Google Answers: Pest ware removal

View Question

Q: Pest ware removal ( Answered, 0 Comments )

Question

Subject: Pest ware removal
Category: Miscellaneous
Asked by: voltron1000-ga
List Price: $15.00

Posted: 08 Dec 2004 22:52 PST
Expires: 07 Jan 2005 22:52 PST
Question ID: 440181

I have a pestware on my computer downloaded from a porn site. i ran
HiJackthis and i have the log file. i just need to know which one is
the pestware and/or which one to keep and which one not to keep

Clarification of Question by voltron1000-ga on 08 Dec 2004 22:53 PST

Here is the list:

Logfile of HijackThis v1.98.2
Scan saved at 9:53:40 PM, on 12/8/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\scagent.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\S3apphk.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\zsxcwiac.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\systime.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\windows\vcpdll.exe
C:\windows\winln.exe
C:\WINDOWS\System32\systime.exe
C:\Documents and Settings\Owner\Application Data\wtta.exe
C:\WINDOWS\System32\?hkdsk.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://srch-us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://srch-us5.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://default-homepage-network.com/start.cgi?hkcu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft.com/fwlink/?LinkId=2839
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Companion BHO -
{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program
Files\ycomp5_1_6_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0DEF33F0-B28F-4CF8-A010-5C957596BA4A} -
C:\WINDOWS\System32\hfglf.dll
O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} -
C:\WINDOWS\System32\htikegm.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} -
C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: sr - {5742F79A-1D91-42c4-990C-B46CF55A6478} - C:\WINDOWS\setfgi.dll
O2 - BHO: (no name) - {9BC9F807-65E9-1967-ED5B-4B761D635096} -
C:\WINDOWS\System32\khwo.dll
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} -
C:\WINDOWS\System32\NDrv.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -
c:\Program Files\Microsoft Money\System\mnyviewer.dll
O2 - BHO: (no name) - {} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -
C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program
Files\ycomp5_1_6_0.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PreloadApp]
c:\hp\drivers\printers\photosmart\hphprld.exe
c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CMPDPSRV]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [StartupCleaner] C:\Program Files\CM Data
Software\CM DiskCleaner\StartupCleaner.exe
O4 - HKLM\..\Run: [Schedule] C:\Program Files\CM Data Software\CM
DiskCleaner\Schedule.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft
Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
O4 - HKLM\..\Run: [udhinwakh] C:\WINDOWS\System32\zsxcwiac.exe
O4 - HKLM\..\Run: [AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [hjdemwp] C:\WINDOWS\System32\pxoraru.exe
O4 - HKLM\..\Run: [palsmqh] C:\WINDOWS\System32\umkgxhf.exe
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program
Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero
Knowledge\Freedom\Freedom.exe
O4 - HKCU\..\Run: [dnpyumu] C:\WINDOWS\System32\givzk.exe k:dnpyumu:
O4 - HKCU\..\Run: [plxpjsuj] C:\WINDOWS\System32\vqjr.exe k:plxpjsuj:
O4 - HKCU\..\Run: [cmsound] c:\windows\vcpdll.exe
O4 - HKCU\..\Run: [winltmpv] c:\windows\winln.exe
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\wtta.exe
O4 - HKCU\..\Run: [Der] C:\WINDOWS\System32\?hkdsk.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program
Files\America Online 9.0\aoltray.exe
O4 - Global Startup: updater.lnk = C:\Program Files\Common
Files\updater\wupdater.exe
O8 - Extra context menu item:  >>> EasyWWW.com -Your Easy Surf Home! -
http://www.easywww.com/
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21}
- c:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: http://*.frame.crazywinnings.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {11111111-1111-1111-1111-111111111157} -
ms-its:mhtml:file://c:\nosuch.mht!http://super-gals.com/scj/rotation/templates/s/x.chm::/ad.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj
Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) -
http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://oldglory.ninesystems.com/AxisCamControl.ocx
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} -
C:\WINDOWS\httpfilter.dll
O18 - Filter: text/plain - {C8328DB4-2E7B-4867-A05C-88CEECF50906} -
C:\WINDOWS\System32\hfglf.dll

Request for Question Clarification by hummer-ga on 09 Dec 2004 04:38 PST

Hi voltron1000,

HijackThis isn't meant to be used as the first line of defense, it is
only used after other programs have cleaned out your system first
(thus making your log alot shorter and easier to read).

Please run the following scans first or follow one of the tutorials
below. If they don't solve your problem, run HijackThis again and post
a new log.

1) Run HouseCall, a very thorough online virus scan:
http://housecall.trendmicro.com/

Download and run the following programs ("check for updates" before scanning):

2) CWShredder:
http://www.spychecker.com/program/coolwebshredder.htmls

3) Adaware
http://lavasoft.element5.com/default.shtml.en

4) SpyBot
http://www.safer-networking.org/en/index.html

Tutorials:

How to: Spyware, Trojan And Virus Removal
http://forums.majorgeeks.com/showthread.ph4un the following four
programs  in the order given.

KRC Anti-Spyware Tutorial
http://www.greyknight17.com/spyware.htm

Good luck,
hummer

Answer

Subject: Re: Pest ware removal
Answered By: livioflores-ga on 09 Dec 2004 10:52 PST

Hi voltron1000!!


According to your log your computer is infected with severals pestwares.

As a first step I suggest you (as hummer-ga did) to use some specific
programs for this tasks:
Remember to disable System Restore if your operating system is Windows Me or XP.

1- Scan your computer for virus or trojans, preferably an online scan
(because the installed antivirus could be hijacked too!!). Try with
the following free services:
"Trend Micro - Free online virus Scan":
http://housecall.trendmicro.com/

GFI - Free online Trojan scanner", an online tool dedicated to detect
trojans in your computer:
http://www.trojanscan.com/

Note: if you want to use your installed antivirus software, connect to
Internet and update the virus definitions.

-----------------------------------------------------------

2- Scan your computer to detect spyware, adware or other type of
badware. To do this you can perform an online scan or run an
antispyware software:

Online spyware scanner:
"PestPAtrol's free online spyware scanner":
http://www.pestscan.com/ScanOrTrial.asp

Anti Spyware software:
"Ad-aware" from Lavasoft: (freeware)
http://lavasoft.element5.com/software/adaware/

"SpyBot Search and Destroy": (freeware)
http://www.safer-networking.org/index.php?page=spybotsd

---------------------------------------------------------

3- When the two first steps are accomplished please reboot your
computer and run HijackThis and check o fix if still present the
following items:

Note: You can skip the first two steps, but it is not a suggested way
to remove the pests.

Running Processes:
C:\WINDOWS\System32\zsxcwiac.exe
C:\WINDOWS\System32\systime.exe
C:\windows\vcpdll.exe
C:\windows\winln.exe
C:\Documents and Settings\Owner\Application Data\wtta.exe
C:\WINDOWS\System32\?hkdsk.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://srch-us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://srch-us5.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://default-homepage-network.com/start.cgi?hkcu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: Yahoo! Companion BHO -
{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program
Files\ycomp5_1_6_0.dll (file missing)
O2 - BHO: (no name) - {0DEF33F0-B28F-4CF8-A010-5C957596BA4A} -
C:\WINDOWS\System32\hfglf.dll
O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} -
C:\WINDOWS\System32\htikegm.dll
O2 - BHO: sr - {5742F79A-1D91-42c4-990C-B46CF55A6478} - C:\WINDOWS\setfgi.dll
O2 - BHO: (no name) - {9BC9F807-65E9-1967-ED5B-4B761D635096} -
C:\WINDOWS\System32\khwo.dll
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} -
C:\WINDOWS\System32\NDrv.dll (file missing)
O2 - BHO: (no name) - {} - (no file)

O4 - HKLM\..\Run: [udhinwakh] C:\WINDOWS\System32\zsxcwiac.exe
O4 - HKLM\..\Run: [hjdemwp] C:\WINDOWS\System32\pxoraru.exe
O4 - HKLM\..\Run: [palsmqh] C:\WINDOWS\System32\umkgxhf.exe
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKCU\..\Run: [dnpyumu] C:\WINDOWS\System32\givzk.exe k:dnpyumu:
O4 - HKCU\..\Run: [plxpjsuj] C:\WINDOWS\System32\vqjr.exe k:plxpjsuj:
O4 - HKCU\..\Run: [cmsound] c:\windows\vcpdll.exe
O4 - HKCU\..\Run: [winltmpv] c:\windows\winln.exe
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\wtta.exe
O4 - HKCU\..\Run: [Der] C:\WINDOWS\System32\?hkdsk.exe

O8 - Extra context menu item:  >>> EasyWWW.com -Your Easy Surf Home! -
http://www.easywww.com/

O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: http://*.frame.crazywinnings.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com

O16 - DPF: {11111111-1111-1111-1111-111111111157} -
ms-its:mhtml:file://c:\nosuch.mht!http://super-gals.com/scj/rotation/templates/s/x.chm::/ad.exe
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) -
http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://oldglory.ninesystems.com/AxisCamControl.ocx


IMPORTANT NOTE:
When you fix these types of entries with HijackThis, HijackThis will
attempt to the delete the offending file listed. There are times that
the file may be in use even if Internet Explorer is shut down. If the
file still exists after you fix it with HijackThis, it is recommended
that you reboot into safe mode and delete the offending file.

After fix all these items, if still present in your computer, delete the files:
C:\WINDOWS\System32\zsxcwiac.exe
C:\WINDOWS\System32\systime.exe
C:\windows\vcpdll.exe
C:\windows\winln.exe
C:\Documents and Settings\Owner\Application Data\wtta.exe
C:\WINDOWS\System32\?hkdsk.exe
C:\WINDOWS\System32\pxoraru.exe
C:\WINDOWS\System32\umkgxhf.exe
C:\WINDOWS\System32\givzk.exe
C:\WINDOWS\System32\vqjr.exe 
C:\WINDOWS\System32\hfglf.dll
C:\WINDOWS\System32\htikegm.dll
C:\WINDOWS\setfgi.dll
C:\WINDOWS\System32\khwo.dll

----------------------------------------------------------

The following pages gives you some background and additional (and
useful) info related to the pests that must be removed from your
computer:

"Tech Support Forum - ?HKDSK.EXE Help!?":
http://www.techsupportforum.com/archive/index.php/t-18604.html


"Remove Conducent TimeSink, removal instructions" (vcpdll.dll):
http://www.2-spyware.com/remove-conducent-timesink.html


"Sophos virus analysis: Troj/Dloader-VN" (winln.exe & setfgi.dll):
See Description tab.
http://www.sophos.com/virusinfo/analyses/trojdloadervn.html


"Remove http://213.159.117.134/index.php hijacker":
http://www.bleepingcomputer.com/forums/index.php?s=70950d76c44d0b74b12e3fc7d3d5e33c&showtopic=3373&st=0&#entry23207


"Can anyone tell me what this file does zsxcwiac.exe and how do I get
rid of it???":
http://forums.devshed.com/t194264/s.html

----------------------------------------------------------

"HijackThis Tutorial":
Please take a look at this page.
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42

-----------------------------------------------------------

I hope that this helps you. Please use the clarification feature
before rate this answer if you need further assistance. I will gladly
respond all your requests for a clarification until you feel satisfied
with the answer.


Best regards.
livioflores-ga

Comments

There are no comments at this time.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.

Search Google Answers for

Google Home - Answers FAQ - Terms of Service - Privacy Policy