Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

remove Look2Me HiJack included [RESOLVED]


  • This topic is locked This topic is locked

#1
Loan Flandez

Loan Flandez

    New Member

  • Member
  • Pip
  • 6 posts
Hi All,

Newbie here and I was wondering if someone could help me with my computer problems.

Logfile of HijackThis v1.99.1
Scan saved at 6:28:24 PM, on 8/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\TDxVGAUTIL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\receildA.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\sys0157348195-.exe
C:\Program Files\Common Files\{FC94EF9D-08FA-1033-1031-030512200001}\Update.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Vpskeys\vpskeys.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\VyvY\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [TDxVGAUTIL] C:\WINDOWS\system32\TDxVGAUTIL.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [receildA] C:\WINDOWS\receildA.exe
O4 - HKLM\..\Run: [tku1e28e] RUNDLL32.EXE w44ce7d9.dll,n 0031e28b0000000344ce7d9
O4 - HKLM\..\Run: [w44dfacf.dll] RUNDLL32.EXE w44dfacf.dll,I2 0031e28b044dfacf
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_11a.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_11a.exe
O4 - HKLM\..\Run: [sys0157348195-] C:\WINDOWS\sys0157348195-.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [VPSKEYS] C:\Program Files\Vpskeys\vpskeys.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [iwfw] C:\PROGRA~1\COMMON~1\iwfw\iwfwm.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logme...ivex/RACtrl.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.scrapblog...geUploader3.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\p48qlel51hq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

any help would be much appreciated.
Thanks,
Loan
  • 0

Advertisements


#2
RiP

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Hello Loan Flandez,

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
  • 0

#3
Loan Flandez

Loan Flandez

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for the repsonse!

Here it is!

3D-Album PicturePro
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Photoshop 7.0
ALPS Touch Pad Driver
Altova XMLSpy 2006 Home Edition
AnyDVD
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
Audacity 1.2.4
BitTornado 0.3.7
BUM
C-Dilla Licence Management System
Chuzzle Deluxe 1.0
Diner Dash
Diner Dash 2
Disney Mix Stick
DJ Integration Studio - Data Junction Enterprise
DJ Integration Studio - Extractor Enterprise
DJ Integration Studio - SDKs
Drag'n Drop CD+DVD
DVD Audio Ripper 4
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD-RAM Driver
Easy Button
EPSON Printer Software
EPSON TWAIN 5
ewido anti-spyware 4.0
HijackThis 1.99.1
Hotfix for Windows XP (KB909394)
InCD
Intel® Extreme Graphics Driver
InterVideo WinDVD 4
iPod for Windows 2005-06-26
iPod for Windows 2006-01-10
iTunes
iTunes
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
KODAK EASYSHARE Gallery Upload ActiveX Control
LiveReg (Symantec Corporation)
LiveUpdate
LiveUpdate 1.80 (Symantec Corporation)
LiveUpdate BVRP Software
LogMeIn
LogMeIn
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft ActiveSync 4.0
Microsoft Office Live Meeting 2005
Microsoft Office XP Professional
Microsoft Works 7.0
mobile PhoneTools
MSN Messenger 7.5
Nero 6 Ultra Edition
Nero Media Player
NeroMIX
NeroVision Express 2
NETGEAR WG511 54 Mbps Wireless PC Card
NextPOS For Restaurants
Norton AntiVirus 2003
Norton WMI Update
Notebook Maximizer
Onyx Customer Center
Photodex Presenter
PSP Movie Creator(remove only)
Quicken 2003 New User Edition
Quicklinks
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Realtek Fast Ethernet Adapter Driver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Skype 2.5
SMSC IrCC Driver V5.1.2462.0 (WinXP)
SonicWALL Global VPN Client
Sony Ericsson PC Suite
Spybot - Search & Destroy 1.4
SurfHere by Toshiba
Targus USB Port Replicator with Video(ACP50) V5.0.3
TOSHIBA Access
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Hotkey Utility
TOSHIBA Power Management Utility
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
TouchPad On/Off Utility
Uninstall JL2005A Toy Camera
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visviva Animation Player
VNC Free Edition 4.1.1
Vpskeys 4.3
Winamp (remove only)
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinSCP 3.8 beta
Xml Viewer
Yahoo! Messenger
yEnc32 (remove only)
  • 0

#4
RiP

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Hello Loan Flandez,

Using Add Or Remove Programs remove the following entries (if present): (To get into add Or Remove Programs press the START button > Control Panel > Add Or Remove Programs.)

Quicklinks
Viewpoint Manager (Remove Only)
Viewpoint Media Player


Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of Look2Me-Destroyer.txt (it can be found wherever you saved Look2Me-Destroyer.exe) and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.
  • 0

#5
Loan Flandez

Loan Flandez

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I've deleted the 3 that you mentioned earlier to remove from programs. Bottom of this I've attached an updated list just in case.

Here's the L2M log:


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 8/28/2006 10:55:01 PM

Infected! C:\WINDOWS\system32\p48qlel51hq.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0134381.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0135380.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0135385.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0136407.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0136408.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0138407.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0138429.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0139407.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0139437.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0139452.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0139486.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP415\A0140684.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP415\A0140718.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP419\A0140760.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP419\A0140761.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP420\A0140778.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP424\A0140808.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP424\A0140813.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP424\A0140818.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP424\A0140822.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP425\A0140829.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP425\A0140832.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP427\A0141059.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP429\A0141061.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP429\A0141062.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP433\A0141096.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP435\A0141124.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP435\A0141129.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP436\A0141131.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP437\A0141146.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP438\A0141153.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP438\A0141168.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP438\A0141260.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP438\A0141261.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP438\A0141262.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP438\A0141265.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP440\A0141307.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP441\A0142761.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP441\A0142788.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP441\A0142793.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP441\A0142799.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP443\A0142835.dll
Infected! C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP443\A0142849.dll
Infected! C:\WINDOWS\system32\dnn0015me.dll
Infected! C:\WINDOWS\system32\en80l1lm1.dll
Infected! C:\WINDOWS\system32\gbtuname.dll
Infected! C:\WINDOWS\system32\gp2ul3f91.dll
Infected! C:\WINDOWS\system32\hp4023hmg.dll
Infected! C:\WINDOWS\system32\hr0005dme.dll
Infected! C:\WINDOWS\system32\i0060adsed060.dll
Infected! C:\WINDOWS\system32\i006lads1d06.dll
Infected! C:\WINDOWS\system32\i624lgfq162e.dll
Infected! C:\WINDOWS\system32\iaxpromn.dll
Infected! C:\WINDOWS\system32\inrop.dll
Infected! C:\WINDOWS\system32\jt4q07h5e.dll
Infected! C:\WINDOWS\system32\kt44l7hq1.dll
Infected! C:\WINDOWS\system32\p08qlal51dq.dll
Infected! C:\WINDOWS\system32\p48qlel51hq.dll
Infected! C:\WINDOWS\system32\pyotowiz.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\p48qlel51hq.dll
C:\WINDOWS\system32\p48qlel51hq.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0134381.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0134381.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0135380.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0135380.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0135385.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0135385.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0136407.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0136407.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0136408.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0136408.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0138407.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0138407.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0138429.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0138429.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0139407.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0139407.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0139437.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0139437.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0139452.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0139452.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0139486.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP413\A0139486.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP415\A0140684.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP415\A0140684.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP415\A0140718.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP415\A0140718.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP419\A0140760.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP419\A0140760.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP419\A0140761.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP419\A0140761.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP420\A0140778.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP420\A0140778.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP424\A0140808.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP424\A0140808.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP424\A0140813.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP424\A0140813.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP424\A0140818.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP424\A0140818.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP424\A0140822.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP424\A0140822.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP425\A0140829.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP425\A0140829.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP425\A0140832.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP425\A0140832.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP427\A0141059.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP427\A0141059.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP429\A0141061.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP429\A0141061.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP429\A0141062.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP429\A0141062.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP433\A0141096.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP433\A0141096.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP435\A0141124.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP435\A0141124.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP435\A0141129.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP435\A0141129.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP436\A0141131.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP436\A0141131.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP437\A0141146.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP437\A0141146.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP438\A0141153.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP438\A0141153.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP438\A0141168.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP438\A0141168.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP438\A0141260.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP438\A0141260.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP438\A0141261.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP438\A0141261.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP438\A0141262.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP438\A0141262.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP438\A0141265.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP438\A0141265.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP440\A0141307.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP440\A0141307.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP441\A0142761.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP441\A0142761.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP441\A0142788.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP441\A0142788.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP441\A0142793.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP441\A0142793.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP441\A0142799.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP441\A0142799.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP443\A0142835.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP443\A0142835.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP443\A0142849.dll
C:\System Volume Information\_restore{DC0F6FA1-168A-4B6E-951C-3ADB109AF7F0}\RP443\A0142849.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dnn0015me.dll
C:\WINDOWS\system32\dnn0015me.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en80l1lm1.dll
C:\WINDOWS\system32\en80l1lm1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\gbtuname.dll
C:\WINDOWS\system32\gbtuname.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\gp2ul3f91.dll
C:\WINDOWS\system32\gp2ul3f91.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hp4023hmg.dll
C:\WINDOWS\system32\hp4023hmg.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hr0005dme.dll
C:\WINDOWS\system32\hr0005dme.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i0060adsed060.dll
C:\WINDOWS\system32\i0060adsed060.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i006lads1d06.dll
C:\WINDOWS\system32\i006lads1d06.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i624lgfq162e.dll
C:\WINDOWS\system32\i624lgfq162e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\iaxpromn.dll
C:\WINDOWS\system32\iaxpromn.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\inrop.dll
C:\WINDOWS\system32\inrop.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\jt4q07h5e.dll
C:\WINDOWS\system32\jt4q07h5e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kt44l7hq1.dll
C:\WINDOWS\system32\kt44l7hq1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\p08qlal51dq.dll
C:\WINDOWS\system32\p08qlal51dq.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\p48qlel51hq.dll
C:\WINDOWS\system32\p48qlel51hq.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\pyotowiz.dll
C:\WINDOWS\system32\pyotowiz.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\policies

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{52B4AF2C-935D-480F-A31D-B1F52DECD2FA}"
HKCR\Clsid\{52B4AF2C-935D-480F-A31D-B1F52DECD2FA}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9A3F0ADE-C4A8-4916-BA0F-0E2E20F95B7F}"
HKCR\Clsid\{9A3F0ADE-C4A8-4916-BA0F-0E2E20F95B7F}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{40FFC5CE-C5E1-4469-8612-9760A33D91BF}"
HKCR\Clsid\{40FFC5CE-C5E1-4469-8612-9760A33D91BF}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C53E1FBA-4C0F-4E6F-9E1F-C531B5212DC5}"
HKCR\Clsid\{C53E1FBA-4C0F-4E6F-9E1F-C531B5212DC5}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded




----------------------------
hijack Log
----------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:16:02 PM, on 8/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\TDxVGAUTIL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\receildA.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\sys0157348195-.exe
C:\Program Files\Common Files\{FC94EF9D-08FA-1033-1031-030512200001}\Update.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\VyvY\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [TDxVGAUTIL] C:\WINDOWS\system32\TDxVGAUTIL.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [receildA] C:\WINDOWS\receildA.exe
O4 - HKLM\..\Run: [tku1e28e] RUNDLL32.EXE w44ce7d9.dll,n 0031e28b0000000344ce7d9
O4 - HKLM\..\Run: [w44dfacf.dll] RUNDLL32.EXE w44dfacf.dll,I2 0031e28b044dfacf
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_11a.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_11a.exe
O4 - HKLM\..\Run: [sys0157348195-] C:\WINDOWS\sys0157348195-.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [VPSKEYS] C:\Program Files\Vpskeys\vpskeys.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [iwfw] C:\PROGRA~1\COMMON~1\iwfw\iwfwm.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logme...ivex/RACtrl.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.scrapblog...geUploader3.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

-------------------
programs list
-------------------

3D-Album PicturePro
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Photoshop 7.0
ALPS Touch Pad Driver
Altova XMLSpy 2006 Home Edition
AnyDVD
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
Audacity 1.2.4
BitTornado 0.3.7
BUM
C-Dilla Licence Management System
Chuzzle Deluxe 1.0
Diner Dash
Diner Dash 2
Disney Mix Stick
DJ Integration Studio - Data Junction Enterprise
DJ Integration Studio - Extractor Enterprise
DJ Integration Studio - SDKs
Drag'n Drop CD+DVD
DVD Audio Ripper 4
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD-RAM Driver
Easy Button
EPSON Printer Software
EPSON TWAIN 5
ewido anti-spyware 4.0
HijackThis 1.99.1
Hotfix for Windows XP (KB909394)
InCD
Intel® Extreme Graphics Driver
InterVideo WinDVD 4
iPod for Windows 2005-06-26
iPod for Windows 2006-01-10
iTunes
iTunes
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
KODAK EASYSHARE Gallery Upload ActiveX Control
LiveReg (Symantec Corporation)
LiveUpdate
LiveUpdate 1.80 (Symantec Corporation)
LiveUpdate BVRP Software
LogMeIn
LogMeIn
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft ActiveSync 4.0
Microsoft Office Live Meeting 2005
Microsoft Office XP Professional
Microsoft Works 7.0
mobile PhoneTools
MSN Messenger 7.5
Nero 6 Ultra Edition
Nero Media Player
NeroMIX
NeroVision Express 2
NETGEAR WG511 54 Mbps Wireless PC Card
NextPOS For Restaurants
Norton AntiVirus 2003
Norton WMI Update
Notebook Maximizer
Onyx Customer Center
Photodex Presenter
PSP Movie Creator(remove only)
Quicken 2003 New User Edition
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Realtek Fast Ethernet Adapter Driver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Skype 2.5
SMSC IrCC Driver V5.1.2462.0 (WinXP)
SonicWALL Global VPN Client
Sony Ericsson PC Suite
Spybot - Search & Destroy 1.4
SurfHere by Toshiba
Targus USB Port Replicator with Video(ACP50) V5.0.3
TOSHIBA Access
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Hotkey Utility
TOSHIBA Power Management Utility
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
TouchPad On/Off Utility
Uninstall JL2005A Toy Camera
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Visviva Animation Player
VNC Free Edition 4.1.1
Vpskeys 4.3
Winamp (remove only)
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinSCP 3.8 beta
Xml Viewer
Yahoo! Messenger
yEnc32 (remove only)


Thanks!
  • 0

#6
RiP

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Hello Loan Flandez,

1. Open Ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close Ewido anti-spyware, Do Not run a scan just yet

2. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

4. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

5. IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your desktop (This is important)
  • Close Ewido and reboot your system back into Normal Mode.
6. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.

Edited by __RiP_ChAiN_, 29 August 2006 - 07:02 AM.

  • 0

#7
Loan Flandez

Loan Flandez

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here's the hijack log


Logfile of HijackThis v1.99.1
Scan saved at 11:53:31 AM, on 8/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\TDxVGAUTIL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\win32085-5734819.exe
C:\WINDOWS\Duce6.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\VyvY\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [TDxVGAUTIL] C:\WINDOWS\system32\TDxVGAUTIL.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [receildA] C:\WINDOWS\receildA.exe
O4 - HKLM\..\Run: [tku1e28e] RUNDLL32.EXE w44ce7d9.dll,n 0031e28b0000000344ce7d9
O4 - HKLM\..\Run: [w44dfacf.dll] RUNDLL32.EXE w44dfacf.dll,I2 0031e28b044dfacf
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [win32085-5734819] C:\WINDOWS\win32085-5734819.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [VPSKEYS] C:\Program Files\Vpskeys\vpskeys.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [iwfw] C:\PROGRA~1\COMMON~1\iwfw\iwfwm.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logme...ivex/RACtrl.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.scrapblog...geUploader3.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)


--------------------
ewido log
--------------------

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:31:09 AM 8/29/2006

+ Scan result:



C:\WINDOWS\Temp\bw2.com -> Adware.AdURL : Cleaned with backup (quarantined).
C:\Documents and Settings\VyvY\Local Settings\Temp\Temporary Internet Files\Content.IE5\OPUVO1UV\kazaa_setup[1].exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bez6n4r21.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32bez6n4r21.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iqqr.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\n9nyb.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32n9nyb.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\repairs303169590.dll_tobedeleted -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\system32\csrrs.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dr.exe -> Downloader.Adload.ee : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{FC94EF9D-08FA-1033-1031-030512200001}\Update.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tku1e28e.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\lt.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\WINDOWS\offun.exe -> Downloader.VB.nw : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\6DKFMBI1\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\VyvY\Local Settings\Temporary Internet Files\Content.IE5\RQIDWRXP\dfndrff_11a[1].exe -> Hijacker.VB.ov : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\E345UPK3\xp-cydoor-728[1].swf -> Not-A-Virus.Hoax.SWF.Alerter.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\redist.dll -> Trojan.Agent.sx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\redistributor.exe -> Trojan.Agent.sx : Cleaned with backup (quarantined).
C:\WINDOWS\wnu_228.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
C:\WINDOWS\uni_ehhhh.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\uninst104.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).


::Report end
  • 0

#8
RiP

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Hello Loan Flandez,

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Please download the Killbox by Option^Explicit. ( Save it to your desktop. )

Note: In the event you already have Killbox, this is a new version that I need you to download.

You have a CoolWebSearch infection.

Download CWShredder here to its own folder.

Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [receildA] C:\WINDOWS\receildA.exe
O4 - HKLM\..\Run: [tku1e28e] RUNDLL32.EXE w44ce7d9.dll,n 0031e28b0000000344ce7d9
O4 - HKLM\..\Run: [w44dfacf.dll] RUNDLL32.EXE w44dfacf.dll,I2 0031e28b044dfacf
O4 - HKLM\..\Run: [win32085-5734819] C:\WINDOWS\win32085-5734819.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKCU\..\Run: [iwfw] C:\PROGRA~1\COMMON~1\iwfw\iwfwm.exe


Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.

Boot into Safe Mode:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Run ATF Cleaner:Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Using Windows Explorer delete the following folders (if present): (To get into Windows Explorer, right click the START button and select "explore.")

C:\Program Files\Common Files\iwfw

Run Killbox:
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\win32085-5734819.exe
    C:\WINDOWS\Duce6.exe
    C:\WINDOWS\receildA.exe
    C:\WINDOWS\system32\w44ce7d9.dll
    C:\WINDOWS\system32\w44dfacf.dll


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Reboot into Normal Mode.

In your next reply please include the following:
  • A new HijackThis log..

  • 0

#9
Loan Flandez

Loan Flandez

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
here's the new hijack log

Logfile of HijackThis v1.99.1
Scan saved at 2:11:43 PM, on 8/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\TDxVGAUTIL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Vpskeys\vpskeys.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Documents and Settings\VyvY\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [TDxVGAUTIL] C:\WINDOWS\system32\TDxVGAUTIL.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [VPSKEYS] C:\Program Files\Vpskeys\vpskeys.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logme...ivex/RACtrl.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.scrapblog...geUploader3.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  • 0

#10
RiP

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Hello Loan Flandez,

Your HijackThis log is now clean, congratulations!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Reenable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

  • 0

#11
Loan Flandez

Loan Flandez

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
thank you very much for your help and time!

Everything was a success and now my system is clean!
  • 0

#12
RiP

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP