Need Major Help With Hijack This Log :(

[litlemiss]

Here is my hijack log I was gone for a week and come home to my computer slammed with popups spyware ect Any one help me.I have attached the file..Thanks all for taking the time reading this again hijack posted below... :hotbounce

 

[howard_hopkinso]

Hello and welcome to Techspot.

Go HERE and follow the instructions very carefully.

I suggest that you print them out.

Regards Howard :wave: :wave:

 

[RealBlackStuff]

First of all, go stand in the corner, with your face to the wall!
Shame on you for not having any anti-virus software installed!
Go to www.grisoft.com and get the free AVG7. Install it, update it, then run a FULL scan. You'll be surprised!

Your Hijackthis is outdated (see also my post that Howard mentioned).

You should at least install XP/SP1 (Service Pack 1).
If you want to go for SP2, you don't need to install SP1 first.
Make a proper backup, and take a System restore point before you install SP1 or SP2.

Do your homework first, using the link that Howard advised, then post a fresh log from the new HJT (after an AntiVirus installation, do NOT get anything Norton/Symantec).

 

[litlemiss]

here is new hjt log

 

[RealBlackStuff]

Quick work!

Boot in Safe Mode
Switch off System Restore

Press ctrl/alt/del and in Taskmanager try to STOP these processes:
AUserInit.exe
LiveUpdate.exe
fqsmel.exe
hpdll.exe
wsxsvc.exe
d3hf.exe
iyuecab.exe
llli.exe
itspsspc.exe
sysmonnt

Next, run Hijackthis STANDALONE and let it 'fix' (if still there):

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\AUserInit.exe
O2 - BHO: (no name) - {F699BDDF-79E1-9C92-0589-185405AFF04E} - (no file)
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [fqsmel] c:\windows\system32\fqsmel.exe
O4 - HKLM\..\Run: [HPNT] C:\Program Files\hpdll\hpdll.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [d3hf.exe] C:\WINDOWS\system32\d3hf.exe
O4 - HKLM\..\Run: [s77O36V] iyuecab.exe
O4 - HKCU\..\Run: [Potb] C:\Documents and Settings\Nora\Application Data\llli.exe
O4 - HKCU\..\Run: [dwoERWZ4g] itspsspc.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O15 --->>> You do NOT trust ANYbody EVER <<<---
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.1.0.39/aces/aces-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-6.0.4.37/backgammon/backgammon-ob-assets.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-6.0.4.37/canasta/canasta-ob-assets.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105253340962

When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.

Delete all files/directories from: C:\Documents and Settings\Nora\Local Settings\Temp
Delete your temp. internet files and cookies.

Run Spybot S&D again and let it 'immunise' your PC, takes only a few seconds.

In future, switch off your PC when you go away for a day or longer.

Now think about your XP SP1 or SP2. SP1 is a MUST.