINDOWS\system32\pnxmoss.exe
    O4 - HKLM\..\Run: [mkhb] C:\WINDOWS\system32\glnygah.exe
    O4 - HKLM\..\Run: [lzdhj] C:\WINDOWS\system32\zsyhd.exe
    O4 - HKLM\..\Run: [remlrakh] C:\WINDOWS\system32\ibixybv.exe
    O4 - HKLM\..\Run: [hesfchyu] C:\WINDOWS\system32\knxu.exe
    O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
    O4 - HKCU\..\Run: [ksromroe] C:\WINDOWS\System32\nurdtvng.exe k:ksromroe:
    O4 - HKCU\..\Run: [fidm] C:\WINDOWS\System32\djbosd.exe k:fidm:
    O4 - HKCU\..\Run: [iaotzb] C:\WINDOWS\System32\lbfjdd.exe k:iaotzb:
    O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\eqertx.exe
    O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\MARNANE\Application Data\eetu.exe
    O4 - HKCU\..\Run: [Xdyot] C:\WINDOWS\system32\n?svc32.exe
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
    O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
    O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} - http://www.jraun.com...ActivexTest.ocx
    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://download.winf...nnerInstall.cab
    O20 - Winlogon Notify: awtst - C:\WINDOWS\system32\awtst.dll
  • After you have fixed these items, close Hijackthis.
  • Press enter to exit the program then manually reboot your computer.
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Also, Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log, the vundofix.txt file from the vundofix folder and the Uninstall list into this topic.
  • 0

#5
OwNt
Posted 25 November 2005 - 12:41 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP