Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Can not remove last worm


  • This topic is locked This topic is locked
16 replies to this topic

#1 stuffa

stuffa

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 10 January 2006 - 11:04 PM

Hello Before I got my recent install of Win200 Pro set up - ie all the anti virus stuff and all updates installed etc, I got hit with stacks of worms etc. I've been able to get rid of most but still have RUNDLL32.EXE attempting to connect to ip addresses 64.192.130.150/1 ( urls as www.a-d-w-a-r-e.com and www.ad-w-a-r-e.com). A this point I can't seem to find out why. Lavasoft Adaware, Spybot S&D and Avg do not find anything. I have noted a WINLOGON notify entry in HJT keeps changing the DLL but I can't get HJT to remove it. Also this is a duel boot system with Win98se - which seems to be working ok at the moment. Logfile of HijackThis v1.99.1 Scan saved at 3:02:08 PM, on 11/Jan/06 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000) Running processes: D:\WINNT\System32\smss.exe D:\WINNT\system32\winlogon.exe D:\WINNT\system32\services.exe D:\WINNT\system32\lsass.exe D:\Program Files\Sygate\SPF\smc.exe D:\WINNT\system32\svchost.exe D:\WINNT\system32\spoolsv.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe D:\WINNT\System32\svchost.exe D:\Program Files\Network Monitor\netmon.exe D:\WINNT\system32\regsvc.exe D:\WINNT\system32\MSTask.exe D:\WINNT\System32\WBEM\WinMgmt.exe D:\WINNT\system32\svchost.exe D:\WINNT\System32\svchost.exe D:\WINNT\system32\rundll32.exe D:\WINNT\Explorer.EXE D:\WINNT\System32\sistray.EXE D:\WINNT\System32\khooker.exe D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SiS Tray] D:\WINNT\System32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] D:\WINNT\System32\khooker.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O20 - Winlogon Notify: WebCheck - D:\WINNT\system32\lvpu0979e.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe O23 - Service: Network Monitor - Unknown owner - D:\Program Files\Network Monitor\netmon.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe Any help appreciated. stuffa

    Advertisements

Register to Remove


#2 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 16 January 2006 - 11:07 PM

VX2. Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so! This Fix must NOT be run in safe mode for it to work.

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.

#3 stuffa

stuffa

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 17 January 2006 - 12:07 AM

Hi Copy of the l2mfix file you requested. L2MFIX find log 010406 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder] "Asynchronous"=dword:00000000 "DllName"="D:\\WINNT\\system32\\i642lgho164c.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{AD6DD8B5-5EB0-9CA6-F143-BCB389E7D744}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network and Dial-up Connections" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks" "{1A9BA3A0-143A-11CF-8350-444553540000}"="Shell Favorite Folder" "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="My Computer" "{86747AC0-42A0-1069-A2E6-08002B30309D}"="Briefcase Folder" "{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Folder Shortcut" "{12518493-00B2-11d2-9FA5-9E3420524153}"="Mounted Volume" "{21B22460-3AEA-1069-A2DC-08002B30309D}"="File Property Page Extension" "{B091E540-83E3-11CF-A713-0020AFD79762}"="File Types Page" "{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="MIME File Types Hook" "{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Microsoft CopyTo Service" "{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Microsoft MoveTo Service" "{13709620-C279-11CE-A49E-444553540000}"="Shell Automation Service" "{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View" "{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Start Menu" "{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Microsoft SendTo Service" "{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Microsoft New Object Service" "{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Open With Context Menu Handler" "{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Display Control Panel HTML Extensions" "{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop" "{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Folder Options Property Page Extension" "{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon" "{4657278A-411B-11d2-839A-00C04FD918D0}"="Shell Drag and Drop helper" "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Add encryption item to context menus in explorer" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder" "{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band" "{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu" "{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site" "{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Merge Shell Folder" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Microsoft SearchBand" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Links" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="History" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Thumbnails" "{EAB841A0-9550-11CF-8C16-00805F1408F3}"="HTML Thumbnail Extractor" "{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Office Graphics Filters Thumbnail Extractor" "{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)" "{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8C-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..." "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip" "{063E39D3-3DA0-4C88-B922-736CDF0F0642}"="" "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension" "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension" "{03B6AEE5-B811-49E4-A56C-9CEB18B1D5E4}"="" "{CCA60260-A2C9-11D2-BA62-0020188191B2}"="Registrar Registry Manager SHell Extension" "{6868AA66-E7C2-4189-97BF-DDBC44076430}"="" "{ED139C8B-4C67-443F-AE84-FDB91B3436B9}"="" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{063E39D3-3DA0-4C88-B922-736CDF0F0642}] @="" [HKEY_CLASSES_ROOT\CLSID\{063E39D3-3DA0-4C88-B922-736CDF0F0642}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{063E39D3-3DA0-4C88-B922-736CDF0F0642}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{063E39D3-3DA0-4C88-B922-736CDF0F0642}\InprocServer32] @="D:\\WINNT\\system32\\kddcan.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{03B6AEE5-B811-49E4-A56C-9CEB18B1D5E4}] @="" [HKEY_CLASSES_ROOT\CLSID\{03B6AEE5-B811-49E4-A56C-9CEB18B1D5E4}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{03B6AEE5-B811-49E4-A56C-9CEB18B1D5E4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{03B6AEE5-B811-49E4-A56C-9CEB18B1D5E4}\InprocServer32] @="D:\\WINNT\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{6868AA66-E7C2-4189-97BF-DDBC44076430}] @="" [HKEY_CLASSES_ROOT\CLSID\{6868AA66-E7C2-4189-97BF-DDBC44076430}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{6868AA66-E7C2-4189-97BF-DDBC44076430}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{6868AA66-E7C2-4189-97BF-DDBC44076430}\InprocServer32] @="D:\\WINNT\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{ED139C8B-4C67-443F-AE84-FDB91B3436B9}] @="" [HKEY_CLASSES_ROOT\CLSID\{ED139C8B-4C67-443F-AE84-FDB91B3436B9}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{ED139C8B-4C67-443F-AE84-FDB91B3436B9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{ED139C8B-4C67-443F-AE84-FDB91B3436B9}\InprocServer32] @="D:\\WINNT\\system32\\guard.tmp" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: D:\WINNT\SYSTEM32\ senceng.dll Mon Jan 9 2006 11:42:28p ..S.R 236,453 230.91 K skhannel.dll Tue Jan 10 2006 9:01:10p ..S.R 234,065 228.58 K vaa64k.dll Tue Jan 10 2006 10:59:00p ..S.R 235,859 230.33 K iqircl.dll Tue Jan 10 2006 7:46:24a ..S.R 234,174 228.68 K kddcan.dll Tue Jan 17 2006 3:57:08p ..S.R 234,065 228.58 K nztdtect.dll Tue Jan 10 2006 11:12:26p ..S.R 234,065 228.58 K lqexpand.dll Wed Jan 11 2006 10:09:58a ..S.R 234,388 228.89 K icetcomm.dll Wed Jan 11 2006 11:22:02a ..S.R 234,065 228.58 K nxmsevt.dll Wed Jan 11 2006 8:56:16p ..S.R 234,644 229.14 K tmolhelp.dll Sun Jan 8 2006 3:59:46p ..S.R 237,155 231.59 K hbcoin.dll Tue Jan 10 2006 11:16:12a ..S.R 235,859 230.33 K spmsg.dll Sun Oct 23 2005 10:28:08p ..... 13,536 13.22 K smi.dll Tue Jan 10 2006 2:41:38p ..S.R 234,174 228.68 K msvcp71.dll Sun Jan 8 2006 6:00:10p A.... 499,712 488.00 K wrps2.dll Sun Jan 8 2006 9:04:48p ..S.R 234,115 228.63 K msvcr71.dll Sun Jan 8 2006 6:00:20p A.... 348,160 340.00 K srreamci.dll Sun Jan 8 2006 7:54:34p ..S.R 234,115 228.63 K i642lg~1.dll Wed Jan 11 2006 8:52:06p ..S.R 234,065 228.58 K p0r40a~1.dll Tue Jan 17 2006 3:57:08p ..S.R 234,555 229.05 K nxdsatq.dll Mon Jan 9 2006 10:01:12p ..S.R 234,174 228.68 K en2ql1~1.dll Sun Jan 8 2006 4:08:46p ..S.R 237,155 231.59 K repair~1.dll Sun Jan 8 2006 2:47:04p A.... 85,504 83.50 K h80q0i~1.dll Sun Jan 8 2006 10:15:34p ..S.R 236,489 230.95 K bpsesrv.dll Sun Jan 8 2006 10:28:42p ..S.R 236,185 230.65 K rtsauth.dll Sun Jan 8 2006 5:59:10p ..S.R 235,264 229.75 K uoib.dll Sun Jan 8 2006 10:18:58p ..S.R 235,981 230.45 K txpmon.dll Mon Jan 9 2006 8:03:16p ..S.R 236,453 230.91 K symapi.dll Mon Jan 9 2006 8:32:20p ..S.R 236,453 230.91 K i842li~1.dll Sun Jan 8 2006 10:35:54p ..S.R 236,185 230.65 K oppdx32.dll Tue Jan 10 2006 3:32:02p ..S.R 235,859 230.33 K 30 items found: 30 files (26 H/S), 0 directories. Total of file sizes: 7,062,926 bytes 6.73 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Volume in drive D is PROGRAMS Volume Serial Number is 2359-1402 Directory of D:\WINNT\System32 17/01/06 03:57p 234,555 p0r40a9qed.dll 17/01/06 03:57p 234,065 kddcan.dll 11/01/06 08:56p 234,644 nxmsevt.dll 11/01/06 08:52p 234,065 i642lgho164c.dll 11/01/06 11:22a 234,065 icetcomm.dll 11/01/06 10:09a 234,388 lqexpand.dll 10/01/06 11:12p 234,065 nztdtect.dll 10/01/06 10:59p 235,859 vaa64k.dll 10/01/06 09:22p 2,516 KGyGaAvL.sys 10/01/06 09:01p 234,065 SKHANNEL.DLL 10/01/06 03:32p 235,859 oppdx32.dll 10/01/06 02:41p 234,174 smi.dll 10/01/06 11:16a 235,859 hbcoin.dll 10/01/06 07:46a 234,174 iqircl.dll 09/01/06 11:42p 236,453 senceng.dll 09/01/06 10:01p 234,174 nxdsatq.dll 09/01/06 08:32p 236,453 symapi.dll 09/01/06 08:03p 236,453 txpmon.dll 08/01/06 10:35p 236,185 i842liho184c.dll 08/01/06 10:28p 236,185 BPSESRV.DLL 08/01/06 10:18p 235,981 UOIB.DLL 08/01/06 10:15p 236,489 h80q0id5e80.dll 08/01/06 09:04p 234,115 wrps2.dll 08/01/06 07:54p 234,115 srreamci.dll 08/01/06 05:59p 235,264 rTsauth.dll 08/01/06 04:08p 237,155 en2ql1f51.dll 08/01/06 03:59p 237,155 tmolhelp.dll 27/12/05 02:22p <DIR> dllcache 27 File(s) 6,118,530 bytes 1 Dir(s) 22,883,713,024 bytes free thanks stuffa

#4 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 17 January 2006 - 12:08 AM

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so! Do Not run in safe mode!!
If after the reboot the log does not open double click on it in the l2mfix folder.

#5 stuffa

stuffa

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 18 January 2006 - 12:22 AM

Hi Siggyx Thanks for your help so far. Don't know if I prevented the fix from working properly. Part way thru my firewall blocked some ping attempts before i could see what they were. Anyway, the 2 new files are below. ************************************************************************** ************************************************************************** L2mfix 010406 Creating Account. The command completed successfully. Adding Administrative privleges. The command completed successfully. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: D:\WINNT\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 148 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 168 'winlogon.exe' Killing PID 168 'winlogon.exe' Error 0x5 : Access is denied. Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 960 'explorer.exe' Killing PID 960 'explorer.exe' Error 0x5 : Access is denied. Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1216 'rundll32.exe' Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrators ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. 1 file(s) copied. Deleting: D:\WINNT\system32\aysetupc.dll Successfully Deleted: D:\WINNT\system32\aysetupc.dll Deleting: D:\WINNT\system32\BPSESRV.DLL Successfully Deleted: D:\WINNT\system32\BPSESRV.DLL Deleting: D:\WINNT\system32\en2ql1f51.dll Successfully Deleted: D:\WINNT\system32\en2ql1f51.dll Deleting: D:\WINNT\system32\h80q0id5e80.dll Successfully Deleted: D:\WINNT\system32\h80q0id5e80.dll Deleting: D:\WINNT\system32\h82o0if3e82.dll Successfully Deleted: D:\WINNT\system32\h82o0if3e82.dll Deleting: D:\WINNT\system32\hbcoin.dll Successfully Deleted: D:\WINNT\system32\hbcoin.dll Deleting: D:\WINNT\system32\i842liho184c.dll Successfully Deleted: D:\WINNT\system32\i842liho184c.dll Deleting: D:\WINNT\system32\icetcomm.dll Successfully Deleted: D:\WINNT\system32\icetcomm.dll Deleting: D:\WINNT\system32\iqircl.dll Successfully Deleted: D:\WINNT\system32\iqircl.dll Deleting: D:\WINNT\system32\jtl6073se.dll Successfully Deleted: D:\WINNT\system32\jtl6073se.dll Deleting: D:\WINNT\system32\kddcan.dll Successfully Deleted: D:\WINNT\system32\kddcan.dll Deleting: D:\WINNT\system32\lqexpand.dll Successfully Deleted: D:\WINNT\system32\lqexpand.dll Deleting: D:\WINNT\system32\nxdsatq.dll Successfully Deleted: D:\WINNT\system32\nxdsatq.dll Deleting: D:\WINNT\system32\nxmsevt.dll Successfully Deleted: D:\WINNT\system32\nxmsevt.dll Deleting: D:\WINNT\system32\nztdtect.dll Successfully Deleted: D:\WINNT\system32\nztdtect.dll Deleting: D:\WINNT\system32\oppdx32.dll Successfully Deleted: D:\WINNT\system32\oppdx32.dll Deleting: D:\WINNT\system32\rTsauth.dll Successfully Deleted: D:\WINNT\system32\rTsauth.dll Deleting: D:\WINNT\system32\senceng.dll Successfully Deleted: D:\WINNT\system32\senceng.dll Deleting: D:\WINNT\system32\sepblb.dll Successfully Deleted: D:\WINNT\system32\sepblb.dll Deleting: D:\WINNT\system32\SKHANNEL.DLL Successfully Deleted: D:\WINNT\system32\SKHANNEL.DLL Deleting: D:\WINNT\system32\smi.dll Successfully Deleted: D:\WINNT\system32\smi.dll Deleting: D:\WINNT\system32\srreamci.dll Successfully Deleted: D:\WINNT\system32\srreamci.dll Deleting: D:\WINNT\system32\symapi.dll Successfully Deleted: D:\WINNT\system32\symapi.dll Deleting: D:\WINNT\system32\tmolhelp.dll Successfully Deleted: D:\WINNT\system32\tmolhelp.dll Deleting: D:\WINNT\system32\txpmon.dll Successfully Deleted: D:\WINNT\system32\txpmon.dll Deleting: D:\WINNT\system32\UOIB.DLL Successfully Deleted: D:\WINNT\system32\UOIB.DLL Deleting: D:\WINNT\system32\vaa64k.dll Successfully Deleted: D:\WINNT\system32\vaa64k.dll Deleting: D:\WINNT\system32\wrps2.dll Successfully Deleted: D:\WINNT\system32\wrps2.dll msg11?.dll 0 file(s) copied. Desktop.ini sucessfully removed Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AdminDebug] "Asynchronous"=dword:00000000 "DllName"="D:\\WINNT\\system32\\jtl6073se.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 The following are the files found: **************************************************************************** D:\WINNT\system32\aysetupc.dll D:\WINNT\system32\BPSESRV.DLL D:\WINNT\system32\en2ql1f51.dll D:\WINNT\system32\h80q0id5e80.dll D:\WINNT\system32\h82o0if3e82.dll D:\WINNT\system32\hbcoin.dll D:\WINNT\system32\i842liho184c.dll D:\WINNT\system32\icetcomm.dll D:\WINNT\system32\iqircl.dll D:\WINNT\system32\jtl6073se.dll D:\WINNT\system32\kddcan.dll D:\WINNT\system32\lqexpand.dll D:\WINNT\system32\nxdsatq.dll D:\WINNT\system32\nxmsevt.dll D:\WINNT\system32\nztdtect.dll D:\WINNT\system32\oppdx32.dll D:\WINNT\system32\rTsauth.dll D:\WINNT\system32\senceng.dll D:\WINNT\system32\sepblb.dll D:\WINNT\system32\SKHANNEL.DLL D:\WINNT\system32\smi.dll D:\WINNT\system32\srreamci.dll D:\WINNT\system32\symapi.dll D:\WINNT\system32\tmolhelp.dll D:\WINNT\system32\txpmon.dll D:\WINNT\system32\UOIB.DLL D:\WINNT\system32\vaa64k.dll D:\WINNT\system32\wrps2.dll Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{063E39D3-3DA0-4C88-B922-736CDF0F0642}] @="" [HKEY_CLASSES_ROOT\CLSID\{063E39D3-3DA0-4C88-B922-736CDF0F0642}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{063E39D3-3DA0-4C88-B922-736CDF0F0642}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{063E39D3-3DA0-4C88-B922-736CDF0F0642}\InprocServer32] @="D:\\WINNT\\system32\\aysetupc.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{03B6AEE5-B811-49E4-A56C-9CEB18B1D5E4}] @="" [HKEY_CLASSES_ROOT\CLSID\{03B6AEE5-B811-49E4-A56C-9CEB18B1D5E4}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{03B6AEE5-B811-49E4-A56C-9CEB18B1D5E4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{03B6AEE5-B811-49E4-A56C-9CEB18B1D5E4}\InprocServer32] @="D:\\WINNT\\system32\\sepblb.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{6868AA66-E7C2-4189-97BF-DDBC44076430}] @="" [HKEY_CLASSES_ROOT\CLSID\{6868AA66-E7C2-4189-97BF-DDBC44076430}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{6868AA66-E7C2-4189-97BF-DDBC44076430}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{6868AA66-E7C2-4189-97BF-DDBC44076430}\InprocServer32] @="D:\\WINNT\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{ED139C8B-4C67-443F-AE84-FDB91B3436B9}] @="" [HKEY_CLASSES_ROOT\CLSID\{ED139C8B-4C67-443F-AE84-FDB91B3436B9}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{ED139C8B-4C67-443F-AE84-FDB91B3436B9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{ED139C8B-4C67-443F-AE84-FDB91B3436B9}\InprocServer32] @="D:\\WINNT\\system32\\guard.tmp" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{063E39D3-3DA0-4C88-B922-736CDF0F0642}"=- "{03B6AEE5-B811-49E4-A56C-9CEB18B1D5E4}"=- "{6868AA66-E7C2-4189-97BF-DDBC44076430}"=- "{ED139C8B-4C67-443F-AE84-FDB91B3436B9}"=- [-HKEY_CLASSES_ROOT\CLSID\{063E39D3-3DA0-4C88-B922-736CDF0F0642}] [-HKEY_CLASSES_ROOT\CLSID\{03B6AEE5-B811-49E4-A56C-9CEB18B1D5E4}] [-HKEY_CLASSES_ROOT\CLSID\{6868AA66-E7C2-4189-97BF-DDBC44076430}] [-HKEY_CLASSES_ROOT\CLSID\{ED139C8B-4C67-443F-AE84-FDB91B3436B9}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: adding: dlls/aysetupc.dll (deflated 4%) adding: dlls/BPSESRV.DLL (deflated 5%) adding: dlls/en2ql1f51.dll (deflated 5%) adding: dlls/h80q0id5e80.dll (deflated 5%) adding: dlls/h82o0if3e82.dll (deflated 4%) adding: dlls/hbcoin.dll (deflated 5%) adding: dlls/i842liho184c.dll (deflated 5%) adding: dlls/icetcomm.dll (deflated 4%) adding: dlls/iqircl.dll (deflated 4%) adding: dlls/jtl6073se.dll (deflated 4%) adding: dlls/kddcan.dll (deflated 4%) adding: dlls/lqexpand.dll (deflated 4%) adding: dlls/nxdsatq.dll (deflated 4%) adding: dlls/nxmsevt.dll (deflated 5%) adding: dlls/nztdtect.dll (deflated 4%) adding: dlls/oppdx32.dll (deflated 5%) adding: dlls/rTsauth.dll (deflated 5%) adding: dlls/senceng.dll (deflated 5%) adding: dlls/sepblb.dll (deflated 5%) adding: dlls/SKHANNEL.DLL (deflated 4%) adding: dlls/smi.dll (deflated 4%) adding: dlls/srreamci.dll (deflated 4%) adding: dlls/symapi.dll (deflated 5%) adding: dlls/tmolhelp.dll (deflated 5%) adding: dlls/txpmon.dll (deflated 5%) adding: dlls/UOIB.DLL (deflated 5%) adding: dlls/vaa64k.dll (deflated 5%) adding: dlls/wrps2.dll (deflated 4%) adding: backregs/notibac.reg (deflated 85%) adding: backregs/shell.reg (deflated 75%) adding: backregs/063E39D3-3DA0-4C88-B922-736CDF0F0642.reg (deflated 70%) adding: backregs/03B6AEE5-B811-49E4-A56C-9CEB18B1D5E4.reg (deflated 70%) adding: backregs/6868AA66-E7C2-4189-97BF-DDBC44076430.reg (deflated 70%) adding: backregs/ED139C8B-4C67-443F-AE84-FDB91B3436B9.reg (deflated 70%) ************************************************************************** ************************************************************************** Logfile of HijackThis v1.99.1 Scan saved at 4:22:35 PM, on 18/Jan/06 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: D:\WINNT\System32\smss.exe D:\WINNT\system32\winlogon.exe D:\WINNT\system32\services.exe D:\WINNT\system32\lsass.exe D:\Program Files\Sygate\SPF\smc.exe D:\WINNT\system32\svchost.exe D:\WINNT\system32\spoolsv.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe D:\WINNT\System32\svchost.exe D:\Program Files\Network Monitor\netmon.exe D:\WINNT\system32\regsvc.exe D:\WINNT\system32\MSTask.exe D:\WINNT\System32\WBEM\WinMgmt.exe D:\WINNT\system32\svchost.exe D:\WINNT\Explorer.EXE D:\WINNT\system32\notepad.exe D:\WINNT\System32\sistray.EXE D:\WINNT\System32\khooker.exe D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe D:\WINNT\system32\wuauclt.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SiS Tray] D:\WINNT\System32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] D:\WINNT\System32\khooker.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O20 - Winlogon Notify: AdminDebug - D:\WINNT\system32\jtl6073se.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe O23 - Service: Network Monitor - Unknown owner - D:\Program Files\Network Monitor\netmon.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe Stuffa

Edited by stuffa, 18 January 2006 - 12:24 AM.


#6 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 18 January 2006 - 05:43 PM

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#7 stuffa

stuffa

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 18 January 2006 - 07:54 PM

Copy of the scan results you requested. Stuffa ****************************************************************** ****************************************************************** --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 11:43:59 AM, 19/Jan/06 + Report-Checksum: 1728AEB6 + Scan result: C:\WINDOWS\Cookies\ellen & melissa@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmielcjgapaydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkicmajsbogydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmygncjgcpaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliojcjkcpwudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@linkbuddies[2].txt -> Spyware.Cookie.Linkbuddies : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@ads07.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@mysearch[1].txt -> Spyware.Cookie.Mysearch : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@e-2dj6wfkyqjcjwbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@e-2dj6wfkosnazoko.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@e-2dj6wfk4cicjmkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@e-2dj6wjl4sndpaho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@e-2dj6wjmyojdpoep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@e-2dj6wfl4uhczsbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@e-2dj6wfliwjcpwho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@e-2dj6wjkyujczwdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@e-2dj6wjloencpefo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\anyuser@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@e-2dj6wjlyemc5mao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@com[3].txt -> Spyware.Cookie.Com : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@e-2dj6wjmyojdzoaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@e-2dj6wfkikmc5mcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@ilead.itrack[2].txt -> Spyware.Cookie.Itrack : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@e-2dj6wfkyckdjafp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@popunder.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@e-2dj6wjkyupajkcq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@e-2dj6wjmygpc5aeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@e-2dj6wflowoazifo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@cz4.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\WINDOWS\Cookies\ellen & melissa@e-2dj6wjlosgcpmdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup D:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup D:\DOWNLOADS\FunBuddyIconsSetup2.0.3.7.exe -> Spyware.MyWebSearch : Cleaned with backup D:\DOWNLOADS\SPEU.exe/regtlib.exe -> Backdoor.PoeBot.b : Cleaned with backup D:\DOWNLOADS\SPEU.exe/regtlib.exe -> Backdoor.PoeBot.b : Cleaned with backup D:\WINNT\system32\drivers\i386p.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.u : Cleaned with backup D:\WINNT\system32\repairs302972988.dll -> Adware.SurfSide : Cleaned with backup D:\WINNT\inet20003\3.00.13.dll -> Spyware.Ihbo : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\aysetupc.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\BPSESRV.DLL -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\en2ql1f51.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\h80q0id5e80.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\h82o0if3e82.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\hbcoin.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\i842liho184c.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\icetcomm.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\iqircl.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\jtl6073se.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\kddcan.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\lqexpand.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\nxdsatq.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\nxmsevt.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\nztdtect.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\oppdx32.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\rTsauth.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\senceng.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\sepblb.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\SKHANNEL.DLL -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\smi.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\srreamci.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\symapi.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\tmolhelp.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\txpmon.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\UOIB.DLL -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\vaa64k.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\dlls\wrps2.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/aysetupc.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/BPSESRV.DLL -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/en2ql1f51.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/h80q0id5e80.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/h82o0if3e82.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/hbcoin.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/i842liho184c.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/icetcomm.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/iqircl.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/jtl6073se.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/kddcan.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/lqexpand.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/nxdsatq.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/nxmsevt.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/nztdtect.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/oppdx32.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/rTsauth.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/senceng.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/sepblb.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/SKHANNEL.DLL -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/smi.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/srreamci.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/symapi.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/tmolhelp.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/txpmon.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/UOIB.DLL -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/vaa64k.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/wrps2.dll -> Spyware.Look2Me : Error during cleaning D:\Documents and Settings\Administrator\Cookies\admin@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.17:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6esurdue.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.18:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6esurdue.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.19:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6esurdue.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.20:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6esurdue.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.25:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6esurdue.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.30:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6esurdue.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup D:\Documents and Settings\KIDS\Cookies\kids@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup D:\Documents and Settings\KIDS\Cookies\kids@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup D:\Documents and Settings\KIDS\Cookies\kids@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup D:\Documents and Settings\KIDS\Cookies\kids@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup D:\Documents and Settings\KIDS\Cookies\kids@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup D:\Documents and Settings\KIDS\Cookies\kids@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.25:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.27:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.29:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.30:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.31:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.32:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.35:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.36:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.40:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.46:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.47:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.48:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.49:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.51:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.58:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.62:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.63:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.64:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.65:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.66:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.67:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.74:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.75:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.76:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.77:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.78:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.83:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.84:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.85:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.86:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.87:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.88:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.90:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.91:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.96:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.97:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.98:D:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\yrd4d3jb.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.8:D:\Documents and Settings\MUM\Application Data\Mozilla\Firefox\Profiles\drhlqxf4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.9:D:\Documents and Settings\MUM\Application Data\Mozilla\Firefox\Profiles\drhlqxf4.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.10:D:\Documents and Settings\MUM\Application Data\Mozilla\Firefox\Profiles\drhlqxf4.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.11:D:\Documents and Settings\MUM\Application Data\Mozilla\Firefox\Profiles\drhlqxf4.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.12:D:\Documents and Settings\MUM\Application Data\Mozilla\Firefox\Profiles\drhlqxf4.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup ::Report End ********************************************************************** ********************************************************************** Logfile of HijackThis v1.99.1 Scan saved at 11:49:44 AM, on 19/Jan/06 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: D:\WINNT\System32\smss.exe D:\WINNT\system32\winlogon.exe D:\WINNT\system32\services.exe D:\WINNT\system32\lsass.exe D:\Program Files\Sygate\SPF\smc.exe D:\WINNT\system32\svchost.exe D:\WINNT\system32\spoolsv.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe D:\WINNT\System32\svchost.exe D:\Program Files\ewido anti-malware\ewidoctrl.exe D:\Program Files\ewido anti-malware\ewidoguard.exe D:\WINNT\system32\regsvc.exe D:\WINNT\system32\MSTask.exe D:\WINNT\System32\WBEM\WinMgmt.exe D:\WINNT\system32\svchost.exe D:\WINNT\Explorer.EXE D:\WINNT\System32\sistray.EXE D:\WINNT\System32\khooker.exe D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe D:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SiS Tray] D:\WINNT\System32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] D:\WINNT\System32\khooker.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O20 - Winlogon Notify: AdminDebug - D:\WINNT\system32\jtl6073se.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Network Monitor - Unknown owner - D:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe

#8 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 18 January 2006 - 09:19 PM

Plerase disable teatimer or it may block the fix

Tutorial here >>>> http://russelltexas....re/teatimer.htm

Scan with hijackthis and put a check beside these lines and choose FIX

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

O20 - Winlogon Notify: AdminDebug - D:\WINNT\system32\jtl6073se.dll (file missing)

O23 - Service: Network Monitor - Unknown owner - D:\Program Files\Network Monitor\netmon.exe (file missing)


Then reboot and a new log please.

#9 stuffa

stuffa

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 18 January 2006 - 10:05 PM

Copy of HJT log after fixing suggested lines etc stuffa *********************************************************** *********************************************************** Logfile of HijackThis v1.99.1 Scan saved at 2:02:54 PM, on 19/Jan/06 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: D:\WINNT\System32\smss.exe D:\WINNT\system32\winlogon.exe D:\WINNT\system32\services.exe D:\WINNT\system32\lsass.exe D:\Program Files\Sygate\SPF\smc.exe D:\WINNT\system32\svchost.exe D:\WINNT\system32\spoolsv.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe D:\WINNT\System32\svchost.exe D:\Program Files\ewido anti-malware\ewidoctrl.exe D:\Program Files\ewido anti-malware\ewidoguard.exe D:\WINNT\system32\regsvc.exe D:\WINNT\system32\MSTask.exe D:\WINNT\System32\WBEM\WinMgmt.exe D:\WINNT\system32\svchost.exe D:\WINNT\Explorer.EXE D:\WINNT\System32\WBEM\WinMgmt.exe D:\WINNT\System32\sistray.EXE D:\WINNT\System32\khooker.exe D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe D:\Program Files\Hijackthis\HijackThis.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SiS Tray] D:\WINNT\System32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] D:\WINNT\System32\khooker.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe

#10 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 18 January 2006 - 10:09 PM

Can I see another Ewido log please.

    Advertisements

Register to Remove


#11 stuffa

stuffa

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 18 January 2006 - 11:16 PM

Another Ewido scan as requested stuffa --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 3:16:59 PM, 19/Jan/06 + Report-Checksum: B20914C3 + Scan result: D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/aysetupc.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/BPSESRV.DLL -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/en2ql1f51.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/h80q0id5e80.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/h82o0if3e82.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/hbcoin.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/i842liho184c.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/icetcomm.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/iqircl.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/jtl6073se.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/kddcan.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/lqexpand.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/nxdsatq.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/nxmsevt.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/nztdtect.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/oppdx32.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/rTsauth.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/senceng.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/sepblb.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/SKHANNEL.DLL -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/smi.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/srreamci.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/symapi.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/tmolhelp.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/txpmon.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/UOIB.DLL -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/vaa64k.dll -> Spyware.Look2Me : Cleaned with backup D:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/dlls/wrps2.dll -> Spyware.Look2Me : Cleaned with backup ::Report End

#12 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 19 January 2006 - 07:58 AM

That looks better. How is it running?

#13 stuffa

stuffa

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 19 January 2006 - 04:54 PM

Seems to be good - the original problem is fixed and cpu activity back to normal. Thanks very much. One other question. (not related to this machine) I am seeing some unusual traffic activity on my ICMP ports. (stuff incoming and outgoing from some ad and doulbleclick sites etc. Should these ICMP ports be blocked or filtered by my firewall? At present no filter rules are in place. Do you know of any sites that offer help in this regard? Just want to secure my machines as best as possible. Most have avg, spybot S&D, Adaware, and Sygate Firewall. All behind a full NAT- SPI firewall router. regards Stuffa

#14 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 19 January 2006 - 05:04 PM

One more hijackthis log to be sure please.

A good forum for that information is >>>>> http://www.dslreport.../forum/security

#15 stuffa

stuffa

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 19 January 2006 - 06:12 PM

Thanks for the link - will follow up when time permits. latest HJT as requested once again thanks heaps stuffa *************************************************************** *************************************************************** Logfile of HijackThis v1.99.1 Scan saved at 10:12:02 AM, on 20/Jan/06 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: D:\WINNT\System32\smss.exe D:\WINNT\system32\winlogon.exe D:\WINNT\system32\services.exe D:\WINNT\system32\lsass.exe D:\Program Files\Sygate\SPF\smc.exe D:\WINNT\system32\svchost.exe D:\WINNT\system32\spoolsv.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe D:\WINNT\System32\svchost.exe D:\Program Files\ewido anti-malware\ewidoctrl.exe D:\Program Files\ewido anti-malware\ewidoguard.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe D:\WINNT\system32\regsvc.exe D:\WINNT\system32\MSTask.exe D:\WINNT\System32\WBEM\WinMgmt.exe D:\WINNT\system32\svchost.exe D:\WINNT\System32\svchost.exe D:\WINNT\Explorer.EXE D:\WINNT\System32\sistray.EXE D:\WINNT\System32\khooker.exe D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe D:\Program Files\Hijackthis\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SiS Tray] D:\WINNT\System32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] D:\WINNT\System32\khooker.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users