- Right click on the file
- choose extract
- click next, click next again
- you should have a new folder on your desktop (not zipped)
desktop hi jack. i have black screen
Started by
paco_taco
, Feb 03 2007 01:24 PM
#16
Posted 08 February 2007 - 06:15 PM
loophole
-
- Retired Staff
-
- 9,798 posts
Malware Expert
#17
Posted 08 February 2007 - 08:42 PM
paco_taco
- Topic Starter
-
- Member
-
- 33 posts
Member
SmitFraudFix v2.138
Scan done at 8:33:03.18, Thu 03/08/2007
Run from C:\My Downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\wppp.html Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="csuxy.exe"
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Scan done at 8:33:03.18, Thu 03/08/2007
Run from C:\My Downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\wppp.html Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="csuxy.exe"
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
#18
Posted 12 February 2007 - 05:18 PM
loophole
-
- Retired Staff
-
- 9,798 posts
Malware Expert
Hi Paco Taco, sorry for the delay
Post a hijack log and lets see where we are at
Post a hijack log and lets see where we are at
#19
Posted 12 February 2007 - 06:57 PM
paco_taco
- Topic Starter
-
- Member
-
- 33 posts
Member
Logfile of HijackThis v1.99.1
Scan saved at 6:56:09 AM, on 3/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\lxcycoms.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\ff8044f26e091ff4d09b3860932ee4eb\update\update.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {18C00756-973B-4183-862B-AED976378F15} - C:\WINDOWS\System32\nnnnmmn.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: www.contentdiscount.info
O15 - Trusted Zone: www.extremeaccess.info
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay11...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1173684017218
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3707AD07-A600-4578-AD84-8B684D7FB695}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{809E2A31-34EE-4178-BB79-9D83DCCF2B66}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.25 85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.25 85.255.112.94
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
O20 - Winlogon Notify: Winmsc - C:\WINDOWS\SYSTEM32\ms3d2a43d1.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\System32\Cjknbo32.dll
O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcy_device - - C:\WINDOWS\System32\lxcycoms.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\System32\dmxwz.exe
Scan saved at 6:56:09 AM, on 3/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\lxcycoms.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\ff8044f26e091ff4d09b3860932ee4eb\update\update.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {18C00756-973B-4183-862B-AED976378F15} - C:\WINDOWS\System32\nnnnmmn.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: www.contentdiscount.info
O15 - Trusted Zone: www.extremeaccess.info
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay11...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1173684017218
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3707AD07-A600-4578-AD84-8B684D7FB695}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{809E2A31-34EE-4178-BB79-9D83DCCF2B66}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.25 85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.25 85.255.112.94
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
O20 - Winlogon Notify: Winmsc - C:\WINDOWS\SYSTEM32\ms3d2a43d1.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\System32\Cjknbo32.dll
O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcy_device - - C:\WINDOWS\System32\lxcycoms.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\System32\dmxwz.exe
#20
Posted 12 February 2007 - 07:25 PM
loophole
-
- Retired Staff
-
- 9,798 posts
Malware Expert
Hi
Ok lets move on
Please download FixWareout from here:
http://downloads.sub.../Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log
Ok lets move on
Please download FixWareout from here:
http://downloads.sub.../Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log
#21
Posted 12 February 2007 - 09:52 PM
paco_taco
- Topic Starter
-
- Member
-
- 33 posts
Member
Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="csuxy.exe"
Service: "Windows Management Service" = C:\WINDOWS\System32\dmxwz.exe
»»»»» System restarted
»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}94BCAD812ED0-20B8-9234-20EE-F67FD24B{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}4FF215B77B0F-C478-7EC4-314D-034DE877{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "zwxmd" Deleted
....
»»»»» Misc files.
C:\WINDOWS\system32\{553BAF32-8967-4351-B7A5-AD2B7D1A9C46}.exe Deleted
C:\WINDOWS\System32\kernel32.exe Deleted
....
»»»»» Checking for older varients.
....
Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.
C:\WINDOWS\system32\csyjs.exe 52744 01/31/2007
Click browse, find the file then click submit.
http://www.virustota...h/index_en.html
Or http://virusscan.jotti.org/
»»»»» Other
C:\WINDOWS\temp\dmxwz.ren 57907 05/11/2003
»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCYCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCYtime.dll,_RunDLLEntry@16"
"MRT"="\"C:\\WINDOWS\\System32\\MRT.exe\" /R"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="csuxy.exe"
Service: "Windows Management Service" = C:\WINDOWS\System32\dmxwz.exe
»»»»» System restarted
»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}94BCAD812ED0-20B8-9234-20EE-F67FD24B{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}4FF215B77B0F-C478-7EC4-314D-034DE877{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "zwxmd" Deleted
....
»»»»» Misc files.
C:\WINDOWS\system32\{553BAF32-8967-4351-B7A5-AD2B7D1A9C46}.exe Deleted
C:\WINDOWS\System32\kernel32.exe Deleted
....
»»»»» Checking for older varients.
....
Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.
C:\WINDOWS\system32\csyjs.exe 52744 01/31/2007
Click browse, find the file then click submit.
http://www.virustota...h/index_en.html
Or http://virusscan.jotti.org/
»»»»» Other
C:\WINDOWS\temp\dmxwz.ren 57907 05/11/2003
»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCYCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCYtime.dll,_RunDLLEntry@16"
"MRT"="\"C:\\WINDOWS\\System32\\MRT.exe\" /R"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
#22
Posted 15 February 2007 - 12:53 PM
loophole
-
- Retired Staff
-
- 9,798 posts
Malware Expert
Hi
Please download the Killbox by Option^Explicit.
Note: In the event you already have Killbox, this is a new version that I need you to download.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
Post a new Hijaack log when done please
Please download the Killbox by Option^Explicit.
Note: In the event you already have Killbox, this is a new version that I need you to download.
- Save it to your desktop.
- Please double-click Killbox.exe to run it.
- Select:
- Delete on Reboot
- then Click on the All Files button.
- Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
c:\windows\system32\ldcore.dll
C:\WINDOWS\SYSTEM32\instcat.dll
C:\WINDOWS\SYSTEM32\ms3d2a43d1.dll
C:\WINDOWS\system32\csyjs.exe
[/b]
- Return to Killbox, go to the File menu, and choose Paste from Clipboard.
- Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
Post a new Hijaack log when done please
#23
Posted 15 February 2007 - 06:14 PM
paco_taco
- Topic Starter
-
- Member
-
- 33 posts
Member
it did not ask me the pendingfill etc..... question.
Logfile of HijackThis v1.99.1
Scan saved at 6:13:53 AM, on 3/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\lxcycoms.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {18C00756-973B-4183-862B-AED976378F15} - C:\WINDOWS\System32\nnnnmmn.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: www.contentdiscount.info
O15 - Trusted Zone: www.extremeaccess.info
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay11...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1173684017218
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3707AD07-A600-4578-AD84-8B684D7FB695}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{809E2A31-34EE-4178-BB79-9D83DCCF2B66}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.25 85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.25 85.255.112.94
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: instcat - instcat.dll (file missing)
O20 - Winlogon Notify: Winmsc - ms3d2a43d1.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\System32\Cjknbo32.dll (file missing)
O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcy_device - - C:\WINDOWS\System32\lxcycoms.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 6:13:53 AM, on 3/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\lxcycoms.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {18C00756-973B-4183-862B-AED976378F15} - C:\WINDOWS\System32\nnnnmmn.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: www.contentdiscount.info
O15 - Trusted Zone: www.extremeaccess.info
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay11...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1173684017218
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3707AD07-A600-4578-AD84-8B684D7FB695}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{809E2A31-34EE-4178-BB79-9D83DCCF2B66}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.25 85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.25 85.255.112.94
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: instcat - instcat.dll (file missing)
O20 - Winlogon Notify: Winmsc - ms3d2a43d1.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\System32\Cjknbo32.dll (file missing)
O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcy_device - - C:\WINDOWS\System32\lxcycoms.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
#24
Posted 15 February 2007 - 07:57 PM
loophole
-
- Retired Staff
-
- 9,798 posts
Malware Expert
Hi again
I think we almost have it
Please run a scan with HijackThis and check the following lines for removal:
O17 - HKLM\System\CCS\Services\Tcpip\..\{3707AD07-A600-4578-AD84-8B684D7FB695}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{809E2A31-34EE-4178-BB79-9D83DCCF2B66}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.25 85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.25 85.255.112.94
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: instcat - instcat.dll (file missing)
O20 - Winlogon Notify: Winmsc - ms3d2a43d1.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\System32\Cjknbo32.dll (file missing)
O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - (no file)
Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Please go HERE to run Panda's ActiveScan
I think we almost have it
Please run a scan with HijackThis and check the following lines for removal:
O17 - HKLM\System\CCS\Services\Tcpip\..\{3707AD07-A600-4578-AD84-8B684D7FB695}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{809E2A31-34EE-4178-BB79-9D83DCCF2B66}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.25 85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.25 85.255.112.94
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: instcat - instcat.dll (file missing)
O20 - Winlogon Notify: Winmsc - ms3d2a43d1.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\System32\Cjknbo32.dll (file missing)
O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - (no file)
Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Please go HERE to run Panda's ActiveScan
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on My Computer to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.
#25
Posted 17 February 2007 - 06:32 PM
paco_taco
- Topic Starter
-
- Member
-
- 33 posts
Member
i cant choose firefox or opra
#26
Posted 18 February 2007 - 03:45 PM
loophole
-
- Retired Staff
-
- 9,798 posts
Malware Expert
Just continue to the online scan
#27
Posted 24 February 2007 - 04:38 PM
paco_taco
- Topic Starter
-
- Member
-
- 33 posts
Member
Incident Status Location
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Boog Warner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-119dbb1f.zip[Gummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Boog Warner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-119dbb1f.zip[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Boog Warner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-119dbb1f.zip[VerifierBug.class]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Boog Warner\Cookies\boog warner@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Boog Warner\Cookies\boog warner@atdmt[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Boog Warner\Local Settings\Temp\Rar$EX02.032\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Boog Warner\Local Settings\Temp\Rar$EX02.860\SmitfraudFix\Process.exe
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe]
Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][dp-k13w13.exe]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][IEDRIVER.EXE]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][sx.htm]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][ieupdate.exe]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][td.exe]
Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[dist1_1_00.exe]
Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[SaveInstCsSm.exe]
Adware:Adware/eZula Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[ezStub.exe]
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[sys_ai_client_loader.exe]
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[ClrSchP071.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[wmedia_bbi8015.exe]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe]
Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][dp-k13w13.exe]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][IEDRIVER.EXE]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][sx.htm]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][ieupdate.exe]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][td.exe]
Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[dist1_1_00.exe]
Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[SaveInstCsSm.exe]
Adware:Adware/eZula Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[ezStub.exe]
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[sys_ai_client_loader.exe]
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[ClrSchP071.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[wmedia_bbi8015.exe]
Spyware:Cookie/Diglnk Not disinfected C:\Documents and Settings\LocalService\Cookies\local service@mbop[2].txt
Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun2.exe
Spyware:Cookie/Diglnk Not disinfected C:\Documents and Settings\NetworkService\Cookies\network service@mbop[1].txt
Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun2.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\fixwareout\FindT\nircmd.exe
Adware:adware/delfinmedia Not disinfected C:\keys.ini
Potentially unwanted tool:Application/Processor Not disinfected C:\My Downloads\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\My Downloads\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\My Downloads\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Adware:Adware/Zango Not disinfected C:\Program Files\Common Files\csshare\plugins0942\npclntax.dll
Adware:Adware/CWS.Searchmeup Not disinfected C:\Program Files\Common Files\svchost.exe
Adware:Adware/Zango Not disinfected C:\Program Files\Netscape\Netscape 6\Plugins\npclntax.dll
Adware:Adware/ActiveSearch Not disinfected C:\RECYCLER\S-1-5-18\Dc1\system.dll
Adware:Adware/Mytoolbar Not disinfected C:\RECYCLER\S-1-5-18\Dc1\Update.exe~
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Adware:adware/ieplugin Not disinfected C:\WINDOWS\kwv2.dat
Adware:adware/ncase Not disinfected C:\WINDOWS\msbb.exe.temp
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\aukxrkki.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\bqeqnupi.dll
Adware:Adware/RegistryCleaner Not disinfected C:\WINDOWS\system32\ctpmon.exeddwuuv
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\system32\drivera.dll
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\system32\drivera.exe
Adware:adware/keenvalue Not disinfected C:\WINDOWS\system32\drivers\etc\hosts.bho
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\duesxafl.dll
Virus:Trj/Agent.EGK Disinfected C:\WINDOWS\system32\emxcwhgn.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\fvbhysdi.dll
Virus:Trj/Agent.EGK Disinfected C:\WINDOWS\system32\jybnrqqp.dll
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\kenbxfin.dll
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\kernels1118.exepbomdr
Virus:Trj/Agent.EGK Disinfected C:\WINDOWS\system32\kxdwhjnj.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\lbibippo.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\lnxwfdxu.dll
Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\system32\lsasss.exeqrjaty
Virus:Trj/Agent.EGK Disinfected C:\WINDOWS\system32\modbooid.dll
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\system32\monterreya_unknown.exe
Virus:Trj/Agent.EGK Disinfected C:\WINDOWS\system32\mpkoutps.dll
Virus:Trj/Agent.EGK Disinfected C:\WINDOWS\system32\nereuxsu.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\nuhlosoh.dll
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\oohexuwp.dll
Potentially unwanted tool:Application/ActivityMon Not disinfected C:\WINDOWS\system32\out.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\qjthjinv.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\rlpfccgw.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\sktqjshf.dll
Virus:Trj/Agent.EGK Disinfected C:\WINDOWS\system32\tqydgljh.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\uxlauaqm.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vrqjfews.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wqhlqpme.dll
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\wrnxtoys.exe
Virus:Trj/Agent.EGK Disinfected C:\WINDOWS\system32\wvbrqrte.dll
Virus:Trj/Agent.EGK Disinfected C:\WINDOWS\system32\xhjlnqfa.dll
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\xjjhtiuu.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xlxifkvi.dll
Logfile of HijackThis v1.99.1
Scan saved at 4:31:12 AM, on 3/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\lxcycoms.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {18C00756-973B-4183-862B-AED976378F15} - C:\WINDOWS\System32\nnnnmmn.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: www.contentdiscount.info
O15 - Trusted Zone: www.extremeaccess.info
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay11...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1173684017218
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3707AD07-A600-4578-AD84-8B684D7FB695}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{809E2A31-34EE-4178-BB79-9D83DCCF2B66}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.25 85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.25 85.255.112.94
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: instcat - instcat.dll (file missing)
O20 - Winlogon Notify: Winmsc - ms3d2a43d1.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\System32\Cjknbo32.dll (file missing)
O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcy_device - - C:\WINDOWS\System32\lxcycoms.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Boog Warner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-119dbb1f.zip[Gummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Boog Warner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-119dbb1f.zip[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Boog Warner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-119dbb1f.zip[VerifierBug.class]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Boog Warner\Cookies\boog warner@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Boog Warner\Cookies\boog warner@atdmt[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Boog Warner\Local Settings\Temp\Rar$EX02.032\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Boog Warner\Local Settings\Temp\Rar$EX02.860\SmitfraudFix\Process.exe
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe]
Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][dp-k13w13.exe]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][IEDRIVER.EXE]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][sx.htm]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][ieupdate.exe]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[setup233.exe][td.exe]
Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[dist1_1_00.exe]
Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[SaveInstCsSm.exe]
Adware:Adware/eZula Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[ezStub.exe]
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[sys_ai_client_loader.exe]
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[ClrSchP071.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe[wmedia_bbi8015.exe]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe]
Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][dp-k13w13.exe]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][IEDRIVER.EXE]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][sx.htm]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][ieupdate.exe]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[setup233.exe][td.exe]
Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[dist1_1_00.exe]
Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[SaveInstCsSm.exe]
Adware:Adware/eZula Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[ezStub.exe]
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[sys_ai_client_loader.exe]
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[ClrSchP071.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe[wmedia_bbi8015.exe]
Spyware:Cookie/Diglnk Not disinfected C:\Documents and Settings\LocalService\Cookies\local service@mbop[2].txt
Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun2.exe
Spyware:Cookie/Diglnk Not disinfected C:\Documents and Settings\NetworkService\Cookies\network service@mbop[1].txt
Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun2.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\fixwareout\FindT\nircmd.exe
Adware:adware/delfinmedia Not disinfected C:\keys.ini
Potentially unwanted tool:Application/Processor Not disinfected C:\My Downloads\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\My Downloads\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\My Downloads\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Adware:Adware/Zango Not disinfected C:\Program Files\Common Files\csshare\plugins0942\npclntax.dll
Adware:Adware/CWS.Searchmeup Not disinfected C:\Program Files\Common Files\svchost.exe
Adware:Adware/Zango Not disinfected C:\Program Files\Netscape\Netscape 6\Plugins\npclntax.dll
Adware:Adware/ActiveSearch Not disinfected C:\RECYCLER\S-1-5-18\Dc1\system.dll
Adware:Adware/Mytoolbar Not disinfected C:\RECYCLER\S-1-5-18\Dc1\Update.exe~
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Adware:adware/ieplugin Not disinfected C:\WINDOWS\kwv2.dat
Adware:adware/ncase Not disinfected C:\WINDOWS\msbb.exe.temp
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\aukxrkki.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\bqeqnupi.dll
Adware:Adware/RegistryCleaner Not disinfected C:\WINDOWS\system32\ctpmon.exeddwuuv
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\system32\drivera.dll
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\system32\drivera.exe
Adware:adware/keenvalue Not disinfected C:\WINDOWS\system32\drivers\etc\hosts.bho
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\duesxafl.dll
Virus:Trj/Agent.EGK Disinfected C:\WINDOWS\system32\emxcwhgn.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\fvbhysdi.dll
Virus:Trj/Agent.EGK Disinfected C:\WINDOWS\system32\jybnrqqp.dll
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\kenbxfin.dll
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\kernels1118.exepbomdr
Virus:Trj/Agent.EGK Disinfected C:\WINDOWS\system32\kxdwhjnj.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\lbibippo.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\lnxwfdxu.dll
Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\system32\lsasss.exeqrjaty
Virus:Trj/Agent.EGK Disinfected C:\WINDOWS\system32\modbooid.dll
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\system32\monterreya_unknown.exe
Virus:Trj/Agent.EGK Disinfected C:\WINDOWS\system32\mpkoutps.dll
Virus:Trj/Agent.EGK Disinfected C:\WINDOWS\system32\nereuxsu.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\nuhlosoh.dll
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\oohexuwp.dll
Potentially unwanted tool:Application/ActivityMon Not disinfected C:\WINDOWS\system32\out.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\qjthjinv.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\rlpfccgw.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\sktqjshf.dll
Virus:Trj/Agent.EGK Disinfected C:\WINDOWS\system32\tqydgljh.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\uxlauaqm.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vrqjfews.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wqhlqpme.dll
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\wrnxtoys.exe
Virus:Trj/Agent.EGK Disinfected C:\WINDOWS\system32\wvbrqrte.dll
Virus:Trj/Agent.EGK Disinfected C:\WINDOWS\system32\xhjlnqfa.dll
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\xjjhtiuu.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xlxifkvi.dll
Logfile of HijackThis v1.99.1
Scan saved at 4:31:12 AM, on 3/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\lxcycoms.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {18C00756-973B-4183-862B-AED976378F15} - C:\WINDOWS\System32\nnnnmmn.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: www.contentdiscount.info
O15 - Trusted Zone: www.extremeaccess.info
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay11...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1173684017218
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3707AD07-A600-4578-AD84-8B684D7FB695}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{809E2A31-34EE-4178-BB79-9D83DCCF2B66}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.25 85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.25 85.255.112.94
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: instcat - instcat.dll (file missing)
O20 - Winlogon Notify: Winmsc - ms3d2a43d1.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\System32\Cjknbo32.dll (file missing)
O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcy_device - - C:\WINDOWS\System32\lxcycoms.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
#28
Posted 24 February 2007 - 04:48 PM
loophole
-
- Retired Staff
-
- 9,798 posts
Malware Expert
Hi
Please run a scan with HijackThis and check the following lines for removal:
O2 - BHO: (no name) - {18C00756-973B-4183-862B-AED976378F15} - C:\WINDOWS\System32\nnnnmmn.dll (file missing)
O15 - Trusted Zone: www.contentdiscount.info
O15 - Trusted Zone: www.extremeaccess.info
O20 - Winlogon Notify: instcat - instcat.dll (file missing)
O20 - Winlogon Notify: Winmsc - ms3d2a43d1.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\System32\Cjknbo32.dll (file missing)
Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.
Please download the OTMoveIt by OldTimer.
Please run a scan with HijackThis and check the following lines for removal:
O2 - BHO: (no name) - {18C00756-973B-4183-862B-AED976378F15} - C:\WINDOWS\System32\nnnnmmn.dll (file missing)
O15 - Trusted Zone: www.contentdiscount.info
O15 - Trusted Zone: www.extremeaccess.info
O20 - Winlogon Notify: instcat - instcat.dll (file missing)
O20 - Winlogon Notify: Winmsc - ms3d2a43d1.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\System32\Cjknbo32.dll (file missing)
Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.
Please download the OTMoveIt by OldTimer.
- Save it to your desktop.
- Please double-click OTMoveIt.exe to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun2.exe
C:\keys.ini
C:\My Downloads\SDFix.exe
C:\My Downloads\SmitfraudFix
C:\Program Files\Common Files\csshare\plugins0942\npclntax.dll
C:\Program Files\Common Files\svchost.exe
C:\Program Files\Netscape\Netscape 6\Plugins\npclntax.dll
C:\SDFix
C:\WINDOWS\kwv2.dat
C:\WINDOWS\msbb.exe.temp
C:\WINDOWS\system32\aukxrkki.dll
C:\WINDOWS\system32\bqeqnupi.dll
C:\WINDOWS\system32\ctpmon.exeddwuuv
C:\WINDOWS\system32\drivera.dll
C:\WINDOWS\system32\drivera.exe
C:\WINDOWS\system32\drivers\etc\hosts.bho
C:\WINDOWS\system32\duesxafl.dll
C:\WINDOWS\system32\emxcwhgn.dll
C:\WINDOWS\system32\fvbhysdi.dll
C:\WINDOWS\system32\jybnrqqp.dll
C:\WINDOWS\system32\kenbxfin.dll
C:\WINDOWS\system32\kernels1118.exepbomdr
C:\WINDOWS\system32\kxdwhjnj.dll
C:\WINDOWS\system32\lbibippo.dll
C:\WINDOWS\system32\lnxwfdxu.dll
C:\WINDOWS\system32\lsasss.exeqrjaty
C:\WINDOWS\system32\modbooid.dll
C:\WINDOWS\system32\monterreya_unknown.exe
C:\WINDOWS\system32\mpkoutps.dll
C:\WINDOWS\system32\nereuxsu.dll
C:\WINDOWS\system32\nuhlosoh.dll
C:\WINDOWS\system32\oohexuwp.dll
C:\WINDOWS\system32\out.dll
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\qjthjinv.dll
C:\WINDOWS\system32\rlpfccgw.dll
C:\WINDOWS\system32\sktqjshf.dll
C:\WINDOWS\system32\tqydgljh.dll
C:\WINDOWS\system32\uxlauaqm.dll
C:\WINDOWS\system32\vrqjfews.dll
C:\WINDOWS\system32\wqhlqpme.dll
C:\WINDOWS\system32\wrnxtoys.exe
C:\WINDOWS\system32\wvbrqrte.dll
C:\WINDOWS\system32\xhjlnqfa.dll
C:\WINDOWS\system32\xjjhtiuu.dll
C:\WINDOWS\system32\xlxifkvi.dll
- Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
- Click the red Moveit! button.
- Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply with a new Hijack log.
- Close OTMoveIt
#29
Posted 04 March 2007 - 11:28 AM
paco_taco
- Topic Starter
-
- Member
-
- 33 posts
Member
C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun2.exe moved successfully.
C:\keys.ini moved successfully.
C:\My Downloads\SDFix.exe moved successfully.
C:\My Downloads\SmitfraudFix moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\Common Files\csshare\plugins0942\npclntax.dll
C:\Program Files\Common Files\csshare\plugins0942\npclntax.dll NOT unregistered.
C:\Program Files\Common Files\csshare\plugins0942\npclntax.dll moved successfully.
C:\Program Files\Common Files\svchost.exe moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\Netscape\Netscape 6\Plugins\npclntax.dll
C:\Program Files\Netscape\Netscape 6\Plugins\npclntax.dll NOT unregistered.
C:\Program Files\Netscape\Netscape 6\Plugins\npclntax.dll moved successfully.
C:\SDFix\backups moved successfully.
C:\SDFix\backupreg moved successfully.
C:\SDFix moved successfully.
C:\WINDOWS\kwv2.dat moved successfully.
C:\WINDOWS\msbb.exe.temp moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\aukxrkki.dll
C:\WINDOWS\system32\aukxrkki.dll NOT unregistered.
C:\WINDOWS\system32\aukxrkki.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bqeqnupi.dll
C:\WINDOWS\system32\bqeqnupi.dll NOT unregistered.
C:\WINDOWS\system32\bqeqnupi.dll moved successfully.
C:\WINDOWS\system32\ctpmon.exeddwuuv moved successfully.
C:\WINDOWS\system32\drivera.dll unregistered successfully.
C:\WINDOWS\system32\drivera.dll moved successfully.
C:\WINDOWS\system32\drivera.exe moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.bho moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\duesxafl.dll
C:\WINDOWS\system32\duesxafl.dll NOT unregistered.
C:\WINDOWS\system32\duesxafl.dll moved successfully.
File/Folder C:\WINDOWS\system32\emxcwhgn.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fvbhysdi.dll
C:\WINDOWS\system32\fvbhysdi.dll NOT unregistered.
C:\WINDOWS\system32\fvbhysdi.dll moved successfully.
File/Folder C:\WINDOWS\system32\jybnrqqp.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\kenbxfin.dll
C:\WINDOWS\system32\kenbxfin.dll NOT unregistered.
C:\WINDOWS\system32\kenbxfin.dll moved successfully.
C:\WINDOWS\system32\kernels1118.exepbomdr moved successfully.
File/Folder C:\WINDOWS\system32\kxdwhjnj.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\lbibippo.dll
C:\WINDOWS\system32\lbibippo.dll NOT unregistered.
C:\WINDOWS\system32\lbibippo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\lnxwfdxu.dll
C:\WINDOWS\system32\lnxwfdxu.dll NOT unregistered.
C:\WINDOWS\system32\lnxwfdxu.dll moved successfully.
C:\WINDOWS\system32\lsasss.exeqrjaty moved successfully.
File/Folder C:\WINDOWS\system32\modbooid.dll not found.
C:\WINDOWS\system32\monterreya_unknown.exe moved successfully.
File/Folder C:\WINDOWS\system32\mpkoutps.dll not found.
File/Folder C:\WINDOWS\system32\nereuxsu.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nuhlosoh.dll
C:\WINDOWS\system32\nuhlosoh.dll NOT unregistered.
C:\WINDOWS\system32\nuhlosoh.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\oohexuwp.dll
C:\WINDOWS\system32\oohexuwp.dll NOT unregistered.
C:\WINDOWS\system32\oohexuwp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\out.dll
C:\WINDOWS\system32\out.dll NOT unregistered.
C:\WINDOWS\system32\out.dll moved successfully.
C:\WINDOWS\system32\Process.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qjthjinv.dll
C:\WINDOWS\system32\qjthjinv.dll NOT unregistered.
C:\WINDOWS\system32\qjthjinv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rlpfccgw.dll
C:\WINDOWS\system32\rlpfccgw.dll NOT unregistered.
C:\WINDOWS\system32\rlpfccgw.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\sktqjshf.dll
C:\WINDOWS\system32\sktqjshf.dll NOT unregistered.
C:\WINDOWS\system32\sktqjshf.dll moved successfully.
File/Folder C:\WINDOWS\system32\tqydgljh.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\uxlauaqm.dll
C:\WINDOWS\system32\uxlauaqm.dll NOT unregistered.
C:\WINDOWS\system32\uxlauaqm.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vrqjfews.dll
C:\WINDOWS\system32\vrqjfews.dll NOT unregistered.
C:\WINDOWS\system32\vrqjfews.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wqhlqpme.dll
C:\WINDOWS\system32\wqhlqpme.dll NOT unregistered.
C:\WINDOWS\system32\wqhlqpme.dll moved successfully.
C:\WINDOWS\system32\wrnxtoys.exe moved successfully.
File/Folder C:\WINDOWS\system32\wvbrqrte.dll not found.
File/Folder C:\WINDOWS\system32\xhjlnqfa.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xjjhtiuu.dll
C:\WINDOWS\system32\xjjhtiuu.dll NOT unregistered.
C:\WINDOWS\system32\xjjhtiuu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xlxifkvi.dll
C:\WINDOWS\system32\xlxifkvi.dll NOT unregistered.
C:\WINDOWS\system32\xlxifkvi.dll moved successfully.
Created on 03/31/2007 23:27:14
Logfile of HijackThis v1.99.1
Scan saved at 11:28:37 PM, on 3/31/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\lxcycoms.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay11...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1173684017218
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3707AD07-A600-4578-AD84-8B684D7FB695}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{809E2A31-34EE-4178-BB79-9D83DCCF2B66}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.25 85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.25 85.255.112.94
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcy_device - - C:\WINDOWS\System32\lxcycoms.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun2.exe moved successfully.
C:\keys.ini moved successfully.
C:\My Downloads\SDFix.exe moved successfully.
C:\My Downloads\SmitfraudFix moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\Common Files\csshare\plugins0942\npclntax.dll
C:\Program Files\Common Files\csshare\plugins0942\npclntax.dll NOT unregistered.
C:\Program Files\Common Files\csshare\plugins0942\npclntax.dll moved successfully.
C:\Program Files\Common Files\svchost.exe moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\Netscape\Netscape 6\Plugins\npclntax.dll
C:\Program Files\Netscape\Netscape 6\Plugins\npclntax.dll NOT unregistered.
C:\Program Files\Netscape\Netscape 6\Plugins\npclntax.dll moved successfully.
C:\SDFix\backups moved successfully.
C:\SDFix\backupreg moved successfully.
C:\SDFix moved successfully.
C:\WINDOWS\kwv2.dat moved successfully.
C:\WINDOWS\msbb.exe.temp moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\aukxrkki.dll
C:\WINDOWS\system32\aukxrkki.dll NOT unregistered.
C:\WINDOWS\system32\aukxrkki.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bqeqnupi.dll
C:\WINDOWS\system32\bqeqnupi.dll NOT unregistered.
C:\WINDOWS\system32\bqeqnupi.dll moved successfully.
C:\WINDOWS\system32\ctpmon.exeddwuuv moved successfully.
C:\WINDOWS\system32\drivera.dll unregistered successfully.
C:\WINDOWS\system32\drivera.dll moved successfully.
C:\WINDOWS\system32\drivera.exe moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.bho moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\duesxafl.dll
C:\WINDOWS\system32\duesxafl.dll NOT unregistered.
C:\WINDOWS\system32\duesxafl.dll moved successfully.
File/Folder C:\WINDOWS\system32\emxcwhgn.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fvbhysdi.dll
C:\WINDOWS\system32\fvbhysdi.dll NOT unregistered.
C:\WINDOWS\system32\fvbhysdi.dll moved successfully.
File/Folder C:\WINDOWS\system32\jybnrqqp.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\kenbxfin.dll
C:\WINDOWS\system32\kenbxfin.dll NOT unregistered.
C:\WINDOWS\system32\kenbxfin.dll moved successfully.
C:\WINDOWS\system32\kernels1118.exepbomdr moved successfully.
File/Folder C:\WINDOWS\system32\kxdwhjnj.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\lbibippo.dll
C:\WINDOWS\system32\lbibippo.dll NOT unregistered.
C:\WINDOWS\system32\lbibippo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\lnxwfdxu.dll
C:\WINDOWS\system32\lnxwfdxu.dll NOT unregistered.
C:\WINDOWS\system32\lnxwfdxu.dll moved successfully.
C:\WINDOWS\system32\lsasss.exeqrjaty moved successfully.
File/Folder C:\WINDOWS\system32\modbooid.dll not found.
C:\WINDOWS\system32\monterreya_unknown.exe moved successfully.
File/Folder C:\WINDOWS\system32\mpkoutps.dll not found.
File/Folder C:\WINDOWS\system32\nereuxsu.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nuhlosoh.dll
C:\WINDOWS\system32\nuhlosoh.dll NOT unregistered.
C:\WINDOWS\system32\nuhlosoh.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\oohexuwp.dll
C:\WINDOWS\system32\oohexuwp.dll NOT unregistered.
C:\WINDOWS\system32\oohexuwp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\out.dll
C:\WINDOWS\system32\out.dll NOT unregistered.
C:\WINDOWS\system32\out.dll moved successfully.
C:\WINDOWS\system32\Process.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qjthjinv.dll
C:\WINDOWS\system32\qjthjinv.dll NOT unregistered.
C:\WINDOWS\system32\qjthjinv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rlpfccgw.dll
C:\WINDOWS\system32\rlpfccgw.dll NOT unregistered.
C:\WINDOWS\system32\rlpfccgw.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\sktqjshf.dll
C:\WINDOWS\system32\sktqjshf.dll NOT unregistered.
C:\WINDOWS\system32\sktqjshf.dll moved successfully.
File/Folder C:\WINDOWS\system32\tqydgljh.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\uxlauaqm.dll
C:\WINDOWS\system32\uxlauaqm.dll NOT unregistered.
C:\WINDOWS\system32\uxlauaqm.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vrqjfews.dll
C:\WINDOWS\system32\vrqjfews.dll NOT unregistered.
C:\WINDOWS\system32\vrqjfews.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wqhlqpme.dll
C:\WINDOWS\system32\wqhlqpme.dll NOT unregistered.
C:\WINDOWS\system32\wqhlqpme.dll moved successfully.
C:\WINDOWS\system32\wrnxtoys.exe moved successfully.
File/Folder C:\WINDOWS\system32\wvbrqrte.dll not found.
File/Folder C:\WINDOWS\system32\xhjlnqfa.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xjjhtiuu.dll
C:\WINDOWS\system32\xjjhtiuu.dll NOT unregistered.
C:\WINDOWS\system32\xjjhtiuu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xlxifkvi.dll
C:\WINDOWS\system32\xlxifkvi.dll NOT unregistered.
C:\WINDOWS\system32\xlxifkvi.dll moved successfully.
Created on 03/31/2007 23:27:14
Logfile of HijackThis v1.99.1
Scan saved at 11:28:37 PM, on 3/31/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\lxcycoms.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay11...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1173684017218
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3707AD07-A600-4578-AD84-8B684D7FB695}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{809E2A31-34EE-4178-BB79-9D83DCCF2B66}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.25 85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.25 85.255.112.94
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcy_device - - C:\WINDOWS\System32\lxcycoms.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
