Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack Attempt!


  • Please log in to reply
1 reply to this topic

#1 melhess

melhess

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 15 March 2006 - 11:22 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:03:38 AM, on 3/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\DSL Tools\DSL Tools\app\TangoService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\mousepad2.exe
C:\WINDOWS\System32\kernels8.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\System32\slk8x2peu.exe
C:\PROGRA~1\DSLTOO~1\DSLTOO~1\app\TangoManager.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\fm20enu.exe
C:\WINDOWS\System32\pmspl.exe
C:\WINDOWS\System32\shmedia.exe
C:\WINDOWS\System32\dmconfig.exe
C:\WINDOWS\System32\wmadmoe.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jandi Goshert\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.longspark.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\inet20091\services.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ib1dll6.CBrowserHelper - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\WINDOWS\System32\ib6.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\System32\w9seq.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\DSLTOO~1\DSLTOO~1\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe
O4 - HKLM\..\Run: [newname] C:\\newname2.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\System32\slk8x2peu.exe"
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [wintrust] "C:\WINDOWS\System32\wintrust.exe"
O4 - HKCU\..\Run: [xolehlp] "C:\WINDOWS\System32\xolehlp.exe"
O4 - HKCU\..\Run: [nvmctray] "C:\WINDOWS\System32\nvmctray.exe"
O4 - HKCU\..\Run: [wuaueng] "C:\WINDOWS\System32\wuaueng.exe"
O4 - HKCU\..\Run: [fm20enu] "C:\WINDOWS\System32\fm20enu.exe"
O4 - HKCU\..\Run: [ntlanman] "C:\WINDOWS\System32\ntlanman.exe"
O4 - HKCU\..\Run: [browseui] "C:\WINDOWS\System32\browseui.exe"
O4 - HKCU\..\Run: [imagehlp] "C:\WINDOWS\System32\imagehlp.exe"
O4 - HKCU\..\Run: [sti] "C:\WINDOWS\System32\sti.exe"
O4 - HKCU\..\Run: [pmspl] "C:\WINDOWS\System32\pmspl.exe"
O4 - HKCU\..\Run: [shmedia] "C:\WINDOWS\System32\shmedia.exe"
O4 - HKCU\..\Run: [dmconfig] "C:\WINDOWS\System32\dmconfig.exe"
O4 - HKCU\..\Run: [wmadmoe] "C:\WINDOWS\System32\wmadmoe.exe"
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\JANDIG~1\LOCALS~1\Temp\12C.tmp
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKCU\..\Run: [okkq] C:\PROGRA~1\COMMON~1\okkq\okkqm.exe
O4 - HKCU\..\Run: [WinMedia] "C:\WINDOWS\System32\vxgamet4.exe2560.exe "
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://listrak.webex.com/client/v_mywebex-...bex/ieatgpc.cab
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\System32\w9seq.dll
O20 - Winlogon Notify: dvd4free - C:\WINDOWS\SYSTEM32\dvd4free.dll
O20 - Winlogon Notify: extfpu - C:\WINDOWS\SYSTEM32\extfpu.dll
O20 - Winlogon Notify: Mixer - C:\WINDOWS\SYSTEM32\sndmixex.dll
O20 - Winlogon Notify: ssldr - C:\WINDOWS\SYSTEM32\ssldr32.dll
O20 - Winlogon Notify: ur32krutik6666reg - C:\Documents and Settings\All Users\Documents\Settings\ur32krutik6666.dll
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - (no file)
O21 - SSODL: Dell Digital Jukebox Driver - {7AC6ABC8-6803-9C22-9ED9-07C3BE29D7C6} - c:\program files\dell\digital jukebox drivers\winbfnas32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: psapi - Unknown owner - C:\WINDOWS\System32\psapi.exe (file missing)
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\DSL Tools\DSL Tools\app\TangoService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\fdfzkey.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:42 PM

Posted 21 March 2006 - 11:15 AM

Wow this is a mess. Lets starting cleaning it :thumbsup:


Download this program:

submit files packer

Highlight the files listed below in bold and right-click and selecting copy.


O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe
O4 - HKLM\..\Run: [newname] C:\\newname2.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\System32\slk8x2peu.exe"
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKCU\..\Run: [wintrust] "C:\WINDOWS\System32\wintrust.exe"
O4 - HKCU\..\Run: [xolehlp] "C:\WINDOWS\System32\xolehlp.exe"
O4 - HKCU\..\Run: [nvmctray] "C:\WINDOWS\System32\nvmctray.exe"
O4 - HKCU\..\Run: [wuaueng] "C:\WINDOWS\System32\wuaueng.exe"
O4 - HKCU\..\Run: [fm20enu] "C:\WINDOWS\System32\fm20enu.exe"
O4 - HKCU\..\Run: [ntlanman] "C:\WINDOWS\System32\ntlanman.exe"
O4 - HKCU\..\Run: [browseui] "C:\WINDOWS\System32\browseui.exe"
O4 - HKCU\..\Run: [imagehlp] "C:\WINDOWS\System32\imagehlp.exe"
O4 - HKCU\..\Run: [sti] "C:\WINDOWS\System32\sti.exe"
O4 - HKCU\..\Run: [pmspl] "C:\WINDOWS\System32\pmspl.exe"
O4 - HKCU\..\Run: [shmedia] "C:\WINDOWS\System32\shmedia.exe"
O4 - HKCU\..\Run: [dmconfig] "C:\WINDOWS\System32\dmconfig.exe"
O4 - HKCU\..\Run: [wmadmoe] "C:\WINDOWS\System32\wmadmoe.exe"
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\JANDIG~1\LOCALS~1\Temp\12C.tmp
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKCU\..\Run: [okkq] C:\PROGRA~1\COMMON~1\okkq\okkqm.exe
O4 - HKCU\..\Run: [WinMedia] "C:\WINDOWS\System32\vxgamet4.exe2560.exe "
O20 - Winlogon Notify: extfpu - C:\WINDOWS\SYSTEM32\extfpu.dll
O20 - Winlogon Notify: Mixer - C:\WINDOWS\SYSTEM32\sndmixex.dll



Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

I will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to yourmembername.cab (for example grinler.cab).

Then go to:
http://www.bleepingcomputer.com/submit-malware.php
and fill in the required fields and browse to this file on your desktop. Finally click on the Send File button.

Next,

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.longspark.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\inet20091\services.exe
O2 - BHO: ib1dll6.CBrowserHelper - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\WINDOWS\System32\ib6.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\System32\w9seq.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe
O4 - HKLM\..\Run: [newname] C:\\newname2.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\System32\slk8x2peu.exe"
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKCU\..\Run: [wintrust] "C:\WINDOWS\System32\wintrust.exe"
O4 - HKCU\..\Run: [xolehlp] "C:\WINDOWS\System32\xolehlp.exe"
O4 - HKCU\..\Run: [nvmctray] "C:\WINDOWS\System32\nvmctray.exe"
O4 - HKCU\..\Run: [wuaueng] "C:\WINDOWS\System32\wuaueng.exe"
O4 - HKCU\..\Run: [fm20enu] "C:\WINDOWS\System32\fm20enu.exe"
O4 - HKCU\..\Run: [ntlanman] "C:\WINDOWS\System32\ntlanman.exe"
O4 - HKCU\..\Run: [browseui] "C:\WINDOWS\System32\browseui.exe"
O4 - HKCU\..\Run: [imagehlp] "C:\WINDOWS\System32\imagehlp.exe"
O4 - HKCU\..\Run: [sti] "C:\WINDOWS\System32\sti.exe"
O4 - HKCU\..\Run: [pmspl] "C:\WINDOWS\System32\pmspl.exe"
O4 - HKCU\..\Run: [shmedia] "C:\WINDOWS\System32\shmedia.exe"
O4 - HKCU\..\Run: [dmconfig] "C:\WINDOWS\System32\dmconfig.exe"
O4 - HKCU\..\Run: [wmadmoe] "C:\WINDOWS\System32\wmadmoe.exe"
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\JANDIG~1\LOCALS~1\Temp\12C.tmp
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKCU\..\Run: [okkq] C:\PROGRA~1\COMMON~1\okkq\okkqm.exe
O4 - HKCU\..\Run: [WinMedia] "C:\WINDOWS\System32\vxgamet4.exe2560.exe "
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://listrak.webex.com/client/v_mywebex-...bex/ieatgpc.cab
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\System32\w9seq.dll
O20 - Winlogon Notify: dvd4free - C:\WINDOWS\SYSTEM32\dvd4free.dll
O20 - Winlogon Notify: extfpu - C:\WINDOWS\SYSTEM32\extfpu.dll
O20 - Winlogon Notify: Mixer - C:\WINDOWS\SYSTEM32\sndmixex.dll
O20 - Winlogon Notify: ssldr - C:\WINDOWS\SYSTEM32\ssldr32.dll
O20 - Winlogon Notify: ur32krutik6666reg - C:\Documents and Settings\All Users\Documents\Settings\ur32krutik6666.dll
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - (no file)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: psapi - Unknown owner - C:\WINDOWS\System32\psapi.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\fdfzkey.exe (file missing)

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)


C:\WINDOWS\inet20091\
C:\WINDOWS\System32\ib6.dll
C:\WINDOWS\System32\w9seq.dll
C:\\keyboard2.exe
C:\\mousepad2.exe
C:\\newname2.exe
C:\WINDOWS\System32\kernels8.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\System32\slk8x2peu.exe
C:\WINDOWS\System32\wintrust.exe
C:\WINDOWS\System32\xolehlp.exe
C:\WINDOWS\System32\nvmctray.exe
C:\WINDOWS\System32\wuaueng.exe
C:\WINDOWS\System32\fm20enu.exe
C:\WINDOWS\System32\ntlanman.exe
C:\WINDOWS\System32\browseui.exe
C:\WINDOWS\System32\imagehlp.exe
C:\WINDOWS\System32\sti.exe
C:\WINDOWS\System32\pmspl.exe
C:\WINDOWS\System32\shmedia.exe
C:\WINDOWS\System32\dmconfig.exe
C:\WINDOWS\System32\wmadmoe.exe
C:\DOCUMENTS AND SETTINGS\JANDIG~1\LOCAL SETTINGS\Temp\12C.tmp
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe
C:\PROGRAM FILES\COMMON FILES\okkq\
C:\WINDOWS\System32\vxgamet4.exe2560.exe
C:\WINDOWS\SYSTEM32\dvd4free.dll
C:\WINDOWS\SYSTEM32\extfpu.dll
C:\WINDOWS\SYSTEM32\sndmixex.dll
C:\WINDOWS\SYSTEM32\ssldr32.dll
C:\Documents and Settings\All Users\Documents\Settings\ur32krutik6666.dll
c:\windows\system32\doser.exe

Reboot your computer to go back to normal mode and post a new log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users