Help - Search - Members - Calendar
Full Version: WARNING: YOUR IN DANGER (wont go away)
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
enjoi598
Mar 24 2005, 02:32 AM
Hello. I have this WARNING YOUR IN DANGER pop up covering up my whole screen, iv done everything, loads of programs, uninstalled so much, and wont go away. Its red adn black.

Here is my Log FIle!

Logfile of HijackThis v1.99.1
Scan saved at 9:30:19 PM, on 3/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\System32\ntddetect.exe
C:\WINDOWS\System32\Iqf.exe
C:\Documents and Settings\Ryan Y\Application Data\orwa.exe
C:\WINDOWS\System32\??xplore.exe
C:\Documents and Settings\Ryan Y\Start Menu\Programs\Startup\netdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Ryan Y\My Documents\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKLM\..\Run: [Vhg] C:\WINDOWS\System32\Iqf.exe
O4 - HKLM\..\Run: [Gns] C:\WINDOWS\System32\Vho.exe
O4 - HKLM\..\Run: [Isb] C:\WINDOWS\System32\Qli.exe
O4 - HKLM\..\Run: [Omg] C:\WINDOWS\System32\Mrf.exe
O4 - HKLM\..\Run: [Ate] C:\WINDOWS\System32\Jjo.exe
O4 - HKLM\..\Run: [Fpv] C:\WINDOWS\System32\Ics.exe
O4 - HKLM\..\Run: [Bvq] C:\WINDOWS\System32\Juh.exe
O4 - HKLM\..\Run: [Kig] C:\WINDOWS\System32\Prt.exe
O4 - HKLM\..\Run: [Uiv] C:\WINDOWS\System32\Abh.exe
O4 - HKLM\..\Run: [Lou] C:\WINDOWS\System32\Kqh.exe
O4 - HKLM\..\Run: [Dde] C:\WINDOWS\System32\Eqb.exe
O4 - HKLM\..\Run: [Rvu] C:\WINDOWS\System32\Msf.exe
O4 - HKLM\..\Run: [Sum] C:\WINDOWS\System32\Hjs.exe
O4 - HKLM\..\Run: [Tfv] C:\WINDOWS\System32\Dgu.exe
O4 - HKLM\..\Run: [Uph] C:\WINDOWS\System32\Oni.exe
O4 - HKLM\..\Run: [Gqn] C:\WINDOWS\Hum.exe
O4 - HKLM\..\Run: [Dtj] C:\WINDOWS\Qfp.exe
O4 - HKLM\..\Run: [Gch] C:\WINDOWS\System32\Dqi.exe
O4 - HKLM\..\Run: [Cct] C:\WINDOWS\Hpg.exe
O4 - HKLM\..\Run: [Uuk] C:\WINDOWS\Cml.exe
O4 - HKLM\..\Run: [Psv] C:\WINDOWS\Oel.exe
O4 - HKLM\..\Run: [Jkg] C:\WINDOWS\System32\Sce.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Hau] C:\WINDOWS\System32\Htd.exe
O4 - HKLM\..\Run: [Ufv] C:\WINDOWS\Dnq.exe
O4 - HKLM\..\Run: [Bvh] C:\WINDOWS\System32\Vkg.exe
O4 - HKLM\..\Run: [Gna] C:\WINDOWS\System32\Fha.exe
O4 - HKLM\..\Run: [Phu] C:\WINDOWS\Nek.exe
O4 - HKLM\..\Run: [Tlp] C:\WINDOWS\System32\Dqh.exe
O4 - HKLM\..\Run: [Nbn] C:\WINDOWS\System32\Gsk.exe
O4 - HKLM\..\Run: [Jfo] C:\WINDOWS\Gcm.exe
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [Aawe] C:\Documents and Settings\Ryan Y\Application Data\orwa.exe
O4 - HKCU\..\Run: [Ikdkdkw] C:\WINDOWS\System32\??xplore.exe
O4 - HKCU\..\Run: [Tvi] C:\WINDOWS\System32\Erj.exe
O4 - HKCU\..\Run: [Pit] C:\WINDOWS\System32\Leq.exe
O4 - HKCU\..\Run: [Sns] C:\WINDOWS\System32\Mbt.exe
O4 - HKCU\..\Run: [Tfr] C:\WINDOWS\System32\Ggf.exe
O4 - HKCU\..\Run: [Tct] C:\WINDOWS\System32\Kkv.exe
O4 - HKCU\..\Run: [Bai] C:\WINDOWS\System32\Urt.exe
O4 - HKCU\..\Run: [Gvo] C:\WINDOWS\System32\Doc.exe
O4 - HKCU\..\Run: [Ubu] C:\WINDOWS\System32\Dpc.exe
O4 - HKCU\..\Run: [Lek] C:\WINDOWS\System32\Lhk.exe
O4 - HKCU\..\Run: [Ids] C:\WINDOWS\System32\Geo.exe
O4 - HKCU\..\Run: [Glf] C:\WINDOWS\System32\Fhf.exe
O4 - HKCU\..\Run: [Dre] C:\WINDOWS\System32\Ilk.exe
O4 - HKCU\..\Run: [Oma] C:\WINDOWS\System32\Dug.exe
O4 - HKCU\..\Run: [Rac] C:\WINDOWS\System32\Hbt.exe
O4 - HKCU\..\Run: [Pmc] C:\WINDOWS\System32\Nre.exe
O4 - HKCU\..\Run: [Dqt] C:\WINDOWS\System32\Lui.exe
O4 - HKCU\..\Run: [Bqi] C:\WINDOWS\System32\Snc.exe
O4 - HKCU\..\Run: [Dhf] C:\WINDOWS\System32\Dju.exe
O4 - HKCU\..\Run: [Gsf] C:\WINDOWS\System32\Pkg.exe
O4 - HKCU\..\Run: [Amd] C:\WINDOWS\System32\Pda.exe
O4 - HKCU\..\Run: [Mgs] C:\WINDOWS\System32\Phc.exe
O4 - HKCU\..\Run: [Avu] C:\WINDOWS\System32\Cde.exe
O4 - HKCU\..\Run: [Dcq] C:\WINDOWS\System32\Eev.exe
O4 - HKCU\..\Run: [Qjp] C:\WINDOWS\System32\Jcn.exe
O4 - HKCU\..\Run: [Qro] C:\WINDOWS\System32\Eto.exe
O4 - HKCU\..\Run: [Qoj] C:\WINDOWS\System32\Eoh.exe
O4 - HKCU\..\Run: [Lsu] C:\WINDOWS\System32\Orv.exe
O4 - HKCU\..\Run: [Sbj] C:\WINDOWS\System32\Ivj.exe
O4 - HKCU\..\Run: [Env] C:\WINDOWS\System32\Dub.exe
O4 - HKCU\..\Run: [Sub] C:\WINDOWS\System32\Opa.exe
O4 - HKCU\..\Run: [Vgq] C:\WINDOWS\System32\Jkc.exe
O4 - HKCU\..\Run: [Gsp] C:\WINDOWS\System32\Qek.exe
O4 - HKCU\..\Run: [Snq] C:\WINDOWS\System32\Qlp.exe
O4 - HKCU\..\Run: [Rvh] C:\WINDOWS\System32\Fmg.exe
O4 - HKCU\..\Run: [Tfl] C:\WINDOWS\System32\Rea.exe
O4 - HKCU\..\Run: [Jfv] C:\WINDOWS\System32\Aul.exe
O4 - HKCU\..\Run: [Add] C:\WINDOWS\System32\Okt.exe
O4 - HKCU\..\Run: [Udl] C:\WINDOWS\System32\Enn.exe
O4 - HKCU\..\Run: [Vhg] C:\WINDOWS\System32\Iqf.exe
O4 - HKCU\..\Run: [Gns] C:\WINDOWS\System32\Vho.exe
O4 - HKCU\..\Run: [Isb] C:\WINDOWS\System32\Qli.exe
O4 - HKCU\..\Run: [Omg] C:\WINDOWS\System32\Mrf.exe
O4 - HKCU\..\Run: [Ate] C:\WINDOWS\System32\Jjo.exe
O4 - HKCU\..\Run: [Fpv] C:\WINDOWS\System32\Ics.exe
O4 - HKCU\..\Run: [Bvq] C:\WINDOWS\System32\Juh.exe
O4 - HKCU\..\Run: [Kig] C:\WINDOWS\System32\Prt.exe
O4 - HKCU\..\Run: [Uiv] C:\WINDOWS\System32\Abh.exe
O4 - HKCU\..\Run: [Rvu] C:\WINDOWS\System32\Msf.exe
O4 - HKCU\..\Run: [Sum] C:\WINDOWS\System32\Hjs.exe
O4 - HKCU\..\Run: [Tfv] C:\WINDOWS\System32\Dgu.exe
O4 - HKCU\..\Run: [Uph] C:\WINDOWS\System32\Oni.exe
O4 - HKCU\..\Run: [Gqn] C:\WINDOWS\Hum.exe
O4 - HKCU\..\Run: [Dtj] C:\WINDOWS\Qfp.exe
O4 - HKCU\..\Run: [Gch] C:\WINDOWS\System32\Dqi.exe
O4 - HKCU\..\Run: [Cct] C:\WINDOWS\Hpg.exe
O4 - HKCU\..\Run: [Uuk] C:\WINDOWS\Cml.exe
O4 - HKCU\..\Run: [Psv] C:\WINDOWS\Oel.exe
O4 - HKCU\..\Run: [Jkg] C:\WINDOWS\System32\Sce.exe
O4 - HKCU\..\Run: [Hau] C:\WINDOWS\System32\Htd.exe
O4 - HKCU\..\Run: [Ufv] C:\WINDOWS\Dnq.exe
O4 - HKCU\..\Run: [Bvh] C:\WINDOWS\System32\Vkg.exe
O4 - HKCU\..\Run: [Gna] C:\WINDOWS\System32\Fha.exe
O4 - HKCU\..\Run: [Phu] C:\WINDOWS\Nek.exe
O4 - HKCU\..\Run: [Tlp] C:\WINDOWS\System32\Dqh.exe
O4 - HKCU\..\Run: [Nbn] C:\WINDOWS\System32\Gsk.exe
O4 - HKCU\..\Run: [Jfo] C:\WINDOWS\Gcm.exe
O4 - Startup: netdb.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O15 - Trusted Zone: *.streamload.com
O15 - Trusted Zone: *.tl81.com
O15 - Trusted Zone: *.tl81.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...od/install.html
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.3dgroove.com/download/GrooveAX.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/UCSearch.CAB
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.streamload.com/Upload/XUpload.ocx
O20 - Winlogon Notify: draw32 - C:\WINDOWS\SYSTEM32\draw32.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll (file missing)





PLEASE HELP ME! IM AIM WONT WORK! MY MUSIC WONT! MY INTERNET KEEPS CRASHING!

Image edit: cropped to fit by CalamityJane
LoPhatPhuud
Mar 24 2005, 04:11 AM
First:
Lecture time. You are lucky you can even logon! No AV, no other protection and a ton of junk. I imagine a lot more is hiding. My suggestion, to save us both time, is that you reformat, re-install and go from there.

If you are bent on trying to repair this, then the first step follows. Understand that if this is as bad as I believe it may be, I will stop trying to clean it and leave you to reformat and re-install Windows..

That said, here is the first step.


Second:
Before we begin, please be sure that HiJackThis is in its own folder. This will allow us to use backups to restore entries if necessary. Please do not put HiJackThis in a temporary folder, or on the Desktop. I suggest using 'C:\Program Files\Hijackthis\' or C:\HiJackThis\, but any name you choose is fine.

Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT

Check the following items in HijackThis.
(note: If any R* items do not appear in Safe Mode, re-run HiJackThis in Normal Mode and remove them after you finish removing these items.)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://db105.com:81/cgi-bin/index.cgi?c=0
R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe

O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKLM\..\Run: [Vhg] C:\WINDOWS\System32\Iqf.exe
O4 - HKLM\..\Run: [Gns] C:\WINDOWS\System32\Vho.exe
O4 - HKLM\..\Run: [Isb] C:\WINDOWS\System32\Qli.exe
O4 - HKLM\..\Run: [Omg] C:\WINDOWS\System32\Mrf.exe
O4 - HKLM\..\Run: [Ate] C:\WINDOWS\System32\Jjo.exe
O4 - HKLM\..\Run: [Fpv] C:\WINDOWS\System32\Ics.exe
O4 - HKLM\..\Run: [Bvq] C:\WINDOWS\System32\Juh.exe
O4 - HKLM\..\Run: [Kig] C:\WINDOWS\System32\Prt.exe
O4 - HKLM\..\Run: [Uiv] C:\WINDOWS\System32\Abh.exe
O4 - HKLM\..\Run: [Lou] C:\WINDOWS\System32\Kqh.exe
O4 - HKLM\..\Run: [Dde] C:\WINDOWS\System32\Eqb.exe
O4 - HKLM\..\Run: [Rvu] C:\WINDOWS\System32\Msf.exe
O4 - HKLM\..\Run: [Sum] C:\WINDOWS\System32\Hjs.exe
O4 - HKLM\..\Run: [Tfv] C:\WINDOWS\System32\Dgu.exe
O4 - HKLM\..\Run: [Uph] C:\WINDOWS\System32\Oni.exe
O4 - HKLM\..\Run: [Gqn] C:\WINDOWS\Hum.exe
O4 - HKLM\..\Run: [Dtj] C:\WINDOWS\Qfp.exe
O4 - HKLM\..\Run: [Gch] C:\WINDOWS\System32\Dqi.exe
O4 - HKLM\..\Run: [Cct] C:\WINDOWS\Hpg.exe
O4 - HKLM\..\Run: [Uuk] C:\WINDOWS\Cml.exe
O4 - HKLM\..\Run: [Psv] C:\WINDOWS\Oel.exe
O4 - HKLM\..\Run: [Jkg] C:\WINDOWS\System32\Sce.exe
O4 - HKLM\..\Run: [Hau] C:\WINDOWS\System32\Htd.exe
O4 - HKLM\..\Run: [Ufv] C:\WINDOWS\Dnq.exe
O4 - HKLM\..\Run: [Bvh] C:\WINDOWS\System32\Vkg.exe
O4 - HKLM\..\Run: [Gna] C:\WINDOWS\System32\Fha.exe
O4 - HKLM\..\Run: [Phu] C:\WINDOWS\Nek.exe
O4 - HKLM\..\Run: [Tlp] C:\WINDOWS\System32\Dqh.exe
O4 - HKLM\..\Run: [Nbn] C:\WINDOWS\System32\Gsk.exe
O4 - HKLM\..\Run: [Jfo] C:\WINDOWS\Gcm.exe
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [Aawe] C:\Documents and Settings\Ryan Y\Application Data\orwa.exe
O4 - HKCU\..\Run: [Ikdkdkw] C:\WINDOWS\System32\??xplore.exe
O4 - HKCU\..\Run: [Tvi] C:\WINDOWS\System32\Erj.exe
O4 - HKCU\..\Run: [Pit] C:\WINDOWS\System32\Leq.exe
O4 - HKCU\..\Run: [Sns] C:\WINDOWS\System32\Mbt.exe
O4 - HKCU\..\Run: [Tfr] C:\WINDOWS\System32\Ggf.exe
O4 - HKCU\..\Run: [Tct] C:\WINDOWS\System32\Kkv.exe
O4 - HKCU\..\Run: [Bai] C:\WINDOWS\System32\Urt.exe
O4 - HKCU\..\Run: [Gvo] C:\WINDOWS\System32\Doc.exe
O4 - HKCU\..\Run: [Ubu] C:\WINDOWS\System32\Dpc.exe
O4 - HKCU\..\Run: [Lek] C:\WINDOWS\System32\Lhk.exe
O4 - HKCU\..\Run: [Ids] C:\WINDOWS\System32\Geo.exe
O4 - HKCU\..\Run: [Glf] C:\WINDOWS\System32\Fhf.exe
O4 - HKCU\..\Run: [Dre] C:\WINDOWS\System32\Ilk.exe
O4 - HKCU\..\Run: [Oma] C:\WINDOWS\System32\Dug.exe
O4 - HKCU\..\Run: [Rac] C:\WINDOWS\System32\Hbt.exe
O4 - HKCU\..\Run: [Pmc] C:\WINDOWS\System32\Nre.exe
O4 - HKCU\..\Run: [Dqt] C:\WINDOWS\System32\Lui.exe
O4 - HKCU\..\Run: [Bqi] C:\WINDOWS\System32\Snc.exe
O4 - HKCU\..\Run: [Dhf] C:\WINDOWS\System32\Dju.exe
O4 - HKCU\..\Run: [Gsf] C:\WINDOWS\System32\Pkg.exe
O4 - HKCU\..\Run: [Amd] C:\WINDOWS\System32\Pda.exe
O4 - HKCU\..\Run: [Mgs] C:\WINDOWS\System32\Phc.exe
O4 - HKCU\..\Run: [Avu] C:\WINDOWS\System32\Cde.exe
O4 - HKCU\..\Run: [Dcq] C:\WINDOWS\System32\Eev.exe
O4 - HKCU\..\Run: [Qjp] C:\WINDOWS\System32\Jcn.exe
O4 - HKCU\..\Run: [Qro] C:\WINDOWS\System32\Eto.exe
O4 - HKCU\..\Run: [Qoj] C:\WINDOWS\System32\Eoh.exe
O4 - HKCU\..\Run: [Lsu] C:\WINDOWS\System32\Orv.exe
O4 - HKCU\..\Run: [Sbj] C:\WINDOWS\System32\Ivj.exe
O4 - HKCU\..\Run: [Env] C:\WINDOWS\System32\Dub.exe
O4 - HKCU\..\Run: [Sub] C:\WINDOWS\System32\Opa.exe
O4 - HKCU\..\Run: [Vgq] C:\WINDOWS\System32\Jkc.exe
O4 - HKCU\..\Run: [Gsp] C:\WINDOWS\System32\Qek.exe
O4 - HKCU\..\Run: [Snq] C:\WINDOWS\System32\Qlp.exe
O4 - HKCU\..\Run: [Rvh] C:\WINDOWS\System32\Fmg.exe
O4 - HKCU\..\Run: [Tfl] C:\WINDOWS\System32\Rea.exe
O4 - HKCU\..\Run: [Jfv] C:\WINDOWS\System32\Aul.exe
O4 - HKCU\..\Run: [Add] C:\WINDOWS\System32\Okt.exe
O4 - HKCU\..\Run: [Udl] C:\WINDOWS\System32\Enn.exe
O4 - HKCU\..\Run: [Vhg] C:\WINDOWS\System32\Iqf.exe
O4 - HKCU\..\Run: [Gns] C:\WINDOWS\System32\Vho.exe
O4 - HKCU\..\Run: [Isb] C:\WINDOWS\System32\Qli.exe
O4 - HKCU\..\Run: [Omg] C:\WINDOWS\System32\Mrf.exe
O4 - HKCU\..\Run: [Ate] C:\WINDOWS\System32\Jjo.exe
O4 - HKCU\..\Run: [Fpv] C:\WINDOWS\System32\Ics.exe
O4 - HKCU\..\Run: [Bvq] C:\WINDOWS\System32\Juh.exe
O4 - HKCU\..\Run: [Kig] C:\WINDOWS\System32\Prt.exe
O4 - HKCU\..\Run: [Uiv] C:\WINDOWS\System32\Abh.exe
O4 - HKCU\..\Run: [Rvu] C:\WINDOWS\System32\Msf.exe
O4 - HKCU\..\Run: [Sum] C:\WINDOWS\System32\Hjs.exe
O4 - HKCU\..\Run: [Tfv] C:\WINDOWS\System32\Dgu.exe
O4 - HKCU\..\Run: [Uph] C:\WINDOWS\System32\Oni.exe
O4 - HKCU\..\Run: [Gqn] C:\WINDOWS\Hum.exe
O4 - HKCU\..\Run: [Dtj] C:\WINDOWS\Qfp.exe
O4 - HKCU\..\Run: [Gch] C:\WINDOWS\System32\Dqi.exe
O4 - HKCU\..\Run: [Cct] C:\WINDOWS\Hpg.exe
O4 - HKCU\..\Run: [Uuk] C:\WINDOWS\Cml.exe
O4 - HKCU\..\Run: [Psv] C:\WINDOWS\Oel.exe
O4 - HKCU\..\Run: [Jkg] C:\WINDOWS\System32\Sce.exe
O4 - HKCU\..\Run: [Hau] C:\WINDOWS\System32\Htd.exe
O4 - HKCU\..\Run: [Ufv] C:\WINDOWS\Dnq.exe
O4 - HKCU\..\Run: [Bvh] C:\WINDOWS\System32\Vkg.exe
O4 - HKCU\..\Run: [Gna] C:\WINDOWS\System32\Fha.exe
O4 - HKCU\..\Run: [Phu] C:\WINDOWS\Nek.exe
O4 - HKCU\..\Run: [Tlp] C:\WINDOWS\System32\Dqh.exe
O4 - HKCU\..\Run: [Nbn] C:\WINDOWS\System32\Gsk.exe
O4 - HKCU\..\Run: [Jfo] C:\WINDOWS\Gcm.exe
O4 - Startup: netdb.exe

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O15 - Trusted Zone: *.streamload.com
O15 - Trusted Zone: *.tl81.com
O15 - Trusted Zone: *.tl81.com (HKLM)
O15 - Trusted IP range: 67.19.178.84

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...od/install.html
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/UCSearch.CAB
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.streamload.com/Upload/XUpload.ocx

O20 - Winlogon Notify: draw32 - C:\WINDOWS\SYSTEM32\draw32.dll

Close all windows except HijackThis and click Fix checked.

While still in Safe Mode*, delete the following: (you may need to show hidden files**)
(Files specified without a full path will be lcoated in C:\Windows\ or C:\Windows\System32\)
C:\WINDOWS\System32\ntddetect.exe
C:\WINDOWS\System32\Iqf.exe
C:\WINDOWS\System32\Vho.exe
C:\WINDOWS\System32\Qli.exe
C:\WINDOWS\System32\Mrf.exe
C:\WINDOWS\System32\Jjo.exe
C:\WINDOWS\System32\Ics.exe
C:\WINDOWS\System32\Juh.exe
C:\WINDOWS\System32\Prt.exe
C:\WINDOWS\System32\Abh.exe
C:\WINDOWS\System32\Kqh.exe
C:\WINDOWS\System32\Eqb.exe
C:\WINDOWS\System32\Msf.exe
C:\WINDOWS\System32\Hjs.exe
C:\WINDOWS\System32\Dgu.exe
C:\WINDOWS\System32\Oni.exe
C:\WINDOWS\Hum.exe
C:\WINDOWS\Qfp.exe
C:\WINDOWS\System32\Dqi.exe
C:\WINDOWS\Hpg.exe
C:\WINDOWS\Cml.exe
C:\WINDOWS\Oel.exe
C:\WINDOWS\System32\Sce.exe
C:\WINDOWS\System32\Htd.exe
C:\WINDOWS\Dnq.exe
C:\WINDOWS\System32\Vkg.exe
C:\WINDOWS\System32\Fha.exe
C:\WINDOWS\Nek.exe
C:\WINDOWS\System32\Dqh.exe
C:\WINDOWS\System32\Gsk.exe
C:\WINDOWS\Gcm.exe
C:\Documents and Settings\Ryan Y\Application Data\orwa.exe
C:\WINDOWS\System32\??xplore.exe
C:\WINDOWS\System32\Erj.exe
C:\WINDOWS\System32\Leq.exe
C:\WINDOWS\System32\Mbt.exe
C:\WINDOWS\System32\Ggf.exe
C:\WINDOWS\System32\Kkv.exe
C:\WINDOWS\System32\Urt.exe
C:\WINDOWS\System32\Doc.exe
C:\WINDOWS\System32\Dpc.exe
C:\WINDOWS\System32\Lhk.exe
C:\WINDOWS\System32\Geo.exe
C:\WINDOWS\System32\Fhf.exe
C:\WINDOWS\System32\Ilk.exe
C:\WINDOWS\System32\Dug.exe
C:\WINDOWS\System32\Hbt.exe
C:\WINDOWS\System32\Nre.exe
C:\WINDOWS\System32\Lui.exe
C:\WINDOWS\System32\Snc.exe
C:\WINDOWS\System32\Dju.exe
C:\WINDOWS\System32\Pkg.exe
C:\WINDOWS\System32\Pda.exe
C:\WINDOWS\System32\Phc.exe
C:\WINDOWS\System32\Cde.exe
C:\WINDOWS\System32\Eev.exe
C:\WINDOWS\System32\Jcn.exe
C:\WINDOWS\System32\Eto.exe
C:\WINDOWS\System32\Eoh.exe
C:\WINDOWS\System32\Orv.exe
C:\WINDOWS\System32\Ivj.exe
C:\WINDOWS\System32\Dub.exe
C:\WINDOWS\System32\Opa.exe
C:\WINDOWS\System32\Jkc.exe
C:\WINDOWS\System32\Qek.exe
C:\WINDOWS\System32\Qlp.exe
C:\WINDOWS\System32\Fmg.exe
C:\WINDOWS\System32\Rea.exe
C:\WINDOWS\System32\Aul.exe
C:\WINDOWS\System32\Okt.exe
C:\WINDOWS\System32\Enn.exe
C:\WINDOWS\System32\Iqf.exe
C:\WINDOWS\System32\Vho.exe
C:\WINDOWS\System32\Qli.exe
C:\WINDOWS\System32\Mrf.exe
C:\WINDOWS\System32\Jjo.exe
C:\WINDOWS\System32\Ics.exe
C:\WINDOWS\System32\Juh.exe
C:\WINDOWS\System32\Prt.exe
C:\WINDOWS\System32\Abh.exe
C:\WINDOWS\System32\Msf.exe
C:\WINDOWS\System32\Hjs.exe
C:\WINDOWS\System32\Dgu.exe
C:\WINDOWS\System32\Oni.exe
C:\WINDOWS\Hum.exe
C:\WINDOWS\Qfp.exe
C:\WINDOWS\System32\Dqi.exe
C:\WINDOWS\Hpg.exe
C:\WINDOWS\Cml.exe
C:\WINDOWS\Oel.exe
C:\WINDOWS\System32\Sce.exe
C:\WINDOWS\System32\Htd.exe
C:\WINDOWS\Dnq.exe
C:\WINDOWS\System32\Vkg.exe
C:\WINDOWS\System32\Fha.exe
C:\WINDOWS\Nek.exe
C:\WINDOWS\System32\Dqh.exe
C:\WINDOWS\System32\Gsk.exe
C:\WINDOWS\Gcm.exe
netdb.exe

*How to Boot into Safe mode: http://service1.symantec.com/SUPPORT/tsgen...001052409420406
**Show Hidden and System files and folders: http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

Reboot in normal mode

Run HiJackThis again and post a new log in this thread.


THen:
Would you please use HiJackThis to produces startup list and post it here:
1. From HJT main screen, click 'Config' button
2. Click 'Misc Tools' button
3. Under 'Generate StartupList Log' button, check both boxes
4. Click 'Generate StartupList Log' button
5. Click 'Yes' in the next dialog
6. Save the log and post a copy in this thread.
enjoi598
Mar 24 2005, 07:12 PM
i have a ton of important stuff, i saved that all, but i hav SO many music files i dont wanna lose, will them be deleted in the process?
enjoi598
Mar 25 2005, 12:42 AM
HERES mY log now




Logfile of HijackThis v1.99.1
Scan saved at 7:40:41 PM, on 3/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\System32\Nbq.exe
C:\Documents and Settings\Ryan Y\Start Menu\Programs\Startup\netdb.exe
C:\WINDOWS\System32\Services\{FB4883F9-1021-42F4-AD12-90650D749CB6}\SVCHOST.EXE
C:\Documents and Settings\Ryan Y\My Documents\HijackThis.exe

F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Tqq] C:\WINDOWS\System32\Nbq.exe
O4 - HKLM\..\Run: [Ojn] C:\WINDOWS\Okm.exe
O4 - HKLM\..\Run: [Nas] C:\WINDOWS\Svl.exe
O4 - HKLM\..\Run: [Qen] C:\WINDOWS\Fqe.exe
O4 - HKLM\..\Run: [Ivp] C:\WINDOWS\System32\Bcg.exe
O4 - HKLM\..\Run: [Dle] C:\WINDOWS\System32\Svj.exe
O4 - HKLM\..\Run: [Hts] C:\WINDOWS\System32\Ake.exe
O4 - HKLM\..\Run: [Ore] C:\WINDOWS\Cih.exe
O4 - HKLM\..\Run: [Fjk] C:\WINDOWS\System32\Egf.exe
O4 - HKLM\..\Run: [Dvb] C:\WINDOWS\System32\Cvn.exe
O4 - HKLM\..\Run: [Dge] C:\WINDOWS\System32\Cre.exe
O4 - HKLM\..\Run: [Cgf] C:\WINDOWS\System32\Rhc.exe
O4 - HKLM\..\Run: [Plr] C:\WINDOWS\Iph.exe
O4 - HKLM\..\Run: [Obc] C:\WINDOWS\System32\Bfs.exe
O4 - HKLM\..\Run: [Bsp] C:\WINDOWS\System32\Tee.exe
O4 - HKLM\..\Run: [Mho] C:\WINDOWS\Jru.exe
O4 - HKLM\..\Run: [Vjo] C:\WINDOWS\System32\Luf.exe
O4 - HKLM\..\Run: [Gcq] C:\WINDOWS\Eon.exe
O4 - HKLM\..\Run: [Hjo] C:\WINDOWS\Aic.exe
O4 - HKLM\..\Run: [Esv] C:\WINDOWS\System32\Kek.exe
O4 - HKLM\..\Run: [San] C:\WINDOWS\Bmk.exe
O4 - HKLM\..\Run: [Vut] C:\WINDOWS\Hcc.exe
O4 - HKLM\..\Run: [Fjf] C:\WINDOWS\System32\Cbu.exe
O4 - HKLM\..\Run: [Hhe] C:\WINDOWS\Bha.exe
O4 - HKLM\..\Run: [Uju] C:\WINDOWS\System32\Tkr.exe
O4 - HKLM\..\Run: [Cnf] C:\WINDOWS\System32\Ntr.exe
O4 - HKLM\..\Run: [Fov] C:\WINDOWS\Qif.exe
O4 - HKLM\..\Run: [Vpm] C:\WINDOWS\Iok.exe
O4 - HKLM\..\Run: [Rcb] C:\WINDOWS\System32\Dgg.exe
O4 - HKLM\..\Run: [Alo] C:\WINDOWS\System32\Nml.exe
O4 - HKLM\..\Run: [Rdm] C:\WINDOWS\System32\Bqo.exe
O4 - HKLM\..\Run: [Tjg] C:\WINDOWS\Pja.exe
O4 - HKLM\..\Run: [Krg] C:\WINDOWS\System32\Qse.exe
O4 - HKLM\..\Run: [Iej] C:\WINDOWS\System32\Ume.exe
O4 - HKLM\..\Run: [Tsq] C:\WINDOWS\System32\Ejn.exe
O4 - HKLM\..\Run: [Bue] C:\WINDOWS\System32\Rlp.exe
O4 - HKLM\..\Run: [Pgr] C:\WINDOWS\Acl.exe
O4 - HKLM\..\Run: [Iio] C:\WINDOWS\System32\Cft.exe
O4 - HKLM\..\Run: [Jve] C:\WINDOWS\System32\Kbo.exe
O4 - HKLM\..\Run: [Him] C:\WINDOWS\System32\Mdj.exe
O4 - HKLM\..\Run: [Obu] C:\WINDOWS\System32\Tpt.exe
O4 - HKLM\..\Run: [Lsn] C:\WINDOWS\Rvm.exe
O4 - HKLM\..\Run: [Rql] C:\WINDOWS\Trj.exe
O4 - HKLM\..\Run: [Dqp] C:\WINDOWS\Caf.exe
O4 - HKLM\..\Run: [Qnk] C:\WINDOWS\Joi.exe
O4 - HKLM\..\Run: [Vfi] C:\WINDOWS\Qps.exe
O4 - HKLM\..\Run: [Bda] C:\WINDOWS\System32\Dkd.exe
O4 - HKLM\..\Run: [Vnj] C:\WINDOWS\Mbd.exe
O4 - HKLM\..\Run: [Uvi] C:\WINDOWS\System32\Oqg.exe
O4 - HKLM\..\Run: [Eiq] C:\WINDOWS\System32\Dfl.exe
O4 - HKLM\..\Run: [Pmf] C:\WINDOWS\Dmf.exe
O4 - HKLM\..\Run: [Mli] C:\WINDOWS\Ijf.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{FB4883F9-1021-42F4-AD12-90650D749CB6}\SVCHOST.EXE
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [Tqq] C:\WINDOWS\System32\Nbq.exe
O4 - HKCU\..\Run: [Ojn] C:\WINDOWS\Okm.exe
O4 - HKCU\..\Run: [Nas] C:\WINDOWS\Svl.exe
O4 - HKCU\..\Run: [Qen] C:\WINDOWS\Fqe.exe
O4 - HKCU\..\Run: [Ivp] C:\WINDOWS\System32\Bcg.exe
O4 - HKCU\..\Run: [Dle] C:\WINDOWS\System32\Svj.exe
O4 - HKCU\..\Run: [Hts] C:\WINDOWS\System32\Ake.exe
O4 - HKCU\..\Run: [Ore] C:\WINDOWS\Cih.exe
O4 - HKCU\..\Run: [Fjk] C:\WINDOWS\System32\Egf.exe
O4 - HKCU\..\Run: [Dvb] C:\WINDOWS\System32\Cvn.exe
O4 - HKCU\..\Run: [Dge] C:\WINDOWS\System32\Cre.exe
O4 - HKCU\..\Run: [Cgf] C:\WINDOWS\System32\Rhc.exe
O4 - HKCU\..\Run: [Plr] C:\WINDOWS\Iph.exe
O4 - HKCU\..\Run: [Obc] C:\WINDOWS\System32\Bfs.exe
O4 - HKCU\..\Run: [Bsp] C:\WINDOWS\System32\Tee.exe
O4 - HKCU\..\Run: [Mho] C:\WINDOWS\Jru.exe
O4 - HKCU\..\Run: [Vjo] C:\WINDOWS\System32\Luf.exe
O4 - HKCU\..\Run: [Gcq] C:\WINDOWS\Eon.exe
O4 - HKCU\..\Run: [Hjo] C:\WINDOWS\Aic.exe
O4 - HKCU\..\Run: [Esv] C:\WINDOWS\System32\Kek.exe
O4 - HKCU\..\Run: [San] C:\WINDOWS\Bmk.exe
O4 - HKCU\..\Run: [Vut] C:\WINDOWS\Hcc.exe
O4 - HKCU\..\Run: [Fjf] C:\WINDOWS\System32\Cbu.exe
O4 - HKCU\..\Run: [Hhe] C:\WINDOWS\Bha.exe
O4 - HKCU\..\Run: [Uju] C:\WINDOWS\System32\Tkr.exe
O4 - HKCU\..\Run: [Cnf] C:\WINDOWS\System32\Ntr.exe
O4 - HKCU\..\Run: [Fov] C:\WINDOWS\Qif.exe
O4 - HKCU\..\Run: [Vpm] C:\WINDOWS\Iok.exe
O4 - HKCU\..\Run: [Rcb] C:\WINDOWS\System32\Dgg.exe
O4 - HKCU\..\Run: [Alo] C:\WINDOWS\System32\Nml.exe
O4 - HKCU\..\Run: [Rdm] C:\WINDOWS\System32\Bqo.exe
O4 - HKCU\..\Run: [Tjg] C:\WINDOWS\Pja.exe
O4 - HKCU\..\Run: [Krg] C:\WINDOWS\System32\Qse.exe
O4 - HKCU\..\Run: [Iej] C:\WINDOWS\System32\Ume.exe
O4 - HKCU\..\Run: [Tsq] C:\WINDOWS\System32\Ejn.exe
O4 - HKCU\..\Run: [Bue] C:\WINDOWS\System32\Rlp.exe
O4 - HKCU\..\Run: [Pgr] C:\WINDOWS\Acl.exe
O4 - HKCU\..\Run: [Iio] C:\WINDOWS\System32\Cft.exe
O4 - HKCU\..\Run: [Jve] C:\WINDOWS\System32\Kbo.exe
O4 - HKCU\..\Run: [Him] C:\WINDOWS\System32\Mdj.exe
O4 - HKCU\..\Run: [Obu] C:\WINDOWS\System32\Tpt.exe
O4 - HKCU\..\Run: [Lsn] C:\WINDOWS\Rvm.exe
O4 - HKCU\..\Run: [Rql] C:\WINDOWS\Trj.exe
O4 - HKCU\..\Run: [Dqp] C:\WINDOWS\Caf.exe
O4 - HKCU\..\Run: [Qnk] C:\WINDOWS\Joi.exe
O4 - HKCU\..\Run: [Vfi] C:\WINDOWS\Qps.exe
O4 - HKCU\..\Run: [Bda] C:\WINDOWS\System32\Dkd.exe
O4 - HKCU\..\Run: [Vnj] C:\WINDOWS\Mbd.exe
O4 - HKCU\..\Run: [Uvi] C:\WINDOWS\System32\Oqg.exe
O4 - HKCU\..\Run: [Eiq] C:\WINDOWS\System32\Dfl.exe
O4 - HKCU\..\Run: [Pmf] C:\WINDOWS\Dmf.exe
O4 - HKCU\..\Run: [Mli] C:\WINDOWS\Ijf.exe
O4 - Startup: netdb.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.3dgroove.com/download/GrooveAX.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O20 - Winlogon Notify: draw32 - C:\WINDOWS\SYSTEM32\draw32.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll (file missing)
LoPhatPhuud
Mar 25 2005, 01:09 AM
I am going to pass on this log. Rerformat and re-install Windows and yes, when you reformat everytihng goes. Consider it the price of not having an AntiVIrus program. Both AVG and Avast offer excellent free products that offer real time coverage.

When you re-install, that shold be the first thing you install. In fact, download it now so you install after you reformat but before you go online.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.