My computer freezes when I run spyware removal too

Discussion in 'Malware Help (A Specialist Will Reply)' started by stonegatherer, Mar 23, 2005.

  1. stonegatherer

    stonegatherer Private E-2

    I am totally in a hole. I've read the FAQ's and have downloaded all of the recommend spyware removal programs to fix my computer ( it freezes every time I log on because a ton of processes start running; I mean processes that are just letters like "zxujkg" or something). Anyway, spybot search & destroy freezes, even this program I bought called spy sweeper. In fact, all hijackthis will do is scan my computer and make a log, it also freezes anytime I try to fix something. Is my computer totally wasted or can it be saved, because I surely don't have the money for a new one. Please help.
     
    stonegatherer, Mar 23, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, Mar 23, 2005
    #2
  3. stonegatherer

    stonegatherer Private E-2

    I tried to upload my logfile and got this message:
    File Too Large. Limit for this filetype is 97.7 KB. Your file is 1.30 MB. What now?
     
    stonegatherer, Mar 24, 2005
    #3
  4. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Your HJT log is too large? wow

    What format are you saving it in? .txt .log .doc?

    Its best to use .log or .txt if you still cant upload it post the log inline and Chas will convert it for you.
     
    bjgarrick, Mar 24, 2005
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I would guess the same thing as BJ. You are probably not saving it to a .log file (the default from HJT) or as a .txt file.
     
    chaslang, Mar 24, 2005
    #5
  6. stonegatherer

    stonegatherer Private E-2

    It was saved as a text file. The log is actually 363 pages long. It actually took my computer over and hour to generate this log. It's so large I can't even copy and paste it here. I even tried to paste it in portions. Is there any way I can attach it in an email to you? Here is a tiny tiny portion of the log:


    Logfile of HijackThis v1.99.1
    Scan saved at 2:13:03 AM, on 18.03.2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\vgwugu.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Preferred Customer\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.venusserenafans.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll (file missing)
    O2 - BHO: CBho404 Object - {087173EF-9829-4F49-8340-A524177D3F60} - C:\WINDOWS\System32\inetp60.dll
    O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - (no file)
    O2 - BHO: Popup Killer - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\WINDOWS\PopUpWasher21.dll
    O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Preferred Customer\Local Settings\Temp\EwU7Fcfa.dll
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINDOWS\System32\inetp60.dll,DllRunServer
    O4 - HKLM\..\Run: [Rundll16] C:\WINDOWS\rundll16.exe
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [p87IIs] C:\documents and settings\preferred customer\local settings\temp\p87IIs.exe
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
    O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
    O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe
    O4 - HKLM\..\Run: [hdiskperf.exe] C:\WINDOWS\System32\hdiskperf.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Documents and Settings\Preferred Customer\My Documents\PDVDServ.exe"
    O4 - HKLM\..\Run: [rybsdc] C:\WINDOWS\System32\rybsdc.exe
    O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Skdxyg.exe
    O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Ccigyb.exe
    O4 - HKLM\..\Run: [wowpuc] C:\WINDOWS\System32\wowpuc.exe
    O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
    O4 - HKLM\..\Run: [iapig] C:\WINDOWS\System32\aorp\iapig.exe
    O4 - HKLM\..\Run: [ghwggr] C:\WINDOWS\System32\ubnnbq\ghwggr.exe
    O4 - HKLM\..\Run: [ntvyhuj] C:\WINDOWS\System32\xcgrvmnv\ntvyhuj.exe
    O4 - HKLM\..\Run: [1cd1081d5173] C:\WINDOWS\System32\DDAO3504.exe
    O4 - HKLM\..\Run: [Madaeibv] C:\Program Files\Vixqbdh\Iucmgyj.exe
    O4 - HKLM\..\Run: [2r2pg033] C:\Program Files\2r2pg033\2r2pg033.exe
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [opfgal] C:\WINDOWS\System32\itonrp\opfgal.exe
    O4 - HKLM\..\Run: [fccmx] C:\WINDOWS\System32\dvjsr\fccmx.exe
    O4 - HKLM\..\Run: [nhgbbyap] C:\WINDOWS\System32\uhkfdfni\nhgbbyap.exe
    O4 - HKLM\..\Run: [ycdrka] C:\WINDOWS\System32\mimxeyq\ycdrka.exe
    O4 - HKLM\..\Run: [fnqyvnt] C:\WINDOWS\System32\myne\fnqyvnt.exe
    O4 - HKLM\..\Run: [htkfw] C:\WINDOWS\System32\ctyfpfb\htkfw.exe
    O4 - HKLM\..\Run: [usqtavj] C:\WINDOWS\System32\wpbvri\usqtavj.exe
    O4 - HKLM\..\Run: [yrghfrh] C:\WINDOWS\System32\udnkxeef\yrghfrh.exe
    O4 - HKLM\..\Run: [wptqa] C:\WINDOWS\System32\xiospaeg\wptqa.exe
    O4 - HKLM\..\Run: [ggim] C:\WINDOWS\System32\urpxfsv\ggim.exe
    O4 - HKLM\..\Run: [ctxhwic] C:\WINDOWS\System32\ytvp\ctxhwic.exe
    O4 - HKLM\..\Run: [peqaylee] C:\WINDOWS\System32\nhdegs\peqaylee.exe
    O4 - HKLM\..\Run: [iyrly] C:\WINDOWS\System32\jmoge\iyrly.exe
    O4 - HKLM\..\Run: [epukgcb] C:\WINDOWS\System32\mgpqydl\epukgcb.exe
    O4 - HKLM\..\Run: [tryo] C:\WINDOWS\System32\qosrs\tryo.exe
    O4 - HKLM\..\Run: [vsowwaga] C:\WINDOWS\System32\qwlnm\vsowwaga.exe
    O4 - HKLM\..\Run: [scyp] C:\WINDOWS\System32\arvngqbp\scyp.exe
    O4 - HKLM\..\Run: [jknsrbfl] C:\WINDOWS\System32\qeadm\jknsrbfl.exe
    O4 - HKLM\..\Run: [ewinvo] C:\WINDOWS\System32\crhugjw\ewinvo.exe
    O4 - HKLM\..\Run: [obeip] C:\WINDOWS\System32\enrnah\obeip.exe
    O4 - HKLM\..\Run: [yjrccubg] C:\WINDOWS\System32\emdhbe\yjrccubg.exe
    O4 - HKLM\..\Run: [pydoq] C:\WINDOWS\System32\mbyu\pydoq.exe
    O4 - HKLM\..\Run: [lcyq] C:\WINDOWS\System32\nurtdn\lcyq.exe
    O4 - HKLM\..\Run: [gjvajkfd] C:\WINDOWS\System32\crrfse\gjvajkfd.exe
    O4 - HKLM\..\Run: [tfwkwen] C:\WINDOWS\System32\edcuismd\tfwkwen.exe
    O4 - HKLM\..\Run: [ivum] C:\WINDOWS\System32\rmiompul\ivum.exe
    O4 - HKLM\..\Run: [mlaigbi] C:\WINDOWS\System32\afuvm\mlaigbi.exe
    O4 - HKLM\..\Run: [sjgelanc] C:\WINDOWS\System32\qesjit\sjgelanc.exe
    O4 - HKLM\..\Run: [ffnf] C:\WINDOWS\System32\idwewy\ffnf.exe
    O4 - HKLM\..\Run: [tdcwpy] C:\WINDOWS\System32\ifotei\tdcwpy.exe
    O4 - HKLM\..\Run: [ayqqxg] C:\WINDOWS\System32\bqvcg\ayqqxg.exe
    O4 - HKLM\..\Run: [aeblunwr] C:\WINDOWS\System32\yvatwxio\aeblunwr.exe
    O4 - HKLM\..\Run: [ykusycl] C:\WINDOWS\System32\fyrcja\ykusycl.exe
    O4 - HKLM\..\Run: [jfrfi] C:\WINDOWS\System32\hyrue\jfrfi.exe
    O4 - HKLM\..\Run: [agsr] C:\WINDOWS\System32\kgxwoc\agsr.exe
    O4 - HKLM\..\Run: [cogrgyn] C:\WINDOWS\System32\tott\cogrgyn.exe
    O4 - HKLM\..\Run: [ncliuq] C:\WINDOWS\System32\nytpfpbx\ncliuq.exe
    O4 - HKLM\..\Run: [qxtjhqg] C:\WINDOWS\System32\rxpnklr\qxtjhqg.exe
    O4 - HKLM\..\Run: [caif] C:\WINDOWS\System32\dtphyoei\caif.exe
    O4 - HKLM\..\Run: [cofetvg] C:\WINDOWS\System32\dcro\cofetvg.exe
    O4 - HKLM\..\Run: [xqchhil] C:\WINDOWS\System32\ibvcqf\xqchhil.exe
    O4 - HKLM\..\Run: [fdxvtsn] C:\WINDOWS\System32\kwnr\fdxvtsn.exe
    O4 - HKLM\..\Run: [eofw] C:\WINDOWS\System32\ebhsqd\eofw.exe
    O4 - HKLM\..\Run: [hnvqpn] C:\WINDOWS\System32\kkfrxl\hnvqpn.exe
    O4 - HKLM\..\Run: [uhuh] C:\WINDOWS\System32\xhukhi\uhuh.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKLM\..\Run: [lghkr] C:\WINDOWS\lghkr.exe
    O4 - HKLM\..\Run: [knrpnieg] C:\WINDOWS\System32\ofon\knrpnieg.exe
    O4 - HKLM\..\Run: [csuo] C:\WINDOWS\System32\hukyybpe\csuo.exe
    O4 - HKLM\..\Run: [qnwb] C:\WINDOWS\System32\bofu\qnwb.exe
    O4 - HKLM\..\Run: [ygccgw] C:\WINDOWS\System32\klgaps\ygccgw.exe
    O4 - HKLM\..\Run: [rqqgf] C:\WINDOWS\System32\uumokcso\rqqgf.exe
    O4 - HKLM\..\Run: [bwrbqwd] C:\WINDOWS\System32\qukhnkn\bwrbqwd.exe
    O4 - HKLM\..\Run: [nmfpdi] C:\WINDOWS\System32\popvap\nmfpdi.exe
    O4 - HKLM\..\Run: [dabjx] C:\WINDOWS\System32\eoctdjke\dabjx.exe
    O4 - HKLM\..\Run: [aejbimm] C:\WINDOWS\System32\tlqcfm\aejbimm.exe
    O4 - HKLM\..\Run: [opuv] C:\WINDOWS\System32\brovl\opuv.exe
    O4 - HKLM\..\Run: [osmcpvmf] C:\WINDOWS\System32\kvfewgj\osmcpvmf.exe
    O4 - HKLM\..\Run: [fpiojnw] C:\WINDOWS\System32\xwyugj\fpiojnw.exe
    O4 - HKLM\..\Run: [rvss] C:\WINDOWS\System32\ptafgjew\rvss.exe
    O4 - HKLM\..\Run: [aonre] C:\WINDOWS\System32\sbsgna\aonre.exe
    O4 - HKLM\..\Run: [iugcxsb] C:\WINDOWS\System32\thyccks\iugcxsb.exe
    O4 - HKLM\..\Run: [fplwid] C:\WINDOWS\System32\vfkkpfaw\fplwid.exe
    O4 - HKLM\..\Run: [ylwjoi] C:\WINDOWS\System32\tbrbu\ylwjoi.exe
    O4 - HKLM\..\Run: [eurx] C:\WINDOWS\System32\vnpmb\eurx.exe
    O4 - HKLM\..\Run: [spoumsa] C:\WINDOWS\System32\xxxvffes\spoumsa.exe
    O4 - HKLM\..\Run: [khisboqk] C:\WINDOWS\System32\ptbjmhkn\khisboqk.exe
    O4 - HKLM\..\Run: [bqtqcpi] C:\WINDOWS\System32\ljvyeh\bqtqcpi.exe
    O4 - HKLM\..\Run: [pgff] C:\WINDOWS\System32\oxcjhpv\pgff.exe
    O4 - HKLM\..\Run: [yjol] C:\WINDOWS\System32\lojk\yjol.exe
    O4 - HKLM\..\Run: [qiorfn] C:\WINDOWS\System32\vmdixa\qiorfn.exe
    O4 - HKLM\..\Run: [afiborok] C:\WINDOWS\System32\bmqgth\afiborok.exe
    O4 - HKLM\..\Run: [jyqyfbn] C:\WINDOWS\System32\alif\jyqyfbn.exe
    O4 - HKLM\..\Run: [jcopstnf] C:\WINDOWS\System32\xqst\jcopstnf.exe
    O4 - HKLM\..\Run: [qyun] C:\WINDOWS\System32\hisiw\qyun.exe
    O4 - HKLM\..\Run: [jlor] C:\WINDOWS\System32\qmshlwd\jlor.exe
    O4 - HKLM\..\Run: [haom] C:\WINDOWS\System32\bqafpms\haom.exe
    O4 - HKLM\..\Run: [nmjtgrpi] C:\WINDOWS\System32\pkjac\nmjtgrpi.exe
    O4 - HKLM\..\Run: [ulgwkoh] C:\WINDOWS\System32\nhsgike\ulgwkoh.exe
    O4 - HKLM\..\Run: [rhabhnv] C:\WINDOWS\System32\iftr\rhabhnv.exe
    O4 - HKLM\..\Run: [wtwgiw] C:\WINDOWS\System32\kfigg\wtwgiw.exe
    O4 - HKLM\..\Run: [gcyi] C:\WINDOWS\System32\sojneba\gcyi.exe
    O4 - HKLM\..\Run: [txvrcmeq] C:\WINDOWS\System32\wkjifob\txvrcmeq.exe
    O4 - HKLM\..\Run: [bgsihbt] C:\WINDOWS\System32\sngndmco\bgsihbt.exe
    O4 - HKLM\..\Run: [uluvptoi] C:\WINDOWS\System32\qovt\uluvptoi.exe
    O4 - HKLM\..\Run: [iqfdfge] C:\WINDOWS\System32\wyquocng\iqfdfge.exe
    O4 - HKLM\..\Run: [dvjq] C:\WINDOWS\System32\ogagqi\dvjq.exe
    O4 - HKLM\..\Run: [ohuhrae] C:\WINDOWS\System32\piygpw\ohuhrae.exe
    O4 - HKLM\..\Run: [iwges] C:\WINDOWS\System32\fvyohlg\iwges.exe
    O4 - HKLM\..\Run: [sbrifge] C:\WINDOWS\System32\plrdo\sbrifge.exe
    O4 - HKLM\..\Run: [dfrwmihn] C:\WINDOWS\System32\bdru\dfrwmihn.exe
    O4 - HKLM\..\Run: [lsouy] C:\WINDOWS\System32\rpkrvabm\lsouy.exe
    O4 - HKLM\..\Run: [fhktyho] C:\WINDOWS\System32\tviikmyc\fhktyho.exe
    O4 - HKLM\..\Run: [pdar] C:\WINDOWS\System32\ldnni\pdar.exe
    O4 - HKLM\..\Run: [rubsdt] C:\WINDOWS\System32\ywwla\rubsdt.exe
    O4 - HKLM\..\Run: [hosodqf] C:\WINDOWS\System32\dvagaqyt\hosodqf.exe
    O4 - HKLM\..\Run: [wlbtp] C:\WINDOWS\System32\nbovseab\wlbtp.exe
    O4 - HKLM\..\Run: [ategpj] C:\WINDOWS\System32\wtly\ategpj.exe
    O4 - HKLM\..\Run: [dlcvyd] C:\WINDOWS\System32\bxwjbx\dlcvyd.exe
    O4 - HKLM\..\Run: [ivjf] C:\WINDOWS\System32\uqihidgk\ivjf.exe
    O4 - HKLM\..\Run: [uwnn] C:\WINDOWS\System32\wfdpq\uwnn.exe
    O4 - HKLM\..\Run: [rmgttyrj] C:\WINDOWS\System32\yftem\rmgttyrj.exe
    O4 - HKLM\..\Run: [rwtqj] C:\WINDOWS\System32\vqgcage\rwtqj.exe
    O4 - HKLM\..\Run: [hfiefd] C:\WINDOWS\System32\kvklosf\hfiefd.exe
    O4 - HKLM\..\Run: [sqpa] C:\WINDOWS\System32\ktbl\sqpa.exe
    O4 - HKLM\..\Run: [ehyrh] C:\WINDOWS\System32\abhk\ehyrh.exe
    O4 - HKLM\..\Run: [twgi] C:\WINDOWS\System32\adkqwl\twgi.exe
    O4 - HKLM\..\Run: [ebdiwdmr] C:\WINDOWS\System32\fceym\ebdiwdmr.exe
    O4 - HKLM\..\Run: [xlfs] C:\WINDOWS\System32\lsufegds\xlfs.exe
    O4 - HKLM\..\Run: [lksysrjq] C:\WINDOWS\System32\shelxc\lksysrjq.exe
    O4 - HKLM\..\Run: [oeco] C:\WINDOWS\System32\ovmd\oeco.exe
    O4 - HKLM\..\Run: [hnsmw] C:\WINDOWS\System32\fnmd\hnsmw.exe
    O4 - HKLM\..\Run: [qojd] C:\WINDOWS\System32\rgtyexin\qojd.exe
    O4 - HKLM\..\Run: [ccrxkobj] C:\WINDOWS\System32\uhkqoa\ccrxkobj.exe
    O4 - HKLM\..\Run: [htnxrbx] C:\WINDOWS\System32\gsrdyuu\htnxrbx.exe
    O4 - HKLM\..\Run: [vrygus] C:\WINDOWS\System32\rkwlouow\vrygus.exe
    O4 - HKLM\..\Run: [ohlavta] C:\WINDOWS\System32\vppsmhru\ohlavta.exe
    O4 - HKLM\..\Run: [rhakelp] C:\WINDOWS\System32\aasouvq\rhakelp.exe
    O4 - HKLM\..\Run: [cvvkxgi] C:\WINDOWS\System32\watc\cvvkxgi.exe
    O4 - HKLM\..\Run: [rsdmhm] C:\WINDOWS\System32\dmae\rsdmhm.exe
    O4 - HKLM\..\Run: [sirn] C:\WINDOWS\System32\ytlyfwm\sirn.exe
    O4 - HKLM\..\Run: [ebpg] C:\WINDOWS\System32\byaxacnm\ebpg.exe
    O4 - HKLM\..\Run: [udfnlo] C:\WINDOWS\System32\katsja\udfnlo.exe
    O4 - HKLM\..\Run: [krieioux] C:\WINDOWS\System32\wrmppko\krieioux.exe
    O4 - HKLM\..\Run: [qvaawp] C:\WINDOWS\System32\llopl\qvaawp.exe
    O4 - HKLM\..\Run: [owqqciq] C:\WINDOWS\System32\dqpc\owqqciq.exe
    O4 - HKLM\..\Run: [gxgvtfh] C:\WINDOWS\System32\vkggbk\gxgvtfh.exe
    O4 - HKLM\..\Run: [llsncgfs] C:\WINDOWS\System32\hglrydrs\llsncgfs.exe
    O4 - HKLM\..\Run: [kslgiv] C:\WINDOWS\System32\fodewuiy\kslgiv.exe
    O4 - HKLM\..\Run: [bhohmcd] C:\WINDOWS\System32\scyrypg\bhohmcd.exe
    O4 - HKLM\..\Run: [ifclgbb] C:\WINDOWS\System32\bamkdolo\ifclgbb.exe
    O4 - HKLM\..\Run: [qmgj] C:\WINDOWS\System32\yewjosan\qmgj.exe
    O4 - HKLM\..\Run: [qrerhfsx] C:\WINDOWS\System32\whiil\qrerhfsx.exe
    O4 - HKLM\..\Run: [mqhtecil] C:\WINDOWS\System32\ptfgyf\mqhtecil.exe
    O4 - HKLM\..\Run: [gqvrmhsm] C:\WINDOWS\System32
     
    stonegatherer, Mar 24, 2005
    #6
  7. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    DAMN!

    Let me double check with Chaslang before I tell you what to do. Your OS being way out of date has a LOT to do with this. After your clean you MUST update to SP2.

    Hang in there!
     
    bjgarrick, Mar 24, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    As BJ said your system being so out of date is a big problem. You also do not seem to have an antivirus application or a firewall. The three of these missing items together spells big trouble as you are witness to. You may be better of just formatting and reinstalling your system. But if your want to work on fixing, continue below.

    Before fixing anything you must install HijackThis where we requested. You are running it from the ZIP file and will not get backups. You must extract it from the ZIP file and put it in the folder we requested.

    You must have a heck of a lot of unknown (that's what many are called when not classifed) trojans. You are going to have to start making a dent in these by fixing the HijackThis lines using HJT and then booting into safe mode to delete each of the files and folders when they are in a folder. Do not delete system32. For example:

    C:\WINDOWS\System32\rybsdc.exe <--- here you would just delete the file rybsdc.exe
    C:\WINDOWS\System32\aorp\iapig.exe <-- here you would delete the whole aorp folder which deletes any files under it including iapig.exe.

    So here is the starting list. Fix with HJT and boot to safe mode and delete the files:
    O4 - HKLM\..\Run: [rybsdc] C:\WINDOWS\System32\rybsdc.exe
    O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Skdxyg.exe
    O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Ccigyb.exe
    O4 - HKLM\..\Run: [wowpuc] C:\WINDOWS\System32\wowpuc.exe
    O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
    O4 - HKLM\..\Run: [iapig] C:\WINDOWS\System32\aorp\iapig.exe
    O4 - HKLM\..\Run: [ghwggr] C:\WINDOWS\System32\ubnnbq\ghwggr.exe
    O4 - HKLM\..\Run: [ntvyhuj] C:\WINDOWS\System32\xcgrvmnv\ntvyhuj.exe
    O4 - HKLM\..\Run: [1cd1081d5173] C:\WINDOWS\System32\DDAO3504.exe
    O4 - HKLM\..\Run: [Madaeibv] C:\Program Files\Vixqbdh\Iucmgyj.exe
    O4 - HKLM\..\Run: [2r2pg033] C:\Program Files\2r2pg033\2r2pg033.exe
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [opfgal] C:\WINDOWS\System32\itonrp\opfgal.exe
    O4 - HKLM\..\Run: [fccmx] C:\WINDOWS\System32\dvjsr\fccmx.exe
    O4 - HKLM\..\Run: [nhgbbyap] C:\WINDOWS\System32\uhkfdfni\nhgbbyap.exe
    O4 - HKLM\..\Run: [ycdrka] C:\WINDOWS\System32\mimxeyq\ycdrka.exe
    O4 - HKLM\..\Run: [fnqyvnt] C:\WINDOWS\System32\myne\fnqyvnt.exe
    O4 - HKLM\..\Run: [htkfw] C:\WINDOWS\System32\ctyfpfb\htkfw.exe
    O4 - HKLM\..\Run: [usqtavj] C:\WINDOWS\System32\wpbvri\usqtavj.exe
    O4 - HKLM\..\Run: [yrghfrh] C:\WINDOWS\System32\udnkxeef\yrghfrh.exe
    O4 - HKLM\..\Run: [wptqa] C:\WINDOWS\System32\xiospaeg\wptqa.exe
    O4 - HKLM\..\Run: [ggim] C:\WINDOWS\System32\urpxfsv\ggim.exe
    O4 - HKLM\..\Run: [ctxhwic] C:\WINDOWS\System32\ytvp\ctxhwic.exe
    O4 - HKLM\..\Run: [peqaylee] C:\WINDOWS\System32\nhdegs\peqaylee.exe
    O4 - HKLM\..\Run: [iyrly] C:\WINDOWS\System32\jmoge\iyrly.exe
    O4 - HKLM\..\Run: [epukgcb] C:\WINDOWS\System32\mgpqydl\epukgcb.exe
    O4 - HKLM\..\Run: [tryo] C:\WINDOWS\System32\qosrs\tryo.exe
    O4 - HKLM\..\Run: [vsowwaga] C:\WINDOWS\System32\qwlnm\vsowwaga.exe
    O4 - HKLM\..\Run: [scyp] C:\WINDOWS\System32\arvngqbp\scyp.exe
    O4 - HKLM\..\Run: [jknsrbfl] C:\WINDOWS\System32\qeadm\jknsrbfl.exe
    O4 - HKLM\..\Run: [ewinvo] C:\WINDOWS\System32\crhugjw\ewinvo.exe
    O4 - HKLM\..\Run: [obeip] C:\WINDOWS\System32\enrnah\obeip.exe
    O4 - HKLM\..\Run: [yjrccubg] C:\WINDOWS\System32\emdhbe\yjrccubg.exe
    O4 - HKLM\..\Run: [pydoq] C:\WINDOWS\System32\mbyu\pydoq.exe
    O4 - HKLM\..\Run: [lcyq] C:\WINDOWS\System32\nurtdn\lcyq.exe
    O4 - HKLM\..\Run: [gjvajkfd] C:\WINDOWS\System32\crrfse\gjvajkfd.exe
    O4 - HKLM\..\Run: [tfwkwen] C:\WINDOWS\System32\edcuismd\tfwkwen.exe
    O4 - HKLM\..\Run: [ivum] C:\WINDOWS\System32\rmiompul\ivum.exe
    O4 - HKLM\..\Run: [mlaigbi] C:\WINDOWS\System32\afuvm\mlaigbi.exe
    O4 - HKLM\..\Run: [sjgelanc] C:\WINDOWS\System32\qesjit\sjgelanc.exe
    O4 - HKLM\..\Run: [ffnf] C:\WINDOWS\System32\idwewy\ffnf.exe
    O4 - HKLM\..\Run: [tdcwpy] C:\WINDOWS\System32\ifotei\tdcwpy.exe
    O4 - HKLM\..\Run: [ayqqxg] C:\WINDOWS\System32\bqvcg\ayqqxg.exe
    O4 - HKLM\..\Run: [aeblunwr] C:\WINDOWS\System32\yvatwxio\aeblunwr.exe
    O4 - HKLM\..\Run: [ykusycl] C:\WINDOWS\System32\fyrcja\ykusycl.exe
    O4 - HKLM\..\Run: [jfrfi] C:\WINDOWS\System32\hyrue\jfrfi.exe
    O4 - HKLM\..\Run: [agsr] C:\WINDOWS\System32\kgxwoc\agsr.exe
    O4 - HKLM\..\Run: [cogrgyn] C:\WINDOWS\System32\tott\cogrgyn.exe
    O4 - HKLM\..\Run: [ncliuq] C:\WINDOWS\System32\nytpfpbx\ncliuq.exe
    O4 - HKLM\..\Run: [qxtjhqg] C:\WINDOWS\System32\rxpnklr\qxtjhqg.exe
    O4 - HKLM\..\Run: [caif] C:\WINDOWS\System32\dtphyoei\caif.exe
    O4 - HKLM\..\Run: [cofetvg] C:\WINDOWS\System32\dcro\cofetvg.exe
    O4 - HKLM\..\Run: [xqchhil] C:\WINDOWS\System32\ibvcqf\xqchhil.exe
    O4 - HKLM\..\Run: [fdxvtsn] C:\WINDOWS\System32\kwnr\fdxvtsn.exe
    O4 - HKLM\..\Run: [eofw] C:\WINDOWS\System32\ebhsqd\eofw.exe
    O4 - HKLM\..\Run: [hnvqpn] C:\WINDOWS\System32\kkfrxl\hnvqpn.exe
    O4 - HKLM\..\Run: [uhuh] C:\WINDOWS\System32\xhukhi\uhuh.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKLM\..\Run: [lghkr] C:\WINDOWS\lghkr.exe
    O4 - HKLM\..\Run: [knrpnieg] C:\WINDOWS\System32\ofon\knrpnieg.exe
    O4 - HKLM\..\Run: [csuo] C:\WINDOWS\System32\hukyybpe\csuo.exe
    O4 - HKLM\..\Run: [qnwb] C:\WINDOWS\System32\bofu\qnwb.exe
    O4 - HKLM\..\Run: [ygccgw] C:\WINDOWS\System32\klgaps\ygccgw.exe
    O4 - HKLM\..\Run: [rqqgf] C:\WINDOWS\System32\uumokcso\rqqgf.exe
    O4 - HKLM\..\Run: [bwrbqwd] C:\WINDOWS\System32\qukhnkn\bwrbqwd.exe
    O4 - HKLM\..\Run: [nmfpdi] C:\WINDOWS\System32\popvap\nmfpdi.exe
    O4 - HKLM\..\Run: [dabjx] C:\WINDOWS\System32\eoctdjke\dabjx.exe
    O4 - HKLM\..\Run: [aejbimm] C:\WINDOWS\System32\tlqcfm\aejbimm.exe
    O4 - HKLM\..\Run: [opuv] C:\WINDOWS\System32\brovl\opuv.exe
    O4 - HKLM\..\Run: [osmcpvmf] C:\WINDOWS\System32\kvfewgj\osmcpvmf.exe
    O4 - HKLM\..\Run: [fpiojnw] C:\WINDOWS\System32\xwyugj\fpiojnw.exe
    O4 - HKLM\..\Run: [rvss] C:\WINDOWS\System32\ptafgjew\rvss.exe
    O4 - HKLM\..\Run: [aonre] C:\WINDOWS\System32\sbsgna\aonre.exe
    O4 - HKLM\..\Run: [iugcxsb] C:\WINDOWS\System32\thyccks\iugcxsb.exe
    O4 - HKLM\..\Run: [fplwid] C:\WINDOWS\System32\vfkkpfaw\fplwid.exe
    O4 - HKLM\..\Run: [ylwjoi] C:\WINDOWS\System32\tbrbu\ylwjoi.exe
    O4 - HKLM\..\Run: [eurx] C:\WINDOWS\System32\vnpmb\eurx.exe
    O4 - HKLM\..\Run: [spoumsa] C:\WINDOWS\System32\xxxvffes\spoumsa.exe
    O4 - HKLM\..\Run: [khisboqk] C:\WINDOWS\System32\ptbjmhkn\khisboqk.exe
    O4 - HKLM\..\Run: [bqtqcpi] C:\WINDOWS\System32\ljvyeh\bqtqcpi.exe
    O4 - HKLM\..\Run: [pgff] C:\WINDOWS\System32\oxcjhpv\pgff.exe
    O4 - HKLM\..\Run: [yjol] C:\WINDOWS\System32\lojk\yjol.exe
    O4 - HKLM\..\Run: [qiorfn] C:\WINDOWS\System32\vmdixa\qiorfn.exe
    O4 - HKLM\..\Run: [afiborok] C:\WINDOWS\System32\bmqgth\afiborok.exe
    O4 - HKLM\..\Run: [jyqyfbn] C:\WINDOWS\System32\alif\jyqyfbn.exe
    O4 - HKLM\..\Run: [jcopstnf] C:\WINDOWS\System32\xqst\jcopstnf.exe
    O4 - HKLM\..\Run: [qyun] C:\WINDOWS\System32\hisiw\qyun.exe
    O4 - HKLM\..\Run: [jlor] C:\WINDOWS\System32\qmshlwd\jlor.exe
    O4 - HKLM\..\Run: [haom] C:\WINDOWS\System32\bqafpms\haom.exe
    O4 - HKLM\..\Run: [nmjtgrpi] C:\WINDOWS\System32\pkjac\nmjtgrpi.exe
    O4 - HKLM\..\Run: [ulgwkoh] C:\WINDOWS\System32\nhsgike\ulgwkoh.exe
    O4 - HKLM\..\Run: [rhabhnv] C:\WINDOWS\System32\iftr\rhabhnv.exe
    O4 - HKLM\..\Run: [wtwgiw] C:\WINDOWS\System32\kfigg\wtwgiw.exe
    O4 - HKLM\..\Run: [gcyi] C:\WINDOWS\System32\sojneba\gcyi.exe
    O4 - HKLM\..\Run: [txvrcmeq] C:\WINDOWS\System32\wkjifob\txvrcmeq.exe
    O4 - HKLM\..\Run: [bgsihbt] C:\WINDOWS\System32\sngndmco\bgsihbt.exe
    O4 - HKLM\..\Run: [uluvptoi] C:\WINDOWS\System32\qovt\uluvptoi.exe
    O4 - HKLM\..\Run: [iqfdfge] C:\WINDOWS\System32\wyquocng\iqfdfge.exe
    O4 - HKLM\..\Run: [dvjq] C:\WINDOWS\System32\ogagqi\dvjq.exe
    O4 - HKLM\..\Run: [ohuhrae] C:\WINDOWS\System32\piygpw\ohuhrae.exe
    O4 - HKLM\..\Run: [iwges] C:\WINDOWS\System32\fvyohlg\iwges.exe
    O4 - HKLM\..\Run: [sbrifge] C:\WINDOWS\System32\plrdo\sbrifge.exe
    O4 - HKLM\..\Run: [dfrwmihn] C:\WINDOWS\System32\bdru\dfrwmihn.exe
    O4 - HKLM\..\Run: [lsouy] C:\WINDOWS\System32\rpkrvabm\lsouy.exe
    O4 - HKLM\..\Run: [fhktyho] C:\WINDOWS\System32\tviikmyc\fhktyho.exe
    O4 - HKLM\..\Run: [pdar] C:\WINDOWS\System32\ldnni\pdar.exe
    O4 - HKLM\..\Run: [rubsdt] C:\WINDOWS\System32\ywwla\rubsdt.exe
    O4 - HKLM\..\Run: [hosodqf] C:\WINDOWS\System32\dvagaqyt\hosodqf.exe
    O4 - HKLM\..\Run: [wlbtp] C:\WINDOWS\System32\nbovseab\wlbtp.exe
    O4 - HKLM\..\Run: [ategpj] C:\WINDOWS\System32\wtly\ategpj.exe
    O4 - HKLM\..\Run: [dlcvyd] C:\WINDOWS\System32\bxwjbx\dlcvyd.exe
    O4 - HKLM\..\Run: [ivjf] C:\WINDOWS\System32\uqihidgk\ivjf.exe
    O4 - HKLM\..\Run: [uwnn] C:\WINDOWS\System32\wfdpq\uwnn.exe
    O4 - HKLM\..\Run: [rmgttyrj] C:\WINDOWS\System32\yftem\rmgttyrj.exe
    O4 - HKLM\..\Run: [rwtqj] C:\WINDOWS\System32\vqgcage\rwtqj.exe
    O4 - HKLM\..\Run: [hfiefd] C:\WINDOWS\System32\kvklosf\hfiefd.exe
    O4 - HKLM\..\Run: [sqpa] C:\WINDOWS\System32\ktbl\sqpa.exe
    O4 - HKLM\..\Run: [ehyrh] C:\WINDOWS\System32\abhk\ehyrh.exe
    O4 - HKLM\..\Run: [twgi] C:\WINDOWS\System32\adkqwl\twgi.exe
    O4 - HKLM\..\Run: [ebdiwdmr] C:\WINDOWS\System32\fceym\ebdiwdmr.exe
    O4 - HKLM\..\Run: [xlfs] C:\WINDOWS\System32\lsufegds\xlfs.exe
    O4 - HKLM\..\Run: [lksysrjq] C:\WINDOWS\System32\shelxc\lksysrjq.exe
    O4 - HKLM\..\Run: [oeco] C:\WINDOWS\System32\ovmd\oeco.exe
    O4 - HKLM\..\Run: [hnsmw] C:\WINDOWS\System32\fnmd\hnsmw.exe
    O4 - HKLM\..\Run: [qojd] C:\WINDOWS\System32\rgtyexin\qojd.exe
    O4 - HKLM\..\Run: [ccrxkobj] C:\WINDOWS\System32\uhkqoa\ccrxkobj.exe
    O4 - HKLM\..\Run: [htnxrbx] C:\WINDOWS\System32\gsrdyuu\htnxrbx.exe
    O4 - HKLM\..\Run: [vrygus] C:\WINDOWS\System32\rkwlouow\vrygus.exe
    O4 - HKLM\..\Run: [ohlavta] C:\WINDOWS\System32\vppsmhru\ohlavta.exe
    O4 - HKLM\..\Run: [rhakelp] C:\WINDOWS\System32\aasouvq\rhakelp.exe
    O4 - HKLM\..\Run: [cvvkxgi] C:\WINDOWS\System32\watc\cvvkxgi.exe
    O4 - HKLM\..\Run: [rsdmhm] C:\WINDOWS\System32\dmae\rsdmhm.exe
    O4 - HKLM\..\Run: [sirn] C:\WINDOWS\System32\ytlyfwm\sirn.exe
    O4 - HKLM\..\Run: [ebpg] C:\WINDOWS\System32\byaxacnm\ebpg.exe
    O4 - HKLM\..\Run: [udfnlo] C:\WINDOWS\System32\katsja\udfnlo.exe
    O4 - HKLM\..\Run: [krieioux] C:\WINDOWS\System32\wrmppko\krieioux.exe
    O4 - HKLM\..\Run: [qvaawp] C:\WINDOWS\System32\llopl\qvaawp.exe
    O4 - HKLM\..\Run: [owqqciq] C:\WINDOWS\System32\dqpc\owqqciq.exe
    O4 - HKLM\..\Run: [gxgvtfh] C:\WINDOWS\System32\vkggbk\gxgvtfh.exe
    O4 - HKLM\..\Run: [llsncgfs] C:\WINDOWS\System32\hglrydrs\llsncgfs.exe
    O4 - HKLM\..\Run: [kslgiv] C:\WINDOWS\System32\fodewuiy\kslgiv.exe
    O4 - HKLM\..\Run: [bhohmcd] C:\WINDOWS\System32\scyrypg\bhohmcd.exe
    O4 - HKLM\..\Run: [ifclgbb] C:\WINDOWS\System32\bamkdolo\ifclgbb.exe
    O4 - HKLM\..\Run: [qmgj] C:\WINDOWS\System32\yewjosan\qmgj.exe
    O4 - HKLM\..\Run: [qrerhfsx] C:\WINDOWS\System32\whiil\qrerhfsx.exe
    O4 - HKLM\..\Run: [mqhtecil] C:\WINDOWS\System32\ptfgyf\mqhtecil.exe
     
    chaslang, Mar 25, 2005
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds