Can't get rid of "vqjhug29 and "cpsdjy28"

  • ywang
  • Born
  • Born
  • ywang
  • Posts: 1

Post 3+ Months Ago

Hi All,
I don't know why i can't open my Task Manager and can't run Regedit. I downloaded HijackThis and this is what i got. I tryed to use it to remove the startup items: [vqjhug29] and [cpsdjy28], but when I rebooted the machine, it came back with both re-checked. How can I get rid of them?

I am able to access Regedit from Administrator login.

...anybody please help me?

Thanks a lot!

----------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:56 AM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://www.my123.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,Start Page = http://www.my123.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my123.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my123.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://seek.yisou.com/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\SSPlus\SAddr.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\urqPJYoo.dll
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: stfngdvw - {5F05A807-F90E-4A77-B290-279D0652C2A3} - C:\WINDOWS\stfngdvw.dll
O4 - HKLM\..\Run: [vqjhug29] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\vqjhug29.dll,DllCanUnloadNow
O4 - HKLM\..\RunOnce: [vqjhug29] %systemroot%\system32\Rundll32.exe %systemroot%\system32\vqjhug29.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [cpsdjy28] %systemroot%\system32\Rundll32.exe %systemroot%\system32\cpsdjy28.dll,DllUnregisterServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2699010190-3287744238-3530261070-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &ʹÓ󬼶Ðý·çÏÂÔØ - C:\Program Files\Tencent\QQDownload\geturl.htm
O8 - Extra context menu item: &ʹÓ󬼶Ðý·çÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Tencent\QQDownload\getAllurl.htm
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Edit with &XML Spy - C:\Program Files\Altova\XML Spy Suite\spy.htm
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2006\spy.htm
O8 - Extra context menu item: Quick &Search (Yisou.com) - res://C:\Program Files\YiSou\yisou.dll/232
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send the Picture by QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: Ìí¼Óµ½QQ±íÇé - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQìŲʹ¤¾ßÌõÉèÖà - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XML Spy Suite\spy.htm (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XML Spy Suite\spy.htm (HKCU)
O11 - Options group: [TBH] SOSO AddressBar Search
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{111549A1-425D-4226-B172-1A3CB4A90CB5}: NameServer = 85.255.113.204,85.255.112.107
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2A9B54F-EB76-4D7B-AF5E-98E3394B1364}: NameServer = 85.255.113.204,85.255.112.107
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9F820A3-69FF-47EE-B966-F44D51267579}: NameServer = 85.255.113.204,85.255.112.107
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA0A5930-EDE8-4CF4-8BC4-D929310AC8D4}: NameServer = 85.255.113.204,85.255.112.107
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.107
O17 - HKLM\System\CS1\Services\Tcpip\..\{111549A1-425D-4226-B172-1A3CB4A90CB5}: NameServer = 85.255.113.204,85.255.112.107
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.204 85.255.112.107
O20 - Winlogon Notify: urqPJYoo - C:\WINDOWS\SYSTEM32\urqPJYoo.dll
O21 - SSODL: vmup - {3E146999-470A-4F86-9D98-8ACF51D7B745} - C:\PROGRA~1\ulao\vmup.dll
O21 - SSODL: wbwk - {12311512-2C1D-44b2-A044-872AD2AD5A61} - C:\PROGRA~1\ulao\vmup.dll
O21 - SSODL: VolumeWin - {7259c327-9cc9-422d-b2b6-79a6090304f9} - C:\WINDOWS\Installer\{7259c327-9cc9-422d-b2b6-79a6090304f9}\VolumeWin.dll
O21 - SSODL: zip - {5d41a5cf-2801-49f3-b674-61c5d1cf3a32} - C:\WINDOWS\Installer\{5d41a5cf-2801-49f3-b674-61c5d1cf3a32}\zip.dll
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll

--
End of file - 8193 bytes
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

I started to post the items that need to be cleaned but the list was getting so long, I'm going to tell you to format and reinstall, which is something I rarely do.

Post Information

  • Total Posts in this topic: 2 posts
  • Users browsing this forum: No registered users and 47 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.