Administrative controls taken over, internet connection issues, and pop ups.

This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.


Thread Starter
Sep 21, 2008
I don't use any spyware protection on my computer simply because I've never had many problems with computers before, but I've been recently letting people use my computer while away at work. Wednesday when I got home my computer has been infected with something from an outside program that was downloaded but I'm not sure where from.

First off, there are pop ups everywhere, and they usually have to do with notifications of spyware infection and telling me to download whatever protection, these come up every 30 seconds or so though, and there are variations of them.

Many of my administrative controls seem to be taken away (on my administrative account) including the task manager. Icons for porn and other strange things are randomly appearing on my desktop and returning when I delete them. To top it all off, my internet is acting very faulty and tends to only load a page when I've refreshed over and over again.

I've downloaded SpyBot, as suggested by a friend, to try and get rid of my infection and it deletes all but a few files. Unfortunately nothing is fixed when i reboot my computer. One of the files SpyBot fails to delete is a folder called privacy_danger.

I use a Dell Dimension 4500 running Windows XP Home SP3.

Logfile is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:25 PM, on 9/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Documents and Settings\All Users\Application Data\hytubyxq\zytelity.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\MicroAV\MicroAV.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O1 - Hosts:
O2 - BHO: C:\WINDOWS\system32\gjm86akm34.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\gjm86akm34.dll
O3 - Toolbar: fqbewlna - {F63CB648-B3AB-4001-A96B-324CE8B2F52C} - C:\WINDOWS\fqbewlna.dll (file missing)
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\M7MNWLW3\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [d49559cc] rundll32.exe "C:\WINDOWS\system32\hqmweadh.dll",b
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ksjf93orkekfniw73nfdd] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlogen.exe
O4 - HKLM\..\Run: [Cpl32ver] C:\WINDOWS\System32\Cpl32ver.exe
O4 - HKLM\..\Run: [\YURDB.exe] C:\Windows\system32\YURDB.exe
O4 - HKLM\..\Run: [\YURDC.exe] C:\Windows\system32\YURDC.exe
O4 - HKLM\..\Run: [\YURDD.exe] C:\Windows\system32\YURDD.exe
O4 - HKLM\..\Run: [\YURE1.exe] C:\Windows\system32\YURE1.exe
O4 - HKLM\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKLM\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKLM\..\Run: [\YUR5.exe] C:\Windows\system32\YUR5.exe
O4 - HKLM\..\Run: [\YUR6.exe] C:\Windows\system32\YUR6.exe
O4 - HKLM\..\Run: [\YUR8.exe] C:\Windows\system32\YUR8.exe
O4 - HKLM\..\Run: [\YUR1E.exe] C:\Windows\system32\YUR1E.exe
O4 - HKLM\..\Run: [\YUR1F.exe] C:\Windows\system32\YUR1F.exe
O4 - HKLM\..\Run: [\YUR20.exe] C:\Windows\system32\YUR20.exe
O4 - HKLM\..\Run: [\YUR21.exe] C:\Windows\system32\YUR21.exe
O4 - HKLM\..\Run: [\YUR53.exe] C:\Windows\system32\YUR53.exe
O4 - HKLM\..\Run: [\YUR54.exe] C:\Windows\system32\YUR54.exe
O4 - HKLM\..\Run: [\YUR55.exe] C:\Windows\system32\YUR55.exe
O4 - HKLM\..\Run: [\YUR56.exe] C:\Windows\system32\YUR56.exe
O4 - HKLM\..\Run: [\YUR5A.exe] C:\Windows\system32\YUR5A.exe
O4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKLM\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKLM\..\Run: [lphc5ncj0ea0a] C:\WINDOWS\system32\lphc5ncj0ea0a.exe
O4 - HKLM\..\Run: [inrhc1ncj0ea0a] C:\WINDOWS\Temp\.tt15.tmp.exe /CR=34015803198DE9F11EE8495C41DD2D887E4BDF374233F39A82B7392F6C6B2974E2C1626380365A934D90237542FEAFF7318BE3ED5D17AA577B13FFFEE4786FC79E7AA58728EAD3ADF49F7862C462F4B6FCE6EC
O4 - HKLM\..\Run: [SMrhc1ncj0ea0a] C:\Program Files\rhc1ncj0ea0a\rhc1ncj0ea0a.exe
O4 - HKLM\..\Run: [\YUR1A.exe] C:\Windows\system32\YUR1A.exe
O4 - HKLM\..\Run: [\YUR1B.exe] C:\Windows\system32\YUR1B.exe
O4 - HKLM\..\Run: [\YUR30.exe] C:\Windows\system32\YUR30.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKLM\..\Run: [\YUR31.exe] C:\Windows\system32\YUR31.exe
O4 - HKLM\..\Run: [\YUR38.exe] C:\Windows\system32\YUR38.exe
O4 - HKLM\..\Run: [\YUR3A.exe] C:\Windows\system32\YUR3A.exe
O4 - HKLM\..\Run: [\YUR5E.exe] C:\Windows\system32\YUR5E.exe
O4 - HKLM\..\Run: [\YUR5D.exe] C:\Windows\system32\YUR5D.exe
O4 - HKLM\..\Run: [\YUR5F.exe] C:\Windows\system32\YUR5F.exe
O4 - HKLM\..\Run: [\YUR60.exe] C:\Windows\system32\YUR60.exe
O4 - HKLM\..\Run: [\YUR64.exe] C:\Windows\system32\YUR64.exe
O4 - HKLM\..\Run: [\YURC.exe] C:\Windows\system32\YURC.exe
O4 - HKLM\..\Run: [\YURD.exe] C:\Windows\system32\YURD.exe
O4 - HKLM\..\Run: [\YURE.exe] C:\Windows\system32\YURE.exe
O4 - HKLM\..\Run: [\YUR10.exe] C:\Windows\system32\YUR10.exe
O4 - HKLM\..\Run: [\YUR19.exe] C:\Windows\system32\YUR19.exe
O4 - HKLM\..\Run: [\YURF.exe] C:\Windows\system32\YURF.exe
O4 - HKCU\..\Run: [ksjf93orkekfniw73nfdd] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlogen.exe
O4 - HKCU\..\Run: [\YUR5E.exe] C:\Windows\system32\YUR5E.exe
O4 - HKCU\..\Run: [\YUR5D.exe] C:\Windows\system32\YUR5D.exe
O4 - HKCU\..\Run: [\YUR5F.exe] C:\Windows\system32\YUR5F.exe
O4 - HKCU\..\Run: [\YUR60.exe] C:\Windows\system32\YUR60.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Dave\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [ActSrvCmd] C:\WINDOWS\system32\lkxslitc.exe
O4 - HKCU\..\Run: [\YUR64.exe] C:\Windows\system32\YUR64.exe
O4 - HKCU\..\Run: [\YURC.exe] C:\Windows\system32\YURC.exe
O4 - HKCU\..\Run: [\YURD.exe] C:\Windows\system32\YURD.exe
O4 - HKCU\..\Run: [\YURE.exe] C:\Windows\system32\YURE.exe
O4 - HKCU\..\Run: [\YUR10.exe] C:\Windows\system32\YUR10.exe
O4 - HKCU\..\Run: [\YUR19.exe] C:\Windows\system32\YUR19.exe
O4 - HKCU\..\Run: [\YURF.exe] C:\Windows\system32\YURF.exe
O4 - HKLM\..\Policies\Explorer\Run: [kjuaUD8j1A] C:\Documents and Settings\All Users\Application Data\hytubyxq\zytelity.exe
O4 - HKUS\S-1-5-18\..\Run: [Jnskdfmf9eldfd] C:\WINDOWS\TEMP\csrssc.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Jnskdfmf9eldfd] C:\WINDOWS\TEMP\csrssc.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} -
O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} -
O16 - DPF: {A97B2058-825A-4B18-93CE-1483855578D1} -
O20 - Winlogon Notify: 10 - C:\WINDOWS\system32\10.tmp (file missing)
O20 - Winlogon Notify: efcYSJaW - efcYSJaW.dll (file missing)
O20 - Winlogon Notify: iifgHwuu - iifgHwuu.dll (file missing)
O20 - Winlogon Notify: imod3 - C:\WINDOWS\SYSTEM32\imod3.dll
O20 - Winlogon Notify: ouvtmk - C:\WINDOWS\SYSTEM32\ouvtmk.dll
O21 - SSODL: genutil - {6AF517FA-FCCC-CF95-697F-06F3DF06BAFE} - C:\Program Files\gtfadkd\genutil.dll
O21 - SSODL: dtseqrxk - {2A769463-5DB3-4E7D-A821-A7DA554E57D2} - C:\WINDOWS\dtseqrxk.dll (file missing)
O21 - SSODL: mgxfebsq - {5D8E6063-44C9-4A49-B1CA-8ED2C1CB3569} - C:\WINDOWS\mgxfebsq.dll (file missing)
O21 - SSODL: CmdActProc - {6E78581F-1262-E907-14D8-081606BF4CB4} - C:\Program Files\wfjzqdd\CmdActProc.dll
O22 - SharedTaskScheduler: lksdfj98w3rmsekfnaui3rgfdgf - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\gjm86akm34.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Windows Network Data Management System Service (BNDMSS) - Unknown owner - C:\WINDOWS\system32\bndmss.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Windows Server IP Verification Service (LSIVS) - Unknown owner - C:\WINDOWS\system32\lsivs.exe
O23 - Service: Remote Procedure Manager(TPM) (RPCM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Speech\csvde.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

End of file - 10989 bytes
Help would be very much appreciated.

This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online