Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP. HijackThis logfile [CLOSED]


  • This topic is locked This topic is locked

#16
raw0911

raw0911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Did the l2mfix...This is the log file followed by hijackthis logfile...

L2Mfix 1.03

Running From:
C:\Documents and Settings\DHERE\Desktop\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
- removing existing ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\DHERE\Desktop\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\DHERE\Desktop\l2mfix

killing explorer and rundll32.exe

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Desktop.ini sucessfully removed

Zipping up files for submission:
adding: clear.reg (164 bytes security) (deflated 2%)
adding: echo.reg (164 bytes security) (deflated 9%)
adding: desktop.ini (164 bytes security) (deflated 14%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 73%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: test.txt (164 bytes security) (stored 0%)
adding: test2.txt (164 bytes security) (stored 0%)
adding: test3.txt (164 bytes security) (stored 0%)
adding: test5.txt (164 bytes security) (stored 0%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n0r20a9oed.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
<IDone>{D4E8366A-1C14-4517-BF48-C0C918B76319}</IDone>
<IDtwo>VT00</IDtwo>
<VERSION>200</VERSION>
****************************************************************************


Hijack this log file
Logfile of HijackThis v1.99.1
Scan saved at 3:06:44 AM, on 6/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\SealedMedia\sealmon.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\WebProxy.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\avciman.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\DHERE\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: (no name) - {4593F035-9115-449D-9432-AED670874A96} - C:\WINDOWS\System32\clhbafj.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll (file missing)
O2 - BHO: CIEExtension Object - {B51DC573-E998-4834-9B45-BAB7C2AE0A75} - C:\Program Files\Ad-Protect\ADPIEmonitor.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [sountskmanager] sountaskmgr
O4 - HKLM\..\Run: [Microsoft Update] msawindows.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4U4Rfn] C:\documents and settings\dhere\local settings\temp\4U4Rfn.exe
O4 - HKLM\..\Run: [pQpJE8y] C:\documents and settings\dhere\local settings\temp\pQpJE8y.exe
O4 - HKLM\..\Run: [CKBcC5c] C:\documents and settings\dhere\local settings\temp\CKBcC5c.exe
O4 - HKLM\..\Run: [yhqY3d7] C:\documents and settings\dhere\local settings\temp\yhqY3d7.exe
O4 - HKLM\..\Run: [xVCVpv] C:\documents and settings\dhere\local settings\temp\xVCVpv.exe
O4 - HKLM\..\Run: [vcmxin] C:\WINDOWS\system32\BW_ActiveX.Stub.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [csuptfn] c:\windows\system32\csuptfn.exe
O4 - HKLM\..\Run: [nsvcin] C:\WINDOWS\system32\n20050308.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [AutoLoaderq0t61YKfMKPJ] "C:\WINDOWS\System32\ulrrenv.exe" /HideDir /HideUninstall /PC="CP.FHB" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [q72g3sX] ulrrenv.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [ Messenger] C:\WINDOWS\System32\p0n8ting.exe
O4 - HKLM\..\Run: [combop.exe] combop.exe
O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe"
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [fwjwvzh] c:\windows\system32\kresbz.exe
O4 - HKLM\..\Run: [Vio Pes] vwa32.exe
O4 - HKLM\..\Run: [BMan] C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [sountskmanager] sountaskmgr
O4 - HKLM\..\RunServices: [Microsoft Update] msawindows.exe
O4 - HKLM\..\RunServices: [Vio Pes] vwa32.exe
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [Ajr] C:\WINDOWS\System32\??anregw.exe
O4 - HKCU\..\Run: [xjyfrrf] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oapdtoi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mimfimp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [viiqxhr] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [bxtsjtm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oaeosns] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [cvilixc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [dxtfnah] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xhtyvxh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ykhenxg] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [bntcsvf] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yeeturm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yycfhae] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [apjpdsl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ryphkdi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hgepfsi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xrnsdev] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ctrereq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [kmhasdl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ictxgin] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [jkhfmhx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gammcdp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ciqlyxv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [fuhsvxi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hrcrrya] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mprgjcu] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [usyytli] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gqjitfm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ipayptn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [jfbvdlc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ygurpra] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [nkucbif] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hfmqeks] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gyacbsr] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xyeehyg] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [dmqdmfd] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qodltbq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wuoudri] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [indedyr] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ucwacne] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [waufsgx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wnhrkpx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [okbctba] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hjqlkcl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ygnhrjv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xbhwfhp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ificgic] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [stywcvk] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [uqjobsh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lncqmls] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vojisat] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ecujgim] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qkjwnpp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yqncquq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [nqqyskv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wqyaxoi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [opotjro] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [otuvnjx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [fensrhb] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [cnywnjm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vovgach] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [faivdjx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [rpdmixy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [audpfqn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [layliog] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ipsuyuc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [fkmgejw] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oribmju] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lejfiuc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [eascnho] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vdinvrv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [spdxkyq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mahygls] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ibciqmj] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vsafrxo] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yonreiy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [dllfgie] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [aepeaff] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hpmeboh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [shacofm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lliktuk] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [sqaupnn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hwiauou] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [tintjeo] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [iktlytn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [kpuwadh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oqnrunl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [sihfsxc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yccnfwm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [elkadib] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xalhebu] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [letcqnl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gabsivd] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mxxnfkt] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ojxpwqx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lfrinlm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ilruilc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ugeetqy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ooywhfb] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lkymjwm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vwisovs] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xjotoqj] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [idwofbq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qmonkxy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qxkmktd] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [igcyknb] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wnbgssm] c:\windows\ryxqtkn.exe
O4 - HKCU\..\Run: [ppviocc] c:\windows\nexqgiq.exe
O4 - HKCU\..\Run: [jmontux] c:\windows\ikgerqa.exe
O4 - HKCU\..\Run: [qwveiap] c:\windows\khkoyvr.exe
O4 - HKCU\..\Run: [linofsx] c:\windows\rmwxwgm.exe
O4 - HKCU\..\Run: [mwdjklp] c:\windows\rmwxwgm.exe
O4 - HKCU\..\Run: [ksjpent] c:\windows\kqcpmms.exe
O4 - HKCU\..\Run: [vqcxadn] c:\windows\tfudewl.exe
O4 - HKCU\..\Run: [lofioik] c:\windows\sltvdji.exe
O4 - HKCU\..\Run: [eawnsom] c:\windows\ksaauyu.exe
O4 - HKCU\..\Run: [fvwjkyl] c:\windows\hxfwwxc.exe
O4 - HKCU\..\Run: [inaifkb] c:\windows\hxfwwxc.exe
O4 - HKCU\..\Run: [ekhhnqv] c:\windows\epjujcu.exe
O4 - HKCU\..\Run: [wbplrwr] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [lhcpmxk] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [siiemkh] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [cikegjn] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [mtupqnq] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [tjrpvvu] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [icgdwdy] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [bsxjgpl] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [jcmoeut] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [mqabuws] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [qltlcum] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [kanuhys] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [chaxanb] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [fqdkcdw] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [qckvsjj] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [nehtpvm] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [rfgqjri] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [whtvbfk] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [srrysqc] c:\windows\khppcsy.exe
O4 - HKCU\..\Run: [qvysnej] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [nibtxul] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [cooqksr] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [wrxvwge] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kxcifou] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kismube] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [foljhtx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [aqntdqq] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [tyvydkw] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [eytbklx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [tweaccg] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [uoiontn] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [cgsibri] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [chcdxmw] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [yitsdkl] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [lkfjxon] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qiiohga] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qpqvslt] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [uaulmob] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [uqtgexc] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kavlhkk] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [oyvwxha] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [dajqckd] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kawncaq] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [guiqvuc] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qgerpgn] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [lywwoel] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [gfeveeh] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qrivywg] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [sjjpoiu] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [yyjvemb] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [aogktmy] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [txfxpuu] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [rkdgkls] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [nywksvp] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [tpiexpd] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [hnogauj] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [gxhnhop] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [ltadrjx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [yaragga] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kcuqfhc] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [daotcwx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [olfbvnk] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [xonsflb] c:\windows\tmmqvqx.exe
O4 - HKCU\..\Run: [sqdnwoa] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [whjntop] c:\windows\dvuwwbl.exe
O4 - HKCU\..\Run: [svkkfcg] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [hmjqank] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [gkdweco] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [fifvwcb] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [oljsuuw] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [nsgbjic] c:\windows\mtfxuql.exe
O4 - HKCU\..\Run: [vajhafd] c:\windows\einhnfd.exe
O4 - HKCU\..\Run: [khlbgxd] c:\windows\kpvssxf.exe
O4 - HKCU\..\Run: [nemlyrv] c:\windows\kqjltfy.exe
O4 - HKCU\..\Run: [slwkjiw] c:\windows\kjpakwn.exe
O4 - HKCU\..\Run: [oguvtua] c:\windows\crjoubx.exe
O4 - HKCU\..\Run: [kauntvu] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [lcjabyb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [hhbyahf] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [vtliypb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [nrvxfyb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [jfppkvq] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [jjkwpxq] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [gmtoklb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [geaxxgg] c:\windows\isrolbo.exe
O4 - HKCU\..\Run: [mcwvaya] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [yrfwskv] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [lysfjpu] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [uucswsj] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [vkgujob] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [bmoojpc] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [kjbpuli] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [hilyrpi] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [cioeeab] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [kvaelin] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [pfxahfc] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [vrvpuqf] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [nsjpjre] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [mjjdgwv] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [aafrwql] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [aktiiof] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [vhlupox] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [elpihjc] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [nluaqbk] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [abcpemx] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [jjqjqdw] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [llprobo] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [qtwaamq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [kdgjqgc] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [ukbixru] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [ryibgis] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [troxbvk] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [hmdqvkq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [jdrbroi] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [ewoqwce] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [quahgfj] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [xnykyrq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [knortie] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [nuyybtq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [uqkcouq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [cgicxwd] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [tfsxuvw] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [axykpqu] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [ybsyens] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [okyisgf] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [hqwvtpw] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [eorugbi] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {210B16CB-F9F8-4C36-B11E-E865DF76354B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {210B16CB-F9F8-4C36-B11E-E865DF76354B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2AEF4EE1-07B6-46FD-9379-2C8C7B4F62DD} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2AEF4EE1-07B6-46FD-9379-2C8C7B4F62DD} - (no file) (HKCU)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Support - {95540188-895D-49E0-BF8B-37D28ED3F799} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O12 - Plugin for .IE5: C:\PROGRA~1\INTERN~1\PLUGINS\NPQTPL~1.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.../kavwebscan.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\System32\sqlallg.dll
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\n0r20a9oed.dll (file missing)
O21 - SSODL: Shedule Protocol - {07A58DD3-BC91-4982-9550-D69F8866AE12} - C:\WINDOWS\System32\iasantld.dll (file missing)
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\DHERE\Local Settings\Temporary Internet Files\Content.IE5\6U50JHLR\CWShredder[1].exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Vio Pes (Vie Pes) - Unknown owner - C:\WINDOWS\System32\vwa32.exe" -service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

Advertisements


#17
Guest_usetobe_*

Guest_usetobe_*
  • Guest
From the l2mfix folder on your desktop, double click l2mfix.bat and select option #4 for Run Fix by typing 4 and then pressing enter. This will restore the winlogon defaults.


Further instructions to follow shortly once i've done it. As you can probably see there is a lot to do :tazz:
  • 0

#18
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Please print out a copy of these instructions so you have them handy as you need to reboot into safe mode

I need you to copy all of the Killbox file paths below and paste them into Notepad.. Save the notepad file to your desktop

c:\windows\ddlkwrq.exe
c:\windows\ryxqtkn.exe
C:\WINDOWS\enhtb.dll
C:\WINDOWS\System32\clhbafj.dll
c:\Program Files\Fla\fla.dll
C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
c:\Program Files\Fln\fln.dll
C:\Program Files\Ad-Protect\ADPIEmonitor.dll
C:\documents and settings\dhere\local settings\temp\4U4Rfn.exe
C:\documents and settings\dhere\local settings\temp\pQpJE8y.exe
C:\documents and settings\dhere\local settings\temp\CKBcC5c.exe
C:\documents and settings\dhere\local settings\temp\yhqY3d7.exe
C:\documents and settings\dhere\local settings\temp\xVCVpv.exe
C:\WINDOWS\system32\BW_ActiveX.Stub.exe
c:\windows\system32\csuptfn.exe
C:\WINDOWS\system32\n20050308.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\ulrrenv.exe" /HideDir /HideUninstall /PC="CP.FHB" /ShowLegalNote="nonbranded"C:\WINDOWS\System32\abasa5jrp.exe
C:\WINDOWS\System32\p0n8ting.exe
C:\Program Files\Common Files\Java\flncpy.exe"
c:\windows\system32\kresbz.exe
C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
C:\WINDOWS\System32\sysmonnt
c:\windows\nexqgiq.exe
c:\windows\ikgerqa.exe
c:\windows\khkoyvr.exe
c:\windows\rmwxwgm.exe
c:\windows\kqcpmms.exe
c:\windows\tfudewl.exe
c:\windows\sltvdji.exe
c:\windows\ksaauyu.exe
c:\windows\hxfwwxc.exe
c:\windows\epjujcu.exe
c:\windows\lsujyff.exe
c:\windows\lsujyff.exe
c:\windows\xexlxxv.exe
c:\windows\lsujyff.exe
c:\windows\xexlxxv.exe
c:\windows\lsujyff.exe
c:\windows\khppcsy.exe
c:\windows\myxwddb.exe
c:\windows\tmmqvqx.exe
c:\windows\ppjtmry.exe
c:\windows\dvuwwbl.exe
c:\windows\ppjtmry.exe
c:\windows\mtfxuql.exe
c:\windows\einhnfd.exe
c:\windows\kpvssxf.exe
c:\windows\kqjltfy.exe
c:\windows\kjpakwn.exe
c:\windows\crjoubx.exe
c:\windows\tkdjwum.exe
c:\windows\isrolbo.exe
c:\windows\rflwmri.exe
C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
C:\WINDOWS\System32\sqlallg.dll
C:\WINDOWS\system32\n0r20a9oed.dll
C:\WINDOWS\System32\iasantld.dll
C:\WINDOWS\svcproc.exe
C:\WINDOWS\System32\vwa32.exe


* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.
Unzip it to the desktop.

Click Start > Run > and type in:

services.msc

Click OK.

In the services window find .Service: System Startup Service (SvcProc)
Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK.

Then In the services window find .Service: Service: Vio Pes (Vie Pes)
Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK

Exit the Services utility.

Reboot into Safe Mode by taping the F8 key whilst pc starting up, then select SAFE MODE.

Rescan with HJT and check the following entries if still present. There are a tremendous amount so ensure you get them all

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing)
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: (no name) - {4593F035-9115-449D-9432-AED670874A96} - C:\WINDOWS\System32\clhbafj.dll (file missing)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll (file missing)
O2 - BHO: CIEExtension Object - {B51DC573-E998-4834-9B45-BAB7C2AE0A75} - C:\Program Files\Ad-Protect\ADPIEmonitor.dll (file missing)
O4 - HKLM\..\Run: [sountskmanager] sountaskmgr
O4 - HKLM\..\Run: [Microsoft Update] msawindows.exe
O4 - HKLM\..\Run: [4U4Rfn] C:\documents and settings\dhere\local settings\temp\4U4Rfn.exe
O4 - HKLM\..\Run: [pQpJE8y] C:\documents and settings\dhere\local settings\temp\pQpJE8y.exe
O4 - HKLM\..\Run: [CKBcC5c] C:\documents and settings\dhere\local settings\temp\CKBcC5c.exe
O4 - HKLM\..\Run: [yhqY3d7] C:\documents and settings\dhere\local settings\temp\yhqY3d7.exe
O4 - HKLM\..\Run: [xVCVpv] C:\documents and settings\dhere\local settings\temp\xVCVpv.exe
O4 - HKLM\..\Run: [vcmxin] C:\WINDOWS\system32\BW_ActiveX.Stub.exe
O4 - HKLM\..\Run: [csuptfn] c:\windows\system32\csuptfn.exe
O4 - HKLM\..\Run: [nsvcin] C:\WINDOWS\system32\n20050308.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [AutoLoaderq0t61YKfMKPJ] "C:\WINDOWS\System32\ulrrenv.exe" /HideDir /HideUninstall /PC="CP.FHB" /ShowLegalNote="nonbranded"O4 - HKLM\..\Run: [q72g3sX] ulrrenv.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - HKLM\..\Run: [ Messenger] C:\WINDOWS\System32\p0n8ting.exe
O4 - HKLM\..\Run: [combop.exe] combop.exe
O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe"
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [fwjwvzh] c:\windows\system32\kresbz.exe
O4 - HKLM\..\Run: [Vio Pes] vwa32.exe
O4 - HKLM\..\Run: [BMan] C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
O4 - HKLM\..\RunServices: [sountskmanager] sountaskmgr
O4 - HKLM\..\RunServices: [Microsoft Update] msawindows.exe
O4 - HKLM\..\RunServices: [Vio Pes] vwa32.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [Ajr] C:\WINDOWS\System32\??anregw.exe
O4 - HKCU\..\Run: [xjyfrrf] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oapdtoi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mimfimp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [viiqxhr] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [bxtsjtm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oaeosns] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [cvilixc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [dxtfnah] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xhtyvxh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ykhenxg] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [bntcsvf] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yeeturm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yycfhae] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [apjpdsl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ryphkdi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hgepfsi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xrnsdev] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ctrereq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [kmhasdl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ictxgin] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [jkhfmhx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gammcdp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ciqlyxv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [fuhsvxi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hrcrrya] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mprgjcu] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [usyytli] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gqjitfm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ipayptn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [jfbvdlc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ygurpra] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [nkucbif] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hfmqeks] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gyacbsr] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xyeehyg] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [dmqdmfd] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qodltbq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wuoudri] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [indedyr] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ucwacne] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [waufsgx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wnhrkpx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [okbctba] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hjqlkcl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ygnhrjv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xbhwfhp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ificgic] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [stywcvk] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [uqjobsh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lncqmls] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vojisat] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ecujgim] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qkjwnpp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yqncquq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [nqqyskv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wqyaxoi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [opotjro] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [otuvnjx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [fensrhb] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [cnywnjm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vovgach] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [faivdjx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [rpdmixy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [audpfqn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [layliog] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ipsuyuc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [fkmgejw] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oribmju] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lejfiuc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [eascnho] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vdinvrv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [spdxkyq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mahygls] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ibciqmj] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vsafrxo] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yonreiy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [dllfgie] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [aepeaff] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hpmeboh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [shacofm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lliktuk] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [sqaupnn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hwiauou] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [tintjeo] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [iktlytn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [kpuwadh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oqnrunl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [sihfsxc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yccnfwm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [elkadib] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xalhebu] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [letcqnl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gabsivd] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mxxnfkt] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ojxpwqx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lfrinlm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ilruilc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ugeetqy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ooywhfb] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lkymjwm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vwisovs] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xjotoqj] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [idwofbq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qmonkxy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qxkmktd] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [igcyknb] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wnbgssm] c:\windows\ryxqtkn.exe
O4 - HKCU\..\Run: [ppviocc] c:\windows\nexqgiq.exe
O4 - HKCU\..\Run: [jmontux] c:\windows\ikgerqa.exe
O4 - HKCU\..\Run: [qwveiap] c:\windows\khkoyvr.exe
O4 - HKCU\..\Run: [linofsx] c:\windows\rmwxwgm.exe
O4 - HKCU\..\Run: [mwdjklp] c:\windows\rmwxwgm.exe
O4 - HKCU\..\Run: [ksjpent] c:\windows\kqcpmms.exe
O4 - HKCU\..\Run: [vqcxadn] c:\windows\tfudewl.exe
O4 - HKCU\..\Run: [lofioik] c:\windows\sltvdji.exe
O4 - HKCU\..\Run: [eawnsom] c:\windows\ksaauyu.exe
O4 - HKCU\..\Run: [fvwjkyl] c:\windows\hxfwwxc.exe
O4 - HKCU\..\Run: [inaifkb] c:\windows\hxfwwxc.exe
O4 - HKCU\..\Run: [ekhhnqv] c:\windows\epjujcu.exe
O4 - HKCU\..\Run: [wbplrwr] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [lhcpmxk] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [siiemkh] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [cikegjn] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [mtupqnq] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [tjrpvvu] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [icgdwdy] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [bsxjgpl] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [jcmoeut] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [mqabuws] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [qltlcum] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [kanuhys] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [chaxanb] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [fqdkcdw] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [qckvsjj] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [nehtpvm] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [rfgqjri] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [whtvbfk] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [srrysqc] c:\windows\khppcsy.exe
O4 - HKCU\..\Run: [qvysnej] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [nibtxul] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [cooqksr] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [wrxvwge] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kxcifou] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kismube] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [foljhtx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [aqntdqq] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [tyvydkw] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [eytbklx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [tweaccg] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [uoiontn] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [cgsibri] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [chcdxmw] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [yitsdkl] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [lkfjxon] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qiiohga] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qpqvslt] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [uaulmob] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [uqtgexc] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kavlhkk] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [oyvwxha] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [dajqckd] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kawncaq] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [guiqvuc] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qgerpgn] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [lywwoel] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [gfeveeh] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qrivywg] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [sjjpoiu] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [yyjvemb] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [aogktmy] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [txfxpuu] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [rkdgkls] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [nywksvp] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [tpiexpd] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [hnogauj] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [gxhnhop] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [ltadrjx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [yaragga] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kcuqfhc] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [daotcwx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [olfbvnk] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [xonsflb] c:\windows\tmmqvqx.exe
O4 - HKCU\..\Run: [sqdnwoa] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [whjntop] c:\windows\dvuwwbl.exe
O4 - HKCU\..\Run: [svkkfcg] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [hmjqank] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [gkdweco] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [fifvwcb] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [oljsuuw] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [nsgbjic] c:\windows\mtfxuql.exe
O4 - HKCU\..\Run: [vajhafd] c:\windows\einhnfd.exe
O4 - HKCU\..\Run: [khlbgxd] c:\windows\kpvssxf.exe
O4 - HKCU\..\Run: [nemlyrv] c:\windows\kqjltfy.exe
O4 - HKCU\..\Run: [slwkjiw] c:\windows\kjpakwn.exe
O4 - HKCU\..\Run: [oguvtua] c:\windows\crjoubx.exe
O4 - HKCU\..\Run: [kauntvu] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [lcjabyb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [hhbyahf] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [vtliypb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [nrvxfyb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [jfppkvq] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [jjkwpxq] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [gmtoklb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [geaxxgg] c:\windows\isrolbo.exe
O4 - HKCU\..\Run: [mcwvaya] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [yrfwskv] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [lysfjpu] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [uucswsj] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [vkgujob] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [bmoojpc] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [kjbpuli] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [hilyrpi] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [cioeeab] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [kvaelin] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [pfxahfc] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [vrvpuqf] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [nsjpjre] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [mjjdgwv] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [aafrwql] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [aktiiof] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [vhlupox] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [elpihjc] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [nluaqbk] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [abcpemx] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [jjqjqdw] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [llprobo] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [qtwaamq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [kdgjqgc] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [ukbixru] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [ryibgis] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [troxbvk] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [hmdqvkq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [jdrbroi] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [ewoqwce] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [quahgfj] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [xnykyrq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [knortie] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [nuyybtq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [uqkcouq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [cgicxwd] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [tfsxuvw] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [axykpqu] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [ybsyens] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [okyisgf] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [hqwvtpw] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [eorugbi] c:\windows\rflwmri.exe
O9 - Extra button: Microsoft AntiSpyware helper - {210B16CB-F9F8-4C36-B11E-E865DF76354B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {210B16CB-F9F8-4C36-B11E-E865DF76354B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2AEF4EE1-07B6-46FD-9379-C8C7B4F62DD} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2AEF4EE1-07B6-46FD-9379-2C8C7B4F62DD} - (no file) (HKCU)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\System32\sqlallg.dll
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\n0r20a9oed.dll (file missing)
O21 - SSODL: Shedule Protocol - {07A58DD3-BC91-4982-9550-D69F8866AE12} - C:\WINDOWS\System32\iasantld.dll (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Vio Pes (Vie Pes) - Unknown owner - C:\WINDOWS\System32\vwa32.exe" -service (file missing)


Ensure no windows open except HJT and click fix checked.

* Please run Killbox.

* Select "Delete on Reboot".

* Open the Notepad file where you saved the file paths earlier and copy the file paths below to the clipboard by highlighting them and pressing CTRL + C:

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

Now rescan with Ewido and save the report.

Rescan with Panda Active scan and save the report

Rescan with HJT and post the log back, together with the ewido and panda scans
  • 0

#19
raw0911

raw0911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi usetobe,

This is the panda scan logfile followed by hijackthis logfile..The ewido scan showed no viruses....thanks to you the HJK file looks so much better now..
My desktop screen was black and was showing a warning for a long time. It is not showing the warning any more, but the background is all white and keeps blinking...can you tell me why this is so...

Panda Platinum 2005 Internet Security incident report
Filter selected:Virus detected, Suspicious file, Dangerous file, Script execution, Phone connection, Connection attempt, Port scan attack, Denial of service attack, Spoofing, Attacking IP address blocked, Enabled, Disabled, Update, Scan started, Scan complete, Date: All
INCIDENT NOTIFIED BY DATE-TIME RESULT ADDITIONAL INFORMATION
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Virus detected: Bck/Agent.E Antivirus protection 06/25/05 14:59:10 Path: c:\windows\system32\sqlallg.dll
Virus detected: Bck/Agent.E Antivirus protection 06/25/05 14:59:10 Path: c:\windows\system32\sqlallg.dll
Virus detected: Bck/Agent.E Antivirus protection 06/25/05 14:59:09 Path: c:\windows\system32\sqlallg.dll
Virus detected: Bck/Agent.E Antivirus protection 06/25/05 14:59:09 Path: c:\windows\system32\sqlallg.dll
Virus detected: Bck/Agent.E Antivirus protection 06/25/05 14:59:09 Path: c:\windows\system32\sqlallg.dll
Virus detected: Bck/Agent.E Antivirus protection 06/25/05 14:59:09 Path: c:\windows\system32\sqlallg.dll
Virus detected: Bck/Agent.E Antivirus protection 06/25/05 14:59:09 Path: c:\windows\system32\sqlallg.dll
Virus detected: Bck/Agent.E Antivirus protection 06/25/05 14:59:09 Path: c:\windows\system32\sqlallg.dll
Virus detected: Bck/Agent.E Antivirus protection 06/25/05 14:58:45 Path: c:\windows\system32\sqlallg.dll
Virus detected: Bck/Agent.E Antivirus protection 06/25/05 14:58:45 Path: c:\windows\system32\sqlallg.dll
Virus detected: Bck/Agent.E Antivirus protection 06/25/05 14:58:45 Path: c:\windows\system32\sqlallg.dll
Virus detected: Bck/Agent.E Antivirus protection 06/25/05 14:58:45 Path: c:\windows\system32\sqlallg.dll
Virus detected: Bck/Agent.E Antivirus protection 06/25/05 14:58:45 Path: c:\windows\system32\sqlallg.dll
Virus detected: Bck/Agent.E Antivirus protection 06/25/05 14:58:44 Path: c:\windows\system32\sqlallg.dll
Virus detected: Bck/Agent.E Antivirus protection 06/25/05 14:58:44 Path: c:\windows\system32\sqlallg.dll
Virus detected: Bck/Agent.E Antivirus protection 06/25/05 14:58:42 Path: c:\windows\system32\sqlallg.dll
Virus detected: Bck/Agent.E Antivirus protection 06/25/05 14:58:42 Path: c:\windows\system32\sqlallg.dll
Scan complete On-demand antivirus scan 06/25/05 14:58:10 Scan: My Computer
Adware detected: Adware/SAHAgent On-demand antivirus scan 06/25/05 14:02:33 Disinfected Path: C:\WINDOWS\system32\u6f6uftuc.ini
Adware detected: Adware/SAHAgent On-demand antivirus scan 06/25/05 14:01:17 Disinfected Path: C:\WINDOWS\system32\hochkaod3.ini
Adware detected: Adware/SAHAgent On-demand antivirus scan 06/25/05 13:59:54 Disinfected Path: C:\WINDOWS\system32\abasa5jrp.ini
Adware detected: Adware/SAHAgent On-demand antivirus scan 06/25/05 13:59:45 Disinfected Path: C:\WINDOWS\system32\70tovmto.ini
Hacking tool detected: Hacktool/Proc... On-demand antivirus scan 06/25/05 13:17:46 Disinfected Path: C:\Documents and Settings\DHERE\Desktop\l2mfix.exe[Process.exe]
Spyware detected: Cookie/Ask On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.ask.com/]
Spyware detected: Cookie/OfferOptimizer On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.offeroptimizer.com/]
Spyware detected: Cookie/OfferOptimizer On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.offeroptimizer.com/]
Spyware detected: Cookie/OfferOptimizer On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.offeroptimizer.com/]
Spyware detected: Cookie/OfferOptimizer On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.offeroptimizer.com/]
Spyware detected: Cookie/OfferOptimizer On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.offeroptimizer.com/]
Spyware detected: Cookie/YieldManager On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[ad.yieldmanager.com/]
Spyware detected: Cookie/YieldManager On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[ad.yieldmanager.com/]
Spyware detected: Cookie/YieldManager On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[ad.yieldmanager.com/]
Spyware detected: Cookie/YieldManager On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[ad.yieldmanager.com/]
Spyware detected: Cookie/YieldManager On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[ad.yieldmanager.com/]
Spyware detected: Cookie/WUpd On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.revenue.net/]
Spyware detected: Cookie/WUpd On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.revenue.net/]
Spyware detected: Cookie/WUpd On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.revenue.net/]
Spyware detected: Cookie/WUpd On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.revenue.net/]
Spyware detected: Cookie/Belnk On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.belnk.com/]
Spyware detected: Cookie/Belnk On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.dist.belnk.com/]
Spyware detected: Cookie/Belnk On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.belnk.com/]
Spyware detected: Cookie/GangbangSquad On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.gangbangsquad.com/]
Spyware detected: Cookie/GangbangSquad On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.gangbangsquad.com/]
Spyware detected: Cookie/GangbangSquad On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.gangbangsquad.com/]
Spyware detected: Cookie/GangbangSquad On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.gangbangsquad.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.servedby.advertising.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.servedby.advertising.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.servedby.advertising.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.servedby.advertising.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.advertising.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.servedby.advertising.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.advertising.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.servedby.advertising.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.servedby.advertising.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.servedby.advertising.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.servedby.advertising.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.servedby.advertising.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.servedby.advertising.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.servedby.advertising.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.advertising.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.servedby.advertising.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.servedby.advertising.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.servedby.advertising.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.servedby.advertising.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.servedby.advertising.com/]
Spyware detected: Cookie/Advertising.com On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.advertising.com/]
Spyware detected: Cookie/Casalemedia On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.casalemedia.com/]
Spyware detected: Cookie/Casalemedia On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.casalemedia.com/]
Spyware detected: Cookie/Casalemedia On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.casalemedia.com/]
Spyware detected: Cookie/Casalemedia On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.casalemedia.com/]
Spyware detected: Cookie/Casalemedia On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.casalemedia.com/]
Spyware detected: Cookie/Casalemedia On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.casalemedia.com/]
Spyware detected: Cookie/Casalemedia On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.casalemedia.com/]
Spyware detected: Cookie/Traffic Mar... On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.trafficmp.com/]
Spyware detected: Cookie/Traffic Mar... On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.trafficmp.com/]
Spyware detected: Cookie/Traffic Mar... On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.trafficmp.com/]
Spyware detected: Cookie/Traffic Mar... On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.trafficmp.com/]
Spyware detected: Cookie/Traffic Mar... On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.trafficmp.com/]
Spyware detected: Cookie/Traffic Mar... On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.trafficmp.com/]
Spyware detected: Cookie/Hbmediapro On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.adopt.hbmediapro.com/]
Spyware detected: Cookie/Hbmediapro On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.adopt.hbmediapro.com/]
Spyware detected: Cookie/Hbmediapro On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.adopt.hbmediapro.com/]
Spyware detected: Cookie/Hbmediapro On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.adopt.hbmediapro.com/]
Spyware detected: Cookie/Maxserving On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.maxserving.com/]
Spyware detected: Cookie/Maxserving On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.maxserving.com/]
Spyware detected: Cookie/Zedo On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.zedo.com/]
Spyware detected: Cookie/Zedo On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.zedo.com/]
Spyware detected: Cookie/Zedo On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.zedo.com/]
Spyware detected: Cookie/Hitbox On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.hitbox.com/]
Spyware detected: Cookie/Hitbox On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.hitbox.com/]
Spyware detected: Cookie/24/7 Realmedia On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.247realmedia.com/]
Spyware detected: Cookie/RealMedia On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.realmedia.com/]
Spyware detected: Cookie/RealMedia On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.realmedia.com/]
Spyware detected: Cookie/Adserver On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.z1.adserver.com/]
Spyware detected: Cookie/RealMedia On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.realmedia.com/]
Spyware detected: Cookie/Adserver On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.z1.adserver.com/]
Spyware detected: Cookie/Adserver On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.z1.adserver.com/]
Spyware detected: Cookie/FastClick On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.fastclick.net/]
Spyware detected: Cookie/FastClick On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.fastclick.net/]
Spyware detected: Cookie/FastClick On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.fastclick.net/]
Spyware detected: Cookie/FastClick On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.fastclick.net/]
Spyware detected: Cookie/FastClick On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.fastclick.net/]
Spyware detected: Cookie/FastClick On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.fastclick.net/]
Spyware detected: Cookie/QuestionMarket On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.questionmarket.com/]
Spyware detected: Cookie/QuestionMarket On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[.questionmarket.com/]
Spyware detected: Cookie/Coremetrics On-demand antivirus scan 06/25/05 13:15:19 Disinfected Path: C:\Documents and Settings\DHERE\Application Data\Mozilla\Profiles\default\t4q7zj0v.slt\cookies.txt[data.coremetrics.com/]
Spyware detected: Cookie/CentrPort On-demand antivirus scan
  • 0

#20
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Please post HJT log
  • 0

#21
raw0911

raw0911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Logfile of HijackThis v1.99.1
Scan saved at 4:18:34 PM, on 6/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\SealedMedia\sealmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Documents and Settings\DHERE\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [q72g3sX] ulrrenv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {95540188-895D-49E0-BF8B-37D28ED3F799} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O12 - Plugin for .IE5: C:\PROGRA~1\INTERN~1\PLUGINS\NPQTPL~1.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.../kavwebscan.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205893FB-CABD-4E12-82F2-6D1E9BA6E5FF}: NameServer = 206.141.192.60 206.141.193.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{205893FB-CABD-4E12-82F2-6D1E9BA6E5FF}: NameServer = 206.141.192.60 206.141.193.55
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\DHERE\Local Settings\Temporary Internet Files\Content.IE5\6U50JHLR\CWShredder[1].exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

#22
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Raw,

HJT definately looking better, just a little work left there.

First i need you to do something else.

Please open Notepad, and copy/paste the code in the box below into a new text file. Save it as FindFile.bat and save it on your Desktop.

dir C:\WINDOWS\System32\??anregw.exe /a h > files.txt
notepad files.txt

Locate FindFile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the text here

Edited by usetobe, 25 June 2005 - 02:36 PM.

  • 0

#23
raw0911

raw0911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
did the findfile...this is what the notepad have..

Volume in drive C has no label.
Volume Serial Number is 304E-C1B1

Directory of C:\WINDOWS\System32


Directory of C:\Documents and Settings\DHERE\Desktop
  • 0

#24
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Again,

Reboot into SAFE MODE scan with HJT and check the following entries:

O4 - HKLM\..\Run: [q72g3sX]
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


Ensure no windows open except HJT and click fix checked.

Ensure pc setup to show hidden files.

Now using windows explorer carry out a seach for the following

ulrrenv.exe

When found delete it

Also locate and delete the following:

[b]c:\windows\system32\sqlallg.dll


Reboot PC normally

Rescan with HJT and post the log back
  • 0

#25
raw0911

raw0911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I was able to do the first 2 things..Windows explorer was not able to find the file c:\windows\system32\sqlallg.dll.So could not delete it.
This is the latest HJK log..


Logfile of HijackThis v1.99.1
Scan saved at 12:11:56 PM, on 6/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\SealedMedia\sealmon.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\WebProxy.exe
C:\Documents and Settings\DHERE\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {95540188-895D-49E0-BF8B-37D28ED3F799} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O12 - Plugin for .IE5: C:\PROGRA~1\INTERN~1\PLUGINS\NPQTPL~1.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.../kavwebscan.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205893FB-CABD-4E12-82F2-6D1E9BA6E5FF}: NameServer = 206.141.192.60 206.141.193.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{205893FB-CABD-4E12-82F2-6D1E9BA6E5FF}: NameServer = 206.141.192.60 206.141.193.55
O20 - AppInit_DLLs: C:\WINDOWS\System32\sqlallg.dll
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\DHERE\Local Settings\Temporary Internet Files\Content.IE5\6U50JHLR\CWShredder[1].exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

Advertisements


#26
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Raw,

I need you to copy all of the Killbox file paths below and paste them into Notepad. Save it to desktop

c:\windows\system32\sqlallg.dll

* Please download the http://www.bleepingc...es/killbox.php]Killbox by Option^Explicit[/url]. *In the event you already have Killbox, this is a new version that I need you to download.

* Save it to your desktop.

Please boot into SAFE MODE.

Scan with HJT and check the following if it still exists

O20 - AppInit_DLLs: C:\WINDOWS\System32\sqlallg.dll

* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Open the Notepad file where you saved the file paths earlier and copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

Rescan with hjt and post the log back.

Re your Desktop issue,

Please right-click: HERE and go to Save As (in Internet Explorer it's "Save Target As") in order to download Grinler's reg file. Save it to your desktop.

Locate "smitfraud.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the "merged successfully" prompt then follow the rest of the instructions below.

Rightclick on your desktop > choose properties > display properties and choose Windows XPstyle.
Click apply and OK.

You have to choose the tab 'display properties', not the tab 'Theme's'.
The tab display properties is the 4th one from left. There will be the ' "windows and buttons" menu in it where you can select Windows Classic or Windows XP-style.
Select Windows XP-style.

If you can't find the Windows XP-style in there -- only the windows classic, tell me afterwards.
  • 0

#27
raw0911

raw0911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi usetobe,

I downloaded Killbox and deleted sqlallg.exe. There was no sqlallg.exe in the HJK logfile. Following is the latest HJK log..

I saved smitfraud.reg on desktop. I changed the desktop settings to windows XP style and nothing changed. The desktop background is still white.

Logfile of HijackThis v1.99.1
Scan saved at 1:54:37 PM, on 6/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\DHERE\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {95540188-895D-49E0-BF8B-37D28ED3F799} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O12 - Plugin for .IE5: C:\PROGRA~1\INTERN~1\PLUGINS\NPQTPL~1.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.../kavwebscan.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205893FB-CABD-4E12-82F2-6D1E9BA6E5FF}: NameServer = 206.141.192.60 206.141.193.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{205893FB-CABD-4E12-82F2-6D1E9BA6E5FF}: NameServer = 206.141.192.60 206.141.193.55
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\DHERE\Local Settings\Temporary Internet Files\Content.IE5\6U50JHLR\CWShredder[1].exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

#28
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Copy the part in bold below into notepad and save it to desktop as background.reg
Save as type:All files

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=-
"NoAddingComponents"=-
"NoComponents"=-
"NoDeletingComponents"=-
"NoEditingComponents"=-
"NoCloseDragDropBands"=-
"NoMovingBands"=-
"NoHTMLWallPaper"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-
"NoActiveDesktop"=-
"NoSaveSettings"=-
"ClassicShell"=-
"NoThemesTab"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-


Doubleclick the file and confirm you want to merge it with the registry.


Let me know of the progress
  • 0

#29
raw0911

raw0911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi again,

I did save the file background.reg and it was merged with the registry. When I right click on the desktop background and click on properties, I don't get any options for display properties..What pops u, is a general window without any options for changing any settings. The desktop background is still the same..can you guide me on this?
  • 0

#30
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Ok try this.

Download the attached file

uncompress it and then

run
firstfix.reg
agree to merge

then
fixsecond.reg
agree to merge

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP