Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected Badly


  • This topic is locked This topic is locked
3 replies to this topic

#1 Zzn

Zzn

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 14 May 2008 - 10:47 AM

Hi guys,
I've posted here before and I couldnt find my old post so I'll just resubmit a new one. Anyways, my computer is totally going slow. First my Internet Explorer started doing random pop ups like "You have a virus ..we are doing a virus scan..." "Your the 100,000 ..Click here to claim Prize" and it would steal the advertisings of websites with things like "Your computer is infected badly with a fake virus scan" Then my Mozilla got a virus on it so now I've been using Avant Browser but prefer to go back to normal. My computer also has been going really slow. You guys asked last time for my Combofix and Hijack this logs so here they are: I appreciate all the help.

ComboFix 08-05-12.1 - Zabi 2008-05-14 1:03:28.5 - NTFSx86
Running from: C:\Documents and Settings\Zabi\Desktop\ComboFix2150.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\akrlnpjr.dll
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\bbeeg.tmp
C:\WINDOWS\system32\bcsyheqx.ini
C:\WINDOWS\system32\bhucygyp.dll
C:\WINDOWS\system32\bjjunekc.dll
C:\WINDOWS\system32\bxdhednp.dll
C:\WINDOWS\system32\byyovlbx.dll
C:\WINDOWS\system32\clnhcpqq.ini
C:\WINDOWS\system32\cpwicahb.dll
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ddlghnqg.dll
C:\WINDOWS\system32\dostekeu.dll
C:\WINDOWS\system32\dprgatds.ini
C:\WINDOWS\system32\dvioqvmd.dll
C:\WINDOWS\system32\dyvhgppf.dll
C:\WINDOWS\system32\edsnlmbx.ini
C:\WINDOWS\system32\epducpwm.ini
C:\WINDOWS\system32\esunyngf.dll
C:\WINDOWS\system32\fcwlkcgf.dll
C:\WINDOWS\system32\foqjrexu.ini
C:\WINDOWS\system32\ggvclaua.dll
C:\WINDOWS\system32\gjiptnxw.dll
C:\WINDOWS\system32\gulbisih.dll
C:\WINDOWS\system32\hdarmgrf.dll
C:\WINDOWS\system32\hkrstkar.dll
C:\WINDOWS\system32\hloxmliy.dll
C:\WINDOWS\system32\hnbsymbh.ini
C:\WINDOWS\system32\hnihnuku.ini
C:\WINDOWS\system32\htotqyyr.dll
C:\WINDOWS\system32\hvdygikl.ini
C:\WINDOWS\system32\ifjkrcnx.ini
C:\WINDOWS\system32\inkyaryl.ini
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\jkkll.exe
C:\WINDOWS\system32\jpilehxp.dll
C:\WINDOWS\system32\jrkujuca.dll
C:\WINDOWS\system32\jseqfmdn.dll
C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\llkkj.ini2
C:\WINDOWS\system32\ltbwafqc.ini
C:\WINDOWS\system32\lyraykni.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlvevcso.dll
C:\WINDOWS\system32\nhwsgben.ini
C:\WINDOWS\system32\njtdqdpk.dll
C:\WINDOWS\system32\nnleiigm.dll
C:\WINDOWS\system32\odaqjggd.dll
C:\WINDOWS\system32\ogdispqh.dll
C:\WINDOWS\system32\omuaerlk.dll
C:\WINDOWS\system32\onsheloc.dll
C:\WINDOWS\system32\owwsctdp.dll
C:\WINDOWS\system32\ppgewgey.dll
C:\WINDOWS\system32\pvrkpvcq.ini
C:\WINDOWS\system32\qablkklc.dll
C:\WINDOWS\system32\qclpflqp.ini
C:\WINDOWS\system32\qktjjjcy.ini
C:\WINDOWS\system32\rjpnlrka.ini
C:\WINDOWS\system32\rrositxt.dll
C:\WINDOWS\system32\rtaxgmlg.dll
C:\WINDOWS\system32\rtrdqbit.ini
C:\WINDOWS\system32\saalwuyf.dll
C:\WINDOWS\system32\skdqdcig.ini
C:\WINDOWS\system32\sllrkfhs.dll
C:\WINDOWS\system32\smhflbmh.dll
C:\WINDOWS\system32\snibxbpd.dll
C:\WINDOWS\system32\stluoaqw.dll
C:\WINDOWS\system32\tmmskmrh.dll
C:\WINDOWS\system32\ubccgrrt.dll
C:\WINDOWS\system32\ubrwoegb.dll
C:\WINDOWS\system32\udntypkv.ini
C:\WINDOWS\system32\uohmqwhy.dll
C:\WINDOWS\system32\utxahtqw.dll
C:\WINDOWS\system32\uwmeadpc.dll
C:\WINDOWS\system32\vftjabod.dll
C:\WINDOWS\system32\vlmnjdav.ini
C:\WINDOWS\system32\vltiqoxg.dll
C:\WINDOWS\system32\vmgdvnyp.ini
C:\WINDOWS\system32\vpptjmuv.dll
C:\WINDOWS\system32\vwpgonge.dll
C:\WINDOWS\system32\wceyrdak.dll
C:\WINDOWS\system32\wgplxbnb.dll
C:\WINDOWS\system32\whjpruhl.dll
C:\WINDOWS\system32\wmwfjfef.dll
C:\WINDOWS\system32\wpiinott.ini
C:\WINDOWS\system32\xdyhpdov.dll
C:\WINDOWS\system32\xhcpnyhn.dll
C:\WINDOWS\system32\xhxivxio.ini
C:\WINDOWS\system32\xldomqfe.dll
C:\WINDOWS\system32\xqehyscb.dll
C:\WINDOWS\system32\ycgorram.dll
C:\WINDOWS\system32\ydecatda.dll
C:\WINDOWS\system32\yhawotte.dll
C:\WINDOWS\system32\ytwcvatt.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.

2008-05-14 11:19 . 2008-05-14 11:19 337,920 --a------ C:\WINDOWS\system32\jkkll.dll
2008-05-14 01:27 . 2008-05-14 01:27 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-13 22:04 . 2008-05-13 22:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-13 22:04 . 2008-05-13 22:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-13 21:15 . 2008-05-13 21:15 2,112 --a------ C:\WINDOWS\system32\vuolrpmh.exe
2008-05-12 21:20 . 2008-05-12 21:20 2,112 --a------ C:\WINDOWS\system32\dadadpxt.exe
2008-05-11 21:12 . 2008-05-11 21:12 <DIR> d-------- C:\Program Files\TVUPlayer
2008-05-11 21:11 . 2008-05-11 21:11 2,112 --a------ C:\WINDOWS\system32\himixmro.exe
2008-05-10 21:13 . 2008-05-10 21:13 2,112 --a------ C:\WINDOWS\system32\fmdnujci.exe
2008-05-09 21:14 . 2008-05-09 21:14 2,112 --a------ C:\WINDOWS\system32\vhlgjyui.exe
2008-05-08 21:10 . 2008-05-08 21:10 2,112 --a------ C:\WINDOWS\system32\siaqpeeg.exe
2008-05-07 21:07 . 2008-05-07 21:07 2,112 --a------ C:\WINDOWS\system32\gfsmwjck.exe
2008-05-06 21:08 . 2008-05-06 21:08 2,112 --a------ C:\WINDOWS\system32\tltsqhrv.exe
2008-05-02 01:27 . 2008-05-02 01:27 <DIR> d-------- C:\ComboFix
2008-04-27 01:51 . 2008-04-27 01:51 341,212 --a------ C:\WINDOWS\system32\RCXA8.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 15:20 358,400 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-05-14 15:20 341,504 ----a-w C:\WINDOWS\system32\jkkll.exe
2008-05-14 05:15 --------- d-----w C:\Program Files\QuickTime
2008-05-14 04:56 --------- d-----w C:\Documents and Settings\Zabi\Application Data\AVG7
2008-05-12 21:37 15,360 ----a-w C:\WINDOWS\system32\ctfmon .exe
2008-04-28 04:35 --------- d-----w C:\Program Files\LimeWire
2008-04-28 00:17 --------- d-----w C:\Documents and Settings\Zabi\Application Data\LimeWire
2008-04-15 23:54 --------- d-----w C:\Program Files\AIM6
2008-04-07 15:18 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-06 19:08 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-06 18:03 --------- d-----w C:\Program Files\Windows Live
2008-04-06 18:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-28 02:11 54,336 ----a-w C:\WINDOWS\system32\ruykhdqq.dll
2008-03-27 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-26 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-26 17:56 --------- d-----w C:\Program Files\Lavasoft
2008-03-26 17:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-26 17:47 --------- d-----w C:\Program Files\Zone Labs
2008-03-26 17:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-26 17:30 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-26 17:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-26 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-26 17:28 --------- d-----w C:\Documents and Settings\Zabi\Application Data\Lavasoft
2008-03-26 16:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-26 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Amazon
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-14 07:57 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-14 07:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-14 07:57 --------- d-----w C:\Documents and Settings\Ahmad\Application Data\AOL
2008-03-05 04:54 13,422 ----a-w C:\WINDOWS\system32\ogmyhmeu.dll
2008-03-05 04:51 13,422 ----a-w C:\WINDOWS\system32\uencwemf.dll
2008-03-05 04:48 13,422 ----a-w C:\WINDOWS\system32\mnbtwpld.dll
2008-03-03 04:49 13,422 ----a-w C:\WINDOWS\system32\cfpojvul.dll
2008-03-03 04:46 13,422 ----a-w C:\WINDOWS\system32\vdsmfsbp.dll
2008-03-03 04:46 13,422 ----a-w C:\WINDOWS\system32\dkyvlkpu.dll
2008-03-01 03:07 13,422 ----a-w C:\WINDOWS\system32\vnvpfndf.dll
2008-02-27 16:37 13,422 ----a-w C:\WINDOWS\system32\hmwkctxl.dll
2008-02-26 15:07 13,422 ----a-w C:\WINDOWS\system32\vqsbbufb.dll
2008-02-26 15:03 13,422 ----a-w C:\WINDOWS\system32\gnlalitm.dll
2008-02-26 14:55 13,422 ----a-w C:\WINDOWS\system32\padpewao.dll
2008-02-25 08:54 13,422 ----a-w C:\WINDOWS\system32\ueyriamy.dll
2008-02-24 07:00 13,422 ----a-w C:\WINDOWS\system32\ubrmjxxm.dll
2008-02-24 06:57 13,422 ----a-w C:\WINDOWS\system32\swijjqut.dll
2008-02-24 06:55 13,422 ----a-w C:\WINDOWS\system32\ytbpvthw.dll
2008-02-22 23:34 13,422 ----a-w C:\WINDOWS\system32\ejnrdqwb.dll
2008-02-22 23:32 13,422 ----a-w C:\WINDOWS\system32\fheirmeh.dll
2008-02-21 21:37 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-02-21 21:26 13,422 ----a-w C:\WINDOWS\system32\ykxeucnk.dll
2008-02-21 21:26 13,422 ----a-w C:\WINDOWS\system32\gvmopmwb.dll
2008-02-21 21:24 13,422 ----a-w C:\WINDOWS\system32\oenolhuw.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-18 16:47 13,422 ----a-w C:\WINDOWS\system32\rtlrbpjt.dll
2008-02-18 16:44 13,422 ----a-w C:\WINDOWS\system32\tashdljw.dll
2008-02-18 16:43 13,422 ----a-w C:\WINDOWS\system32\ofqwsnxl.dll
2008-02-17 16:40 13,422 ----a-w C:\WINDOWS\system32\wspmnudt.dll
2008-02-17 16:38 13,422 ----a-w C:\WINDOWS\system32\yjydgnpa.dll
2008-02-16 16:51 126,976 ----a-w C:\WINDOWS\system32\hkcmd .exe
2006-12-25 21:26 22 ----a-w C:\Program Files\hijackthis.zip
2006-09-13 21:26 84,992 ---ha-w C:\Documents and Settings\Zabi\Application Data\rbap500.dll
2006-01-16 04:31 32 ----a-w C:\Documents and Settings\Ahmad\config.dat
.
<pre>
----a-w		   135,168 2008-01-10 18:33:35  C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent .exe
----a-w		   307,200 2008-01-10 20:26:27  C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w			50,736 2008-04-11 14:54:14  C:\Program Files\AIM6\aim6	.exe
----a-w		   155,648 2008-01-24 19:54:03  C:\Program Files\Apoint\Apoint .exe
----a-w		   185,896 2008-04-11 14:53:49  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w		   290,816 2007-12-24 19:01:29  C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w		   460,784 2008-03-08 17:07:40  C:\Program Files\DellSupport\DSAgnt .exe
----a-w		   116,224 2008-01-10 00:06:19  C:\Program Files\eFax Messenger 4.3\J2GDllCmd .exe
----a-w			68,856 2007-12-27 16:45:02  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w		   219,136 2008-02-17 01:10:44  C:\Program Files\Grisoft\AVG7\avgw .exe
----a-w		   212,992 2008-02-13 21:15:36  C:\Program Files\McAfee.com\Agent\MC1A3F~1 .EXE
----a-w		   303,104 2008-02-20 05:39:39  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w		   212,992 2008-05-14 15:19:54  C:\Program Files\McAfee.com\Agent\mcupdate  .exe
----a-w		   577,536 2008-05-14 05:04:14  C:\Program Files\McAfee.com\Agent\mcupdate .exe
----a-w		   212,992 2008-05-14 15:19:54  C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE
----a-w		   577,536 2008-04-29 00:23:01  C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE
----a-w		   212,992 2008-04-29 00:23:49  C:\Program Files\McAfee.com\Agent\MCUPDA~3 .EXE
----a-w		   212,992 2008-05-08 15:22:25  C:\Program Files\McAfee.com\Agent\MCUPDA~4 .EXE
----a-w		 1,327,104 2008-03-12 06:54:49  C:\Program Files\McAfee.com\Personal Firewall\MpfTray .exe
----a-w		   139,264 2008-02-21 18:43:14  C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe
----a-w		   180,224 2008-03-12 06:54:31  C:\Program Files\McAfee.com\VSO\mcvsshld .exe
----a-w		 1,694,208 2008-02-13 21:16:24  C:\Program Files\Messenger\msmsgs .exe
----a-w		   651,264 2008-05-14 00:09:30  C:\Program Files\QuickTime\qttask .exe
----a-w		   866,584 2008-01-18 19:56:39  C:\Program Files\Windows Defender\MSASCui .exe
----a-w		   919,016 2008-03-26 18:33:34  C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w		   158,208 2008-01-31 16:35:24  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w			15,360 2008-05-12 21:37:00  C:\WINDOWS\system32\ctfmon .exe
----a-w		   126,976 2008-02-16 16:51:14  C:\WINDOWS\system32\hkcmd .exe
----a-w		   155,648 2008-01-18 07:51:01  C:\WINDOWS\system32\igfxtray .exe
</pre>


((((((((((((((((((((((((((((( snapshot_2008-04-18_18.35.36.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-18 22:22:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-14 05:20:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-15 23:55:46 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-05-14 07:04:20 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-04-15 23:55:46 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-05-14 07:04:20 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-04-15 23:55:46 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-05-14 07:04:20 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-04-15 23:55:46 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-05-14 07:04:19 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-04-15 23:55:47 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-05-14 07:04:20 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-04-15 23:55:47 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-05-14 07:04:21 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-04-15 23:55:47 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-05-14 07:04:21 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-04-15 23:55:47 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-05-14 07:04:21 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-04-15 23:55:46 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-05-14 07:04:20 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-04-15 23:55:46 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-05-14 07:04:20 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-04-15 23:55:47 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-05-14 07:04:21 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-04-15 23:55:45 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-05-14 07:04:19 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-04-15 23:55:45 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-05-14 07:04:19 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-03-25 04:50:25 554,008 ------w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:28 518,944 ------w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:30 326,432 ------w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:34 1,516,568 ------w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:40 355,112 ------w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:42 60,192 ------w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 248,608 ------w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:44 219,936 ------w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:45 355,104 ------w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:47 432,928 ------w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 ------w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 ------w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:55 264,992 ------w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:57 838,432 ------w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:58 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 355,104 ------w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2004-08-04 10:00:00 512,029 ------w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ------w C:\WINDOWS\system32\msexch40.dll
- 2004-08-04 10:00:00 319,517 ------w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ------w C:\WINDOWS\system32\msexcl40.dll
- 2004-08-04 10:00:00 1,507,356 ------w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ------w C:\WINDOWS\system32\msjet40.dll
- 2004-08-04 10:00:00 358,976 ------w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ------w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 10:00:00 53,279 ------w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ------w C:\WINDOWS\system32\msjter40.dll
- 2004-08-04 10:00:00 241,693 ------w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ------w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 10:00:00 213,023 ------w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ------w C:\WINDOWS\system32\msltus40.dll
- 2004-08-04 10:00:00 348,189 ------w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ------w C:\WINDOWS\system32\mspbde40.dll
- 2004-08-04 10:00:00 421,919 ------w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ------w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 10:00:00 315,423 ------w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ------w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 10:00:00 552,989 ------w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ------w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-04 10:00:00 258,077 ------w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ------w C:\WINDOWS\system32\mstext40.dll
- 2004-08-04 10:00:00 831,519 ------w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ------w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-04 10:00:00 614,429 ------w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ------w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-04 10:00:00 348,189 ------w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ------w C:\WINDOWS\system32\msxbde40.dll
- 2008-04-16 00:02:48 64,602 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-21 23:32:04 65,446 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-16 00:02:48 408,238 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-21 23:32:05 411,142 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-14 15:19:52 16,384 --sha-w C:\WINDOWS\TEMP\Cookies\index.dat
+ 2008-05-14 15:19:52 16,384 --sha-w C:\WINDOWS\TEMP\History\History.IE5\index.dat
+ 2008-05-14 15:19:52 32,768 --sha-w C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\index.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}]
2008-03-27 22:11 54336 --a------ C:\WINDOWS\system32\ruykhdqq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC76509A-87B6-411C-B568-44801F5761B9}]
2008-05-14 11:19 337920 --a------ C:\WINDOWS\system32\jkkll.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [ ]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [ ]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\MCUPDA~4.EXE" [2008-05-14 11:19 212992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"BMaf51f11a"="C:\WINDOWS\system32\urcyclsc.dll" [2008-05-14 11:26 96832]
"ac62c286"="C:\WINDOWS\system32\rskvhxej.dll" [2008-05-14 11:29 92224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnkif]
pmnnkif.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\jkkll.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkkll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
backup=C:\WINDOWS\pss\eFax 4.3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6 .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-02-16 13:58 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2005-03-04 12:26 606208 C:\PROGRA~1\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 17:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
--a------ 2008-01-09 20:04 464896 C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 13:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-04-26 11:16 651264 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smiley District]
C:\Program Files\SmileyDistrict\plugin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 19:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\MUSICMATCH\\Musicmatch Jukebox\\mmtask.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

S3 BLKWGN;Belkin Wireless G Notebook Card Service;C:\WINDOWS\system32\DRIVERS\BLKWGN.sys [2005-06-01 22:10]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;C:\WINDOWS\system32\wlanndi5.SYS [2004-04-21 20:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c14070c-cf17-11da-af6a-00038a000015}]
\Shell\AutoRun\command - rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74eb6854-ca69-11da-af67-00038a000015}]
\Shell\AutoRun\command - rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-09 22:30:01 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (ZAID-Ahmad).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-05-14 05:38:39 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 11:18:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\llkkj.ini 318 bytes
C:\WINDOWS\system32\llkkj.ini2 318 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\rskvhxej.dll
-> C:\WINDOWS\system32\urcyclsc.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\PROGRA~1\McAfee.com\VSO\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\DOCUME~1\Zabi\LOCALS~1\Temp\TMP5A.tmp
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-05-14 11:32:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-14 15:31:38
ComboFix2.txt 2008-04-18 22:36:56
ComboFix3.txt 2008-04-16 00:46:48
ComboFix4.txt 2008-04-04 13:58:48

Pre-Run: 15,988,297,728 bytes free
Post-Run: 16,114,860,032 bytes free

468 --- E O F --- 2008-05-14 07:04:32


Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41, on 2008-05-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\DOCUME~1\Zabi\LOCALS~1\Temp\Rar$EX00.375\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:0/proxy.pac
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkll.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\MCUPDA~4.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [BMaf51f11a] Rundll32.exe "C:\WINDOWS\system32\urcyclsc.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

--
End of file - 6375 bytes

BC AdBot (Login to Remove)

 


#2 Zzn

Zzn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 16 May 2008 - 01:24 PM

Any ideas whast wrong??

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:09 PM

Posted 31 May 2008 - 04:16 PM

Hello Zzn,

Welcome back to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:09 PM

Posted 15 June 2008 - 02:56 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users