Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Another analysis please?!  (Read 4387 times)

0 Members and 1 Guest are viewing this topic.

chriscool9

    Topic Starter


    Apprentice

    Thanked: 4
    • Experience: Beginner
    • OS: Mac OS
    Another analysis please?!
    « on: February 25, 2007, 12:34:53 PM »
    Hi there. This time its MY laptop. I cant finish the other one i have posted until Tuesday like i said. First off, my SB S&D keeps telling me its removed these entries below, but whenever I do a scan they return. Im doing the scans with Sys Restore turned off. Any Ideas?!
    http://img181.imageshack.us/img181/1596/kjsr1.jpg
    EDIT: Now Ive done another scan and i got these. http://img251.imageshack.us/img251/6983/sadgi8.png
    Second off I know i have infection. Avast! keeps telling me something is trying to access a server. I know what it is, the Process is called v6.exe and I know that that is the virus. Below is the HJT log.

    Logfile of HijackThis v1.99.1
    Scan saved at 19:28:00, on 25/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Internet Explorer\csrss.exe
    C:\WINDOWS\system32\sistray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\acer\eRecovery\Monitor.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\v6.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\Chris'\My Documents\My Downloads\hijackthis(3)\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/weather/5day.shtml?id=3981
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    O2 - BHO: (no name) - {03E41DBC-C9F8-3A24-FE20-0B94A61C884F} - C:\WINDOWS\system32\qsokfli.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
    O4 - HKLM\..\Run: [ddhonui.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Chris'\Local Settings\Application Data\ddhonui.dll",ysuecmg
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxig.dll,startup
    O4 - HKCU\..\Run: [] "C:\Program Files\Internet Explorer\csrss.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Pro
    « Last Edit: February 25, 2007, 12:50:36 PM by chriscool9 »
    Logged

    99 Problems and London's one of them

    chriscool9

      Topic Starter


      Apprentice

      Thanked: 4
      • Experience: Beginner
      • OS: Mac OS
      Re: Another analysis please?!
      « Reply #1 on: February 25, 2007, 12:35:37 PM »
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: jkkjkih - C:\WINDOWS\SYSTEM32\jkkjkih.dll
      O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
      O20 - Winlogon Notify: winmyy32 - C:\WINDOWS\SYSTEM32\winmyy32.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe





      Thanks Chris
      Logged

      99 Problems and London's one of them

      oddjob



        Hopeful

        Thanked: 4
        • Experience: Beginner
        • OS: Windows 7
        Re: Another analysis please?!
        « Reply #2 on: February 26, 2007, 03:21:19 AM »
        Hello again Chris

        Not only do you have the v6.exe malware but you also have Vundo/Smitfraud/Browseraid and other malware.

        I recommend you print this out to help you follow the advice.


        Open Task Manager … click “End process” for this one (the malware you mentioned) ……

        C:\WINDOWS\system32\v6.exe

        ******************

        Download SUPERAntiSpyware here …...

        http://www.superantispyware.com/

        Update to the latest definitions and run a full system scan.

        ******************

        Open HijackThis … click on scan … put tick/check marks next the following entries IF they are still present ….

        O2 - BHO: (no name) - {03E41DBC-C9F8-3A24-FE20-0B94A61C884F} - C:\WINDOWS\system32\qsokfli.dll

        O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe

        O4 - HKLM\..\Run: [ddhonui.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Chris'\Local Settings\Application Data\ddhonui.dll",ysuecmg

        O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxig.dll,startup

        O20 - Winlogon Notify: jkkjkih - C:\WINDOWS\SYSTEM32\jkkjkih.dll

        O20 - Winlogon Notify: winmyy32 - C:\WINDOWS\SYSTEM32\winmyy32.dll

        Remember to close ALL open windows – including this one - before clicking on “Fix Checked” at the foot of the HijackThis window.

        ******************

        Locate these files and delete them IF they are still present ….

        C:\WINDOWS\system32\qsokfli.dll

        C:\WINDOWS\system32\v6.exe

        C:\WINDOWS\system32\drvxig.dll

        C:\WINDOWS\SYSTEM32\jkkjkih.dll

        C:\WINDOWS\SYSTEM32\winmyy32.dll

        ******************

        Empty your recycle bin.

        ******************

        Reboot your system into normal mode and use it as you would usually do.


        Hopefully everything will have improved.


        IF NOT then run a fresh HijackThis scan and look to see IF either of these files have returned …

        O2 - BHO: (no name) - {03E41DBC-C9F8-3A24-FE20-0B94A61C884F} - C:\WINDOWS\system32\qsokfli.dll

        O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxig.dll,startup

        IF they are present in the log do this …..

        Please download VundoFix.exe to your desktop.
        1. Double-click VundoFix.exe to run it.
        2. When VundoFix re-opens, click the Scan for Vundo button.
        3. Once it's done scanning, click the Remove Vundo button.
        4. You will receive a prompt asking if you want to remove the files, click "YES".
        5. Once you click yes, your desktop will go blank as it starts removing Vundo.
        6. When completed, it will prompt that it will reboot your computer, click "OK".

        7. Please post the contents of C:\vundofix.txt and a new HiJackThis log.

        If vundofix cannot delete a file, it will try to delete it during a reboot, after the reboot vundofix will open again, you must run vundofix again, from "Click the Scan for Vundo button" ... and you must keep running vundofix untill it does delete the file... I've known a stubborn vundo file take 5 or 6 reboots before it is deleted...

        Run vundofix again & again until you get the message "no infected files were found".

        ******************

        Is Spybot S&D working OK now (don’t forget to update that program too)?

        When you have done all this post a fresh HijackThis log with an update on how things are operating now.


        OJ
        « Last Edit: February 26, 2007, 03:22:29 AM by oddjob »
        Logged

        chriscool9

          Topic Starter


          Apprentice

          Thanked: 4
          • Experience: Beginner
          • OS: Mac OS
          Re: Another analysis please?!
          « Reply #3 on: February 26, 2007, 11:15:27 AM »
          Hi there, thanks alot!! Ok first off qsokfli.dll and v6.exe wernt present, but jkkjkih.dll and winmyy32.dll where. However when i tried to delete winmyyy32 it said that it cant delete it because 'Access is denied, Make sure the Disk is not read or write protected and hat the file is not currently in use'. For jkkjkih it said 'Cannot delete jkkjkih.dll: It is being used by another person or program. Close any programs that might be using the file and try again'. Below is another log.

          Logfile of HijackThis v1.99.1
          Scan saved at 18:14:53, on 26/02/2007
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\Acer\eManager\anbmServ.exe
          C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
          C:\WINDOWS\SOUNDMAN.EXE
          C:\WINDOWS\AGRSMMSG.exe
          C:\Program Files\Launch Manager\QtZgAcer.EXE
          C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
          C:\WINDOWS\system32\keyhook.exe
          C:\Program Files\Multimedia Card Reader\shwicon2k.exe
          C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
          C:\Program Files\Internet Explorer\csrss.exe
          C:\WINDOWS\system32\sistray.exe
          C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
          C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\acer\eRecovery\Monitor.exe
          C:\Program Files\UPHClean\uphclean.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\wscntfy.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\Documents and Settings\Chris'\My Documents\My Downloads\hijackthis(3)\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/weather/5day.shtml?id=3981
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
          O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: (no name) - {601774FD-4B3F-44F0-99E3-B0E4E0146F65} - C:\WINDOWS\system32\jkkjkih.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
          O4 - HKLM\..\Run: [LaunchApp] Alaunch
          O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
          O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
          O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
          O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
          O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
          O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
          O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
          O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
          O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
          O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
          O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
          O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
          O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
          O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
          O4 - HKCU\..\Run: [] "C:\Program Files\Internet Explorer\csrss.exe"
          O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
          O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
          O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
          O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
          Logged

          99 Problems and London's one of them

          chriscool9

            Topic Starter


            Apprentice

            Thanked: 4
            • Experience: Beginner
            • OS: Mac OS
            Re: Another analysis please?!
            « Reply #4 on: February 26, 2007, 11:15:52 AM »
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
            O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
            O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
            O20 - Winlogon Notify: jkkjkih - C:\WINDOWS\SYSTEM32\jkkjkih.dll
            O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
            O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
            O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
            O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
            O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
            O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
            O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
            O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
            O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

            « Last Edit: February 26, 2007, 11:16:48 AM by chriscool9 »
            Logged

            99 Problems and London's one of them

            oddjob



              Hopeful

              Thanked: 4
              • Experience: Beginner
              • OS: Windows 7
              Re: Another analysis please?!
              « Reply #5 on: February 26, 2007, 01:57:50 PM »
              Hi

              Run the vundofix routine explained at the end of my last post. Run it as often as necessary till you see "no infected files were found".


              After that post another fresh HJT log ....

              AND ....

              ....another update on how your computer is working now.


              OJ
              Logged

              chriscool9

                Topic Starter


                Apprentice

                Thanked: 4
                • Experience: Beginner
                • OS: Mac OS
                Re: Another analysis please?!
                « Reply #6 on: February 26, 2007, 02:08:43 PM »
                Well theres no difference. My Antivir keeps popping up saying that jkkjkih.dll has been detected, and i choose to delete them but an hour later it will come up with the exact same.
                Ive ran Vundo a couple of times and it keeps finding things but ill keep going.
                Thanks!

                Chris
                Logged

                99 Problems and London's one of them

                oddjob



                  Hopeful

                  Thanked: 4
                  • Experience: Beginner
                  • OS: Windows 7
                  Re: Another analysis please?!
                  « Reply #7 on: February 28, 2007, 12:18:12 PM »
                  How's it all going, Chris? Fixed yet?


                  OJ
                  Logged
                  Pages: [1]   Go Up
                  « previous next »