I have Norton Anti-Virus/Spyware 2008, Spybot S && D, and Spyware Doctor, but none of them get rid of this malware, labelled in the Task Manager's process tab as "dkfazcnq". Its description is somply "dkfazcnq.exe" I can't seem to do anything but shut-down the process, which only takes care of the annoying, otherwise-unclosable window at that time; it just keeps coming back. Does anyone have any experience with this?

Hello

Please download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) and save it to your Desktop.
Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

They each —independently, even! — exceed the 20,000 char limit, so I put them on my server:

http://www.hackstudent.com/my%20box/

I suppose I have a rather "beefy" system, it's about 5 weeks old. I'm a programming student (notice the above domain-name), so I was drawn to a few sites that I now very much-so regret even considering going to.

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: GNX Bingo - {5B9512A7-C919-4035-A08D-8888AA6F5F7A} - C:\Windows\svpekgongrk.dll (file missing)
O3 - Toolbar: stfngdvw - {BE39F01C-46FB-4111-9AE9-2F11DC22AF69} - C:\Windows\stfngdvw.dll (file missing)
O4 - HKCU\..\Run: [otbbweoe] C:\Windows\system32\dkfazcnq.exe
O4 - HKCU\..\Run: [jqqcqfvq] C:\Windows\system32\rmhaxubk.exe
O4 - HKLM\..\Policies\Explorer\Run: [rzuYPpJjaL] C:\ProgramData\slgxkvsx\wnkjaxsz.exe
O20 - Winlogon Notify: DfLogon - C:\Windows\system32\LogonDll.dll (file missing)
O21 - SSODL: fkdnrwsv - {9080C364-B953-448B-9039-6B73756A761F} - C:\Windows\fkdnrwsv.dll
O21 - SSODL: sxfnewqb - {2DCD9DF5-29B5-43CB-949D-070E3F9E1C4F} - C:\Windows\sxfnewqb.dll

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download the OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):



[kill explorer]
C:\Users\All Users\pzfetxnw
C:\Windows\system32\zotgzunm.exe
C:\Windows\system32\rmhaxubk.exe
C:\Users\All Users\wfonvikl
C:\Program Files\PC-Cleaner
C:\Windows\system32\dkfazcnq.exe
C:\Users\hackStudent\Desktopvirii
C:\Users\hackStudent\DesktopFWebdEditor.exe
C:\Users\hackStudent\Desktopfwebd.exe
C:\Users\hackStudent\Desktopfilemanagerclient.exe
C:\Users\All Users\osivgzbf
C:\Windows\sxfnewqb.dll
C:\Windows\fkdnrwsv.dll
C:\Windows\system32WINWGPX.EXE
C:\Windows\system32winsystem.exe
C:\Windows\system32winlogonpc.exe
C:\Windows\system32vcatchpi.dll
C:\Windows\system32vbsys2.dll
C:\Windows\system32thun32.dll
C:\Windows\system32thun.dll
C:\Windows\system32temp#01.exe
C:\Windows\system32taack.exe
C:\Windows\system32taack.dat
C:\Windows\system32sysreq.exe
C:\Windows\system32ssvchost.exe
C:\Windows\system32ssvchost.com
C:\Windows\system32ssurf022.dll
C:\Windows\system32sncntr.exe
C:\Windows\system32smp
C:\Windows\system32Rundl1.exe
C:\Windows\system32regm64.dll
C:\Windows\system32regc64.dll
C:\Windows\system32psoft1.exe
C:\Windows\system32psof1.exe
C:\Windows\system32ps1.exe
C:\Windows\system32newsd32.exe
C:\Windows\system32netode.exe
C:\Windows\system32mwin32.exe
C:\Windows\system32mtr2.exe
C:\Windows\system32msvchost.exe
C:\Windows\system32mssecu.exe
C:\Windows\system32msnbho.dll
C:\Windows\system32msgp.exe
C:\Windows\system32medup020.dll
C:\Windows\system32medup012.dll
C:\Windows\system32hxiwlgpm.exe
C:\Windows\system32hxiwlgpm.dat
C:\Windows\system32hoproxy.dll
C:\Windows\system32h@tkeysh@@k.dll
C:\Windows\system32emesx.dll
C:\Windows\system32dpcproxy.exe
C:\Windows\system32bsva-egihsg52.exe
C:\Windows\system32bdn.com
C:\Windows\system32awtoolb.dll
C:\Windows\system32anticipator.dll
C:\Windows\system32akttzn.exe
C:\Windows\mssecu.exe
C:\Windows\iTunesMusic.exe
C:\Windows\bdn.com
C:\Windows\a.bat
C:\Users\Demo\Desktopvirii
C:\Users\Demo\DesktopFWebdEditor.exe
C:\Users\Demo\Desktopfwebd.exe
C:\Users\Demo\Desktopfilemanagerclient.exe
C:\Users\All Users\slgxkvsx
purity
[start explorer]


Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Reboot and post a new DSS log, try not to attach it

Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.