Tech Support Guy banner
Cancel

Atiupdate5

Jump to Latest Follow
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 3 of 3 Posts
M

· Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
About a week ago, we switched on our computer and 5 new icons appeared on our computer- Atiupdate5, 0, 0, 0021-bd194, and calsdr (exactly the same problem as Blank75 had when they posted.) Since then we have downloaded Spybot search and destroy, Spy Hunter and bought Spy Sweeper. However, we have only been able to get rid of 0,0 and not the other 3 icons.

We have also downloaded HijackThis after reading another persons post with the same problem.

Here is my current hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 19:59:24, on 06/04/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\ERSIONV.EXE
C:\PROGRAM FILES\AOL 7.0\WAOL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\SDGNY7EJ\HIJACKTHIS[1].EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hkcu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SourcePath] c:\cabs\gwreg.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [VSN] C:\PROGRAM FILES\VSN\VSN.EXE
O4 - HKLM\..\Run: [ERSIONV] C:\WINDOWS\SYSTEM\ERSIONV.exe
O4 - HKLM\..\Run: [PQV804G7.EXE] C:\WINDOWS\PQV804G7.EXE /dk
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [PQV804G7.EXE] C:\WINDOWS\PQV804G7.EXE /dk
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Startup: O37UTC76.lnk = C:\WINDOWS\o37utc76.exe
O4 - Startup: JHXQICOW.lnk = C:\WINDOWS\jhxqicow.exe
O4 - Startup: 15X0HY73.lnk = C:\WINDOWS\15x0hy73.exe
O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Startup: HYGGIF0W.lnk = C:\WINDOWS\hyggif0w.exe
O4 - Startup: OFU6CJUZ.lnk = C:\WINDOWS\ofu6cjuz.exe
O4 - Startup: Q6A5GB7D.lnk = C:\WINDOWS\q6a5gb7d.exe
O4 - Startup: OGA2OBVL.lnk = C:\WINDOWS\oga2obvl.exe
O4 - Startup: UZBJ2Y0Q.lnk = C:\WINDOWS\uzbj2y0q.exe
O4 - Startup: Y21NUTC0.lnk = C:\WINDOWS\y21nutc0.exe
O4 - Startup: WPKVIQ4N.lnk = C:\WINDOWS\wpkviq4n.exe
O4 - Startup: 96A4G2IF.lnk = C:\WINDOWS\96a4g2if.exe
O4 - Startup: HF5QPFKW.lnk = C:\WINDOWS\hf5qpfkw.exe
O4 - Startup: WEWTL0ZA.lnk = C:\WINDOWS\wewtl0za.exe
O4 - Startup: 560RUN1P.lnk = C:\WINDOWS\560run1p.exe
O4 - Startup: GT08VNTY.lnk = C:\WINDOWS\gt08vnty.exe
O4 - Startup: 0O7378YO.lnk = C:\WINDOWS\0o7378yo.exe
O4 - Startup: FCRGI7X1.lnk = C:\WINDOWS\fcrgi7x1.exe
O4 - Startup: 8ZQ6079T.lnk = C:\WINDOWS\8zq6079t.exe
O4 - Startup: 7F8YRYKE.lnk = C:\WINDOWS\7f8yryke.exe
O4 - Startup: DTDR44IQ.lnk = C:\WINDOWS\dtdr44iq.exe
O4 - Startup: 0GLYZL6B.lnk = C:\WINDOWS\0glyzl6b.exe
O4 - Startup: FI446JNK.lnk = C:\WINDOWS\fi446jnk.exe
O4 - Startup: TI357HT0.lnk = C:\WINDOWS\ti357ht0.exe
O4 - Startup: CIFHRN0V.lnk = C:\WINDOWS\cifhrn0v.exe
O4 - Startup: C6RUUXY3.lnk = C:\WINDOWS\c6ruuxy3.exe
O4 - Startup: DFKR1OQU.lnk = C:\WINDOWS\dfkr1oqu.exe
O4 - Startup: 6PJKQPDO.lnk = C:\WINDOWS\6pjkqpdo.exe
O4 - Startup: 3NJ0U2EQ.lnk = C:\WINDOWS\3nj0u2eq.exe
O4 - Startup: 411L9QPV.lnk = C:\WINDOWS\411l9qpv.exe
O4 - Startup: 5RX6R04N.lnk = C:\WINDOWS\5rx6r04n.exe
O4 - Startup: PAZ5WPRT.lnk = C:\WINDOWS\paz5wprt.exe
O4 - Startup: DPM82TTR.lnk = C:\WINDOWS\dpm82ttr.exe
O4 - Startup: 9LRBCD0M.lnk = C:\WINDOWS\9lrbcd0m.exe
O4 - Startup: 7LMCCNW3.lnk = C:\WINDOWS\7lmccnw3.exe
O4 - Startup: XGN1004E.lnk = C:\WINDOWS\xgn1004e.exe
O4 - Startup: 928EE3BP.lnk = C:\WINDOWS\928ee3bp.exe
O4 - Startup: AK83W250.lnk = C:\WINDOWS\ak83w250.exe
O4 - Startup: F5O60279.lnk = C:\WINDOWS\f5o60279.exe
O4 - Startup: EBOJZONY.lnk = C:\WINDOWS\ebojzony.exe
O4 - Startup: AWJ5V2YR.lnk = C:\WINDOWS\awj5v2yr.exe
O4 - Startup: XW6Y7K60.lnk = C:\WINDOWS\xw6y7k60.exe
O4 - Startup: KD5K0L55.lnk = C:\WINDOWS\kd5k0l55.exe
O4 - Startup: V0YMQXP0.lnk = C:\WINDOWS\v0ymqxp0.exe
O4 - Startup: ZGL4LI77.lnk = C:\WINDOWS\zgl4li77.exe
O4 - Startup: 0OE1CT5T.lnk = C:\WINDOWS\0oe1ct5t.exe
O4 - Startup: PQV804G7.lnk = C:\WINDOWS\pqv804g7.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\15x0hy73.exe
O4 - Global Startup: O37UTC76.lnk = C:\WINDOWS\15x0hy73.exe
O4 - Global Startup: JHXQICOW.lnk = C:\WINDOWS\jhxqicow.exe
O4 - Global Startup: 15X0HY73.lnk = C:\WINDOWS\15x0hy73.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: HYGGIF0W.lnk = C:\WINDOWS\hyggif0w.exe
O4 - Global Startup: OFU6CJUZ.lnk = C:\WINDOWS\hf5qpfkw.exe
O4 - Global Startup: Q6A5GB7D.lnk = C:\WINDOWS\q6a5gb7d.exe
O4 - Global Startup: OGA2OBVL.lnk = C:\WINDOWS\oga2obvl.exe
O4 - Global Startup: UZBJ2Y0Q.lnk = C:\WINDOWS\uzbj2y0q.exe
O4 - Global Startup: Y21NUTC0.lnk = C:\WINDOWS\y21nutc0.exe
O4 - Global Startup: WPKVIQ4N.lnk = C:\WINDOWS\wpkviq4n.exe
O4 - Global Startup: 96A4G2IF.lnk = C:\WINDOWS\96a4g2if.exe
O4 - Global Startup: HF5QPFKW.lnk = C:\WINDOWS\hf5qpfkw.exe
O4 - Global Startup: WEWTL0ZA.lnk = C:\WINDOWS\wewtl0za.exe
O4 - Global Startup: GT08VNTY.lnk = C:\WINDOWS\gt08vnty.exe
O4 - Global Startup: 0O7378YO.lnk = C:\WINDOWS\0o7378yo.exe
O4 - Global Startup: FCRGI7X1.lnk = C:\WINDOWS\fcrgi7x1.exe
O4 - Global Startup: 8ZQ6079T.lnk = C:\WINDOWS\8zq6079t.exe
O4 - Global Startup: 7F8YRYKE.lnk = C:\WINDOWS\7f8yryke.exe
O4 - Global Startup: DTDR44IQ.lnk = C:\WINDOWS\dtdr44iq.exe
O4 - Global Startup: 0GLYZL6B.lnk = C:\WINDOWS\0glyzl6b.exe
O4 - Global Startup: FI446JNK.lnk = C:\WINDOWS\fi446jnk.exe
O4 - Global Startup: TI357HT0.lnk = C:\WINDOWS\ti357ht0.exe
O4 - Global Startup: CIFHRN0V.lnk = C:\WINDOWS\cifhrn0v.exe
O4 - Global Startup: C6RUUXY3.lnk = C:\WINDOWS\c6ruuxy3.exe
O4 - Global Startup: DFKR1OQU.lnk = C:\WINDOWS\dfkr1oqu.exe
O4 - Global Startup: 560RUN1P.lnk = C:\WINDOWS\560run1p.exe
O4 - Global Startup: 6PJKQPDO.lnk = C:\WINDOWS\6pjkqpdo.exe
O4 - Global Startup: 3NJ0U2EQ.lnk = C:\WINDOWS\3nj0u2eq.exe
O4 - Global Startup: 411L9QPV.lnk = C:\WINDOWS\411l9qpv.exe
O4 - Global Startup: 5RX6R04N.lnk = C:\WINDOWS\5rx6r04n.exe
O4 - Global Startup: PAZ5WPRT.lnk = C:\WINDOWS\paz5wprt.exe
O4 - Global Startup: DPM82TTR.lnk = C:\WINDOWS\dpm82ttr.exe
O4 - Global Startup: 9LRBCD0M.lnk = C:\WINDOWS\9lrbcd0m.exe
O4 - Global Startup: 7LMCCNW3.lnk = C:\WINDOWS\7lmccnw3.exe
O4 - Global Startup: XGN1004E.lnk = C:\WINDOWS\xgn1004e.exe
O4 - Global Startup: 928EE3BP.lnk = C:\WINDOWS\928ee3bp.exe
O4 - Global Startup: AK83W250.lnk = C:\WINDOWS\ak83w250.exe
O4 - Global Startup: F5O60279.lnk = C:\WINDOWS\f5o60279.exe
O4 - Global Startup: EBOJZONY.lnk = C:\WINDOWS\ebojzony.exe
O4 - Global Startup: AWJ5V2YR.lnk = C:\WINDOWS\awj5v2yr.exe
O4 - Global Startup: XW6Y7K60.lnk = C:\WINDOWS\xw6y7k60.exe
O4 - Global Startup: KD5K0L55.lnk = C:\WINDOWS\kd5k0l55.exe
O4 - Global Startup: V0YMQXP0.lnk = C:\WINDOWS\v0ymqxp0.exe
O4 - Global Startup: ZGL4LI77.lnk = C:\WINDOWS\zgl4li77.exe
O4 - Global Startup: 0OE1CT5T.lnk = C:\WINDOWS\0oe1ct5t.exe
O4 - Global Startup: PQV804G7.lnk = C:\WINDOWS\pqv804g7.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

I know that people have already helped Blank75 with this problem- but i was unable to follow the help instructions as i am not as technologically advanced as most people on this forum are.

Could anyone explain in simple terms what we actually have got??

Any help on this would be appreciated.
 
B

· Registered
Joined
·
58 Posts
#2 ·
Matt,
This is the same virus that I had last week, Derek and Steve helped me rid my PC of it and a few other problems hanging out there. I do know that you need to run hijack this again and delete a bunch of stuff--- those things in startup and global startup that have 8 letters and\or numbers are the virus -- but there is much more that you need to do --hope one of the senior members get back to you --- these are the things I was talking about but please don't delete until you hear from someone "senior"

O4 - Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Startup: O37UTC76.lnk = C:\WINDOWS\o37utc76.exe
O4 - Startup: JHXQICOW.lnk = C:\WINDOWS\jhxqicow.exe
O4 - Startup: 15X0HY73.lnk = C:\WINDOWS\15x0hy73.exe
O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Startup: HYGGIF0W.lnk = C:\WINDOWS\hyggif0w.exe
O4 - Startup: OFU6CJUZ.lnk = C:\WINDOWS\ofu6cjuz.exe
O4 - Startup: Q6A5GB7D.lnk = C:\WINDOWS\q6a5gb7d.exe
O4 - Startup: OGA2OBVL.lnk = C:\WINDOWS\oga2obvl.exe
O4 - Startup: UZBJ2Y0Q.lnk = C:\WINDOWS\uzbj2y0q.exe
O4 - Startup: Y21NUTC0.lnk = C:\WINDOWS\y21nutc0.exe
O4 - Startup: WPKVIQ4N.lnk = C:\WINDOWS\wpkviq4n.exe
O4 - Startup: 96A4G2IF.lnk = C:\WINDOWS\96a4g2if.exe
O4 - Startup: HF5QPFKW.lnk = C:\WINDOWS\hf5qpfkw.exe
O4 - Startup: WEWTL0ZA.lnk = C:\WINDOWS\wewtl0za.exe
O4 - Startup: 560RUN1P.lnk = C:\WINDOWS\560run1p.exe
O4 - Startup: GT08VNTY.lnk = C:\WINDOWS\gt08vnty.exe
O4 - Startup: 0O7378YO.lnk = C:\WINDOWS\0o7378yo.exe
O4 - Startup: FCRGI7X1.lnk = C:\WINDOWS\fcrgi7x1.exe
O4 - Startup: 8ZQ6079T.lnk = C:\WINDOWS\8zq6079t.exe
O4 - Startup: 7F8YRYKE.lnk = C:\WINDOWS\7f8yryke.exe
O4 - Startup: DTDR44IQ.lnk = C:\WINDOWS\dtdr44iq.exe
O4 - Startup: 0GLYZL6B.lnk = C:\WINDOWS\0glyzl6b.exe
O4 - Startup: FI446JNK.lnk = C:\WINDOWS\fi446jnk.exe
O4 - Startup: TI357HT0.lnk = C:\WINDOWS\ti357ht0.exe
O4 - Startup: CIFHRN0V.lnk = C:\WINDOWS\cifhrn0v.exe
O4 - Startup: C6RUUXY3.lnk = C:\WINDOWS\c6ruuxy3.exe
O4 - Startup: DFKR1OQU.lnk = C:\WINDOWS\dfkr1oqu.exe
O4 - Startup: 6PJKQPDO.lnk = C:\WINDOWS\6pjkqpdo.exe
O4 - Startup: 3NJ0U2EQ.lnk = C:\WINDOWS\3nj0u2eq.exe
O4 - Startup: 411L9QPV.lnk = C:\WINDOWS\411l9qpv.exe
O4 - Startup: 5RX6R04N.lnk = C:\WINDOWS\5rx6r04n.exe
O4 - Startup: PAZ5WPRT.lnk = C:\WINDOWS\paz5wprt.exe
O4 - Startup: DPM82TTR.lnk = C:\WINDOWS\dpm82ttr.exe
O4 - Startup: 9LRBCD0M.lnk = C:\WINDOWS\9lrbcd0m.exe
O4 - Startup: 7LMCCNW3.lnk = C:\WINDOWS\7lmccnw3.exe
O4 - Startup: XGN1004E.lnk = C:\WINDOWS\xgn1004e.exe
O4 - Startup: 928EE3BP.lnk = C:\WINDOWS\928ee3bp.exe
O4 - Startup: AK83W250.lnk = C:\WINDOWS\ak83w250.exe
O4 - Startup: F5O60279.lnk = C:\WINDOWS\f5o60279.exe
O4 - Startup: EBOJZONY.lnk = C:\WINDOWS\ebojzony.exe
O4 - Startup: AWJ5V2YR.lnk = C:\WINDOWS\awj5v2yr.exe
O4 - Startup: XW6Y7K60.lnk = C:\WINDOWS\xw6y7k60.exe
O4 - Startup: KD5K0L55.lnk = C:\WINDOWS\kd5k0l55.exe
O4 - Startup: V0YMQXP0.lnk = C:\WINDOWS\v0ymqxp0.exe
O4 - Startup: ZGL4LI77.lnk = C:\WINDOWS\zgl4li77.exe
O4 - Startup: 0OE1CT5T.lnk = C:\WINDOWS\0oe1ct5t.exe
O4 - Startup: PQV804G7.lnk = C:\WINDOWS\pqv804g7.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\15x0hy73.exe
O4 - Global Startup: O37UTC76.lnk = C:\WINDOWS\15x0hy73.exe
O4 - Global Startup: JHXQICOW.lnk = C:\WINDOWS\jhxqicow.exe
O4 - Global Startup: 15X0HY73.lnk = C:\WINDOWS\15x0hy73.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: HYGGIF0W.lnk = C:\WINDOWS\hyggif0w.exe
O4 - Global Startup: OFU6CJUZ.lnk = C:\WINDOWS\hf5qpfkw.exe
O4 - Global Startup: Q6A5GB7D.lnk = C:\WINDOWS\q6a5gb7d.exe
O4 - Global Startup: OGA2OBVL.lnk = C:\WINDOWS\oga2obvl.exe
O4 - Global Startup: UZBJ2Y0Q.lnk = C:\WINDOWS\uzbj2y0q.exe
O4 - Global Startup: Y21NUTC0.lnk = C:\WINDOWS\y21nutc0.exe
O4 - Global Startup: WPKVIQ4N.lnk = C:\WINDOWS\wpkviq4n.exe
O4 - Global Startup: 96A4G2IF.lnk = C:\WINDOWS\96a4g2if.exe
O4 - Global Startup: HF5QPFKW.lnk = C:\WINDOWS\hf5qpfkw.exe
O4 - Global Startup: WEWTL0ZA.lnk = C:\WINDOWS\wewtl0za.exe
O4 - Global Startup: GT08VNTY.lnk = C:\WINDOWS\gt08vnty.exe
O4 - Global Startup: 0O7378YO.lnk = C:\WINDOWS\0o7378yo.exe
O4 - Global Startup: FCRGI7X1.lnk = C:\WINDOWS\fcrgi7x1.exe
O4 - Global Startup: 8ZQ6079T.lnk = C:\WINDOWS\8zq6079t.exe
O4 - Global Startup: 7F8YRYKE.lnk = C:\WINDOWS\7f8yryke.exe
O4 - Global Startup: DTDR44IQ.lnk = C:\WINDOWS\dtdr44iq.exe
O4 - Global Startup: 0GLYZL6B.lnk = C:\WINDOWS\0glyzl6b.exe
O4 - Global Startup: FI446JNK.lnk = C:\WINDOWS\fi446jnk.exe
O4 - Global Startup: TI357HT0.lnk = C:\WINDOWS\ti357ht0.exe
O4 - Global Startup: CIFHRN0V.lnk = C:\WINDOWS\cifhrn0v.exe
O4 - Global Startup: C6RUUXY3.lnk = C:\WINDOWS\c6ruuxy3.exe
O4 - Global Startup: DFKR1OQU.lnk = C:\WINDOWS\dfkr1oqu.exe
O4 - Global Startup: 560RUN1P.lnk = C:\WINDOWS\560run1p.exe
O4 - Global Startup: 6PJKQPDO.lnk = C:\WINDOWS\6pjkqpdo.exe
O4 - Global Startup: 3NJ0U2EQ.lnk = C:\WINDOWS\3nj0u2eq.exe
O4 - Global Startup: 411L9QPV.lnk = C:\WINDOWS\411l9qpv.exe
O4 - Global Startup: 5RX6R04N.lnk = C:\WINDOWS\5rx6r04n.exe
O4 - Global Startup: PAZ5WPRT.lnk = C:\WINDOWS\paz5wprt.exe
O4 - Global Startup: DPM82TTR.lnk = C:\WINDOWS\dpm82ttr.exe
O4 - Global Startup: 9LRBCD0M.lnk = C:\WINDOWS\9lrbcd0m.exe
O4 - Global Startup: 7LMCCNW3.lnk = C:\WINDOWS\7lmccnw3.exe
O4 - Global Startup: XGN1004E.lnk = C:\WINDOWS\xgn1004e.exe
O4 - Global Startup: 928EE3BP.lnk = C:\WINDOWS\928ee3bp.exe
O4 - Global Startup: AK83W250.lnk = C:\WINDOWS\ak83w250.exe
O4 - Global Startup: F5O60279.lnk = C:\WINDOWS\f5o60279.exe
O4 - Global Startup: EBOJZONY.lnk = C:\WINDOWS\ebojzony.exe
O4 - Global Startup: AWJ5V2YR.lnk = C:\WINDOWS\awj5v2yr.exe
O4 - Global Startup: XW6Y7K60.lnk = C:\WINDOWS\xw6y7k60.exe
O4 - Global Startup: KD5K0L55.lnk = C:\WINDOWS\kd5k0l55.exe
O4 - Global Startup: V0YMQXP0.lnk = C:\WINDOWS\v0ymqxp0.exe
O4 - Global Startup: ZGL4LI77.lnk = C:\WINDOWS\zgl4li77.exe
O4 - Global Startup: 0OE1CT5T.lnk = C:\WINDOWS\0oe1ct5t.exe
O4 - Global Startup: PQV804G7.lnk = C:\WINDOWS\pqv804g7.exe
 
M

· Registered
Joined
·
3,181 Posts
#3 ·
Run an online antivirus check from at least one and preferably 2 of the following sites
http://security.symantec.com/default.asp?
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://www.ravantivirus.com/scan/
http://www.anti-trojan.net/en/onlinecheck.aspx
make sure autoclean is enabled on the scans

Download and unzip or install these programs/applications if you haven't already got them. If you have them, then make sure they are updated and configured as described

CWshredder from http://www.merijn.org/cwschronicles.html
Spybot - Search & Destroy from http://security.kolla.de
AdAware 6 from http://www.lavasoft.de/software/adaware/

then
Run CWSHREDDER,

Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing.
and make sure you have all of Microsoft security updates

then reboot &

Run Sybot S&D

After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

then reboot &

Run ADAWARE

Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

then......

click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

then.........

Now to scan it´s just to click the "Scan" button.

When scan is finished, mark everything for removal and get rid of it. .(Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

reboot again

then post a new hijackthis log to check what is left
 
1 - 3 of 3 Posts
Status
Not open for further replies.
About this Discussion
2 Replies
3 Participants
Last post:
mjack547
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top