View Full Version : command service
SomersetDave
2006-01-26, 22:31
Hi
I'm having problems with Command service too. Here's my hjt log :
Logfile of HijackThis v1.99.1
Scan saved at 21:04:53, on 26/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\LSASS.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSOffice32] C:\WINDOWS\System32\msjcf.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msvcp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://www.fotowire.com/download/client/uploader/ImageUploader3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094497521562
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islandrally/ActiveLauncher/ActiveLauncherSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\MYDOCU~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\MYDOCU~1\BT2Net\BT2PLU~1.DLL
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\l82slif7182.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Thanks for your help.
hi
welcome to the forums
You have the latest version of Look2Me. Download L2mfix from one of these two locations:
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.
IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so! This Fix must NOT be run in safe mode for it to work.
if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.
SomersetDave
2006-01-28, 19:04
Thanks. Here's the first part of the log ...
L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MS-DOS Emulation]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n0r2la9o1d.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{E0014C15-6C59-0D88-05A9-3C1203422EA2}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{A5110426-177D-4e08-AB3F-785F10B4439C}"="Sony Ericsson File Manager"
"{B9EA687B-30A9-4E8A-9934-F6CCC6F14FFF}"=""
"{2841BD73-6595-4059-8B5B-21AC90E2C32B}"=""
"{ACE89490-F004-4152-9F57-98342014611D}"=""
"{8DF1FF30-D33C-4370-AFF8-289E78DEA2A3}"=""
"{590D90AE-E851-4DA5-8329-AC870E3FC82F}"=""
"{9DD84A3A-9D51-485D-B02A-4C79C7CBC033}"=""
"{C7213442-4BE5-47DB-A9A9-06201823436C}"=""
"{48984C17-1DC1-4CD8-B223-7919C61E9A86}"=""
"{5D8DBD3A-E070-4240-80E5-BDE4015B7772}"=""
"{11CD31FC-0C64-471B-8DD4-E72064A0DF23}"=""
"{59DCAD1B-A6ED-497F-B006-B5C3BA7DAFB3}"=""
"{21C77107-0AF9-4200-BBD1-32AB48D9F24F}"=""
"{8AFCF26A-7144-4E09-BC1E-BC056E50EE0B}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B9EA687B-30A9-4E8A-9934-F6CCC6F14FFF}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{B9EA687B-30A9-4E8A-9934-F6CCC6F14FFF}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B9EA687B-30A9-4E8A-9934-F6CCC6F14FFF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B9EA687B-30A9-4E8A-9934-F6CCC6F14FFF}\InprocServer32]
@="C:\\WINDOWS\\system32\\cabcatex.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{ACE89490-F004-4152-9F57-98342014611D}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ACE89490-F004-4152-9F57-98342014611D}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ACE89490-F004-4152-9F57-98342014611D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ACE89490-F004-4152-9F57-98342014611D}\InprocServer32]
@="C:\\WINDOWS\\system32\\tCpi3.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{590D90AE-E851-4DA5-8329-AC870E3FC82F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{590D90AE-E851-4DA5-8329-AC870E3FC82F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{590D90AE-E851-4DA5-8329-AC870E3FC82F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{590D90AE-E851-4DA5-8329-AC870E3FC82F}\InprocServer32]
@="C:\\WINDOWS\\system32\\ommanage.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{9DD84A3A-9D51-485D-B02A-4C79C7CBC033}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9DD84A3A-9D51-485D-B02A-4C79C7CBC033}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9DD84A3A-9D51-485D-B02A-4C79C7CBC033}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9DD84A3A-9D51-485D-B02A-4C79C7CBC033}\InprocServer32]
@="C:\\WINDOWS\\system32\\tTpiperf.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{C7213442-4BE5-47DB-A9A9-06201823436C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C7213442-4BE5-47DB-A9A9-06201823436C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C7213442-4BE5-47DB-A9A9-06201823436C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C7213442-4BE5-47DB-A9A9-06201823436C}\InprocServer32]
@="C:\\WINDOWS\\system32\\meiseq.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{48984C17-1DC1-4CD8-B223-7919C61E9A86}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48984C17-1DC1-4CD8-B223-7919C61E9A86}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48984C17-1DC1-4CD8-B223-7919C61E9A86}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48984C17-1DC1-4CD8-B223-7919C61E9A86}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{5D8DBD3A-E070-4240-80E5-BDE4015B7772}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5D8DBD3A-E070-4240-80E5-BDE4015B7772}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5D8DBD3A-E070-4240-80E5-BDE4015B7772}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5D8DBD3A-E070-4240-80E5-BDE4015B7772}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{11CD31FC-0C64-471B-8DD4-E72064A0DF23}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{11CD31FC-0C64-471B-8DD4-E72064A0DF23}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{11CD31FC-0C64-471B-8DD4-E72064A0DF23}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{11CD31FC-0C64-471B-8DD4-E72064A0DF23}\InprocServer32]
@="C:\\WINDOWS\\system32\\dyband.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{59DCAD1B-A6ED-497F-B006-B5C3BA7DAFB3}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{59DCAD1B-A6ED-497F-B006-B5C3BA7DAFB3}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{59DCAD1B-A6ED-497F-B006-B5C3BA7DAFB3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{59DCAD1B-A6ED-497F-B006-B5C3BA7DAFB3}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{21C77107-0AF9-4200-BBD1-32AB48D9F24F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{21C77107-0AF9-4200-BBD1-32AB48D9F24F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{21C77107-0AF9-4200-BBD1-32AB48D9F24F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{21C77107-0AF9-4200-BBD1-32AB48D9F24F}\InprocServer32]
@="C:\\WINDOWS\\system32\\wlaueng1.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{8AFCF26A-7144-4E09-BC1E-BC056E50EE0B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8AFCF26A-7144-4E09-BC1E-BC056E50EE0B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8AFCF26A-7144-4E09-BC1E-BC056E50EE0B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8AFCF26A-7144-4E09-BC1E-BC056E50EE0B}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
**********************************************************************************
SomersetDave
2006-01-28, 19:06
..and here's the second part
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
cgmctl32.dll Mon 16 Jan 2006 22:31:06 ..S.R 234,136 228.65 K
ckl3d32.dll Sat 31 Dec 2005 12:42:08 ..S.R 234,942 229.43 K
cmdlin~1.dll Fri 9 Dec 2005 20:53:22 A.... 43,520 42.50 K
cpyptdlg.dll Sun 22 Jan 2006 9:58:46 ..S.R 235,429 229.91 K
djcdll.dll Tue 10 Jan 2006 16:33:08 ..S.R 237,208 231.65 K
dmound3d.dll Tue 10 Jan 2006 16:33:04 ..S.R 236,902 231.35 K
dn4u01~1.dll Sat 28 Jan 2006 11:01:02 ..S.R 235,429 229.91 K
dn8o01~1.dll Mon 16 Jan 2006 21:57:04 ..S.R 236,257 230.72 K
duauth.dll Fri 30 Dec 2005 13:23:08 ..S.R 234,942 229.43 K
dyband.dll Sat 14 Jan 2006 17:26:40 ..S.R 234,265 228.77 K
enpml1~1.dll Mon 16 Jan 2006 19:26:28 ..S.R 236,070 230.54 K
eoccmn.dll Tue 10 Jan 2006 16:33:02 ..S.R 237,208 231.65 K
ewentlog.dll Mon 16 Jan 2006 16:43:36 ..S.R 234,265 228.77 K
f8l02i~1.dll Sat 28 Jan 2006 17:54:12 ..S.R 234,267 228.77 K
fpnu03~1.dll Wed 21 Dec 2005 20:59:40 A.... 235,895 230.36 K
gbcoll~1.dll Tue 24 Jan 2006 16:57:10 ..S.R 237,316 231.75 K
gccoll~1.dll Tue 15 Nov 2005 12:12:08 A.... 126,680 123.71 K
gcunco~1.dll Tue 15 Nov 2005 12:12:06 A.... 95,448 93.21 K
gdi32.dll Mon 2 Jan 2006 22:38:04 A.... 260,608 254.50 K
hashlib.dll Tue 15 Nov 2005 12:12:08 A.... 117,976 115.21 K
hjacti~1.dll Fri 6 Jan 2006 17:13:28 ..S.R 237,208 231.65 K
hr4u05~1.dll Tue 10 Jan 2006 16:33:04 ..S.R 233,720 228.24 K
hrn005~1.dll Wed 4 Jan 2006 21:45:58 ..S.R 236,957 231.40 K
i006la~1.dll Tue 10 Jan 2006 16:33:08 ..S.R 234,048 228.56 K
ir66l5~1.dll Mon 16 Jan 2006 21:54:56 ..S.R 234,899 229.39 K
ir82l5~1.dll Sat 14 Jan 2006 17:25:38 ..S.R 236,902 231.35 K
irssvcs.dll Sat 28 Jan 2006 10:16:00 ..S.R 235,429 229.91 K
j8l40i~1.dll Mon 16 Jan 2006 18:26:36 ..S.R 234,265 228.77 K
jt4407~1.dll Tue 17 Jan 2006 18:39:26 ..S.R 235,429 229.91 K
k244lc~1.dll Sat 7 Jan 2006 15:08:40 ..S.R 237,208 231.65 K
kldlv1.dll Wed 25 Jan 2006 16:55:22 ..S.R 235,429 229.91 K
legitc~1.dll Fri 4 Nov 2005 16:27:24 A.... 534,280 521.76 K
lnmsp10n.dll Mon 23 Jan 2006 16:33:52 ..S.R 237,316 231.75 K
lnscr10n.dll Wed 11 Jan 2006 16:40:02 ..S.R 236,902 231.35 K
lqfil10n.dll Mon 26 Dec 2005 18:14:12 ..S.R 234,942 229.43 K
lxbmp13n.dll Tue 10 Jan 2006 17:34:54 ..S.R 236,902 231.35 K
meiseq.dll Fri 30 Dec 2005 12:38:40 ..S.R 235,297 229.78 K
mhdart.dll Fri 27 Jan 2006 16:46:40 ..S.R 237,316 231.75 K
mncndmgr.dll Thu 29 Dec 2005 12:06:34 ..S.R 235,297 229.78 K
msctl32.dll Wed 21 Dec 2005 9:11:50 A.... 42,496 41.50 K
mshtml.dll Tue 22 Nov 2005 16:49:10 A.... 2,700,288 2.57 M
mv6ml9~1.dll Fri 27 Jan 2006 18:17:40 ..S.R 237,316 231.75 K
mvhtmler.dll Wed 28 Dec 2005 12:09:56 ..S.R 234,942 229.43 K
n0r20a~1.dll Sun 15 Jan 2006 21:51:28 ..S.R 234,265 228.77 K
n0r2la~1.dll Thu 26 Jan 2006 21:45:00 ..S.R 235,429 229.91 K
n44s0e~1.dll Mon 16 Jan 2006 22:34:06 ..S.R 234,136 228.65 K
nbtid.dll Fri 30 Dec 2005 18:34:10 ..S.R 234,942 229.43 K
ngth.dll Wed 4 Jan 2006 21:54:16 ..S.R 236,902 231.35 K
p68qlg~1.dll Mon 16 Jan 2006 22:05:04 ..S.R 235,876 230.35 K
q2nu0c~1.dll Sat 31 Dec 2005 15:41:12 ..S.R 234,942 229.43 K
rmstls.dll Thu 12 Jan 2006 16:53:38 ..S.R 233,985 228.50 K
s32evnt1.dll Tue 3 Jan 2006 15:31:44 A.... 91,904 89.75 K
sdobject.dll Tue 27 Dec 2005 12:19:26 ..S.R 235,297 229.78 K
sllgntfy.dll Mon 16 Jan 2006 19:34:52 ..S.R 234,899 229.39 K
spmevnt1.dll Wed 21 Dec 2005 19:04:50 ..S.R 234,942 229.43 K
sznike.dll Sat 7 Jan 2006 13:41:20 ..S.R 236,902 231.35 K
ttpiperf.dll Sat 28 Jan 2006 17:54:12 ..S.R 235,429 229.91 K
uohisapi.dll Fri 13 Jan 2006 16:32:52 ..S.R 234,265 228.77 K
wannls.dll Mon 26 Dec 2005 20:44:54 ..S.R 234,942 229.43 K
whnsta.dll Fri 13 Jan 2006 20:40:38 ..S.R 236,902 231.35 K
wlaueng1.dll Thu 26 Jan 2006 16:45:56 ..S.R 237,316 231.75 K
wwpcore.dll Fri 6 Jan 2006 16:31:36 ..S.R 236,902 231.35 K
wyn32spl.dll Mon 16 Jan 2006 22:23:16 ..S.R 235,876 230.35 K
63 items found: 63 files (53 H/S), 0 directories.
Total of file sizes: 16,739,604 bytes 15.96 M
Locate .tmp files:
C:\WINDOWS\SYSTEM32\
atmtdd~1.tmp Wed 21 Dec 2005 21:01:06 A.... 0 0.00 K
1 item found: 1 file, 0 directories.
Total of file sizes: 0 bytes 0.00 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is ACEB-A95C
Directory of C:\WINDOWS\System32
28/01/2006 17:54 235,429 tTpiperf.dll
28/01/2006 17:54 234,267 f8l02i3mg8.dll
28/01/2006 11:01 235,429 dn4u01h9e.dll
28/01/2006 10:15 235,429 iRssvcs.dll
27/01/2006 18:17 237,316 mv6ml9j11.dll
27/01/2006 16:46 237,316 mhdart.dll
26/01/2006 21:44 235,429 n0r2la9o1d.dll
26/01/2006 16:45 237,316 wlaueng1.dll
25/01/2006 16:55 235,429 kldlv1.dll
24/01/2006 16:57 237,316 GBCollection.dll
23/01/2006 16:33 237,316 lnmsp10N.dll
22/01/2006 09:58 235,429 cpyptdlg.dll
17/01/2006 18:39 235,429 jt4407hqe.dll
16/01/2006 22:34 234,136 n44s0eh7eh4.dll
16/01/2006 22:31 234,136 cgmctl32.dll
16/01/2006 22:23 235,876 wyn32spl.dll
16/01/2006 22:05 235,876 p68qlgl516q.dll
16/01/2006 21:57 236,257 dn8o01l3e.dll
16/01/2006 21:54 234,899 ir66l5js1.dll
16/01/2006 19:34 234,899 sllgntfy.dll
16/01/2006 19:26 236,070 enpml1711.dll
16/01/2006 18:26 234,265 j8l40i3qe8.dll
16/01/2006 16:43 234,265 ewentlog.dll
15/01/2006 21:51 234,265 n0r20a9oed.dll
14/01/2006 17:26 234,265 dyband.dll
14/01/2006 17:25 236,902 ir82l5lo1.dll
13/01/2006 20:40 236,902 whnsta.dll
13/01/2006 16:35 <DIR> dllcache
13/01/2006 16:32 234,265 uohisapi.dll
12/01/2006 16:53 233,985 rMstls.dll
11/01/2006 16:40 236,902 lnscr10N.dll
10/01/2006 17:34 236,902 lxbmp13n.dll
10/01/2006 16:33 237,208 djcdll.dll
10/01/2006 16:33 234,048 i006lads1d06.dll
10/01/2006 16:33 236,902 dmound3d.dll
10/01/2006 16:33 233,720 hr4u05h9e.dll
10/01/2006 16:33 237,208 eoccmn.dll
07/01/2006 15:08 237,208 k244lchq1f4e.dll
07/01/2006 13:41 236,902 sznike.dll
06/01/2006 17:13 237,208 HJActiveX.dll
06/01/2006 16:31 236,902 wwpcore.dll
04/01/2006 21:54 236,902 ngth.dll
04/01/2006 21:45 236,957 hrn0055me.dll
31/12/2005 15:41 234,942 q2nu0c59ef.dll
31/12/2005 12:42 234,942 ckl3d32.dll
30/12/2005 18:34 234,942 nbtid.dll
30/12/2005 13:23 234,942 duauth.dll
30/12/2005 12:38 235,297 meiseq.dll
29/12/2005 12:06 235,297 mncndmgr.dll
28/12/2005 12:09 234,942 mvhtmler.dll
27/12/2005 12:19 235,297 sdobject.dll
26/12/2005 20:44 234,942 wannls.dll
26/12/2005 18:14 234,942 lqfil10N.DLL
21/12/2005 19:04 234,942 SPMEVNT1.DLL
08/06/2004 23:18 <DIR> Microsoft
53 File(s) 12,490,509 bytes
2 Dir(s) 10,518,302,720 bytes free
hi
thanks for the info
it has been there for a while..
ok lets attempt a fix:
Close any programs you have open since this step requires a reboot.
From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.
IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so! Do Not run in safe mode!!
If after the reboot the log does not open double click on it in the l2mfix folder.
SomersetDave
2006-01-28, 22:56
OK, here's the first part of the log from L2mfix,
L2mfix 010406
Creating Account.
The command completed successfully.
Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 444 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 516 'winlogon.exe'
Killing PID 516 'winlogon.exe'
Killing PID 516 'winlogon.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1808 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
Deleting: C:\WINDOWS\system32\cgmctl32.dll
Successfully Deleted: C:\WINDOWS\system32\cgmctl32.dll
Deleting: C:\WINDOWS\system32\ckl3d32.dll
Successfully Deleted: C:\WINDOWS\system32\ckl3d32.dll
Deleting: C:\WINDOWS\system32\cpyptdlg.dll
Successfully Deleted: C:\WINDOWS\system32\cpyptdlg.dll
Deleting: C:\WINDOWS\system32\djcdll.dll
Successfully Deleted: C:\WINDOWS\system32\djcdll.dll
Deleting: C:\WINDOWS\system32\dmound3d.dll
Successfully Deleted: C:\WINDOWS\system32\dmound3d.dll
Deleting: C:\WINDOWS\system32\dn4u01h9e.dll
Successfully Deleted: C:\WINDOWS\system32\dn4u01h9e.dll
Deleting: C:\WINDOWS\system32\dn8o01l3e.dll
Successfully Deleted: C:\WINDOWS\system32\dn8o01l3e.dll
Deleting: C:\WINDOWS\system32\duauth.dll
Successfully Deleted: C:\WINDOWS\system32\duauth.dll
Deleting: C:\WINDOWS\system32\dyband.dll
Successfully Deleted: C:\WINDOWS\system32\dyband.dll
Deleting: C:\WINDOWS\system32\enpml1711.dll
Successfully Deleted: C:\WINDOWS\system32\enpml1711.dll
Deleting: C:\WINDOWS\system32\eoccmn.dll
Successfully Deleted: C:\WINDOWS\system32\eoccmn.dll
Deleting: C:\WINDOWS\system32\ewentlog.dll
Successfully Deleted: C:\WINDOWS\system32\ewentlog.dll
Deleting: C:\WINDOWS\system32\f8l02i3mg8.dll
Successfully Deleted: C:\WINDOWS\system32\f8l02i3mg8.dll
Deleting: C:\WINDOWS\system32\fpnu0359e.dll
Successfully Deleted: C:\WINDOWS\system32\fpnu0359e.dll
Deleting: C:\WINDOWS\system32\GBCollection.dll
Successfully Deleted: C:\WINDOWS\system32\GBCollection.dll
Deleting: C:\WINDOWS\system32\HJActiveX.dll
Successfully Deleted: C:\WINDOWS\system32\HJActiveX.dll
Deleting: C:\WINDOWS\system32\hr4u05h9e.dll
Successfully Deleted: C:\WINDOWS\system32\hr4u05h9e.dll
Deleting: C:\WINDOWS\system32\hrn0055me.dll
Successfully Deleted: C:\WINDOWS\system32\hrn0055me.dll
Deleting: C:\WINDOWS\system32\i006lads1d06.dll
Successfully Deleted: C:\WINDOWS\system32\i006lads1d06.dll
Deleting: C:\WINDOWS\system32\ir66l5js1.dll
Successfully Deleted: C:\WINDOWS\system32\ir66l5js1.dll
Deleting: C:\WINDOWS\system32\ir82l5lo1.dll
Successfully Deleted: C:\WINDOWS\system32\ir82l5lo1.dll
Deleting: C:\WINDOWS\system32\iRssvcs.dll
Successfully Deleted: C:\WINDOWS\system32\iRssvcs.dll
Deleting: C:\WINDOWS\system32\j8l40i3qe8.dll
Successfully Deleted: C:\WINDOWS\system32\j8l40i3qe8.dll
Deleting: C:\WINDOWS\system32\jt4407hqe.dll
Successfully Deleted: C:\WINDOWS\system32\jt4407hqe.dll
Deleting: C:\WINDOWS\system32\k244lchq1f4e.dll
Successfully Deleted: C:\WINDOWS\system32\k244lchq1f4e.dll
Deleting: C:\WINDOWS\system32\kldlv1.dll
Successfully Deleted: C:\WINDOWS\system32\kldlv1.dll
Deleting: C:\WINDOWS\system32\lnmsp10N.dll
Successfully Deleted: C:\WINDOWS\system32\lnmsp10N.dll
Deleting: C:\WINDOWS\system32\lnscr10N.dll
Successfully Deleted: C:\WINDOWS\system32\lnscr10N.dll
Deleting: C:\WINDOWS\system32\lqfil10N.DLL
Successfully Deleted: C:\WINDOWS\system32\lqfil10N.DLL
Deleting: C:\WINDOWS\system32\lxbmp13n.dll
Successfully Deleted: C:\WINDOWS\system32\lxbmp13n.dll
Deleting: C:\WINDOWS\system32\meiseq.dll
Successfully Deleted: C:\WINDOWS\system32\meiseq.dll
Deleting: C:\WINDOWS\system32\mhdart.dll
Successfully Deleted: C:\WINDOWS\system32\mhdart.dll
Deleting: C:\WINDOWS\system32\mncndmgr.dll
Successfully Deleted: C:\WINDOWS\system32\mncndmgr.dll
Deleting: C:\WINDOWS\system32\mv6ml9j11.dll
Successfully Deleted: C:\WINDOWS\system32\mv6ml9j11.dll
Deleting: C:\WINDOWS\system32\mvhtmler.dll
Successfully Deleted: C:\WINDOWS\system32\mvhtmler.dll
Deleting: C:\WINDOWS\system32\n0r20a9oed.dll
Successfully Deleted: C:\WINDOWS\system32\n0r20a9oed.dll
Deleting: C:\WINDOWS\system32\n0r2la9o1d.dll
Successfully Deleted: C:\WINDOWS\system32\n0r2la9o1d.dll
Deleting: C:\WINDOWS\system32\n44s0eh7eh4.dll
Successfully Deleted: C:\WINDOWS\system32\n44s0eh7eh4.dll
Deleting: C:\WINDOWS\system32\nbtid.dll
Successfully Deleted: C:\WINDOWS\system32\nbtid.dll
Deleting: C:\WINDOWS\system32\ngth.dll
Successfully Deleted: C:\WINDOWS\system32\ngth.dll
Deleting: C:\WINDOWS\system32\p68qlgl516q.dll
Successfully Deleted: C:\WINDOWS\system32\p68qlgl516q.dll
Deleting: C:\WINDOWS\system32\q2nu0c59ef.dll
Successfully Deleted: C:\WINDOWS\system32\q2nu0c59ef.dll
Deleting: C:\WINDOWS\system32\rMstls.dll
Successfully Deleted: C:\WINDOWS\system32\rMstls.dll
Deleting: C:\WINDOWS\system32\sdobject.dll
Successfully Deleted: C:\WINDOWS\system32\sdobject.dll
Deleting: C:\WINDOWS\system32\sllgntfy.dll
Successfully Deleted: C:\WINDOWS\system32\sllgntfy.dll
Deleting: C:\WINDOWS\system32\SPMEVNT1.DLL
Successfully Deleted: C:\WINDOWS\system32\SPMEVNT1.DLL
Deleting: C:\WINDOWS\system32\sznike.dll
Successfully Deleted: C:\WINDOWS\system32\sznike.dll
Deleting: C:\WINDOWS\system32\tTpiperf.dll
Successfully Deleted: C:\WINDOWS\system32\tTpiperf.dll
Deleting: C:\WINDOWS\system32\uohisapi.dll
Successfully Deleted: C:\WINDOWS\system32\uohisapi.dll
Deleting: C:\WINDOWS\system32\wannls.dll
Successfully Deleted: C:\WINDOWS\system32\wannls.dll
Deleting: C:\WINDOWS\system32\whnsta.dll
Successfully Deleted: C:\WINDOWS\system32\whnsta.dll
Deleting: C:\WINDOWS\system32\wlaueng1.dll
Successfully Deleted: C:\WINDOWS\system32\wlaueng1.dll
Deleting: C:\WINDOWS\system32\wwpcore.dll
Successfully Deleted: C:\WINDOWS\system32\wwpcore.dll
Deleting: C:\WINDOWS\system32\wyn32spl.dll
Successfully Deleted: C:\WINDOWS\system32\wyn32spl.dll
Deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
msg11?.dll
0 file(s) copied.
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MS-DOS Emulation]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n0r2la9o1d.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\cgmctl32.dll
C:\WINDOWS\system32\ckl3d32.dll
C:\WINDOWS\system32\cpyptdlg.dll
C:\WINDOWS\system32\djcdll.dll
C:\WINDOWS\system32\dmound3d.dll
C:\WINDOWS\system32\dn4u01h9e.dll
C:\WINDOWS\system32\dn8o01l3e.dll
C:\WINDOWS\system32\duauth.dll
C:\WINDOWS\system32\dyband.dll
C:\WINDOWS\system32\enpml1711.dll
C:\WINDOWS\system32\eoccmn.dll
C:\WINDOWS\system32\ewentlog.dll
C:\WINDOWS\system32\f8l02i3mg8.dll
C:\WINDOWS\system32\fpnu0359e.dll
C:\WINDOWS\system32\GBCollection.dll
C:\WINDOWS\system32\HJActiveX.dll
C:\WINDOWS\system32\hr4u05h9e.dll
C:\WINDOWS\system32\hrn0055me.dll
C:\WINDOWS\system32\i006lads1d06.dll
C:\WINDOWS\system32\ir66l5js1.dll
C:\WINDOWS\system32\ir82l5lo1.dll
C:\WINDOWS\system32\iRssvcs.dll
C:\WINDOWS\system32\j8l40i3qe8.dll
C:\WINDOWS\system32\jt4407hqe.dll
C:\WINDOWS\system32\k244lchq1f4e.dll
C:\WINDOWS\system32\kldlv1.dll
C:\WINDOWS\system32\lnmsp10N.dll
C:\WINDOWS\system32\lnscr10N.dll
C:\WINDOWS\system32\lqfil10N.DLL
C:\WINDOWS\system32\lxbmp13n.dll
C:\WINDOWS\system32\meiseq.dll
C:\WINDOWS\system32\mhdart.dll
C:\WINDOWS\system32\mncndmgr.dll
C:\WINDOWS\system32\mv6ml9j11.dll
C:\WINDOWS\system32\mvhtmler.dll
C:\WINDOWS\system32\n0r20a9oed.dll
C:\WINDOWS\system32\n0r2la9o1d.dll
C:\WINDOWS\system32\n44s0eh7eh4.dll
C:\WINDOWS\system32\nbtid.dll
C:\WINDOWS\system32\ngth.dll
C:\WINDOWS\system32\p68qlgl516q.dll
C:\WINDOWS\system32\q2nu0c59ef.dll
C:\WINDOWS\system32\rMstls.dll
C:\WINDOWS\system32\sdobject.dll
C:\WINDOWS\system32\sllgntfy.dll
C:\WINDOWS\system32\SPMEVNT1.DLL
C:\WINDOWS\system32\sznike.dll
C:\WINDOWS\system32\tTpiperf.dll
C:\WINDOWS\system32\uohisapi.dll
C:\WINDOWS\system32\wannls.dll
C:\WINDOWS\system32\whnsta.dll
C:\WINDOWS\system32\wlaueng1.dll
C:\WINDOWS\system32\wwpcore.dll
C:\WINDOWS\system32\wyn32spl.dll
C:\WINDOWS\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
SomersetDave
2006-01-28, 22:58
and the second part,
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B9EA687B-30A9-4E8A-9934-F6CCC6F14FFF}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{B9EA687B-30A9-4E8A-9934-F6CCC6F14FFF}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B9EA687B-30A9-4E8A-9934-F6CCC6F14FFF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B9EA687B-30A9-4E8A-9934-F6CCC6F14FFF}\InprocServer32]
@="C:\\WINDOWS\\system32\\cabcatex.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{ACE89490-F004-4152-9F57-98342014611D}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ACE89490-F004-4152-9F57-98342014611D}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ACE89490-F004-4152-9F57-98342014611D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ACE89490-F004-4152-9F57-98342014611D}\InprocServer32]
@="C:\\WINDOWS\\system32\\tCpi3.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{590D90AE-E851-4DA5-8329-AC870E3FC82F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{590D90AE-E851-4DA5-8329-AC870E3FC82F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{590D90AE-E851-4DA5-8329-AC870E3FC82F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{590D90AE-E851-4DA5-8329-AC870E3FC82F}\InprocServer32]
@="C:\\WINDOWS\\system32\\ommanage.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{9DD84A3A-9D51-485D-B02A-4C79C7CBC033}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9DD84A3A-9D51-485D-B02A-4C79C7CBC033}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9DD84A3A-9D51-485D-B02A-4C79C7CBC033}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9DD84A3A-9D51-485D-B02A-4C79C7CBC033}\InprocServer32]
@="C:\\WINDOWS\\system32\\tTpiperf.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{C7213442-4BE5-47DB-A9A9-06201823436C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C7213442-4BE5-47DB-A9A9-06201823436C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C7213442-4BE5-47DB-A9A9-06201823436C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C7213442-4BE5-47DB-A9A9-06201823436C}\InprocServer32]
@="C:\\WINDOWS\\system32\\meiseq.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{48984C17-1DC1-4CD8-B223-7919C61E9A86}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48984C17-1DC1-4CD8-B223-7919C61E9A86}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48984C17-1DC1-4CD8-B223-7919C61E9A86}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48984C17-1DC1-4CD8-B223-7919C61E9A86}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{5D8DBD3A-E070-4240-80E5-BDE4015B7772}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5D8DBD3A-E070-4240-80E5-BDE4015B7772}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5D8DBD3A-E070-4240-80E5-BDE4015B7772}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5D8DBD3A-E070-4240-80E5-BDE4015B7772}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{11CD31FC-0C64-471B-8DD4-E72064A0DF23}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{11CD31FC-0C64-471B-8DD4-E72064A0DF23}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{11CD31FC-0C64-471B-8DD4-E72064A0DF23}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{11CD31FC-0C64-471B-8DD4-E72064A0DF23}\InprocServer32]
@="C:\\WINDOWS\\system32\\dyband.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{59DCAD1B-A6ED-497F-B006-B5C3BA7DAFB3}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{59DCAD1B-A6ED-497F-B006-B5C3BA7DAFB3}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{59DCAD1B-A6ED-497F-B006-B5C3BA7DAFB3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{59DCAD1B-A6ED-497F-B006-B5C3BA7DAFB3}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{21C77107-0AF9-4200-BBD1-32AB48D9F24F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{21C77107-0AF9-4200-BBD1-32AB48D9F24F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{21C77107-0AF9-4200-BBD1-32AB48D9F24F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{21C77107-0AF9-4200-BBD1-32AB48D9F24F}\InprocServer32]
@="C:\\WINDOWS\\system32\\wlaueng1.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{8AFCF26A-7144-4E09-BC1E-BC056E50EE0B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8AFCF26A-7144-4E09-BC1E-BC056E50EE0B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8AFCF26A-7144-4E09-BC1E-BC056E50EE0B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8AFCF26A-7144-4E09-BC1E-BC056E50EE0B}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{B9EA687B-30A9-4E8A-9934-F6CCC6F14FFF}"=-
"{2841BD73-6595-4059-8B5B-21AC90E2C32B}"=-
"{ACE89490-F004-4152-9F57-98342014611D}"=-
"{8DF1FF30-D33C-4370-AFF8-289E78DEA2A3}"=-
"{590D90AE-E851-4DA5-8329-AC870E3FC82F}"=-
"{9DD84A3A-9D51-485D-B02A-4C79C7CBC033}"=-
"{C7213442-4BE5-47DB-A9A9-06201823436C}"=-
"{48984C17-1DC1-4CD8-B223-7919C61E9A86}"=-
"{5D8DBD3A-E070-4240-80E5-BDE4015B7772}"=-
"{11CD31FC-0C64-471B-8DD4-E72064A0DF23}"=-
"{59DCAD1B-A6ED-497F-B006-B5C3BA7DAFB3}"=-
"{21C77107-0AF9-4200-BBD1-32AB48D9F24F}"=-
"{8AFCF26A-7144-4E09-BC1E-BC056E50EE0B}"=-
[-HKEY_CLASSES_ROOT\CLSID\{B9EA687B-30A9-4E8A-9934-F6CCC6F14FFF}]
[-HKEY_CLASSES_ROOT\CLSID\{2841BD73-6595-4059-8B5B-21AC90E2C32B}]
[-HKEY_CLASSES_ROOT\CLSID\{ACE89490-F004-4152-9F57-98342014611D}]
[-HKEY_CLASSES_ROOT\CLSID\{8DF1FF30-D33C-4370-AFF8-289E78DEA2A3}]
[-HKEY_CLASSES_ROOT\CLSID\{590D90AE-E851-4DA5-8329-AC870E3FC82F}]
[-HKEY_CLASSES_ROOT\CLSID\{9DD84A3A-9D51-485D-B02A-4C79C7CBC033}]
[-HKEY_CLASSES_ROOT\CLSID\{C7213442-4BE5-47DB-A9A9-06201823436C}]
[-HKEY_CLASSES_ROOT\CLSID\{48984C17-1DC1-4CD8-B223-7919C61E9A86}]
[-HKEY_CLASSES_ROOT\CLSID\{5D8DBD3A-E070-4240-80E5-BDE4015B7772}]
[-HKEY_CLASSES_ROOT\CLSID\{11CD31FC-0C64-471B-8DD4-E72064A0DF23}]
[-HKEY_CLASSES_ROOT\CLSID\{59DCAD1B-A6ED-497F-B006-B5C3BA7DAFB3}]
[-HKEY_CLASSES_ROOT\CLSID\{21C77107-0AF9-4200-BBD1-32AB48D9F24F}]
[-HKEY_CLASSES_ROOT\CLSID\{8AFCF26A-7144-4E09-BC1E-BC056E50EE0B}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/cgmctl32.dll (164 bytes security) (deflated 4%)
adding: dlls/ckl3d32.dll (164 bytes security) (deflated 5%)
adding: dlls/cpyptdlg.dll (164 bytes security) (deflated 5%)
adding: dlls/djcdll.dll (164 bytes security) (deflated 6%)
adding: dlls/dmound3d.dll (164 bytes security) (deflated 5%)
adding: dlls/dn4u01h9e.dll (164 bytes security) (deflated 5%)
adding: dlls/dn8o01l3e.dll (164 bytes security) (deflated 5%)
adding: dlls/duauth.dll (164 bytes security) (deflated 5%)
adding: dlls/dyband.dll (164 bytes security) (deflated 4%)
adding: dlls/enpml1711.dll (164 bytes security) (deflated 5%)
adding: dlls/eoccmn.dll (164 bytes security) (deflated 6%)
adding: dlls/ewentlog.dll (164 bytes security) (deflated 4%)
adding: dlls/f8l02i3mg8.dll (164 bytes security) (deflated 4%)
adding: dlls/fpnu0359e.dll (164 bytes security) (deflated 5%)
adding: dlls/GBCollection.dll (164 bytes security) (deflated 6%)
adding: dlls/guard.tmp (164 bytes security) (deflated 5%)
adding: dlls/HJActiveX.dll (164 bytes security) (deflated 6%)
adding: dlls/hr4u05h9e.dll (164 bytes security) (deflated 4%)
adding: dlls/hrn0055me.dll (164 bytes security) (deflated 5%)
adding: dlls/i006lads1d06.dll (164 bytes security) (deflated 4%)
adding: dlls/ir66l5js1.dll (164 bytes security) (deflated 5%)
adding: dlls/ir82l5lo1.dll (164 bytes security) (deflated 5%)
adding: dlls/iRssvcs.dll (164 bytes security) (deflated 5%)
adding: dlls/j8l40i3qe8.dll (164 bytes security) (deflated 4%)
adding: dlls/jt4407hqe.dll (164 bytes security) (deflated 5%)
adding: dlls/k244lchq1f4e.dll (164 bytes security) (deflated 6%)
adding: dlls/kldlv1.dll (164 bytes security) (deflated 5%)
adding: dlls/lnmsp10N.dll (164 bytes security) (deflated 6%)
adding: dlls/lnscr10N.dll (164 bytes security) (deflated 5%)
adding: dlls/lqfil10N.DLL (164 bytes security) (deflated 5%)
adding: dlls/lxbmp13n.dll (164 bytes security) (deflated 5%)
adding: dlls/meiseq.dll (164 bytes security) (deflated 5%)
adding: dlls/mhdart.dll (164 bytes security) (deflated 6%)
adding: dlls/mncndmgr.dll (164 bytes security) (deflated 5%)
adding: dlls/mv6ml9j11.dll (164 bytes security) (deflated 6%)
adding: dlls/mvhtmler.dll (164 bytes security) (deflated 5%)
adding: dlls/n0r20a9oed.dll (164 bytes security) (deflated 4%)
adding: dlls/n0r2la9o1d.dll (164 bytes security) (deflated 5%)
adding: dlls/n44s0eh7eh4.dll (164 bytes security) (deflated 4%)
adding: dlls/nbtid.dll (164 bytes security) (deflated 5%)
adding: dlls/ngth.dll (164 bytes security) (deflated 5%)
adding: dlls/p68qlgl516q.dll (164 bytes security) (deflated 5%)
adding: dlls/q2nu0c59ef.dll (164 bytes security) (deflated 5%)
adding: dlls/rMstls.dll (164 bytes security) (deflated 4%)
adding: dlls/sdobject.dll (164 bytes security) (deflated 5%)
adding: dlls/sllgntfy.dll (164 bytes security) (deflated 5%)
adding: dlls/SPMEVNT1.DLL (164 bytes security) (deflated 5%)
adding: dlls/sznike.dll (164 bytes security) (deflated 5%)
adding: dlls/tTpiperf.dll (164 bytes security) (deflated 5%)
adding: dlls/uohisapi.dll (164 bytes security) (deflated 4%)
adding: dlls/wannls.dll (164 bytes security) (deflated 5%)
adding: dlls/whnsta.dll (164 bytes security) (deflated 5%)
adding: dlls/wlaueng1.dll (164 bytes security) (deflated 6%)
adding: dlls/wwpcore.dll (164 bytes security) (deflated 5%)
adding: dlls/wyn32spl.dll (164 bytes security) (deflated 5%)
adding: backregs/11CD31FC-0C64-471B-8DD4-E72064A0DF23.reg (188 bytes security) (deflated 70%)
adding: backregs/21C77107-0AF9-4200-BBD1-32AB48D9F24F.reg (188 bytes security) (deflated 70%)
adding: backregs/48984C17-1DC1-4CD8-B223-7919C61E9A86.reg (188 bytes security) (deflated 70%)
adding: backregs/590D90AE-E851-4DA5-8329-AC870E3FC82F.reg (188 bytes security) (deflated 70%)
adding: backregs/59DCAD1B-A6ED-497F-B006-B5C3BA7DAFB3.reg (188 bytes security) (deflated 70%)
adding: backregs/5D8DBD3A-E070-4240-80E5-BDE4015B7772.reg (188 bytes security) (deflated 70%)
adding: backregs/8AFCF26A-7144-4E09-BC1E-BC056E50EE0B.reg (188 bytes security) (deflated 70%)
adding: backregs/9DD84A3A-9D51-485D-B02A-4C79C7CBC033.reg (188 bytes security) (deflated 70%)
adding: backregs/ACE89490-F004-4152-9F57-98342014611D.reg (188 bytes security) (deflated 70%)
adding: backregs/B9EA687B-30A9-4E8A-9934-F6CCC6F14FFF.reg (188 bytes security) (deflated 69%)
adding: backregs/C7213442-4BE5-47DB-A9A9-06201823436C.reg (188 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 72%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
new Hjt log to follow ..
SomersetDave
2006-01-28, 23:03
new hjt log,
Logfile of HijackThis v1.99.1
Scan saved at 21:43:45, on 28/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\LSASS.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSOffice32] C:\WINDOWS\System32\msjcf.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msvcp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://www.fotowire.com/download/client/uploader/ImageUploader3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094497521562
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islandrally/ActiveLauncher/ActiveLauncherSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\MYDOCU~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\MYDOCU~1\BT2Net\BT2PLU~1.DLL
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\n0r2la9o1d.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Since the reboot I've not seen any more popup ads - hopefully a good sign ..?
But just one other thing I should mention. Since I installed several of the other recommended tools I get an MS AntiSpyware warning each time I log on saying that EGroup.InstantAccess.A Dialer is trying to install. I take the remove option but it appears again next time I log on. Is this connected with cmd service ?
Thanks again.
hi
good work, look2me is now gone
next: open hijackthis, click do a system scan only
checkmark these lines:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [MSOffice32] C:\WINDOWS\System32\msjcf.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msvcp.exe
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\n0r2la9o1d.dll (file missing)
close all browsers and explorer windows
and click fix checked
enable
'show all files' (http://spywarewarrior.com/viewtopic.php?t=272&highlight=show+files)
reboot into Safe Mode (http://www.bleepingcomputer.com/forums/index.php?showtutorial=61)
once in safe mode locate and delete these files
C:\WINDOWS\System32\msvcp.exe
C:\WINDOWS\System32\msjcf.exe
reboot back to normal mode
rescan with hiajckthis, and post its log
SomersetDave
2006-01-29, 21:49
OK, thanks. I had to repeat 'fix checked' step as a couple of the lines were still there after I'd completed the steps and rebooted back into normal mode. I also got the same warning as before when I logged back on.
I searched & found msjcf.exe-xxxxx.pf in the c:\windows\prefetch folder & so I moved it to a temporary subfolder. Is that OK ? Should I delete that too ?
Here's the new hjt log,
Logfile of HijackThis v1.99.1
Scan saved at 20:31:53, on 29/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\lexpps.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://www.fotowire.com/download/client/uploader/ImageUploader3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094497521562
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islandrally/ActiveLauncher/ActiveLauncherSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\MYDOCU~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\MYDOCU~1\BT2Net\BT2PLU~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
OK, thanks. I had to repeat 'fix checked' step as a couple of the lines were still there after I'd completed the steps and rebooted back into normal mode. I also got the same warning as before when I logged back on.
I searched & found msjcf.exe-xxxxx.pf in the c:\windows\prefetch folder & so I moved it to a temporary subfolder. Is that OK ? Should I delete that too ?
hi
lets try running an online virus scan:
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will start the program and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.
SomersetDave
2006-01-31, 08:24
OK, here's the Kapersky results.... first part,
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, January 31, 2006 07:18:15
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 30/01/2006
Kaspersky Anti-Virus database records: 173965
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 89545
Number of viruses found: 38
Number of infected objects: 314
Number of suspicious objects: 4
Duration of the scan process: 9015 sec
Infected Object Name - Virus Name
C:\boot.inx Infected: Trojan-Downloader.Win32.Agent.abz
C:\Documents and Settings\Alice\Local Settings\Temp\jav1.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Alice\Local Settings\Temp\jav15.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Alice\Local Settings\Temp\jav2.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Alice\Local Settings\Temp\jav4.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Alice\Local Settings\Temp\jav5.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Alice\Local Settings\Temporary Internet Files\Content.IE5\CTA749MF\AppWrap[1].exe Infected: not-a-virus:AdWare.Win32.AdURL.c
C:\Documents and Settings\All Users\Application Data\Coal Part Boob Dent\BURN INTERNET.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\Documents and Settings\All Users\Application Data\firstdatanurbfork\Castmulti.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\All Users\Application Data\firstdatanurbfork\List gram.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\All Users\Application Data\firstdatanurbfork\logoreadme.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\All Users\Application Data\firstdatanurbfork\Long Bend.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\Documents and Settings\All Users\Application Data\firstdatanurbfork\timeslow.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\All Users\Application Data\More fork error junk\Lies Soft.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\Documents and Settings\All Users\Application Data\More fork error junk\SecondScr.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy3.zip/msexreg.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy3.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy8.zip/trkgif.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy8.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\Dave\Application Data\greatdent\Activephonecreative1.exe Infected: Trojan-Downloader.Win32.Swizzor.dv
C:\Documents and Settings\Dave\Application Data\greatdent\Army View Owns.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\Documents and Settings\Dave\Application Data\greatdent\tqbvgfwe.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\Documents and Settings\Dave\Application Data\Skip link help\peak delete.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/cgmctl32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/ckl3d32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/cpyptdlg.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/djcdll.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/dmound3d.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/dn4u01h9e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/dn8o01l3e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/duauth.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/dyband.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/enpml1711.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/eoccmn.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/ewentlog.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/f8l02i3mg8.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/fpnu0359e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/GBCollection.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/guard.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/HJActiveX.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/hr4u05h9e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/hrn0055me.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/i006lads1d06.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/ir66l5js1.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/ir82l5lo1.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/iRssvcs.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/j8l40i3qe8.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/jt4407hqe.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/k244lchq1f4e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/kldlv1.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/lnmsp10N.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/lnscr10N.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/lqfil10N.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/lxbmp13n.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/meiseq.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/mhdart.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/mncndmgr.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/mv6ml9j11.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/mvhtmler.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/n0r20a9oed.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/n0r2la9o1d.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/n44s0eh7eh4.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/nbtid.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/ngth.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/p68qlgl516q.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/q2nu0c59ef.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/rMstls.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/sdobject.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/sllgntfy.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/SPMEVNT1.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/sznike.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/tTpiperf.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/uohisapi.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/wannls.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/whnsta.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/wlaueng1.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/wwpcore.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/wyn32spl.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\cgmctl32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\ckl3d32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\cpyptdlg.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\djcdll.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\dmound3d.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\dn4u01h9e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\dn8o01l3e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\duauth.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\dyband.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\enpml1711.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\eoccmn.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\ewentlog.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\f8l02i3mg8.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\fpnu0359e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\GBCollection.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\guard.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\HJActiveX.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\hr4u05h9e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\hrn0055me.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\i006lads1d06.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\ir66l5js1.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\ir82l5lo1.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\iRssvcs.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\j8l40i3qe8.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\jt4407hqe.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\k244lchq1f4e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\kldlv1.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\lnmsp10N.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\lnscr10N.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\lqfil10N.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\lxbmp13n.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\meiseq.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\mhdart.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\mncndmgr.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\mv6ml9j11.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\mvhtmler.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\n0r20a9oed.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\n0r2la9o1d.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\n44s0eh7eh4.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\nbtid.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\ngth.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\p68qlgl516q.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\q2nu0c59ef.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\rMstls.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\sdobject.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\sllgntfy.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\SPMEVNT1.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\sznike.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\tTpiperf.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\uohisapi.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\wannls.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\whnsta.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\wlaueng1.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\wwpcore.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\wyn32spl.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
SomersetDave
2006-01-31, 08:25
and the second part...
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Dave/02 Jun 2001 09:23 from R. Drewnicki:RE: Summer Holidays/Change of address to Apitong.doc Infected: Virus.MSWord.Bleck
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Virus.MSWord.Bleck
C:\Documents and Settings\Dave\Local Settings\Temp\87ae7a80.exe Infected: Trojan-Downloader.Win32.Swizzor.dv
C:\Documents and Settings\Dave\Local Settings\Temp\jav1.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav10.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav11.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav12.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav13.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav14.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav15.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav16.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav17.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav18.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav19.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav1A.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav1B.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav1C.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav1D.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav1E.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav1F.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav2.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav20.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav21.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav22.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav23.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav24.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav25.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav26.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav27.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav28.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav29.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav2A.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav2B.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav2C.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav2D.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav2E.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav2F.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav3.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav30.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav31.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav32.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav33.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav34.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav35.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav36.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav37.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav38.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav39.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav3A.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav3E.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav3F.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav4.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav4D.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav5.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav52.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav6.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav7.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav8.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\jav9.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\javA.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\javB.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\javC.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\javD.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\javE.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\javF.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Dave\Local Settings\Temp\xufdrlfk.exe Infected: not-a-virus:AdWare.Win32.Lop.m
C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\05UJ8PE7\AppWrap[1].exe Infected: not-a-virus:AdWare.Win32.AdURL.c
C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\85YB8PAF\AppWrap[1].exe Infected: not-a-virus:AdWare.Win32.AdURL.c
C:\Documents and Settings\Elaine\Local Settings\Temp\jav1.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Jack\Application Data\greatdent\Activephonecreative1.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Jack\Application Data\greatdent\Army View Owns.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Jack\Application Data\greatdent\djwgywic.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Jack\Application Data\greatdent\erbrwerv.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\Documents and Settings\Jack\Application Data\greatdent\Film Dash User.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Jack\Application Data\greatdent\uohmualx.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\Documents and Settings\Jack\Application Data\greatdent\vvpzelip.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Jack\Application Data\greatdent\vyrbfesf.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\Documents and Settings\Jack\Application Data\Skip link help\peak delete.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Jack\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-217a6652-247af480.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Jack\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-217a6652-247af480.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Jack\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv620.jar-621e48fd-596e86a7.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Jack\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv620.jar-621e48fd-596e86a7.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Jack\Local Settings\Temp\87a5feea.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Jack\Local Settings\Temp\8af73055.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\Documents and Settings\Jack\Local Settings\Temp\a9c76c06.exe Infected: Trojan-Downloader.Win32.Swizzor.dv
C:\Documents and Settings\Jack\Local Settings\Temp\buptvaan.exe Infected: not-a-virus:AdWare.Win32.Lop.m
C:\Documents and Settings\Jack\Local Settings\Temp\i28.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.j
C:\Documents and Settings\Jack\Local Settings\Temp\jav1A.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Jack\Local Settings\Temp\res47D.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.i
C:\Documents and Settings\Jack\Local Settings\Temp\sta1.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Jack\Local Settings\Temp\sta2.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Rosie\Application Data\greatdent\Activephonecreative1.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Rosie\Application Data\greatdent\Army View Owns.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Rosie\Application Data\greatdent\dqfvswkr.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Rosie\Application Data\greatdent\Film Dash User.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Rosie\Application Data\greatdent\lnjlygcf.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Rosie\Application Data\greatdent\ywwutaab.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Rosie\Application Data\Skip link help\peak delete.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\Documents and Settings\Rosie\Local Settings\Temp\jav2.tmp Infected: Trojan-Spy.Win32.Hsow.d
C:\Documents and Settings\Rosie\Local Settings\Temp\sta156.exe Infected: not-a-virus:AdWare.Win32.Lop.ag
C:\install.exe/data0010 Infected: Trojan-Downloader.Win32.Qoologic.at
C:\install.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\Program Files\Common Files\fbbpdacl\ddpdatln\arncjtht.exe Infected: not-a-virus:AdWare.Win32.Gator.a
C:\Program Files\Common Files\fbbpdacl\fchdllljna\rpnejhncl.exe Infected: not-a-virus:AdWare.Win32.Gator.a
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll Infected: Trojan-Spy.Win32.Small.dg
C:\Program Files\Microsoft AntiSpyware\Quarantine\08996C69-D805-478C-8F04-9408DC\6D88CE0E-6AF0-4CD6-BAFB-4EA9AA Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\Program Files\Microsoft AntiSpyware\Quarantine\08996C69-D805-478C-8F04-9408DC\EB9CA1AF-D0DF-489E-992E-7B1B46 Infected: Trojan-Downloader.Win32.Qoologic.az
C:\Program Files\Microsoft AntiSpyware\Quarantine\9E6598B3-483B-4165-9841-7E8ED3\158F2245-384D-427B-A042-07DA0D Infected: Trojan-Downloader.Win32.Qoologic.at
C:\Program Files\Microsoft AntiSpyware\Quarantine\9E6598B3-483B-4165-9841-7E8ED3\AE1B37C5-608A-421B-8A25-63ABD3 Infected: Trojan-Downloader.Win32.Qoologic.at
C:\Program Files\Microsoft AntiSpyware\Quarantine\9E6598B3-483B-4165-9841-7E8ED3\B6DCDB51-0EDE-4AE6-A2AF-B6483A Infected: Trojan-Downloader.Win32.Qoologic.at
C:\Program Files\Norton AntiVirus\Quarantine\08883E21.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\0CE82B6A.tmp Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\0CEE7F62.dll Infected: Trojan-PSW.Win32.Sinowal.a
C:\Program Files\Norton AntiVirus\Quarantine\0CEE7F62.exe Infected: Trojan-Spy.Win32.Small.dg
C:\Program Files\Norton AntiVirus\Quarantine\0CF2295F.exe Infected: Trojan-Spy.Win32.Small.dg
C:\Program Files\Norton AntiVirus\Quarantine\0CF2295F.raw Infected: Packed.Win32.Klone.b
C:\Program Files\Norton AntiVirus\Quarantine\0CF2295F.tmp Infected: Trojan-Downloader.Java.OpenStream.w
C:\Program Files\Norton AntiVirus\Quarantine\0CF5535B.exe Infected: Trojan.Win32.StartPage.adi
C:\Program Files\Norton AntiVirus\Quarantine\0CF5535B.tmp Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\0CF87D58.exe Infected: Packed.Win32.Klone.b
C:\Program Files\Norton AntiVirus\Quarantine\0DEC2F0F.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\0E1326E4.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\0E3774BC.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\0E3A1EB9.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\0E5B4295.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\0E996050.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\0EBD2E29.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\0EE74FFA.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\0EEA79F7.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\0F91573F.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\0FAB2723.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\0FB84F14.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\10DB67D4.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\1157234C.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\11784728.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\11A93CF2.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\11D034C7.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\12214E6D.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\12566E33.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\12833A01.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\134B3B26.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\13DB3452.exe Infected: Trojan-Clicker.Win32.Small.bm
C:\Program Files\Norton AntiVirus\Quarantine\15C04B63.exe Infected: Email-Worm.Win32.Delf.i
C:\Program Files\Norton AntiVirus\Quarantine\17492A5C.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\1BA93394.tmp Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Program Files\Norton AntiVirus\Quarantine\1BB0078D.tmp Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Program Files\Norton AntiVirus\Quarantine\1BDD7C83.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\1D9C2795.tmp Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\1D9F5191.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Program Files\Norton AntiVirus\Quarantine\1D9F5191.zip/Parser.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\1D9F5191.zip Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\1DA27B8D.tmp Infected: Email-Worm.Win32.VB.an
C:\Program Files\Norton AntiVirus\Quarantine\22DA665A.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\3C802F63.exe Infected: Packed.Win32.Klone.b
C:\Program Files\Norton AntiVirus\Quarantine\46A03EF6.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\46D808B9.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\46E530AA.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\48017572.EXE Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\48F96C60.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\49036A56.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\49061452.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\490A3E4E.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\49C7417E.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\4A055F3A.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\4A0F5D2F.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\4A195B24.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\4A1C0521.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\4A1F2F1D.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\4DE130E6.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\577D36CE.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5CF01FFB.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5D12085B.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\5E5722DD.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\67A20A07.tmp Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\67A53404.tmp Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\6F3464A6.exe Infected: Virus.Win32.Tenga.a
C:\Program Files\Norton AntiVirus\Quarantine\76B85164.exe Infected: Trojan-Downloader.Win32.Small.cbx
C:\RECYCLER\S-1-5-21-583907252-1085031214-1801674531-500\Dc1.exe Infected: Trojan-Dropper.Win32.Raven
C:\RECYCLER\S-1-5-21-583907252-1085031214-1801674531-500\Dc2.exe Infected: Backdoor.Win32.Codbot.bh
C:\WINDOWS\country.exe Infected: Trojan-Dropper.Win32.Raven
C:\WINDOWS\DAVES can these be deleted\tool2.exe Infected: not-virus:Hoax.Win32.Renos.ai
C:\WINDOWS\DAVES can these be deleted\tool4.exe Infected: Trojan-Proxy.Win32.Xorpix.h
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\V4DNNM77\AppWrap[1].exe Infected: not-a-virus:AdWare.Win32.AdURL.c
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\V4DNNM77\AppWrap[2].exe Infected: not-a-virus:AdWare.Win32.AdURL.c
Scan process completed.
hi
Download System Security Suite here:System Security Suite Download & Tutorial (http://www.igorshpak.net/). Unzip it to your desktop. Install the program. Don't use it yet.
Reboot into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe mode (http://www.bleepingcomputer.com/forums/index.php?showtutorial=61#winxo)
With all windows and browsers closed.
Clean out temporary and Temporary Internet Files.
A. Open System Security Suite.
B. In the Items to Clear tab select for cleaning:
- Internet Explorer (left pane): Temporary files
- My Computer (right pane): Temporary files & Recycle Bin
Press the Clear Selected Items button.
Close the program
Open Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button.
reboot back to normal mode
open norton, delete all items in its quarantine
also delete l2mefix's backups
do the KAV scan again, log should be smaller now, post it here
and a hijackthis log too thank you
SomersetDave
2006-02-01, 08:26
Hi Illukka
A much smaller list now - here's the KAV log -
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, February 01, 2006 07:10:48
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 31/01/2006
Kaspersky Anti-Virus database records: 174144
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 78464
Number of viruses found: 7
Number of infected objects: 11
Number of suspicious objects: 4
Duration of the scan process: 7072 sec
Infected Object Name - Virus Name
C:\boot.inx Infected: Trojan-Downloader.Win32.Agent.abz
C:\DAVES can these be deleted\install.exe/data0010 Infected: Trojan-Downloader.Win32.Qoologic.at
C:\DAVES can these be deleted\install.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy3.zip/msexreg.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy3.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy8.zip/trkgif.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy8.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Dave/02 Jun 2001 09:23 from R. Drewnicki:RE: Summer Holidays/Change of address to Apitong.doc Infected: Virus.MSWord.Bleck
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Virus.MSWord.Bleck
C:\Program Files\Microsoft AntiSpyware\Quarantine\08996C69-D805-478C-8F04-9408DC\6D88CE0E-6AF0-4CD6-BAFB-4EA9AA Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\Program Files\Microsoft AntiSpyware\Quarantine\08996C69-D805-478C-8F04-9408DC\EB9CA1AF-D0DF-489E-992E-7B1B46 Infected: Trojan-Downloader.Win32.Qoologic.az
C:\Program Files\Microsoft AntiSpyware\Quarantine\9E6598B3-483B-4165-9841-7E8ED3\158F2245-384D-427B-A042-07DA0D Infected: Trojan-Downloader.Win32.Qoologic.at
C:\Program Files\Microsoft AntiSpyware\Quarantine\9E6598B3-483B-4165-9841-7E8ED3\AE1B37C5-608A-421B-8A25-63ABD3 Infected: Trojan-Downloader.Win32.Qoologic.at
C:\Program Files\Microsoft AntiSpyware\Quarantine\9E6598B3-483B-4165-9841-7E8ED3\B6DCDB51-0EDE-4AE6-A2AF-B6483A Infected: Trojan-Downloader.Win32.Qoologic.at
C:\WINDOWS\DAVES can these be deleted\country.exe Infected: Trojan-Dropper.Win32.Raven
Scan process completed.
And here's the hjt log,
Logfile of HijackThis v1.99.1
Scan saved at 07:17:08, on 01/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msvcp.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://www.fotowire.com/download/client/uploader/ImageUploader3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094497521562
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islandrally/ActiveLauncher/ActiveLauncherSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\MYDOCU~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\MYDOCU~1\BT2Net\BT2PLU~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
thanks
hi
just little things left
Before starting any cleaning steps, please disable the Microsoft Anti-Spyware real-time protection:
Right-click on the Microsoft Anti-Spyware tray icon by your clock (it's the one with the red and yellow bulls-eye).
Click on "Security Agents Status".
Click on "Disable real-time protection".
Next, open Microsoft Anti-Spyware.
Click on the Options menu, then Settings.
Select "Real Time Protection" from the left column.
Uncheck "Enable (MSAS) Security Agents" and "Enable real-time spyware threat protection".
Click the Save button.
Finally, Right-click on the MSAS tray icon, select "Shutdown Microsoft Antispyware", and click "Yes" in the dialog that comes up.
You can reenable it once your system is clean.
Please disable SpywareGuard, as it may interfere with some of our HijackThis fixes:
Right click the SpywareGuard icon in the System Tray at the bottom-right corner of the screen and open the program.
Then go to Menu, File, Exit.
Then confirm the program is closed.
open hijackthis, click do a system scan only
checkmark these entries
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msvcp.exe
then close all browsers, and expolorer windows
and hit fox checked
reboot into safe mode
delete these files if they exist
C:\boot.inx
C:\WINDOWS\System32\msvcp.exe
C:\WINDOWS\DAVES can these be deleted\country.exe
C:\DAVES can these be deleted\install.exe
also empty spybots recovery and microsoft anti spyware's quarantine
reboot back to normal mode
post a final hijackthis log
SomersetDave
2006-02-01, 22:30
Hi Illukka
All those steps completed now & looks OK...
Here's the latest hjt log -
Logfile of HijackThis v1.99.1
Scan saved at 21:23:37, on 01/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\lexpps.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://www.fotowire.com/download/client/uploader/ImageUploader3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094497521562
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islandrally/ActiveLauncher/ActiveLauncherSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\MYDOCU~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\MYDOCU~1\BT2Net\BT2PLU~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
hi
well done :)
i assume you have re-enabled those security programs now ;)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and reenable system restore here:
Managing Windows Millenium System Restore (http://www.bleepingcomputer.com/forums/tutorial63.html)
or
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Reenable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources (http://www.bleepingcomputer.com/forums/topict405.html)
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls (http://www.bleepingcomputer.com/forums/tutorial60.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers (http://www.bleepingcomputer.com/forums/tutorial43.html)
Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/tutorial48.html)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
here are some additional utilities that will enhance your safety
IE/Spyad (https://netfiles.uiuc.edu/ehowes/www/resource.htm) <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
:beerbeerb
SomersetDave
2006-02-02, 22:55
Hi Illukka
Fantastic, thanks for all your help - a donation is on its way ..
cheers!
Dave
hi
thanks :)
as the issue is resolved tis topic will now be archived
contact the forum staff to get it reopened
glad we could help :)