« previous next »
Pages: [1]

Author Topic: :( Please help me - clicksearchclick :(  (Read 842 times)

Offline gemba

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
:( Please help me - clicksearchclick :(
« on: May 25, 2005, 07:51:22 AM »
Thanks for reading...please help me free my laptop...I promise never to let random people use it again

Logfile of HijackThis v1.99.1
Scan saved at 7:22:51 AM, on 5/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\Services\{C6823DF1-7400-42D9-B099-8C80DCF39406}\SVCHOST.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\RoamMgr.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intuit\QuickBooks Pro\qbw32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\axlBridge.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksearchclick.com/index.php?aff=9
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\G\Application Data\Mozilla\Profiles\default\7ggkcpyt.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\G\Application Data\Mozilla\Profiles\default\7ggkcpyt.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{C6823DF1-7400-42D9-B099-8C80DCF39406}\SVCHOST.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{C6823DF1-7400-42D9-B099-8C80DCF39406}\SECURITY.EXE
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [pqpqasn] c:\windows\pixtadm.exe
O4 - HKCU\..\Run: [fudafmw] c:\windows\pixtadm.exe
O4 - HKCU\..\Run: [nhrslgq] c:\windows\pixtadm.exe
O4 - HKCU\..\Run: [oiquyow] c:\windows\pixtadm.exe
O4 - HKCU\..\Run: [xypvaup] c:\windows\pixtadm.exe
O4 - HKCU\..\Run: [dbvvhpr] c:\windows\pixtadm.exe
O4 - HKCU\..\Run: [fqmnsme] c:\windows\pixtadm.exe
O4 - HKCU\..\Run: [bfbxqep] c:\windows\pixtadm.exe
O4 - HKCU\..\Run: [odkmxuo] c:\windows\nvijmnm.exe
O4 - HKCU\..\Run: [paujdyc] c:\windows\nvijmnm.exe
O4 - HKCU\..\Run: [dwgxetl] c:\windows\nvijmnm.exe
O4 - HKCU\..\Run: [iphbcsj] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [savdtyy] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ruigtcq] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ftasfwk] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [qybakxx] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [uhnwtgm] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ylipuxv] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [vdihoov] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [stwjxsd] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [rjppfmy] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [nutvhga] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [mftdjgl] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ipqixcb] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [jvykufe] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [tcmmfpg] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [jlepaex] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [anciwve] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ystrmip] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [fcwrykg] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [yqvkmiu] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [srmxusu] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ahvgjtf] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [mdpqhss] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [xnaunam] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [fwygxum] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [clentgp] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [fqyjdxy] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [aofslsv] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [npyyqjm] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [vuguaun] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [yvfiria] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [cnwbeqr] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ggutpmc] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [daqjotj] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [gkehgai] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [bfmscme] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [hgxcoth] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [osiqtep] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [limrfge] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [rfjbbcd] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [xkivhby] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [vdcmvne] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [piisxmb] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [rntredp] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [oxgelym] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [lqeiypw] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [otmotwa] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [qfodauk] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [wsjvtud] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [rrliyaa] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [vgcrxyh] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [teonhpi] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [rlhjscj] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [nhaolxn] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [lgxsklq] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [bscextr] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [txbipho] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [qtpipsq] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [yxvccsu] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [clcoxhr] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ybnilnf] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [joadiui] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [lsjtjtw] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [csaqlhd] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [agvhygk] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ltmbxcp] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ievrkrv] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [slwvnbk] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [njuulwh] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [gshufwb] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [jhdaxlx] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [euaofhh] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [xhkbrop] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [lcbcjmf] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [rqxbcod] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [vxdajei] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [loecbxy] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [cdeoyvb] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [nugspso] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [skfpryb] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [vfrdfmi] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [oohevgm] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [gbvnlry] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [uimdpmr] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [qgxrhqn] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [khuiaeo] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [kepxaqb] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [kohxfck] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [vowopgp] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [kbecqrg] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [nabjwfc] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [atdahex] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ylskuhi] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [kalgbko] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [chtnwve] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [bykicws] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ykmpqmo] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [hqrrmbe] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [mcuoyvu] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [bfsxkvt] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [drknyes] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [whikfbs] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [xwdfetf] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [mehdmxq] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [dehurvi] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [asuwjmm] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [lucbmex] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [sdmuvsf] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [uwcmqxe] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [hgtcxmo] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [rstnwkb] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [vhdijky] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [etfesjb] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [evqtsel] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [cqqlggu] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [vudcgim] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [kldemky] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [thbofdj] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ooqvgpy] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [hfqjtuv] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [tqpwlfv] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [wreimfv] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [obaihcg] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [lgwvird] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [kfhsrop] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [abkfhgd] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [cakhnvv] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [endkles] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [moaodqw] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [bfmuvrk] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [kjmbsgr] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [sdnrpix] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [bnjqdpl] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [lhfmvfp] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [frlyfjb] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ymhbexg] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [wwecsik] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [bnrlkon] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [lxetvax] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [yuhvldx] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [nequiay] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [bxuyyek] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [geyrxbl] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [hbkomaj] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ghftuyo] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [yatpguj] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ycvncjj] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [pjaceml] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [whohjhp] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [nhmgdju] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [axycjml] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [wyhuxtf] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [waldoop] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ofypsjw] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [rbdebcy] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [fpxuygc] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [dqupdjv] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [dqrbexx] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [mndsmya] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [sngdwbi] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [yqmbwgs] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [gvhaqcu] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [qaihjnc] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [navwxsp] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [chkpyfe] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [wsschxo] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ihyxhnm] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [txbnqck] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [nifthle] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ywxifuq] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [icqlxur] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ksexbqg] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [mupjybd] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [ifbgflk] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [iqtuwwv] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [gwcpjpk] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [lptwwrg] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [lmbfyhq] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [nlxystg] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [vsryegh] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [yfwkwhe] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [realwmu] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [uxmjrmp] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [mxflcuq] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [qlnfmtf] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [xatkyht] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [mduyvwr] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [antradj] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [bbbnbqw] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [uucstyx] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [lkxlbjr] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [xhttuiq] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [tjeymri] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [jbirmku] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [wdtlqlo] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [emhjhlm] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [efetkvu] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [gnsequp] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [jhrrplp] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [etqwife] c:\windows\pncfuai.exe
O4 - HKCU\..\Run: [csptbyv] c:\windows\wnsulol.exe
O4 - HKCU\..\Run: [rfyhnfj] c:\windows\wnsulol.exe
O4 - HKCU\..\Run: [tmktqyr] c:\windows\wnsulol.exe
O4 - HKCU\..\Run: [uhmugxh] c:\windows\epchyxa.exe
O4 - HKCU\..\Run: [hacaami] c:\windows\epchyxa.exe
O4 - HKCU\..\Run: [srahcyp] c:\windows\epchyxa.exe
O4 - HKCU\..\Run: [jddtran] c:\windows\epchyxa.exe
O4 - HKCU\..\Run: [vbkeomr] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [ygjalkk] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [pnfkecr] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [scestoh] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [vccxbtv] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [hxtmual] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [ikisrmd] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [cxrduys] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [wgaajie] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [qgndnfr] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [wenvbvy] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [kuqwadm] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [vtixsgi] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [wxykvml] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [koclxdy] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [wvmurln] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [ppcxalv] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [flobfjl] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [mebgwow] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [uhepyea] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [cnanflu] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [xxskkdn] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [ocxjnon] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [xkamxic] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [rydthmo] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [auobssi] c:\windows\cdmomsy.exe
O4 - HKCU\..\Run: [hlxkiux] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [nnwifjn] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [gdmfyxs] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [hmwpjpa] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [eegthvs] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [yjvdggn] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [luyaofa] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [ahohqos] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [tffbgsh] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [ppdbrss] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [uhnyuch] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [nyrskcd] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [ucktrxn] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [ptktahu] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [idrugsa] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [nyieobb] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [drlhxct] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [tblwkyh] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [rqsmfkc] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [ijvxbcr] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [phiubva] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [pwrfqcu] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [bxxpvim] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [thonaoh] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [eevuykj] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [hwquexs] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [yhglyxm] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [ltbvpcm] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [qecafjs] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [jfhewhp] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [odmhbch] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [ikpkaet] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [tnvqujx] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [amoreik] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [dkakcji] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [wypohbu] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [ymyrnqk] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [sjtkuhf] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [hnympwu] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [aeepkhb] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [nabclwl] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [lhapyaj] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [xytrpbb] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [vkhxfka] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [klorewt] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [jerraqf] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [axptldy] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [tgnjctw] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [chmtndw] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [vavqnoj] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [qbwmvdn] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [mhjfjbv] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [rtrauon] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [mrrahtd] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [wbolrdd] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [rvnnsal] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [vpisiie] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [xnycfrb] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [wortdje] c:\windows\aqwqsax.exe
O4 - HKCU\..\Run: [mmjgasb] c:\windows\ikglgic.exe
O4 - HKCU\..\Run: [pqtcbvl] c:\windows\wnkjuvj.exe
O4 - HKCU\..\Run: [xkjopgl] c:\windows\wnkjuvj.exe
O4 - HKCU\..\Run: [vsmlffl] c:\windows\wnkjuvj.exe
O4 - HKCU\..\Run: [ujjqiqd] c:\windows\wnkjuvj.exe
O4 - HKCU\..\Run: [dfijhcm] c:\windows\wnkjuvj.exe
O4 - HKCU\..\Run: [cvqjffn] c:\windows\tutuocl.exe
O4 - HKCU\..\Run: [gthtnah] c:\windows\tutuocl.exe
O4 - HKCU\..\Run: [bxlubep] c:\windows\tutuocl.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/v12.280/qboax8.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D92D7607-05D9-4DD8-B68B-D458948FB883} (QuickBooks Online Edition Utilities Class v7) - https://accounting.quickbooks.com/v11.271/qboax7.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\System32\RoamMgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Logged

Offline Cretemonster

  • Jr. Member
  • **
  • Posts: 88
  • Karma: +0/-0
    • View Profile
:( Please help me - clicksearchclick :(
« Reply #1 on: May 29, 2005, 06:19:46 PM »
Hey gemba and Welcome!

Please Copy these Instructions to Notepad and Save them to your Desktop!

I will ask you to download several programs to try to combat this with,Please try to place them all in the same folder,so when clean you can go one place and remove the ones you no longer need!

Please Dont Run any of these until I ask you to!

Download Pocket KillBox from here:
http://www.bleepingcomputer.com/files/killbox.php
There is a Direct Download and a description of what the Program does inside this link.

Download Ewido Security Suite, install then from within the program check for updates BUT dont scan yet
Ewido Security Suite:
http://www.ewido.net/en/download/

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
We will fix this in a moment.

From the main Ewido screen, Click on Update in the left menu, then click the Start Update button.

After the Update finishes (the status bar at the bottom will display "Update successful"), Now close the program.

If you have problems updating see here
http://www.ewido.net/en/download/updates/

CleanUp! 4.0
http://downloads.stevengould.org/cleanup/CleanUp40.exe

Download "The Hoster" from here
http://www.funkytoad.com/download/hoster.zip

The Next 2 I want you to run as soon as you download them!

Please Download Microsoft® Windows® Malicious Software Removal Tool
http://www.microsoft.com/downloads/details...&displaylang=en

Click Download>Run and then run again!

If any type of report is generated,please save it!

Next, download a program called LSPfix. Here's the link where to get it
http://cexx.org/lspfix.htm

Run the program and follow these directions:

1. Run LSPFix.
2. Check "I know what I'm doing".
3. Select all instances of  flsmngr.dll (c:\windows\system32\flsmngr.dll)
4. Left Click and Drag it to the "Remove" Side
5. Click "Finished".

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!

Here is a link to help with that
http://www.bleepingcomputer.com/forums/ind...showtutorial=62

Be sure to follow the directions that apply to your Operating System!

Open Hoster and Press "Restore Original Hosts" and press "OK". Exit Program.

Now Scan the PC with Ewido and Save the log it generates!

Open Up Pocket KillBox and Have it ready to use!

Highlight>>Right Click and Copy the list below!

C:\WINDOWS\System32\Services
c:\windows\pixtadm.exe
c:\windows\nvijmnm.exe
c:\windows\pncfuai.exe
c:\windows\wnsulol.exe
c:\windows\epchyxa.exe
c:\windows\cdmomsy.exe
c:\windows\aqwqsax.exe
c:\windows\ikglgic.exe
c:\windows\wnkjuvj.exe
c:\windows\tutuocl.exe
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\system32\thun.dll
c:\windows\system32\flsmngr.dll
C:\WINDOWS\System32\d3d8wpa.exe

Back to Pocket KillBox>>Click File>>Click Copy to Clipboard

Now you should see the first file in the list and if you click the down arrow you should see the rest of the list!

If you dont....One at a time,Copy&Paste each entry into "Full Path of File to Delete"

Place a tick by any of these selections available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"
"Deltree(Include Subdirectories)"

Click the Red Circle with the White X in the Middle to Delete!!

If Killbox says a file could not be deleted...Write that name down!

Dont worry if it says file not found!

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/index.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksearchclick.com/index.php?aff=9

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/index.htm

O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{C6823DF1-7400-42D9-B099-8C80DCF39406}\SVCHOST.EXE

O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{C6823DF1-7400-42D9-B099-8C80DCF39406}\SECURITY.EXE

O4 - HKCU\..\Run: [pqpqasn] c:\windows\pixtadm.exe<< All of those entries!

O4 - HKCU\..\Run: [odkmxuo] c:\windows\nvijmnm.exe<< All of those entries!

O4 - HKCU\..\Run: [iphbcsj] c:\windows\pncfuai.exe<< All of those entries!

O4 - HKCU\..\Run: [csptbyv] c:\windows\wnsulol.exe<< All of those entries!

O4 - HKCU\..\Run: [uhmugxh] c:\windows\epchyxa.exe<< All of those entries!

O4 - HKCU\..\Run: [vbkeomr] c:\windows\cdmomsy.exe<< All of those entries!

O4 - HKCU\..\Run: [hlxkiux] c:\windows\aqwqsax.exe<< All of those entries!

O4 - HKCU\..\Run: [pqtcbvl] c:\windows\wnkjuvj.exe<< All of those entries!

O4 - HKCU\..\Run: [cvqjffn] c:\windows\tutuocl.exe<< All of those entries!

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: (no name) - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)

O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!!

Now if you have any files or folders that killbox couldnt delete...Copy&Paste them back into Killbox and place a tick by "Delete on Reboot"

If there is more than one

Click "Yes" to Confirm
Click "No" to reboot

When you enter the last file

Click "Yes" to Confirm
Click "Yes" to reboot

If you get a PendingFileRenameOperations Registry Data has been Removed by External Process! message then just restart manually.

Once Restarted Normal have the PC scanned here
BitDefender

You will have to be using Internet Explorer for the Scan to work!

Save the Report it Generates!

Post back with the Reports from Ewido and Bitdefender

Post a fresh HijackThis log as well!
Logged
Pages: [1]
« previous next »