Unkowns in logfile

I downloaded all of the programs and went through all of the steps you listed, and I even used HijackThis to get rid of a lot of things that weren't supposed to be there, but there is still a lot of unknown junk that I need help with, such as oyiwkk.exe and so on. I would appreciate it if you could take a look at my logfile for me. Thanks!

 

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Here is my attatched logfile. Thanks!

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Viewpoint

WeatherBug

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presar io&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pres ario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=sam2110&key=8d21c37c40de7c3c15d7abea8c 89b93a&ts=41015158&A=0&B=1089615600000&C=1089615600000&D=0&I=6.0B5&N=PL&O=A
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O4 - HKLM\..\Run: [jbpcnb] C:\WINDOWS\System32\oyiwkk.exe
O4 - HKLM\..\Run: [mdrdxy] C:\WINDOWS\System32\qzojwi.exe
O4 - HKLM\..\Run: [mcxyx] C:\WINDOWS\System32\kecxdf.exe
O4 - HKLM\..\Run: [bzlvwc] C:\WINDOWS\System32\suglhee.exe
O4 - HKLM\..\Run: [oqphd] C:\WINDOWS\System32\doleh.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [stsqjt] C:\WINDOWS\System32\cgrxqys.exe
O4 - HKLM\..\Run: [ygbkvl] C:\WINDOWS\System32\nawqrq.exe
O4 - HKLM\..\Run: [ucra] C:\WINDOWS\System32\ucra.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ickas] C:\WINDOWS\System32\fooeqj.exe k:ickas:
O4 - HKCU\..\Run: [mbkc] C:\WINDOWS\System32\skyisuh.exe k:mbkc:
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\iyrlok.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\Viewpoint ←–– Delete this whole folder if it exist!

C:\Program Files\AWS ←–– Delete this whole folder if it exist!

C:\WINDOWS\System32\oyiwkk.exe

C:\WINDOWS\System32\qzojwi.exe

C:\WINDOWS\System32\kecxdf.exe

C:\WINDOWS\System32\suglhee.exe

C:\WINDOWS\System32\doleh.exe

C:\WINDOWS\System32\cgrxqys.exe

C:\WINDOWS\System32\nawqrq.exe

C:\WINDOWS\System32\ucra.exe

C:\WINDOWS\System32\fooeqj.exe

C:\WINDOWS\System32\skyisuh.exe

C:\WINDOWS\System32\iyrlok.exe

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

New logfile

Ok, I did everything you told me to. Just for your information, HijackThis did not find:
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
or
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

Also, when I was deleting things in Safe Mode, the only ones I found to delete were the Viewpoint and AWS files, and ucra.exe. S&D fixed WildTangent.

Anyway, here is my new logfile, thanks!

 

Scan with HijackThis and Check the Boxes for the following:

O4 - HKLM\..\Run: [ucra] C:\WINDOWS\System32\ucra.exe

Make sure All Browser Windows are Closed when you Click FIX.


Now reboot into Safe Mode and delete the file below. After you have completed this post, reboot into normal mode and post a fresh HJT log.

C:\WINDOWS\System32\ucra.exe

 

Here is my logfile. ucra.exe is gone now, though I only had to have HJT fix it again as it was not in the System32 folder since I had already deleted it. Hope everything looks good now!

 

Your HJT log is clean, if your not having any further problems you must surf in to windows updates and get updated. You need to install Service Pack 2 and all critical updates.

You should also see this article on How to Protect yourself from malware!

 

Thanks, now it looks like I will have to call my ISP because my internet is still way too slow. Anyway, thanks for helping me get rid of all that garbage!

 

Your Welcome!