• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
melafefon

please help me i've been hijacked by delwbi

7 posts in this topic

hey, ive been attacked by this delwbi virus as a resolt of my stupit roomate who download porn stuff into my computer. i did erase it but now im stuck with this terible virus and dont know what to do. it keeps sending me scary massages and slow down my computer. i'll appresiate your help before it'll get worse. thanks.

ps: i have windows xp.

pss: i have some other problems like my home page keeps changing to my finder and some porn links stuck in my favorites but these problems are not new i have them for a couple of month.

 

Logfile of HijackThis v1.97.7

Scan saved at 15:44:17, on 20/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Analog Devices\SoundMAX\smagent.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Internet Explorer\IEengine.exe

C:\Program Files\eMule\emule.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

c:\windows\system32\epmcmcwj.exe

C:\Documents and Settings\liat kraus\My Documents\My Received Files\New Folder\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my-finder.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my-finder.com/index.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my-finder.com/index.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my-finder.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my-finder.com/index.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.bezeqint.net:8080

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &רדיו - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CGNOTCHY] c:\windows\system32\cgnotchy.exe /install

O4 - HKLM\..\Run: [AZRTCFRH] c:\windows\system32\azrtcfrh.exe /install

O4 - HKLM\..\Run: [OUWWWPPA] c:\windows\system32\ouwwwppa.exe /install

O4 - HKLM\..\Run: [DJNWSPUV] c:\windows\system32\djnwspuv.exe /install

O4 - HKLM\..\Run: [sDKUNDMO] c:\windows\system32\sdkundmo.exe /install

O4 - HKLM\..\Run: [AGWBHIET] c:\windows\system32\agwbhiet.exe /install

O4 - HKLM\..\Run: [XHTRNPAX] c:\windows\system32\xhtrnpax.exe /install

O4 - HKLM\..\Run: [JIYLNQHY] c:\windows\system32\jiylnqhy.exe /install

O4 - HKLM\..\Run: [EPMCMCWJ] c:\windows\system32\epmcmcwj.exe /install

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [iEengine] C:\Program Files\Internet Explorer\IEengine.exe

O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: ICQ Lite (HKLM)

O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://17.sharedsource.org/html/UDConn_5.2.1.1.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.tapuz.co.il/chat/launcher.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4152E2BF-DAD6-488D-9489-B4A369AC27DD}: NameServer = 192.115.106.35 192.115.106.31

Edited by melafefon

Share this post


Link to post
Share on other sites

can anybody please help me?????????!!!!!!!! ive send this massage a week ago and while im waiting for a reply my computer is folling apart!!!!!!!! and i realy need it for my work. so if you can please please help me i will be greatfull.

Share this post


Link to post
Share on other sites

While I know it can be frustrating waiting for help; 3 days is a far cry from a week; none the less lets get you fixed up and back on line, shall we?

 

Please Download CWShredder from HERE .DON'T run it yet but have it ready for when you need it Please re-download if you already have this. Make sure you have the latest version!

Close everything and run Hijackthis then :

Press Ctrl+Alt+Del and 'end task' on any of the follow that are present

C:\Program Files\Internet Explorer\IEengine.exe

c:\windows\system32\epmcmcwj.exe

 

Put a check next to these in hijackthis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my-finder.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my-finder.com/index.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my-finder.com/index.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my-finder.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my-finder.com/index.htm

 

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [CGNOTCHY] c:\windows\system32\cgnotchy.exe /install

O4 - HKLM\..\Run: [AZRTCFRH] c:\windows\system32\azrtcfrh.exe /install

O4 - HKLM\..\Run: [OUWWWPPA] c:\windows\system32\ouwwwppa.exe /install

O4 - HKLM\..\Run: [DJNWSPUV] c:\windows\system32\djnwspuv.exe /install

O4 - HKLM\..\Run: [sDKUNDMO] c:\windows\system32\sdkundmo.exe /install

O4 - HKLM\..\Run: [AGWBHIET] c:\windows\system32\agwbhiet.exe /install

O4 - HKLM\..\Run: [XHTRNPAX] c:\windows\system32\xhtrnpax.exe /install

O4 - HKLM\..\Run: [JIYLNQHY] c:\windows\system32\jiylnqhy.exe /install

O4 - HKLM\..\Run: [EPMCMCWJ] c:\windows\system32\epmcmcwj.exe /install

O4 - HKCU\..\Run: [iEengine] C:\Program Files\Internet Explorer\IEengine.exe

16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://17.sharedsource.org/html/UDConn_5.2.1.1.cab

THEN WITH ALL OTHER WINDOWS CLOSED ,press "Fix".

 

Make sure you are set to Show Hidden Files and Folders and delete the following files/folders:-

c:\windows\system32\cgnotchy.exe

c:\windows\system32\azrtcfrh.exe

c:\windows\system32\ouwwwppa.exe

c:\windows\system32\djnwspuv.exe

c:\windows\system32\sdkundmo.exe

c:\windows\system32\agwbhiet.exe

c:\windows\system32\xhtrnpax.exe

c:\windows\system32\jiylnqhy.exe

c:\windows\system32\epmcmcwj.exe

C:\Program Files\Internet Explorer\IEengine.exe

 

You will have to search for the following files with Start>Search>Files and Folders:

internat.exe

Make sure you delete all instances of the files you find.

 

Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)

[*]C:\Windows\Temp\

[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temp\

[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\

[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <---This will delete your internet cache--including cookies. This is recommended and strongly suggested.

[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\

[*]Empty your "Recycle Bin"

 

Immediatly close HijackThis (and everything else) and run CWShredder

 

Next you'll need to turn off the System Restore. It may have a copy of the virus. This can be done by following the instructions of your OS at http://www.vet.com.au/html/zoo/system_restore.htm.

 

Run an online virus scan at Housecall and/or Panda Online. Please note any virus found and report back with new log.

 

Now turn System Restore back on, then Reboot and post a fresh log back to this thread.

Share this post


Link to post
Share on other sites

thank you so much for your answer but unfortunatly before i got it i closed my comuter and when i re-opened it the problem multiplied itself!!!!!!!! and has taken over my computer!!!!!!

im so sorry to boder you again but i need you to look at this new logfile. i havent done any of your suggestions yet because the situation has changed: there are many many more tasks with random letters and my coputer is in a critical condition.

please go over this logfile again cause now it's truly argent.

tons of thanks in advance.

 

Logfile of HijackThis v1.97.7

Scan saved at 16:04:25, on 24/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Analog Devices\SoundMAX\smagent.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\windows\system32\cgnotchy.exe

C:\windows\system32\azrtcfrh.exe

C:\windows\system32\sdkundmo.exe

C:\windows\system32\tylhoxdx.exe

C:\windows\system32\gxryneov.exe

C:\windows\system32\nsykyerm.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\windows\system32\xdxskhxo.exe

C:\windows\system32\eifbncwb.exe

C:\windows\system32\dsgluzhb.exe

C:\windows\system32\hwafkwfp.exe

C:\windows\system32\paruhpfq.exe

C:\windows\system32\lhawlepo.exe

C:\windows\system32\sntadmsh.exe

C:\windows\system32\qmjgrwxr.exe

C:\windows\system32\tmfdmcpj.exe

C:\windows\system32\jdjrbstm.exe

C:\windows\system32\uhtfaxwl.exe

C:\windows\system32\cvmvihkm.exe

C:\windows\system32\exkngwzk.exe

C:\windows\system32\nacgevrm.exe

C:\windows\system32\ugrjwiqw.exe

C:\windows\system32\yailaaxp.exe

C:\windows\system32\xmfnhhay.exe

C:\windows\system32\syrtnfhz.exe

C:\windows\system32\mgvltmro.exe

C:\windows\system32\zgomconm.exe

C:\windows\system32\anlmjffo.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\taskmgr.exe

C:\Documents and Settings\liat kraus\My Documents\My Received Files\New Folder\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my-finder.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my-finder.com/index.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my-finder.com/index.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my-finder.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my-finder.com/index.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &רדיו - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe

O4 - HKLM\..\Run: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CGNOTCHY] c:\windows\system32\cgnotchy.exe /install

O4 - HKLM\..\Run: [AZRTCFRH] c:\windows\system32\azrtcfrh.exe /install

O4 - HKLM\..\Run: [sDKUNDMO] c:\windows\system32\sdkundmo.exe /install

O4 - HKLM\..\Run: [AGWBHIET] c:\windows\system32\agwbhiet.exe /install

O4 - HKLM\..\Run: [XHTRNPAX] c:\windows\system32\xhtrnpax.exe /install

O4 - HKLM\..\Run: [JIYLNQHY] c:\windows\system32\jiylnqhy.exe /install

O4 - HKLM\..\Run: [sUQFFNAR] c:\windows\system32\suqffnar.exe /install

O4 - HKLM\..\Run: [TYLHOXDX] c:\windows\system32\tylhoxdx.exe /install

O4 - HKLM\..\Run: [EEDKOEWX] c:\windows\system32\eedkoewx.exe /install

O4 - HKLM\..\Run: [GXRYNEOV] c:\windows\system32\gxryneov.exe /install

O4 - HKLM\..\Run: [NSYKYERM] c:\windows\system32\nsykyerm.exe /install

O4 - HKLM\..\Run: [GLFYTZEZ] c:\windows\system32\glfytzez.exe /install

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [XDXSKHXO] c:\windows\system32\xdxskhxo.exe /install

O4 - HKLM\..\Run: [EIFBNCWB] c:\windows\system32\eifbncwb.exe /install

O4 - HKLM\..\Run: [DSGLUZHB] c:\windows\system32\dsgluzhb.exe /install

O4 - HKLM\..\Run: [CVAPNHFO] c:\windows\system32\cvapnhfo.exe /install

O4 - HKLM\..\Run: [QDSVPOGE] c:\windows\system32\qdsvpoge.exe /install

O4 - HKLM\..\Run: [sFIHUEYO] c:\windows\system32\sfihueyo.exe /install

O4 - HKLM\..\Run: [HWAFKWFP] c:\windows\system32\hwafkwfp.exe /install

O4 - HKLM\..\Run: [PARUHPFQ] c:\windows\system32\paruhpfq.exe /install

O4 - HKLM\..\Run: [LXHADIRW] c:\windows\system32\lxhadirw.exe /install

O4 - HKLM\..\Run: [RFSIHWCR] c:\windows\system32\rfsihwcr.exe /install

O4 - HKLM\..\Run: [XIMEMWQB] c:\windows\system32\ximemwqb.exe /install

O4 - HKLM\..\Run: [DUJHMBHM] c:\windows\system32\dujhmbhm.exe /install

O4 - HKLM\..\Run: [uYQRENOI] c:\windows\system32\uyqrenoi.exe /install

O4 - HKLM\..\Run: [uXYGCUTR] c:\windows\system32\uxygcutr.exe /install

O4 - HKLM\..\Run: [uXVINGFL] c:\windows\system32\uxvingfl.exe /install

O4 - HKLM\..\Run: [VMYNKCOF] c:\windows\system32\vmynkcof.exe /install

O4 - HKLM\..\Run: [WYCOFDXU] c:\windows\system32\wycofdxu.exe /install

O4 - HKLM\..\Run: [PFQRYZBZ] c:\windows\system32\pfqryzbz.exe /install

O4 - HKLM\..\Run: [LHAWLEPO] c:\windows\system32\lhawlepo.exe /install

O4 - HKLM\..\Run: [ZYHHNDCJ] c:\windows\system32\zyhhndcj.exe /install

O4 - HKLM\..\Run: [EBAOIKRB] c:\windows\system32\ebaoikrb.exe /install

O4 - HKLM\..\Run: [TIIMVEHB] c:\windows\system32\tiimvehb.exe /install

O4 - HKLM\..\Run: [sNTADMSH] c:\windows\system32\sntadmsh.exe /install

O4 - HKLM\..\Run: [YRGWIMOS] c:\windows\system32\yrgwimos.exe /install

O4 - HKLM\..\Run: [HXDFPWRE] c:\windows\system32\hxdfpwre.exe /install

O4 - HKLM\..\Run: [ZQCECMMQ] c:\windows\system32\zqcecmmq.exe /install

O4 - HKLM\..\Run: [MIHAVRAT] c:\windows\system32\mihavrat.exe /install

O4 - HKLM\..\Run: [PCGOZDFY] c:\windows\system32\pcgozdfy.exe /install

O4 - HKLM\..\Run: [AGVSPEOT] c:\windows\system32\agvspeot.exe /install

O4 - HKLM\..\Run: [VFBKEDTI] c:\windows\system32\vfbkedti.exe /install

O4 - HKLM\..\Run: [QMJGRWXR] c:\windows\system32\qmjgrwxr.exe /install

O4 - HKLM\..\Run: [TMFDMCPJ] c:\windows\system32\tmfdmcpj.exe /install

O4 - HKLM\..\Run: [TOLKIJIG] c:\windows\system32\tolkijig.exe /install

O4 - HKLM\..\Run: [GFSPRJDR] c:\windows\system32\gfsprjdr.exe /install

O4 - HKLM\..\Run: [VHOMCFRM] c:\windows\system32\vhomcfrm.exe /install

O4 - HKLM\..\Run: [uMXLNBDM] c:\windows\system32\umxlnbdm.exe /install

O4 - HKLM\..\Run: [QFZMYYYJ] c:\windows\system32\qfzmyyyj.exe /install

O4 - HKLM\..\Run: [KSGOETVE] c:\windows\system32\ksgoetve.exe /install

O4 - HKLM\..\Run: [GIYJBAQO] c:\windows\system32\giyjbaqo.exe /install

O4 - HKLM\..\Run: [iRUVHIRR] c:\windows\system32\iruvhirr.exe /install

O4 - HKLM\..\Run: [JDJRBSTM] c:\windows\system32\jdjrbstm.exe /install

O4 - HKLM\..\Run: [QXUDOGKY] c:\windows\system32\qxudogky.exe /install

O4 - HKLM\..\Run: [FLGDJEOB] c:\windows\system32\flgdjeob.exe /install

O4 - HKLM\..\Run: [HOHPUZRU] c:\windows\system32\hohpuzru.exe /install

O4 - HKLM\..\Run: [sRXNCQNT] c:\windows\system32\srxncqnt.exe /install

O4 - HKLM\..\Run: [EMXZBYJR] c:\windows\system32\emxzbyjr.exe /install

O4 - HKLM\..\Run: [uHTFAXWL] c:\windows\system32\uhtfaxwl.exe /install

O4 - HKLM\..\Run: [RMIAQDSJ] c:\windows\system32\rmiaqdsj.exe /install

O4 - HKLM\..\Run: [CVMVIHKM] c:\windows\system32\cvmvihkm.exe /install

O4 - HKLM\..\Run: [EXKNGWZK] c:\windows\system32\exkngwzk.exe /install

O4 - HKLM\..\Run: [MWOBRDZJ] c:\windows\system32\mwobrdzj.exe /install

O4 - HKLM\..\Run: [PAPAMJWO] c:\windows\system32\papamjwo.exe /install

O4 - HKLM\..\Run: [NACGEVRM] c:\windows\system32\nacgevrm.exe /install

O4 - HKLM\..\Run: [PSPDZBJM] c:\windows\system32\pspdzbjm.exe /install

O4 - HKLM\..\Run: [TOMYJJVG] c:\windows\system32\tomyjjvg.exe /install

O4 - HKLM\..\Run: [uGRJWIQW] c:\windows\system32\ugrjwiqw.exe /install

O4 - HKLM\..\Run: [uQYHDQKT] c:\windows\system32\uqyhdqkt.exe /install

O4 - HKLM\..\Run: [YAILAAXP] c:\windows\system32\yailaaxp.exe /install

O4 - HKLM\..\Run: [XMFNHHAY] c:\windows\system32\xmfnhhay.exe /install

O4 - HKLM\..\Run: [FRZHIVZP] c:\windows\system32\frzhivzp.exe /install

O4 - HKLM\..\Run: [hrRBKQFP] c:\windows\system32\hrrbkqfp.exe /install

O4 - HKLM\..\Run: [uROFKHRH] c:\windows\system32\urofkhrh.exe /install

O4 - HKLM\..\Run: [sYRTNFHZ] c:\windows\system32\syrtnfhz.exe /install

O4 - HKLM\..\Run: [CDBDGXIR] c:\windows\system32\cdbdgxir.exe /install

O4 - HKLM\..\Run: [KMAMOJHO] c:\windows\system32\kmamojho.exe /install

O4 - HKLM\..\Run: [MGVLTMRO] c:\windows\system32\mgvltmro.exe /install

O4 - HKLM\..\Run: [ZGOMCONM] c:\windows\system32\zgomconm.exe /install

O4 - HKLM\..\Run: [ANLMJFFO] c:\windows\system32\anlmjffo.exe /install

O4 - HKLM\..\Run: [GWGNBEDD] c:\windows\system32\gwgnbedd.exe /install

O4 - HKLM\..\Run: [FDOABDAR] c:\windows\system32\fdoabdar.exe /install

O4 - HKLM\..\Run: [CUWUHARH] c:\windows\system32\cuwuharh.exe /install

O4 - HKLM\..\Run: [FVOMBKNJ] c:\windows\system32\fvombknj.exe /install

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [iEengine] C:\Program Files\Internet Explorer\IEengine.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: ICQ Lite (HKLM)

O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://17.sharedsource.org/html/UDConn_5.2.1.1.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.tapuz.co.il/chat/launcher.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4152E2BF-DAD6-488D-9489-B4A369AC27DD}: NameServer = 192.115.106.35 192.115.106.31

Share this post


Link to post
Share on other sites

Run CWShredder if you haven't already.

 

Do you have a Restore Point from before this disaster?

Start->All Programs->Accessories->System Tools->System Restore.

Tick "Restore my computer to an earlier time", then click Next and look at the calendar for available Restore Points.

Share this post


Link to post
Share on other sites

First I want to thanks cnm for the follow-up for you; I've been having some every bad connection problem for the past few day.

 

In addition to running CWShredder, let's do a couple more things to get your log a little more "manageable"

 

Most of those 04 entries in your log are virus/trojan related so again it's imperative to run an online virus scan at Housecall and/or Panda Online.

 

Now download Ad-Aware at http://www.lavasoftusa.com/support/download/

After installing AAW, and before running the program, FIRST update the reference file following these instructions.

- On the main AdAware screen hit the Check for Updates, hit the 'Connect' key; it will then connect, check for then ask if you want to download latest Ref. files (if one is available), accept. Once downloaded hit "Finish" (Green Checkmark)

 

Now do the following:

 

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:

check: "Unload recognized processes during scanning."

 

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:

Check: "Let Windows remove files in use after reboot."

 

Press "Scan Now"

 

- Check option "Use Custom scanning options"

- Check option "Activate In-Depth Scan"

- Press "Select drives\folders to scan"

- Select the active partition which is usually C:

 

Now press "Next" to let Ad-aware scan your drives...

It will find a number of "bad" files and registry keys. Click 'Next' again

Right-click in that pane and choose "select all"

 

If it finds "bad" files and registry keys, press "Next" again

It will ask you whether you'd like to remove all checked items. Click OK.

 

Finally, close Ad-Aware, and reboot.

 

Go here download Spybot S&D. Install Spybot, close all other windows and run it. ALWAYS use the search for update button when you first open Spybot. Let Spybot download and install any updates it finds..Now you are ready to click the Check for problems button. Let Spybot fix any entries marked in RED

 

After ALL of the above post a new Hijack this log back to this thread.

Share this post


Link to post
Share on other sites

thank you so much for your help, my computer is alot better now.

i hope ive terminated all my problems but just to make sure im sending you my new log file. thanks again.

ps:

the only thing that still bother me though is that when i open my window task massanger and look into the performance the cpu usage keeps jumping from 0% to very high numbers, is this a bad sigh for something or not?

 

Logfile of HijackThis v1.97.7

Scan saved at 18:46:52, on 28/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Analog Devices\SoundMAX\smagent.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\System32\imapi.exe

C:\Program Files\Ahead\Nero\nero.exe

C:\Documents and Settings\liat kraus\My Documents\My Received Files\New Folder\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &רדיו - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe

O4 - HKLM\..\Run: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: ICQ Lite (HKLM)

O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.tapuz.co.il/chat/launcher.cab

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0