I have been having problems for a while now, but managed to keep the pop ups to a minimum with a combinated effort of Microsoft's Antispyware, AdAware, and Spybot.

About two days ago the problems multiplied and after repeated scans they remained there.

The computer is to the point where it will not stay started for more than 15-20 seconds after the login window loads up.

I've tried to use the windows xp pro cd I have to wipe and redo the computer, but the cd is a copy of my parents version (800 miles away), and I have been unsuccessful.

When I actually get logged into windows I get a rundll error every time with a different .dll file being the culprit.

Here is the log from HijackThis, would greatly appreciate any advice on what to redo.

Logfile of HijackThis v1.99.1
Scan saved at 9:05:41 PM, on 8/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Scott\Desktop\HijackThis.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
N4 - Mozilla: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\default\6hh9r1sq.slt\prefs.j s)
N4 - Mozilla: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\default\6hh9r1sq.slt\prefs.j s)
O4 - HKLM\..\Run: [zzGBK] D:\setup.exe
O4 - HKLM\..\Run: [fbceic] C:\WINDOWS\System32\fbceic.exe
O4 - HKLM\..\Run: [mwhrgc] C:\WINDOWS\System32\mwhrgc.exe
O4 - HKLM\..\Run: [rxbajks] C:\WINDOWS\System32\ynacufnp\rxbajks.exe
O4 - HKLM\..\Run: [fjpg] C:\WINDOWS\System32\gbyg\fjpg.exe
O4 - HKLM\..\Run: [tkxif] C:\WINDOWS\System32\dnthbd\tkxif.exe
O4 - HKLM\..\Run: [veusqc] C:\WINDOWS\System32\veusqc.exe
O4 - HKLM\..\Run: [ozwdzc] C:\WINDOWS\System32\ozwdzc.exe
O4 - HKLM\..\Run: [doppau] C:\WINDOWS\System32\nunxj\doppau.exe
O4 - HKLM\..\Run: [BxwLc.exe] C:\windows\system32\BxwLc.exe
O4 - HKLM\..\Run: [pohf] C:\WINDOWS\System32\ipdsv\pohf.exe
O4 - HKLM\..\Run: [nmsyvwg] C:\WINDOWS\System32\rqxdnh\nmsyvwg.exe
O4 - HKLM\..\Run: [bybchu] C:\WINDOWS\System32\rcmhg\bybchu.exe
O4 - HKLM\..\Run: [cuty] C:\WINDOWS\System32\dntmv\cuty.exe
O4 - HKLM\..\Run: [aiqb] C:\WINDOWS\System32\shwoc\aiqb.exe
O4 - HKLM\..\Run: [ikqp] C:\WINDOWS\System32\mbbxsbt\ikqp.exe
O4 - HKLM\..\Run: [monmepw] C:\WINDOWS\System32\bugpj\monmepw.exe
O4 - HKLM\..\Run: [lviw] C:\WINDOWS\System32\nuyuk\lviw.exe
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [avnwxxj] C:\WINDOWS\System32\ahkxa\avnwxxj.exe
O4 - HKLM\..\Run: [ysbdhvs] C:\WINDOWS\System32\tflpfplf\ysbdhvs.exe
O4 - HKLM\..\Run: [gyim] C:\WINDOWS\System32\diojjtyl\gyim.exe
O4 - HKLM\..\Run: [etobjyr] C:\WINDOWS\System32\ahyfl\etobjyr.exe
O4 - HKLM\..\Run: [hyemivo] C:\WINDOWS\System32\ljnrhsv\hyemivo.exe
O4 - HKLM\..\Run: [kbhrvjbm] C:\WINDOWS\System32\gfyqccu\kbhrvjbm.exe
O4 - HKLM\..\Run: [urtwcda] C:\WINDOWS\System32\hqnngva\urtwcda.exe
O4 - HKLM\..\Run: [ajlsshk] C:\WINDOWS\System32\mmqqaepp\ajlsshk.exe
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [vpfaxsq] C:\WINDOWS\System32\wavgw\vpfaxsq.exe
O4 - HKLM\..\Run: [ykaqeuwi] C:\WINDOWS\System32\nrjnha\ykaqeuwi.exe
O4 - HKLM\..\Run: [svihkdwn] C:\WINDOWS\System32\bnyxuur\svihkdwn.exe
O4 - HKLM\..\Run: [atiq] C:\WINDOWS\System32\mtfmw\atiq.exe
O4 - HKLM\..\Run: [ndcbvf] C:\WINDOWS\System32\juhrm\ndcbvf.exe
O4 - HKLM\..\Run: [fpupkn] C:\WINDOWS\System32\nrvagtp\fpupkn.exe
O4 - HKLM\..\Run: [rjwrytnt] C:\WINDOWS\System32\qjlb\rjwrytnt.exe
O4 - HKLM\..\Run: [aggypc] C:\WINDOWS\System32\ssrms\aggypc.exe
O4 - HKLM\..\Run: [olkugkmn] C:\WINDOWS\System32\cehbcx\olkugkmn.exe
O4 - HKLM\..\Run: [wewipwr] C:\WINDOWS\System32\wqfti\wewipwr.exe
O4 - HKLM\..\Run: [iigpdsy] C:\WINDOWS\System32\tpyqme\iigpdsy.exe
O4 - HKLM\..\Run: [enjumnt] C:\WINDOWS\System32\frbtsw\enjumnt.exe
O4 - HKLM\..\Run: [wmmdxiq] C:\WINDOWS\System32\osfonr\wmmdxiq.exe
O4 - HKLM\..\Run: [vhjaw] C:\WINDOWS\System32\gubwc\vhjaw.exe
O4 - HKLM\..\Run: [nifng] C:\WINDOWS\System32\popqurkh\nifng.exe
O4 - HKLM\..\Run: [suroq] C:\WINDOWS\System32\jtqxfe\suroq.exe
O4 - HKLM\..\Run: [dvnc] C:\WINDOWS\System32\xbbhty\dvnc.exe
O4 - HKLM\..\Run: [khkch] C:\WINDOWS\System32\vvixbs\khkch.exe
O4 - HKLM\..\Run: [ohqh] C:\WINDOWS\System32\golas\ohqh.exe
O4 - HKLM\..\Run: [udmf] C:\WINDOWS\System32\oqmiveon\udmf.exe
O4 - HKLM\..\Run: [hboxcdg] C:\WINDOWS\System32\akjy\hboxcdg.exe
O4 - HKLM\..\Run: [veae] C:\WINDOWS\System32\xgcbm\veae.exe
O4 - HKLM\..\Run: [pisj] C:\WINDOWS\System32\bvbgf\pisj.exe
O4 - HKLM\..\Run: [pvthffa] C:\WINDOWS\System32\lqlb\pvthffa.exe
O4 - HKLM\..\Run: [sdeenra] C:\WINDOWS\System32\mkwda\sdeenra.exe
O4 - HKLM\..\Run: [hvku] C:\WINDOWS\System32\syib\hvku.exe
O4 - HKLM\..\Run: [ntwmemq] C:\WINDOWS\System32\ahvw\ntwmemq.exe
O4 - HKLM\..\Run: [aicbrriv] C:\WINDOWS\System32\viicty\aicbrriv.exe
O4 - HKLM\..\Run: [bnuvso] C:\WINDOWS\System32\evbdvjfs\bnuvso.exe
O4 - HKLM\..\Run: [rucrkgqt] C:\WINDOWS\System32\onjppg\rucrkgqt.exe
O4 - HKLM\..\Run: [tnmrhlwj] C:\WINDOWS\System32\oaamiypa\tnmrhlwj.exe
O4 - HKLM\..\Run: [urdw] C:\WINDOWS\System32\jtuf\urdw.exe
O4 - HKLM\..\Run: [chdqetyu] C:\WINDOWS\System32\ingyyvi\chdqetyu.exe
O4 - HKLM\..\Run: [tberjnj] C:\WINDOWS\System32\cgvcev\tberjnj.exe
O4 - HKLM\..\Run: [swnr] C:\WINDOWS\System32\garc\swnr.exe
O4 - HKLM\..\Run: [csilcrn] C:\WINDOWS\System32\hqjjj\csilcrn.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Urca] C:\Program Files\surc\corh.exe
O4 - HKCU\..\Run: [Rmm] C:\WINDOWS\System32\??pPatch\nslookup.exe
O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-611111193457} - file://c:\wx.cab
O16 - DPF: {11111111-1111-1111-1111-611111193458} - file://c:\wx.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4B084DC4-6A64-11D9-AAC8-91EC5E497716} - http://www.ouchvideo.com/mmviewer_htm10.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {539DA0E0-74A7-11D9-9669-0800200C9A66} - http://www.ouchvideo.com/mmviewer_ic13.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105025576828
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/de/games3.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {FDCC1518-6A63-11D9-AAC8-91EC5E497716} - http://www.ouchvideo.com/mmviewer_emg11.cab
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\ndth.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: ajlsshkmmqqaepp - Unknown owner - C:\WINDOWS\System32\mmqqaepp\ajlsshk.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2NvdHQA\command.exe
O23 - Service: hyemivoljnrhsv - Unknown owner - C:\WINDOWS\System32\ljnrhsv\hyemivo.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: sqkiawsiqfvs - Unknown owner - C:\WINDOWS\System32\awsiqfvs\sqki.exe
O23 - Service: tberjnjcgvcev - Unknown owner - C:\WINDOWS\System32\cgvcev\tberjnj.exe
O23 - Service: ykaqeuwinrjnha - Unknown owner - C:\WINDOWS\System32\nrjnha\ykaqeuwi.exe

:-) Hi Korh,

Welcome to PCHF, I am sure that we will be able to help you. Let me take a quick look at your Hijack This log and I will get right back to you.

TTFN

T

Howdy and welcome.. Dont mean to *** anyone but would ya do this as of first..


Before using Hijack This Can you please do this for me:


Show hidden files and folders:


For XP:

1.On the Tools menu in Windows Explorer, click Folder Options.
2.Click the View tab.
3.Under Hidden files and folders, click Show hidden files and folders.
4.If you see a warning message, click Yes.
5.Click Apply.
6.Click OK.





Then disable system restore to prevent re-infection.
(if you have/use it.)
(you can turn it back on when youre pc is clean).


How to disable system restore:

WinXP.

Click the Start button.
Right-click My Computer, and then click Properties.
On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.





And then do some pre-work clean up

Please download cleanup in my signature and run it... It will ask you to log off.. go ahead..

Then

Please download ewido Security Suite[list] [*]Install ewido security suite [*]When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu." [*]Launch ewido, there should be a big "E" icon on your desktop, double-click it. [*]The program will prompt you to update click the "OK" button [*]The program will now go to the main screen

You will need to update ewido to the latest definition files.
[*]On the left hand side of the main screen click update [*]Click on Start

The update will start and a progress bar will show the updates being installed.? After the updates are installed, exit ewido.

Once the updates are installed do the following:
[*]If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
[*]Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Then, run ewido.
[*]Close all open windows/programs/folders.? Have nothing else open while ewido performs its scan!
[*]Click on scanner [*]Click on Settings

• Under "How to scan" all boxes should be selected
• Under "Possibly unwanted software" all boxes should be selected
• Under "What to scan" select scan every file
• Click OK

[*]Click on Complete system scan [*]Let the program scan the machine
[*]If ewido finds anything, it will pop up a notification.? NOTE:? We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one.? If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, AOL, pcAnywhere and the game "Risk" have been flagged.? In particular, watch for alerts that have the word "Heuristic" in them - if you recognize the file name as "friendly," these may actually be false positives) select "none" as the action.? DO NOT check "Perform action with all infections."? If you are unsure of an entry, select "none" for the time being.? I'll see that in the log you will post later and let you know if ewido needs to be run again.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
[*]Click Save report [*]Save the report to your desktop [*]Exit ewido
Adn post your Ewido log back here please.

I know it seems like alot but having a copied XP cd is not going to help you as it was not made for your pc...So this is the only way out..

@Hengis...Thanks forgot to edit it out after I wrote the post..

Ok, did all those things.

Here is the Ewido log, I edited it to make it postable, it had 20,000+ lines about Aksoft stuff, so I removed all but one line of that, which is at the top, so that you could see what it was.? It just went through every letter of the alphabet on several levels.

Going to put an updated HijackThis log after the Ewido one.

I attempted logging into windows normally and it still kicked me within 30 seconds and gave a random rundll error.

Attached Files

Log.txt (60.5 KB, 0 views)

Hya Korh , i think a part of the Ewido and the HJT log got cut off of youre post. Can you repost them and upload them as a txt file please?

Tried to post the unedited version of the Ewido log, but it was 2.8 MB. In the process the computer has restarted it self while in safe mode. Here is the edited version of the Ewido Log.

And here is the HijackThis log.

Attached Files

hijackthis.txt (8.3 KB, 1 views)