MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Win Min/Homepage hijacked problems
August 21, 2019, 01:49:47 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
August 21, 2019, 01:49:47 PM

Login with username, password and session length
 
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2  All Go Down Print
Author Topic: Win Min/Homepage hijacked problems  (Read 2437 times)
Foxfleet
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 13


Bookmark and Share

View Profile
« on: November 28, 2004, 11:21:01 PM »

I am having issues with both my Internet and shut downs. Here is my HJT Log. I have tried several times to get rid of http://mypoiskovik.com/sp.htm, but I used an older thread from this forum, so I think variations have taken over.

I am having issues with all of the .exe's in the middle of my HJT list as well.

If there is a certain sequence I need to follow in deleting things, let me know. I appreciate your help, I have spent all day working on this PC. Thanks


Logfile of HijackThis v1.98.2
Scan saved at 6:06:25 PM, on 11/28/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\pyiropi.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\windows\pyiropi.exe
C:\windows\pyiropi.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\windows\pyiropi.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mypoiskovik.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mypoiskovik.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mypoiskovik.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mypoiskovik.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoiskovik.com/index.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [wxfjqpq] c:\windows\otappdj.exe
O4 - HKCU\..\Run: [osulvjc] c:\windows\aqqhmjg.exe
O4 - HKCU\..\Run: [ilgotpd] c:\windows\pyiropi.exe
O4 - HKCU\..\Run: [kucvasj] c:\windows\bmvvovb.exe
O4 - HKCU\..\Run: [whtrhvh] c:\windows\sckydrq.exe
O4 - HKCU\..\Run: [gvoleyb] c:\windows\otappdj.exe
O4 - HKCU\..\Run: [fnrijte] c:\windows\hqiivxt.exe
O4 - HKCU\..\Run: [sheapxf] c:\windows\aqqhmjg.exe
O4 - HKCU\..\Run: [dkmtsby] c:\windows\bmvvovb.exe
O4 - HKCU\..\Run: [sckvxul] c:\windows\sckydrq.exe
O4 - HKCU\..\Run: [gdxacne] c:\windows\pyiropi.exe
O4 - HKCU\..\Run: [mwamxpc] c:\windows\wqsadvs.exe
O4 - HKCU\..\Run: [njxqqsg] c:\windows\hqiivxt.exe
O4 - HKCU\..\Run: [hhscvhl] c:\windows\sckydrq.exe
O4 - HKCU\..\Run: [qyhodrs] c:\windows\aqqhmjg.exe
O4 - HKCU\..\Run: [uietifj] c:\windows\wqsadvs.exe
O4 - HKCU\..\Run: [ryhlhiq] c:\windows\pyiropi.exe
O4 - HKCU\..\Run: [dsvpstp] c:\windows\wqsadvs.exe
O4 - HKCU\..\Run: [ucpdrnx] c:\windows\cmnmftw.exe
O4 - HKCU\..\Run: [pjcyhpm] c:\windows\axsvxwe.exe
O4 - HKCU\..\Run: [nivabso] c:\windows\sckydrq.exe
O4 - HKCU\..\Run: [mhqonsy] c:\windows\aqqhmjg.exe
O4 - HKCU\..\Run: [gvnqddg] c:\windows\pyiropi.exe
O4 - HKCU\..\Run: [coejhgm] c:\windows\wqsadvs.exe
O4 - HKCU\..\Run: [xjdtgor] c:\windows\cmnmftw.exe
O4 - HKCU\..\Run: [wsbcvat] c:\windows\axsvxwe.exe
O4 - HKCU\..\Run: [hxubbjy] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [uasgsvq] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [rqyxogv] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [bswylen] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [hmcxjrj] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [mbupsqy] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [qpreebj] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [twjftve] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [oqrgavj] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [epvrpyf] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [edpvkqt] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [ugyfxoj] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [fmaesso] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [fovqlhx] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [mjadypy] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [fshqirw] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [dkvcaog] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [higvfig] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [bdjakwp] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [ghqtptg] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [qaqfnjq] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [uedtjjs] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [wukwgry] c:\windows\sameskp.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://student02.udayton.edu/iNotes.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe


Logged

 
Geekgirl
Global Moderator
Hero Member
*****

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175



Bookmark and Share

View Profile
« Reply #1 on: November 28, 2004, 11:30:09 PM »

Hey Foxfleet


***DO NOT TRY TO FIX ANYTHING, MAJOR DAMAGE CAN BE DONE TO YOUR SYSTEM IF THIS TOOL IS USED INCORRECTLY, PLEASE WAIT FOR OUR MODERATORS TO GIVE YOU INSTRUCTIONS***


Also before a moderator will give you instructions you will need to place your HJT in a permament folder.

(Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders or your Desktop. A good place to make a folder would be in My Documents,as this is where it will save the backup files needed if there's a problem.)

Logged




Girlz Rule ...Boyz Drool
____________________________
ALWAYS BACKUP YOUR REGISTRY BEFORE EDITING
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #2 on: November 29, 2004, 12:23:33 AM »

Please download and run the following programs:

AD-AWARE

Install the program and launch it.

First, in the bottom right-hand corner of the main window
click on Check for updates now then click Connect and download
the latest reference files.

Then, in the main window: Click Start and under Select
 a scan Mode tick Perform full system scan.

Then, deselect Search for negligible risk entries.

To start the scan, click the Next button.

When the scan is finished mark everything for removal
and get rid of it. (Right-click the window and choose select
all from the drop down menu and then click Next)

Restart your computer.


SPYBOT SEARCH & DESTROY


Open Spybot Search & Destroy (Click Start, Programs,
Spybot S&D (Advanced Mode). Click online, Search for updates,
Download all available updates. Close all Browser windows,
Click ''Check for Problems''. Anything that needs to be fixed
it will show in red and have a green check in the box to the left.
Click ''Fix Selected Problems'', Then restart your computer.




First please move HiJackThis.exe to a permanent location.
This has to be done as HiJack This creates a log file.
We may need to use this to restore some of the settings that
are changed.
Click My Computer,
then C:\In the menu bar, File->New->Folder.
That will create a folder named New Folder, which
you can rename to "HJT" or "HijackThis". Now you
have C:\HJT\ folder. Put your HijackThis.exe there,
and double click to run it.

 post a new hijack this log
Logged

John Vickers
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #3 on: November 29, 2004, 12:30:13 AM »

Also Run An Online Virus Scan At Trendmicro!!!
http://housecall60.trendmicro.com/en/start_corp.asp?id=scan
Remove anything it finds and write down any files it says are uncleanable
(Write down the name and path)


Logged

John Vickers
Foxfleet
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 13


Bookmark and Share

View Profile
« Reply #4 on: November 29, 2004, 03:08:17 AM »

Logfile of HijackThis v1.98.2
Scan saved at 10:22:15 PM, on 11/28/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HiJackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mypoiskovik.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mypoiskovik.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mypoiskovik.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mypoiskovik.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoiskovik.com/index.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [wxfjqpq] c:\windows\otappdj.exe
O4 - HKCU\..\Run: [osulvjc] c:\windows\aqqhmjg.exe
O4 - HKCU\..\Run: [ilgotpd] c:\windows\pyiropi.exe
O4 - HKCU\..\Run: [kucvasj] c:\windows\bmvvovb.exe
O4 - HKCU\..\Run: [whtrhvh] c:\windows\sckydrq.exe
O4 - HKCU\..\Run: [gvoleyb] c:\windows\otappdj.exe
O4 - HKCU\..\Run: [fnrijte] c:\windows\hqiivxt.exe
O4 - HKCU\..\Run: [sheapxf] c:\windows\aqqhmjg.exe
O4 - HKCU\..\Run: [dkmtsby] c:\windows\bmvvovb.exe
O4 - HKCU\..\Run: [sckvxul] c:\windows\sckydrq.exe
O4 - HKCU\..\Run: [gdxacne] c:\windows\pyiropi.exe
O4 - HKCU\..\Run: [mwamxpc] c:\windows\wqsadvs.exe
O4 - HKCU\..\Run: [njxqqsg] c:\windows\hqiivxt.exe
O4 - HKCU\..\Run: [hhscvhl] c:\windows\sckydrq.exe
O4 - HKCU\..\Run: [qyhodrs] c:\windows\aqqhmjg.exe
O4 - HKCU\..\Run: [uietifj] c:\windows\wqsadvs.exe
O4 - HKCU\..\Run: [ryhlhiq] c:\windows\pyiropi.exe
O4 - HKCU\..\Run: [dsvpstp] c:\windows\wqsadvs.exe
O4 - HKCU\..\Run: [ucpdrnx] c:\windows\cmnmftw.exe
O4 - HKCU\..\Run: [pjcyhpm] c:\windows\axsvxwe.exe
O4 - HKCU\..\Run: [nivabso] c:\windows\sckydrq.exe
O4 - HKCU\..\Run: [mhqonsy] c:\windows\aqqhmjg.exe
O4 - HKCU\..\Run: [gvnqddg] c:\windows\pyiropi.exe
O4 - HKCU\..\Run: [coejhgm] c:\windows\wqsadvs.exe
O4 - HKCU\..\Run: [xjdtgor] c:\windows\cmnmftw.exe
O4 - HKCU\..\Run: [wsbcvat] c:\windows\axsvxwe.exe
O4 - HKCU\..\Run: [hxubbjy] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [uasgsvq] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [rqyxogv] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [bswylen] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [hmcxjrj] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [mbupsqy] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [qpreebj] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [twjftve] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [oqrgavj] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [epvrpyf] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [edpvkqt] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [ugyfxoj] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [fmaesso] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [fovqlhx] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [mjadypy] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [fshqirw] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [dkvcaog] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [higvfig] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [bdjakwp] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [ghqtptg] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [qaqfnjq] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [uedtjjs] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [ublqnhq] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [aanvjwk] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [stjfink] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [ybmoccm] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [mllaswt] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [pgggfrf] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [lreqthr] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [cwcqxio] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [sfwfqxc] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [rgbfsss] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [lwedfmv] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [llhctwq] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [asbsabj] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [rictosu] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [cufbnbt] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [trlsekl] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [uhskblf] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [adwxppm] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [esvhhgs] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [kxgcpgs] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [xhumlnq] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [hwcatlp] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [tmjilbs] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [jyvtqxw] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [oigbphn] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [hnoxoae] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [liuxbcw] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [wpxwhsg] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [aanwqtt] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [xrnnoyd] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [pjofmml] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [qjmrwxg] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [cgkjjoe] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [xonftbk] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [rkwsrtw] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [pjqoqwg] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [sbyhvus] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [xwwyqyn] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [sgtxsdc] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [uhdiuvv] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [sctxhem] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [wlbdryb] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [psmjtyb] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [jbfxdss] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [milwusf] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [pndxwyi] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [xyqbncy] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [eospreu] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [yjqeete] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [tcuvurr] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [wokwqsh] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [itmglsj] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [qmpchmc] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [mqjdjnx] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [wjlplof] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [dwhqcvr] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [fnlbibm] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [rnialbe] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [scbarju] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [jghnfsp] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [klvqqhm] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [kgdeacr] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [qalibgt] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [g*yotyf] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [jnkjnqk] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [lhspdoc] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [gorajkw] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [gsndhnb] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [ymkmjeb] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [rhxgpdc] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [qrrvecx] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [egkssbr] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [vhjwwsa] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [xfoyskb] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [gguabnd] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [mbavyqv] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [orfxfqy] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [gdikqfc] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [eogiito] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [ynehebu] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [jkkhach] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [jjeufyi] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [stqus*x] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [vnfmpcd] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [vtvdjao] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [ppfxvva] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [arcxrwb] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [ebtrdjw] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [pdncbee] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [cqpgmsv] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [cofeniu] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [aikwtps] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [pgcosfg] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [gklolqw] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [drlfcli] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [ttisonk] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [bdcwppm] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [mmkiekv] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [fcnbtfy] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [isvgqjf] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [gcaebpk] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [irpoiyd] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [xglstrp] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [abltkjl] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [lxflxfg] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [lsdvoav] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [ylscslw] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [twbdkao] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [vstvfdu] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [sgcqvsl] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [igtubdi] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [semdvna] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [suibqoj] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [wsqsksj] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [kxfumut] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [srksepb] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [mhrqjwq] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [bkhvnmd] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [yahvtrw] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [nsyfktb] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [clcgsye] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [ojhhrws] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [gohihfi] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [ynamhjj] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [bcufbas] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [gyilieo] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [bxbmygh] c:\windows\bvoghus.exe
O4 - HKCU\..\Run: [ehchqgx] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [ipoepmk] c:\windows\lnijwcs.exe
O4 - HKCU\..\Run: [lsxwojy] c:\windows\bvoghus.exe
O4 - HKCU\..\Run: [rvunkbo] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [hqnyocu] c:\windows\lnijwcs.exe
O4 - HKCU\..\Run: [hxuvurp] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [wtnhajr] c:\windows\lnijwcs.exe
O4 - HKCU\..\Run: [qdjngbg] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [elucqpi] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [ocytbjy] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [pfmqavv] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [brjmksj] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [llutrqx] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [tsmpfjk] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [ggbiwhp] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [magnbwc] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [ujbgjix] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [jqmqipq] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [afxkkvr] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [bqhoeoq] c:\windows\lnijwcs.exe
O4 - HKCU\..\Run: [xeuagjy] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [wclkpxx] c:\windows\lnijwcs.exe
O4 - HKCU\..\Run: [vjefvoe] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [wysoxpg] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [xelvxmg] c:\windows\lnijwcs.exe
O4 - HKCU\..\Run: [ggveeuj] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [smfnens] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [sjaqsvt] c:\windows\lnijwcs.exe
O4 - HKCU\..\Run: [bjsecho] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [bwputsx] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [nsfasdd] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [aihghst] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [wbeucyx] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [wpowxxo] c:\windows\bvoghus.exe
O4 - HKCU\..\Run: [wyarynf] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [akndels] c:\windows\bvoghus.exe
O4 - HKCU\..\Run: [iilxolj] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [fpqrqiw] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [ipcaucj] c:\windows\cvtjddi.exe
O4 - HKCU\..\Run: [gsihgkx] c:\windows\vsqrvcn.exe
O4 - HKCU\..\Run: [kwvjgtr] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [nxljlof] c:\windows\vsqrvcn.exe
O4 - HKCU\..\Run: [nmmgfoc] c:\windows\cvtjddi.exe
O4 - HKCU\..\Run: [bpidyvi] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [qvvhdrl] c:\windows\vsqrvcn.exe
O4 - HKCU\..\Run: [yberwtm] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [lsxrhrd] c:\windows\cvtjddi.exe
O4 - HKCU\..\Run: [kultgep] c:\windows\vsqrvcn.exe
O4 - HKCU\..\Run: [qqrgnbb] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [jkcoaiq] c:\windows\cvtjddi.exe
O4 - HKCU\..\Run: [ntavkah] c:\windows\vsqrvcn.exe
O4 - HKCU\..\Run: [vhrctig] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [vpopaki] c:\windows\cvtjddi.exe
O4 - HKCU\..\Run: [ynxjbix] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [nkyjiec] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [xkhqwdk] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [lauwuln] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [jmxfjae] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [mpsealv] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [ywxhhse] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [gbitwde] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [gevmvys] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [gwphksy] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [knxbkwy] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [dcfqhix] c:\windows\cvtjddi.exe
O4 - HKCU\..\Run: [lrjsvpi] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [petiswu] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [wtkxpcv] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [lawdgap] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [llmweri] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [sqwyril] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [ddgxmqs] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [dgssirc] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [qnyaofy] c:\windows\vsqrvcn.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://student02.udayton.edu/iNotes.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab



All of the .exe's in the middle were on the list for the online scan as uncleanable.
« Last Edit: November 29, 2004, 03:22:37 AM by Foxfleet » Logged

 
Foxfleet
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 13


Bookmark and Share

View Profile
« Reply #5 on: November 29, 2004, 04:23:42 AM »

All of the exe files seem to be from the l386 folder that is new to my hard drive. It can't delete it, but can cut and paste it into the recycling bin. However, it doesn't seem to go away. Let me know if you have any ideas.
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #6 on: November 29, 2004, 05:05:50 AM »

PRINT THESE INSTRUCTIONS OUT TO FOLLOW THEM CORRECTLY

**(Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders. This is where it will save the backup files needed if there's a problem.)**

Press Ctrl/Alt/Del and "End Task" or "End Process" on each of the following: (They may or may not be there)

DDCActiveMenu.exe
bmvvovb.exe
otappdj.exe
hqiivxt.exe
sckydrq.exe
aqqhmjg.exe
pyiropi.exe
wqsadvs.exe
cmnmftw.exe
axsvxwe.exe
xvnkror.exe
fyisqnh.exe
sameskp.exe
hhvrqxu.exe
lnijwcs.exe
bvoghus.exe
gqksksw.exe
wlxdxan.exe
cvtjddi.exe
bmxbtrq.exe
yniaoob.exe
vsqrvcn.exe


Turn off System Restore. (Turn it back on after this is repaired and you've rebooted.) Close all other open Windows and have HiJackThis Fix:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mypoiskovik.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mypoiskovik.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mypoiskovik.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mypoiskovik.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoiskovik.com/index.htm

O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot

O4 - HKCU\..\Run: [wxfjqpq] c:\windows\otappdj.exe
O4 - HKCU\..\Run: [osulvjc] c:\windows\aqqhmjg.exe
O4 - HKCU\..\Run: [ilgotpd] c:\windows\pyiropi.exe
O4 - HKCU\..\Run: [kucvasj] c:\windows\bmvvovb.exe
O4 - HKCU\..\Run: [whtrhvh] c:\windows\sckydrq.exe
O4 - HKCU\..\Run: [gvoleyb] c:\windows\otappdj.exe
O4 - HKCU\..\Run: [fnrijte] c:\windows\hqiivxt.exe
O4 - HKCU\..\Run: [sheapxf] c:\windows\aqqhmjg.exe
O4 - HKCU\..\Run: [dkmtsby] c:\windows\bmvvovb.exe
O4 - HKCU\..\Run: [sckvxul] c:\windows\sckydrq.exe
O4 - HKCU\..\Run: [gdxacne] c:\windows\pyiropi.exe
O4 - HKCU\..\Run: [mwamxpc] c:\windows\wqsadvs.exe
O4 - HKCU\..\Run: [njxqqsg] c:\windows\hqiivxt.exe
O4 - HKCU\..\Run: [hhscvhl] c:\windows\sckydrq.exe
O4 - HKCU\..\Run: [qyhodrs] c:\windows\aqqhmjg.exe
O4 - HKCU\..\Run: [uietifj] c:\windows\wqsadvs.exe
O4 - HKCU\..\Run: [ryhlhiq] c:\windows\pyiropi.exe
O4 - HKCU\..\Run: [dsvpstp] c:\windows\wqsadvs.exe
O4 - HKCU\..\Run: [ucpdrnx] c:\windows\cmnmftw.exe
O4 - HKCU\..\Run: [pjcyhpm] c:\windows\axsvxwe.exe
O4 - HKCU\..\Run: [nivabso] c:\windows\sckydrq.exe
O4 - HKCU\..\Run: [mhqonsy] c:\windows\aqqhmjg.exe
O4 - HKCU\..\Run: [gvnqddg] c:\windows\pyiropi.exe
O4 - HKCU\..\Run: [coejhgm] c:\windows\wqsadvs.exe
O4 - HKCU\..\Run: [xjdtgor] c:\windows\cmnmftw.exe
O4 - HKCU\..\Run: [wsbcvat] c:\windows\axsvxwe.exe
O4 - HKCU\..\Run: [hxubbjy] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [uasgsvq] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [rqyxogv] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [bswylen] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [hmcxjrj] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [mbupsqy] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [qpreebj] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [twjftve] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [oqrgavj] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [epvrpyf] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [edpvkqt] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [ugyfxoj] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [fmaesso] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [fovqlhx] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [mjadypy] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [fshqirw] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [dkvcaog] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [higvfig] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [bdjakwp] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [ghqtptg] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [qaqfnjq] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [uedtjjs] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [ublqnhq] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [aanvjwk] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [stjfink] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [ybmoccm] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [mllaswt] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [pgggfrf] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [lreqthr] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [cwcqxio] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [sfwfqxc] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [rgbfsss] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [lwedfmv] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [llhctwq] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [asbsabj] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [rictosu] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [cufbnbt] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [trlsekl] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [uhskblf] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [adwxppm] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [esvhhgs] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [kxgcpgs] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [xhumlnq] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [hwcatlp] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [tmjilbs] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [jyvtqxw] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [oigbphn] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [hnoxoae] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [liuxbcw] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [wpxwhsg] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [aanwqtt] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [xrnnoyd] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [pjofmml] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [qjmrwxg] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [cgkjjoe] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [xonftbk] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [rkwsrtw] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [pjqoqwg] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [sbyhvus] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [xwwyqyn] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [sgtxsdc] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [uhdiuvv] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [sctxhem] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [wlbdryb] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [psmjtyb] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [jbfxdss] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [milwusf] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [pndxwyi] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [xyqbncy] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [eospreu] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [yjqeete] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [tcuvurr] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [wokwqsh] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [itmglsj] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [qmpchmc] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [mqjdjnx] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [wjlplof] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [dwhqcvr] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [fnlbibm] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [rnialbe] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [scbarju] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [jghnfsp] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [klvqqhm] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [kgdeacr] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [qalibgt] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [g*yotyf] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [jnkjnqk] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [lhspdoc] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [gorajkw] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [gsndhnb] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [ymkmjeb] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [rhxgpdc] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [qrrvecx] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [egkssbr] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [vhjwwsa] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [xfoyskb] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [gguabnd] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [mbavyqv] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [orfxfqy] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [gdikqfc] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [eogiito] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [ynehebu] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [jkkhach] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [jjeufyi] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [stqus*x] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [vnfmpcd] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [vtvdjao] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [ppfxvva] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [arcxrwb] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [ebtrdjw] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [pdncbee] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [cqpgmsv] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [cofeniu] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [aikwtps] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [pgcosfg] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [gklolqw] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [drlfcli] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [ttisonk] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [bdcwppm] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [mmkiekv] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [fcnbtfy] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [isvgqjf] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [gcaebpk] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [irpoiyd] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [xglstrp] c:\windows\xvnkror.exe
O4 - HKCU\..\Run: [abltkjl] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [lxflxfg] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [lsdvoav] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [ylscslw] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [twbdkao] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [vstvfdu] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [sgcqvsl] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [igtubdi] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [semdvna] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [suibqoj] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [wsqsksj] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [kxfumut] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [srksepb] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [mhrqjwq] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [bkhvnmd] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [yahvtrw] c:\windows\fyisqnh.exe
O4 - HKCU\..\Run: [nsyfktb] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [clcgsye] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [ojhhrws] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [gohihfi] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [ynamhjj] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [bcufbas] c:\windows\sameskp.exe
O4 - HKCU\..\Run: [gyilieo] c:\windows\hhvrqxu.exe
O4 - HKCU\..\Run: [bxbmygh] c:\windows\bvoghus.exe
O4 - HKCU\..\Run: [ehchqgx] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [ipoepmk] c:\windows\lnijwcs.exe
O4 - HKCU\..\Run: [lsxwojy] c:\windows\bvoghus.exe
O4 - HKCU\..\Run: [rvunkbo] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [hqnyocu] c:\windows\lnijwcs.exe
O4 - HKCU\..\Run: [hxuvurp] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [wtnhajr] c:\windows\lnijwcs.exe
O4 - HKCU\..\Run: [qdjngbg] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [elucqpi] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [ocytbjy] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [pfmqavv] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [brjmksj] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [llutrqx] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [tsmpfjk] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [ggbiwhp] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [magnbwc] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [ujbgjix] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [jqmqipq] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [afxkkvr] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [bqhoeoq] c:\windows\lnijwcs.exe
O4 - HKCU\..\Run: [xeuagjy] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [wclkpxx] c:\windows\lnijwcs.exe
O4 - HKCU\..\Run: [vjefvoe] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [wysoxpg] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [xelvxmg] c:\windows\lnijwcs.exe
O4 - HKCU\..\Run: [ggveeuj] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [smfnens] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [sjaqsvt] c:\windows\lnijwcs.exe
O4 - HKCU\..\Run: [bjsecho] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [bwputsx] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [nsfasdd] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [aihghst] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [wbeucyx] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [wpowxxo] c:\windows\bvoghus.exe
O4 - HKCU\..\Run: [wyarynf] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [akndels] c:\windows\bvoghus.exe
O4 - HKCU\..\Run: [iilxolj] c:\windows\gqksksw.exe
O4 - HKCU\..\Run: [fpqrqiw] c:\windows\wlxdxan.exe
O4 - HKCU\..\Run: [ipcaucj] c:\windows\cvtjddi.exe
O4 - HKCU\..\Run: [gsihgkx] c:\windows\vsqrvcn.exe
O4 - HKCU\..\Run: [kwvjgtr] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [nxljlof] c:\windows\vsqrvcn.exe
O4 - HKCU\..\Run: [nmmgfoc] c:\windows\cvtjddi.exe
O4 - HKCU\..\Run: [bpidyvi] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [qvvhdrl] c:\windows\vsqrvcn.exe
O4 - HKCU\..\Run: [yberwtm] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [lsxrhrd] c:\windows\cvtjddi.exe
O4 - HKCU\..\Run: [kultgep] c:\windows\vsqrvcn.exe
O4 - HKCU\..\Run: [qqrgnbb] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [jkcoaiq] c:\windows\cvtjddi.exe
O4 - HKCU\..\Run: [ntavkah] c:\windows\vsqrvcn.exe
O4 - HKCU\..\Run: [vhrctig] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [vpopaki] c:\windows\cvtjddi.exe
O4 - HKCU\..\Run: [ynxjbix] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [nkyjiec] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [xkhqwdk] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [lauwuln] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [jmxfjae] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [mpsealv] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [ywxhhse] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [gbitwde] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [gevmvys] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [gwphksy] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [knxbkwy] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [dcfqhix] c:\windows\cvtjddi.exe
O4 - HKCU\..\Run: [lrjsvpi] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [petiswu] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [wtkxpcv] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [lawdgap] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [llmweri] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [sqwyril] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [ddgxmqs] c:\windows\bmxbtrq.exe
O4 - HKCU\..\Run: [dgssirc] c:\windows\yniaoob.exe
O4 - HKCU\..\Run: [qnyaofy] c:\windows\vsqrvcn.exe


Go to Control Panel / Add/Remove Programs and remove the
 following if they are there:


DDCActiveMenu

Now delete these Folders or Files that are Highlighted: (You may need enable "Show all Files" and disable "Hide System Files" in Windows Explorer / Tools / Folder Options / View Tab) (You may have to boot to "Safe Mode" in order to delete some Files/Folders)

C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe
c:\windows\otappdj.exe
c:\windows\bmvvovb.exe
c:\windows\hqiivxt.exe
c:\windows\sckydrq.exe
c:\windows\aqqhmjg.exe
c:\windows\pyiropi.exe
c:\windows\wqsadvs.exe
c:\windows\cmnmftw.exe
c:\windows\axsvxwe.exe
c:\windows\xvnkror.exe
c:\windows\fyisqnh.exe
c:\windows\hhvrqxu.exe
c:\windows\sameskp.exe
c:\windows\lnijwcs.exe
c:\windows\bvoghus.exe
c:\windows\gqksksw.exe
c:\windows\wlxdxan.exe
c:\windows\cvtjddi.exe
c:\windows\bmxbtrq.exe
c:\windows\yniaoob.exe
c:\windows\vsqrvcn.exe

Now, empty all your TEMP Folders (WinXp has up to 4 of them) / Temporary Internet Files Folder and then empty your "Recycle Bin" and Reboot.

Turn on System restore,before opening your browser goto TOOLS>INTERNET OPTIONS and make sure your Homepage is correct,if not ,type the URL you would like in the HomePage box.

Now re-run HJT and post a new logfile back here.


Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Foxfleet
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 13


Bookmark and Share

View Profile
« Reply #7 on: November 29, 2004, 08:23:33 PM »

I did what you requested. None of the .exe's were found when I searched them individually. Only problem I have is that I couldn't turn on System Restore. I click apply, and it freezes, tried it several times too. Here's my new log.

Logfile of HijackThis v1.98.2
Scan saved at 3:21:29 PM, on 11/29/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\HiJackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://student02.udayton.edu/iNotes.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #8 on: November 29, 2004, 11:47:19 PM »

Your logfile looks good FoxFleet... Good job .. Cheesy

Cactus
« Last Edit: November 29, 2004, 11:48:34 PM by Cactus » Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Foxfleet
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 13


Bookmark and Share

View Profile
« Reply #9 on: November 30, 2004, 02:37:36 AM »

Yeah, the PC seems to be running smooth. I still can't figure out the System Restore. It won't allow me to turn it back on. It just freezes. So any help there would be appreciated. Thanks to everyone who helped me rid it of the nasty viruses though. Thanks
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #10 on: November 30, 2004, 02:47:33 AM »

Changes to system restore only take fully place if you reboot.

My Computer > Properties > System Restore > Turn ON System Restore,  Reboot.


Let us know...

Cactus

Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Foxfleet
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 13


Bookmark and Share

View Profile
« Reply #11 on: November 30, 2004, 04:05:42 AM »

Still no luck, it freezes when I uncheck the box "Turn off System Restore on all drives"
Logged

 
Foxfleet
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 13


Bookmark and Share

View Profile
« Reply #12 on: December 02, 2004, 01:57:13 AM »

Do I need to run the PC with System Restore ON? If so, anyone have an alternate way of turning it back on. Would booting in Safe Mode change things?
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #13 on: December 02, 2004, 02:32:53 AM »

Try and do it in Safe Mode...

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Foxfleet
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 13


Bookmark and Share

View Profile
« Reply #14 on: December 02, 2004, 04:21:10 AM »

I just tried, it says you can not change it while in Safe Mode. I don't know what else to try. Do I need to turn it back on?
Logged

 
Pages: [1] 2  All Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page May 13, 2018, 10:09:51 PM