malware... help please

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

pennylane2241982

Thread Starter
Joined
Nov 5, 2007
Messages
1
ok so i have been taken over by malware and the yellow triangle that says u have a networm- i virus and alos it says i have a black horse trojan virus... i also have the 2 icons that others have been talking about the online scurity guide and the safety center one... i ran combo fix this is my log... also i have windows xp and a gateway...

ComboFix 07-11-01.1** - Administrator 2007-11-05 19:32:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.218 [GMT -5:00]Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ta_start.lnk
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\WINNT\system32\drivers\runtime2.sys
C:\WINNT\system32\dwdsrngt.exe
C:\WINNT\system32\ehhkj.bak1
C:\WINNT\system32\ehhkj.ini
C:\WINNT\system32\jkhhe.dll
C:\WINNT\system32\msnav32.ax
C:\WINNT\system32\rliswpqh.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))))
.

2007-11-05 19:38 <DIR> d--hs---- C:\found.000
2007-11-05 19:11 8,704 --a------ C:\syslpen.exe
2007-11-05 18:35 51,200 --a------ C:\WINNT\NirCmd.exe
2007-11-05 17:42 85,568 --a------ C:\WINNT\system32\rfadsjas.dll
2007-11-05 17:42 83,008 --a------ C:\WINNT\system32\fhaxdgdp.dll
2007-11-03 18:55 81,472 --a------ C:\WINNT\system32\rjobbulb.dll
2007-11-03 18:49 340,032 --a------ C:\WINNT\system32\smiandmb.dll
2007-11-03 18:49 340,032 --a------ C:\WINNT\system32\rliswpqh.dll
2007-10-30 19:04 34,816 --a------ C:\WINNT\system32\wvuronl.dll
2007-10-30 19:01 35,840 --a------ C:\WINNT\mrofinu572.exe
2007-10-30 19:00 <DIR> d-------- C:\WINNT\system32\Mz02r
2007-10-30 19:00 <DIR> d-------- C:\Temp\mZOr
2007-10-30 19:00 34,816 --a------ C:\WINNT\system32\jkklkig.dll
2007-10-30 17:42 3,638 --a------ C:\wndhixh.exe
2007-10-29 18:02 <DIR> d-------- C:\Program Files\QdrModule
2007-10-26 14:02 196,679 --a------ C:\WINNT\system32\twinlndq.exe
2007-10-11 19:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\acccore
2007-10-11 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-11 19:13 <DIR> d-------- C:\Program Files\AIM6
2007-10-09 18:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SoftwareDetectionScripts
2007-10-09 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\temp
2007-10-08 19:42 <DIR> d-------- C:\WINNT\system32\bak
2007-10-08 19:42 <DIR> d-------- C:\WINNT\bak
2007-10-08 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\bak
2007-10-08 18:03 4,399 --a------ C:\WINNT\anxs.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-06 00:40 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-06 00:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-06 00:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AOL
2007-11-04 00:22 --------- d-----w C:\Program Files\Common Files\Scanner
2007-11-04 00:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-30 00:53 46,970 ----a-w C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2007-10-16 00:06 --------- d-----w C:\Program Files\Verizon
2007-10-16 00:06 --------- d-----w C:\Program Files\QuickTime
2007-10-16 00:06 --------- d-----w C:\Program Files\Lfkofyua
2007-10-16 00:06 --------- d-----w C:\Program Files\iTunes
2007-10-16 00:06 --------- d-----w C:\Program Files\Gateway Utilities
2007-10-16 00:03 27,660 ----a-w C:\WINNT\system32\twinlnds.exe
2007-10-16 00:03 27,660 ----a-w C:\WINNT\system32\NeroCheck.exe
2007-10-16 00:03 27,660 ----a-w C:\WINNT\system32\igfxtray.exe
2007-10-16 00:03 27,660 ----a-w C:\WINNT\system32\hkcmd.exe
2007-10-16 00:03 27,660 ----a-w C:\Documents and Settings\All Users\Application Data\hwfutczk.exe
2007-10-12 00:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-09 00:42 --------- d-----w C:\Program Files\Common Files\ouiz
2007-10-08 23:03 --------- d-----w C:\Program Files\Weddings Addressed
2007-10-02 21:40 122 ----a-w C:\Documents and Settings\Administrator\c200.bat
2007-09-29 17:22 167,444 ----a-w C:\WINNT\system32\ombeabge.exe
2007-09-27 22:59 167,444 ----a-w C:\WINNT\system32\xriweosf.exe
2007-09-18 21:31 68,096 ----a-w C:\WINNT\system32\l4acdb2.dll
2007-09-18 21:31 3,638 ----a-w C:\WINNT\d5p8354e.exe
2007-09-18 21:18 425,480 ----a-w C:\sysfakh.exe
2007-08-22 18:10 52,746 ----a-w C:\WINNT\system32\mkdsrngm.exe
2005-01-24 23:52 56,488 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( [email protected]_18.53.08.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-05 23:37:39 262,144 ----a-w C:\WINNT\system32\config\systemprofile\NTUSER.DAT
+ 2007-11-06 00:31:49 262,144 ----a-w C:\WINNT\system32\config\systemprofile\NTUSER.DAT
- 2007-10-29 23:06:22 45,408 ----a-w C:\WINNT\system32\perfc009.dat
+ 2007-11-05 23:53:22 45,408 ----a-w C:\WINNT\system32\perfc009.dat
- 2007-10-29 23:06:22 363,734 ----a-w C:\WINNT\system32\perfh009.dat
+ 2007-11-05 23:53:22 363,734 ----a-w C:\WINNT\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A640D1D-CC50-4B32-9281-B7228A4BEA41}]
C:\Program Files\Messenger\rybito539.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30000273-8230-4dd4-be4f-6889d1e74167}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3829F7D5-6DC8-4983-91F8-5FD7F39E2097}]
C:\Program Files\Online Services\nipy4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38847C4B-1AB1-4A47-9026-9A6CF7B43D31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50BC9F18-E8D4-4046-8F72-EDEE84C05BFc}]
2007-07-22 17:19 124948 --a------ C:\WINNT\System32\hcgmyiqh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53B5F2B1-94DD-43E5-8187-EB4E31F00701}]
2007-09-18 16:31 68096 --a------ C:\WINNT\system32\l4acdb2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}]
2007-10-30 19:00 34816 --a------ C:\WINNT\system32\jkklkig.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83729CDE-37C6-4BB0-8DC9-88E15D6596Cb}]
2007-07-22 17:19 124948 --a------ C:\WINNT\System32\hcgmyiqh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b02624f-5b13-47b0-8219-cb1a89723c47}]
2007-11-05 17:42 83008 --a------ C:\WINNT\System32\fhaxdgdp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-03 18:49 340032 --a------ C:\WINNT\system32\rliswpqh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E13A2E2F-8263-4AA4-81C9-90B4DDCF98C8}]
C:\WINNT\System32\pmkhe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINNT\system32\rliswpqh.dll [2007-11-03 18:49 340032]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINNT\System32\igfxtray.exe" [2007-10-15 19:03]
"HotKeysCmds"="C:\WINNT\System32\hkcmd.exe" [2007-10-15 19:03]
"Gateway Ink Monitor"="C:\Program Files\Gateway Utilities\GWInkMonitor.exe" [2007-10-15 19:03]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [2003-06-13 12:31]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2007-10-15 19:03]
"NeroCheck"="C:\WINNT\System32\NeroCheck.exe" [2007-10-15 19:03]
"PDUiP6000DMon"="C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe" [2007-10-15 19:03]
"PDUiP6000DTskbr"="C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe" [2007-10-15 19:03]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-10-15 19:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-15 19:03]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-10-15 19:03]
"uddrmfwA"="C:\WINNT\uddrmfwA.exe" []
"hwfutczk.exe"="C:\Documents and Settings\All Users\Application Data\hwfutczk.exe" [2007-10-15 19:03]
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" []
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-10-15 19:03]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-10-15 19:03]
"urcvmhmj"="C:\Program Files\Lfkofyua\urcvmhmj.exe" [2007-10-15 19:03]
"{A2-2F-F4-42-ZN}"="c:\winnt\system32\dwdsrngt.exe" []
"niwoqijo"="C:\Program Files\Windows NT\niwoqijo22011.exe" []
"7c6a2fed"="C:\WINNT\System32\rfadsjas.dll" [2007-11-05 17:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 15:08]
"ouiz"="C:\PROGRA~1\COMMON~1\ouiz\ouizm.exe" []
"ISMPack6"="C:\Program Files\ISM2\ISMPack6.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-15 19:03]
"QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" [2007-11-01 14:51]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"tlz"=C:\WINNT\47681728.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-09 19:37:25]
Media Card Companion Monitor.lnk - C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe [2005-03-22 21:01:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}"= C:\WINNT\system32\jkklkig.dll [2007-10-30 19:00 34816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyxww]
fccyxww.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklkig]
jkklkig.dll 2007-10-30 19:00 34816 C:\WINNT\system32\jkklkig.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhe]
C:\WINNT\System32\pmkhe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rliswpqh]
rliswpqh.dll 2007-11-03 18:49 340032 C:\WINNT\system32\rliswpqh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\winnt\system32\vtutqnm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINNT\System32\jkhhe.dll

S3 hamachi_oem;PlayLinc Adapter;C:\WINNT\System32\DRIVERS\gan_adapter.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-01 01:37:01 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-13 04:00:00 C:\WINNT\Tasks\At1.job"
- C:\WINNT\System32\n8W1fyvw.exe
"2007-05-28 02:01:37 C:\WINNT\Tasks\At10.job"
- C:\WINNT\System32\n8W1fyvw.exe
"2007-06-22 14:00:00 C:\WINNT\Tasks\At11.job"
- C:\WINNT\System32\n8W1fyvw.exe
"2007-09-30 15:00:00 C:\WINNT\Tasks\At12.job"
- C:\WINNT\System32\n8W1fyvw.exe
"2007-09-30 16:00:00 C:\WINNT\Tasks\At13.job"
- C:\WINNT\System32\n8W1fyvw.exe
"2007-09-30 17:00:00 C:\WINNT\Tasks\At14.job"
"2007-09-30 18:00:00 C:\WINNT\Tasks\At15.job"
"2007-10-02 19:00:00 C:\WINNT\Tasks\At16.job"
"2007-10-26 20:00:00 C:\WINNT\Tasks\At17.job"
"2007-10-30 22:00:00 C:\WINNT\Tasks\At18.job"
"2007-11-05 23:00:00 C:\WINNT\Tasks\At19.job"
"2007-10-13 05:00:00 C:\WINNT\Tasks\At2.job"
- C:\WINNT\System32\n8W1fyvw.exe
"2007-11-06 00:00:00 C:\WINNT\Tasks\At20.job"
"2007-10-31 01:00:00 C:\WINNT\Tasks\At21.job"
"2007-10-31 02:00:00 C:\WINNT\Tasks\At22.job"
- C:\WINNT\System32\n8W1fyvw.exe
"2007-10-26 02:00:00 C:\WINNT\Tasks\At23.job"
- C:\WINNT\System32\n8W1fyvw.exe
"2007-10-13 03:00:00 C:\WINNT\Tasks\At24.job"
- C:\WINNT\System32\n8W1fyvw.exe
"2007-10-13 04:00:30 C:\WINNT\Tasks\At25.job"
"2007-10-13 05:00:30 C:\WINNT\Tasks\At26.job"
"2007-09-10 06:00:30 C:\WINNT\Tasks\At27.job"
"2007-07-05 03:19:44 C:\WINNT\Tasks\At28.job"
- C:\WINNT\System32\ACQ03Eci.exe
"2007-07-05 03:19:45 C:\WINNT\Tasks\At29.job"
- C:\WINNT\System32\ACQ03Eci.exe
"2007-09-10 06:00:00 C:\WINNT\Tasks\At3.job"
"2007-07-05 03:19:45 C:\WINNT\Tasks\At30.job"
- C:\WINNT\System32\ACQ03Eci.exe
"2007-07-05 03:19:45 C:\WINNT\Tasks\At31.job"
- C:\WINNT\System32\ACQ03Eci.exe
"2007-07-05 03:19:45 C:\WINNT\Tasks\At32.job"
- C:\WINNT\System32\ACQ03Eci.exe
"2007-07-05 03:19:45 C:\WINNT\Tasks\At33.job"
- C:\WINNT\System32\ACQ03Eci.exe
"2007-07-05 03:19:45 C:\WINNT\Tasks\At34.job"
"2007-07-05 03:19:45 C:\WINNT\Tasks\At35.job"
- C:\WINNT\System32\ACQ03Eci.exe
"2007-09-30 15:00:30 C:\WINNT\Tasks\At36.job"
- C:\WINNT\System32\ACQ03Eci.exe
"2007-09-30 16:00:00 C:\WINNT\Tasks\At37.job"
"2007-09-30 17:00:00 C:\WINNT\Tasks\At38.job"
- C:\WINNT\System32\ACQ03Eci.exe
"2007-09-30 18:00:00 C:\WINNT\Tasks\At39.job"
- C:\WINNT\System32\ACQ03Eci.exe
"2007-06-22 07:00:00 C:\WINNT\Tasks\At4.job"
- C:\WINNT\System32\n8W1fyvw.exe
"2007-10-02 19:00:56 C:\WINNT\Tasks\At40.job"
"2007-10-26 20:00:30 C:\WINNT\Tasks\At41.job"
"2007-10-30 22:00:30 C:\WINNT\Tasks\At42.job"
"2007-11-05 23:00:30 C:\WINNT\Tasks\At43.job"
- C:\WINNT\System32\ACQ03Eci.exe
"2007-11-06 00:00:30 C:\WINNT\Tasks\At44.job"
- C:\WINNT\System32\ACQ03Eci.exe
"2007-10-31 01:00:30 C:\WINNT\Tasks\At45.job"
"2007-10-31 02:00:30 C:\WINNT\Tasks\At46.job"
"2007-10-26 02:00:30 C:\WINNT\Tasks\At47.job"
"2007-10-13 03:01:39 C:\WINNT\Tasks\At48.job"
"2007-06-22 08:00:00 C:\WINNT\Tasks\At5.job"
- C:\WINNT\System32\n8W1fyvw.exe
"2007-06-22 09:00:00 C:\WINNT\Tasks\At6.job"
- C:\WINNT\System32\n8W1fyvw.exe
"2007-05-28 02:01:37 C:\WINNT\Tasks\At7.job"
- C:\WINNT\System32\n8W1fyvw.exe
"2007-05-28 02:01:37 C:\WINNT\Tasks\At8.job"
"2007-05-28 02:01:37 C:\WINNT\Tasks\At9.job"
- C:\WINNT\System32\n8W1fyvw.exe
"2005-01-19 01:45:00 C:\WINNT\Tasks\ISP signup reminder 1.job"
- C:\WINNT\System32\OOBE\oobebaln.exe
"2005-01-26 23:00:00 C:\WINNT\Tasks\ISP signup reminder 2.job"
"2005-02-01 02:45:00 C:\WINNT\Tasks\ISP signup reminder 3.job"
- C:\WINNT\System32\OOBE\oobebaln.exe
"2007-05-28 23:59:12 C:\WINNT\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-05 19:41:15
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-05 19:42:18 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-05 18:53
.
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Hi, pennylane2241982 :)

Welcome.

Posting multiple threads wont help. Please do not post your E-mail.

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
File::
C:\syslpen.exe
C:\WINNT\system32\rfadsjas.dll
C:\WINNT\system32\fhaxdgdp.dll
C:\WINNT\system32\rjobbulb.dll
C:\WINNT\system32\smiandmb.dll
C:\WINNT\system32\rliswpqh.dll
C:\WINNT\system32\wvuronl.dll
C:\WINNT\mrofinu572.exe
C:\WINNT\system32\jkklkig.dll
C:\wndhixh.exe
C:\WINNT\system32\twinlndq.exe
C:\WINNT\anxs.exe
C:\Documents and Settings\Administrator\c200.bat
C:\WINNT\system32\ombeabge.exe
C:\WINNT\system32\xriweosf.exe
C:\WINNT\system32\l4acdb2.dll
C:\WINNT\d5p8354e.exe
C:\sysfakh.exe
C:\WINNT\system32\mkdsrngm.exe
C:\WINNT\Tasks\At1.job
C:\WINNT\System32\n8W1fyvw.exe
C:\WINNT\Tasks\At10.job
C:\WINNT\Tasks\At11.job
C:\WINNT\Tasks\At12.job
C:\WINNT\Tasks\At13.job
C:\WINNT\Tasks\At14.job
C:\WINNT\Tasks\At15.job
C:\WINNT\Tasks\At16.job
C:\WINNT\Tasks\At17.job
C:\WINNT\Tasks\At18.job
C:\WINNT\Tasks\At19.job
C:\WINNT\Tasks\At2.job
C:\WINNT\Tasks\At20.job
C:\WINNT\Tasks\At21.job
C:\WINNT\Tasks\At22.job
C:\WINNT\Tasks\At23.job
C:\WINNT\Tasks\At24.job
C:\WINNT\Tasks\At25.job
C:\WINNT\Tasks\At26.job
C:\WINNT\Tasks\At27.job
C:\WINNT\Tasks\At28.job
C:\WINNT\System32\ACQ03Eci.exe
C:\WINNT\Tasks\At29.job
C:\WINNT\Tasks\At3.job
C:\WINNT\Tasks\At30.job
C:\WINNT\Tasks\At31.job
C:\WINNT\Tasks\At32.job
C:\WINNT\Tasks\At33.job
C:\WINNT\Tasks\At34.job
C:\WINNT\Tasks\At35.job
C:\WINNT\Tasks\At36.job
C:\WINNT\Tasks\At37.job
C:\WINNT\Tasks\At38.job
C:\WINNT\Tasks\At39.job
C:\WINNT\Tasks\At4.job
C:\WINNT\Tasks\At40.job
C:\WINNT\Tasks\At41.job
C:\WINNT\Tasks\At42.job
C:\WINNT\Tasks\At43.job
C:\WINNT\Tasks\At44.job
C:\WINNT\Tasks\At45.job
C:\WINNT\Tasks\At46.job
C:\WINNT\Tasks\At47.job
C:\WINNT\Tasks\At48.job
C:\WINNT\Tasks\At5.job
C:\WINNT\Tasks\At6.job
C:\WINNT\Tasks\At7.job
C:\WINNT\Tasks\At8.job
C:\WINNT\Tasks\At9.job

Folder::
C:\found.000
C:\Temp\mZOr
C:\WINNT\system32\Mz02r
C:\Program Files\QdrModule
C:\Program Files\Lfkofyua

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30000273-8230-4dd4-be4f-6889d1e74167}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3829F7D5-6DC8-4983-91F8-5FD7F39E2097}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38847C4B-1AB1-4A47-9026-9A6CF7B43D31}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50BC9F18-E8D4-4046-8F72-EDEE84C05BFc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53B5F2B1-94DD-43E5-8187-EB4E31F00701}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83729CDE-37C6-4BB0-8DC9-88E15D6596Cb}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b02624f-5b13-47b0-8219-cb1a89723c47}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E13A2E2F-8263-4AA4-81C9-90B4DDCF98C8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

FileLook::
C:\WINNT\system32\twinlnds.exe
C:\WINNT\system32\NeroCheck.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe


Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a fresh Hijackthis log.

In addition:

Please run the MGA Diagnostic Tool and post back the report it creates:
  1. Download MGADiag to your desktop.
  2. Double-click on MGADiag.exe to launch the program
  3. Click "Continue"
  4. Ensure that the "Windows" tab is selected (it should be by default).
  5. Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  6. Paste the MGA Diagnostic Report back here in your next reply.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top