This is possibly whose hijacking you, unless your ISP is in Russia:
PeterHost.Ru
Alexander Chernov
Prof. Popova str. 37 B
197376 Saint-Petersburg
RUSSIAN FEDERATION
phone: +78123477743
fax-no: +78123341222
-----------------------------------------------------------------------------------------------
: Download and Run FixWarout
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, then make sure
"Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
At the end of the fix, you may need to restart your computer again.
Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable on some systems
attach the logfile C:\fixwareout\report.txt
------------------------------------------------------------------------------------------------------
CFScript
Open
notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
c:\windows\system32\dwdsrngt.exe
C:\WINDOWS\system32\pwinpmdn.exe
C:\WINDOWS\system32\goochi32.dll
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\lgtarqbe.dll
C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\qlgjqxyx.dll
C:\WINDOWS\lgtarqbe.dll
C:\Documents and Settings\All Users\Application Data\whctahkv.dll
C:\WINDOWS\system32\L31E5.tmp
C:\WINDOWS\system32\L30FB.tmp
C:\WINDOWS\system32\L3010.tmp
C:\WINDOWS\system32\L2EB9.tmp
C:\temp\wdlw14
C:\WINDOWS\system32\L76A8.tmp
C:\WINDOWS\system32\L757F.tmp
C:\WINDOWS\system32\L733D.tmp
C:\WINDOWS\system32\L7262.tmp
C:\WINDOWS\system32\L5585.tmp
C:\WINDOWS\system32\L54BA.tmp
C:\WINDOWS\system32\L53EF.tmp
C:\WINDOWS\system32\L5333.tmp
C:\WINDOWS\system32\L50E1.tmp
Folder::
C:\WINDOWS\cuawsppw
C:\Documents and Settings\All Users\Application Data\mbehgvwl
C:\Qoobox
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A21EFDF6-EED0-4AF3-B185-647B750E0277}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db41de82-1dd1-11b2-b7fd-fbaf280c36b9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAEFBAB0-BB9D-49DA-9732-D66FE88A4C71}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5F7FFF8-0B52-4D37-AF38-63D99361523A}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"g]eeV\mWhjlnspB"=-
"{EA-A0-0D-D5-ZN}"=-
Driver::
Legacy_MSSysInterv1
MSSysInterv1
Save this as
CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.