Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tons Of Problems, Please Help!


  • This topic is locked This topic is locked
1 reply to this topic

#1 kelz

kelz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 07 May 2008 - 12:17 AM

hi guys,

I apparently downloaded something with a virus. I don't know. but everytime I open internet explorer, I get an ad popup of some sort and everything runs reaaaaally slow. it took me like six tries to get on this site. I usually can't open any of my email sites (yahoo or gmail... or yahoo search or google, for that matter) because they don't load. no errors, just the load bar keeps loading but nothing happens. sometimes if I close the current window and reopen a new one my email will load. I have also done the add/remove programs in control panel to look for anything suspicious (nothing). I also ran ad-aware 07 and removed some problems, also ran spybot search and destroy, removed some stuff, and the popups/slowness/can't open email still continue.

also everytime I restart the computer, I get a "Windows No Disk error: Exception Processing Message c000013 Parameter 75b6bf9c 75b6bf9c 4 75b6bf9c" popup window. actually, I get two of them. I recently had a 2nd internal hard drive installed so I don't know if that has something to do with it?

PLEASE PLEASE PLEASE help me =( all this happened in like the last 24 hours and it's so frustrating. I've posted on other forums and no one seems able (or willing??? I don't know) to help me....

my details are... I'm on a dell optiplex gx280 with windows xp, pentium 4 3.0ghz, 2.49gb ram.

I've attached my "extra.txt" file. and here's my deckard's scan:

Deckard's System Scanner v20071014.68
Run by kelsey on 2008-05-06 21:47:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
6: 2008-05-07 04:44:47 UTC - RP570 - Deckard's System Scanner Restore Point
5: 2008-05-06 05:24:53 UTC - RP569 - Software Distribution Service 3.0
4: 2008-05-05 17:27:20 UTC - RP568 - System Checkpoint
3: 2008-05-04 17:18:37 UTC - RP567 - Removed QuickTime
2: 2008-05-04 17:07:50 UTC - RP566 - Removed Data Lifeguard Tools


-- First Restore Point --
1: 2008-05-04 16:58:18 UTC - RP565 - Installed Adobe Premiere 6.5


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as kelsey.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:24 PM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM95\aim.exe
C:\Documents and Settings\kelsey\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\kelsey.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 60.12.193.37 auto.search.msn.com
O1 - Hosts: 60.12.193.37 auto.search.msn.es
O1 - Hosts: 60.12.193.37 ie.search.msn.com
O2 - BHO: {2f29b493-df1c-661b-ff34-0638984b9670} - {0769b489-8360-43ff-b166-c1fd394b92f2} - C:\WINDOWS\system32\lwupkfqg.dll
O2 - BHO: (no name) - {19B9CD57-3043-442F-8DFF-F9924AF056BD} - C:\WINDOWS\system32\jkkLFvSj.dll
O2 - BHO: (no name) - {2D7FF6B9-D495-42D9-BC54-2DCB29BE0648} - (no file)
O2 - BHO: (no name) - {36D2FF50-9F55-4999-B1A4-2F4571FA621B} - C:\WINDOWS\system32\yayvWpmM.dll (file missing)
O2 - BHO: (no name) - {48C2D762-89DE-420E-87C5-949734B281AF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {B8297676-7E5B-49CB-9E18-32003D9FC464} - (no file)
O2 - BHO: (no name) - {CE27018C-C0D6-4456-AB05-A4B20D58A2D7} - C:\WINDOWS\system32\urqQjjhH.dll
O2 - BHO: (no name) - {DE29CF05-95B2-4A26-9969-4BBB436AEE70} - C:\WINDOWS\system32\urqrPGwT.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BM8b0c7363] Rundll32.exe "C:\WINDOWS\system32\ymxwdeaf.dll",s
O4 - HKLM\..\Run: [883f40ff] rundll32.exe "C:\WINDOWS\system32\qvwfmcsn.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
O20 - Winlogon Notify: jkkLFvSj - C:\WINDOWS\SYSTEM32\jkkLFvSj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8618 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080506-143640-351 O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\kelsey\OctoshapeClient.exe" -inv:bootrun
backup-20080506-143938-864 O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BAsfIpM (Broadcom ASF IP monitoring service v6.0.4) - c:\windows\system32\basfipm.exe <Not Verified; Broadcom Corp.; Broadcom ASF IP monitoring service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Iap - "c:\program files\dell\openmanage\client\iap.exe" <Not Verified; Dell Inc; OpenManage Client Instrumentation>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-23 22:44:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-06 and 2008-05-06 -----------------------------

2008-05-06 10:16:59 108608 --a------ C:\WINDOWS\system32\lwupkfqg.dll
2008-05-06 10:13:59 2112 --a------ C:\WINDOWS\system32\emtmculp.exe
2008-05-06 10:10:59 96832 --a------ C:\WINDOWS\system32\qvwfmcsn.dll
2008-05-06 10:08:31 104512 --a------ C:\WINDOWS\system32\ymxwdeaf.dll
2008-05-05 10:15:16 107584 --a------ C:\WINDOWS\system32\tshtfsvt.dll
2008-05-05 10:12:16 96832 -----n--- C:\WINDOWS\system32\udhbkvxc.dll
2008-05-05 10:09:16 104000 --a------ C:\WINDOWS\system32\qxjsdefl.dll
2008-05-04 10:45:58 0 d-------- C:\Program Files\Panda Security
2008-05-04 10:35:01 0 d-------- C:\Program Files\Trend Micro
2008-05-04 10:13:03 108096 --a------ C:\WINDOWS\system32\etbgktak.dll
2008-05-04 10:07:29 104512 --a------ C:\WINDOWS\system32\mwaoenta.dll
2008-05-04 10:06:49 442415 --ahs---- C:\WINDOWS\system32\HhjjQqru.ini2
2008-05-04 10:06:47 281088 --a------ C:\WINDOWS\system32\urqQjjhH.dll
2008-05-04 07:02:22 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>


-- Find3M Report ---------------------------------------------------------------

2008-05-04 10:19:35 0 d-------- C:\Program Files\QuickTime
2008-05-04 10:00:46 0 d-------- C:\Documents and Settings\kelsey\Application Data\uTorrent
2008-05-04 10:00:02 524554 --ahs---- C:\WINDOWS\system32\MmpWvyay.ini2
2008-05-04 09:59:21 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-30 19:57:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-21 08:53:29 0 d-------- C:\Program Files\mp3
2008-04-20 23:02:30 0 d-------- C:\Documents and Settings\kelsey\Application Data\Adobe
2008-03-19 21:22:57 0 d-------- C:\Documents and Settings\kelsey\Application Data\AdobeAUM
2008-03-19 19:45:57 0 d-------- C:\Program Files\GPLGS
2008-03-19 19:45:00 0 d-------- C:\Program Files\Acro Software


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0769b489-8360-43ff-b166-c1fd394b92f2}]
05/06/2008 10:17 AM 108608 --a------ C:\WINDOWS\system32\lwupkfqg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19B9CD57-3043-442F-8DFF-F9924AF056BD}]
05/01/2006 10:59 PM 43008 --a------ C:\WINDOWS\system32\jkkLFvSj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D7FF6B9-D495-42D9-BC54-2DCB29BE0648}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36D2FF50-9F55-4999-B1A4-2F4571FA621B}]
C:\WINDOWS\system32\yayvWpmM.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48C2D762-89DE-420E-87C5-949734B281AF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B8297676-7E5B-49CB-9E18-32003D9FC464}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE27018C-C0D6-4456-AB05-A4B20D58A2D7}]
05/04/2008 10:06 AM 281088 --a------ C:\WINDOWS\system32\urqQjjhH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE29CF05-95B2-4A26-9969-4BBB436AEE70}]
C:\WINDOWS\system32\urqrPGwT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/20/2004 02:55 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/20/2004 02:51 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/26/2004 07:04 AM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [04/09/2007 05:23 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"EPSON Stylus CX4600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.exe" [03/04/2004 03:00 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"BM8b0c7363"="C:\WINDOWS\system32\ymxwdeaf.dll" [05/06/2008 10:08 AM]
"883f40ff"="C:\WINDOWS\system32\qvwfmcsn.dll" [05/06/2008 10:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]

C:\Documents and Settings\kelsey\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
DESKTOP.INI [11/15/2001 5:31:16 AM]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [9/22/2007 12:02:15 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 1:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
DESKTOP.INI [8/11/2004 4:15:06 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{19B9CD57-3043-442F-8DFF-F9924AF056BD}"= C:\WINDOWS\system32\jkkLFvSj.dll [05/01/2006 10:59 PM 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkLFvSj]
jkkLFvSj.dll 05/01/2006 10:59 PM 43008 C:\WINDOWS\SYSTEM32\jkkLFvSj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqQjjhH

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d956cf9c-06c9-11dd-b29f-000fb59ae919}]
AutoRun\command- H:\wdsync.exe




-- Hosts -----------------------------------------------------------------------

60.12.193.37 auto.search.msn.com
60.12.193.37 auto.search.msn.es
60.12.193.37 ie.search.msn.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com

8325 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-06 21:49:21 ------------


thanks so much!

kelz

Attached Files



BC AdBot (Login to Remove)

 


#2 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:17 PM

Posted 11 May 2008 - 04:44 AM

You are being helped here > http://www.techsupportforum.com/security-c...s-problems.html

This topic is now closed.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users