Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

winfixer 2005, lost connection [CLOSED]


  • This topic is locked This topic is locked

#1
Hitman0150

Hitman0150

    Member

  • Member
  • PipPip
  • 32 posts
Scan saved at 6:05:59 PM, on 8/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\DOCUME~1\Mike\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://adelphia.net/index.php
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by22fd.bay22....ex/HMAtchmt.ocx
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hello again, what happened last time? I closed your topic due to inactivity.

I want you to do this again (run those programs in Safe Mode):

Please read the first link in my signature and follow the steps outlined there. I want you to run Ewido and Panda scans (run them separately). Give me each of their logs when you are done.
  • 0

#3
Hitman0150

Hitman0150

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
no infections found with ewido, doing the other scans now
  • 0

#4
Hitman0150

Hitman0150

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
nothing is being found by the scnaers but i still have web page changers and winfixer pop ups
  • 0

#5
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK, do this:

Download L2MFix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts. Then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing Enter. This will scan your computer and it may appear nothing is happening. After a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 or any other files in the l2mfix folder until you are asked to do so!
  • 0

#6
Hitman0150

Hitman0150

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
**********************************************************************************
useragent:
**********************************************************************************
Shell Extension key:
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
cdm.dll Thu May 26 2005 4:16:24a A.... 75,544 73.77 K
cmnsole.dll Mon Jul 11 2005 12:30:26p ..S.R 233,760 228.28 K
deime.dll Thu Aug 4 2005 5:53:24p ..S.R 233,248 227.78 K
gccoll~1.dll Tue Jul 12 2005 3:35:14p A.... 126,680 123.71 K
gcunco~1.dll Tue Jul 12 2005 3:35:10p A.... 95,448 93.21 K
hashlib.dll Tue Jul 12 2005 3:35:14p A.... 117,976 115.21 K
iuengine.dll Thu May 26 2005 4:16:24a A.... 198,424 193.77 K
lbhsvc.dll Mon Aug 8 2005 4:11:36p ..S.R 233,248 227.78 K
mcdscli.dll Sun Jul 24 2005 9:53:36p ..S.R 233,248 227.78 K
mlcndmgr.dll Wed Aug 3 2005 9:36:30p ..S.R 233,248 227.78 K
mmrle32.dll Fri Jul 29 2005 10:36:48a ..S.R 233,248 227.78 K
myvcp70.dll Mon Jul 11 2005 11:42:36p ..S.R 233,760 228.28 K
nemsapi.dll Fri Jul 29 2005 10:30:22a ..S.R 233,248 227.78 K
nqvdmd.dll Thu Jul 21 2005 8:08:12p ..S.R 233,248 227.78 K
pfcn20.dll Thu Aug 4 2005 2:42:06p ..S.R 233,248 227.78 K
pncrt.dll Sat Jun 11 2005 4:28:02p A.... 278,528 272.00 K
pndx5016.dll Sat Jun 11 2005 4:28:04p A.... 6,656 6.50 K
pndx5032.dll Sat Jun 11 2005 4:28:04p A.... 5,632 5.50 K
rhsauto.dll Sat Jul 30 2005 4:22:24p ..S.R 233,248 227.78 K
rmoc3260.dll Sat Jun 11 2005 4:28:14p A.... 176,167 172.04 K
s32evnt1.dll Fri May 13 2005 7:50:10p A.... 91,856 89.70 K
uqicows.dll Fri Jul 29 2005 8:12:16a ..S.R 233,248 227.78 K
vspodbc.dll Thu Aug 4 2005 5:03:14p ..S.R 233,248 227.78 K
wuapi.dll Thu May 26 2005 4:16:30a A.... 465,176 454.27 K
wuaueng.dll Thu May 26 2005 4:16:30a A.... 1,343,768 1.28 M
wuaueng1.dll Thu May 26 2005 4:16:30a A.... 194,328 189.77 K
wucltui.dll Thu May 26 2005 4:16:30a A.... 127,256 124.27 K
wups.dll Thu May 26 2005 4:16:30a A.... 41,240 40.27 K
wups2.dll Thu May 26 2005 4:16:30a A.... 18,200 17.77 K
wuweb.dll Thu May 26 2005 4:16:30a A.... 173,536 169.47 K
wynmgnt.dll Fri Jul 29 2005 8:05:46a ..S.R 233,248 227.78 K

31 items found: 31 files (14 H/S), 0 directories.
Total of file sizes: 6,802,911 bytes 6.48 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 7CF7-E628

Directory of C:\WINDOWS\System32

08/08/2005 04:11 PM <DIR> ..
08/08/2005 04:11 PM <DIR> .
08/08/2005 04:11 PM 233,248 lbhsvc.dll
08/04/2005 06:00 PM <DIR> dllcache
08/04/2005 05:53 PM 233,248 deime.dll
08/04/2005 05:03 PM 233,248 vspodbc.dll
08/04/2005 02:42 PM 233,248 pfcn20.dll
08/03/2005 09:36 PM 233,248 mlcndmgr.dll
07/30/2005 04:22 PM 233,248 rHsauto.dll
07/29/2005 10:36 AM 233,248 mmrle32.dll
07/29/2005 10:30 AM 233,248 nemsapi.dll
07/29/2005 08:12 AM 233,248 uqicows.dll
07/29/2005 08:05 AM 233,248 wynmgnt.dll
07/24/2005 09:53 PM 233,248 mcdscli.dll
07/21/2005 08:08 PM 233,248 nqvdmd.dll
07/11/2005 11:42 PM 233,760 myvcp70.dll
07/11/2005 12:30 PM 233,760 cmnsole.dll
06/16/2005 12:08 AM 2 cmd.com
06/16/2005 12:08 AM 2 regedit.com
06/16/2005 12:08 AM 2 tracert.com
06/16/2005 12:08 AM 2 tasklist.com
06/16/2005 12:08 AM 2 taskkill.com
06/16/2005 12:08 AM 2 netstat.com
06/16/2005 12:08 AM 2 ping.com
09/13/2004 10:28 AM 10,022 KGyGaAvL.sys
03/14/2004 08:03 PM <DIR> Microsoft
09/30/1999 07:21 PM 166,672 mstext35.dll
09/28/1999 09:42 PM 1,050,896 msjet35.dll
09/09/1999 10:06 PM 252,688 msexcl35.dll
09/09/1999 10:06 PM 168,720 msltus35.dll
08/25/1999 02:57 PM 415,504 msrepl35.dll
06/10/1999 09:34 AM 24,848 msjter35.dll
06/10/1999 09:34 AM 123,664 msjint35.dll
06/07/1999 06:59 PM 250,128 mspdox35.dll
04/25/1999 05:00 PM 252,176 Msrd2x35.dll
04/25/1999 05:00 PM 287,504 Msxbse35.dll
32 File(s) 6,269,332 bytes
4 Dir(s) 11,786,809,344 bytes free
  • 0

#7
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Whoa, what happened there? Log is not looking good.

Run L2MFix again and choose option #4 this time. Post that log here.

Then:

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing Enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2MFix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new HijackThis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
  • 0

#8
Hitman0150

Hitman0150

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
well it reboots but the icons dont dissapear and no log comes up?
  • 0

#9
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Go back and choose #1. Post that log if it comes up.
  • 0

#10
Hitman0150

Hitman0150

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
**********************************************************************************
useragent:
**********************************************************************************
Shell Extension key:
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
cdm.dll Thu May 26 2005 4:16:24a A.... 75,544 73.77 K
cmnsole.dll Mon Jul 11 2005 12:30:26p ..S.R 233,760 228.28 K
deime.dll Thu Aug 4 2005 5:53:24p ..S.R 233,248 227.78 K
gccoll~1.dll Tue Jul 12 2005 3:35:14p A.... 126,680 123.71 K
gcunco~1.dll Tue Jul 12 2005 3:35:10p A.... 95,448 93.21 K
hashlib.dll Tue Jul 12 2005 3:35:14p A.... 117,976 115.21 K
ipssvcs.dll Tue Aug 9 2005 4:08:30p ..S.R 233,248 227.78 K
iuengine.dll Thu May 26 2005 4:16:24a A.... 198,424 193.77 K
iusecsnp.dll Tue Aug 9 2005 4:02:04p ..S.R 233,248 227.78 K
mcdscli.dll Sun Jul 24 2005 9:53:36p ..S.R 233,248 227.78 K
mlcndmgr.dll Wed Aug 3 2005 9:36:30p ..S.R 233,248 227.78 K
mmrle32.dll Fri Jul 29 2005 10:36:48a ..S.R 233,248 227.78 K
myvcp70.dll Mon Jul 11 2005 11:42:36p ..S.R 233,760 228.28 K
nemsapi.dll Fri Jul 29 2005 10:30:22a ..S.R 233,248 227.78 K
nqvdmd.dll Thu Jul 21 2005 8:08:12p ..S.R 233,248 227.78 K
pfcn20.dll Thu Aug 4 2005 2:42:06p ..S.R 233,248 227.78 K
pncrt.dll Sat Jun 11 2005 4:28:02p A.... 278,528 272.00 K
pndx5016.dll Sat Jun 11 2005 4:28:04p A.... 6,656 6.50 K
pndx5032.dll Sat Jun 11 2005 4:28:04p A.... 5,632 5.50 K
rhsauto.dll Sat Jul 30 2005 4:22:24p ..S.R 233,248 227.78 K
rmoc3260.dll Sat Jun 11 2005 4:28:14p A.... 176,167 172.04 K
s32evnt1.dll Fri May 13 2005 7:50:10p A.... 91,856 89.70 K
uqicows.dll Fri Jul 29 2005 8:12:16a ..S.R 233,248 227.78 K
vspodbc.dll Thu Aug 4 2005 5:03:14p ..S.R 233,248 227.78 K
wuapi.dll Thu May 26 2005 4:16:30a A.... 465,176 454.27 K
wuaueng.dll Thu May 26 2005 4:16:30a A.... 1,343,768 1.28 M
wuaueng1.dll Thu May 26 2005 4:16:30a A.... 194,328 189.77 K
wucltui.dll Thu May 26 2005 4:16:30a A.... 127,256 124.27 K
wups.dll Thu May 26 2005 4:16:30a A.... 41,240 40.27 K
wups2.dll Thu May 26 2005 4:16:30a A.... 18,200 17.77 K
wuweb.dll Thu May 26 2005 4:16:30a A.... 173,536 169.47 K
wynmgnt.dll Fri Jul 29 2005 8:05:46a ..S.R 233,248 227.78 K

32 items found: 32 files (15 H/S), 0 directories.
Total of file sizes: 7,036,159 bytes 6.71 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 7CF7-E628

Directory of C:\WINDOWS\System32

08/09/2005 04:08 PM <DIR> ..
08/09/2005 04:08 PM <DIR> .
08/09/2005 04:08 PM 233,248 iPssvcs.dll
08/09/2005 04:02 PM 233,248 iusecsnp.dll
08/04/2005 06:00 PM <DIR> dllcache
08/04/2005 05:53 PM 233,248 deime.dll
08/04/2005 05:03 PM 233,248 vspodbc.dll
08/04/2005 02:42 PM 233,248 pfcn20.dll
08/03/2005 09:36 PM 233,248 mlcndmgr.dll
07/30/2005 04:22 PM 233,248 rHsauto.dll
07/29/2005 10:36 AM 233,248 mmrle32.dll
07/29/2005 10:30 AM 233,248 nemsapi.dll
07/29/2005 08:12 AM 233,248 uqicows.dll
07/29/2005 08:05 AM 233,248 wynmgnt.dll
07/24/2005 09:53 PM 233,248 mcdscli.dll
07/21/2005 08:08 PM 233,248 nqvdmd.dll
07/11/2005 11:42 PM 233,760 myvcp70.dll
07/11/2005 12:30 PM 233,760 cmnsole.dll
06/16/2005 12:08 AM 2 cmd.com
06/16/2005 12:08 AM 2 regedit.com
06/16/2005 12:08 AM 2 tracert.com
06/16/2005 12:08 AM 2 tasklist.com
06/16/2005 12:08 AM 2 taskkill.com
06/16/2005 12:08 AM 2 netstat.com
06/16/2005 12:08 AM 2 ping.com
09/13/2004 10:28 AM 10,022 KGyGaAvL.sys
03/14/2004 08:03 PM <DIR> Microsoft
09/30/1999 07:21 PM 166,672 mstext35.dll
09/28/1999 09:42 PM 1,050,896 msjet35.dll
09/09/1999 10:06 PM 252,688 msexcl35.dll
09/09/1999 10:06 PM 168,720 msltus35.dll
08/25/1999 02:57 PM 415,504 msrepl35.dll
06/10/1999 09:34 AM 123,664 msjint35.dll
06/10/1999 09:34 AM 24,848 msjter35.dll
06/07/1999 06:59 PM 250,128 mspdox35.dll
04/25/1999 05:00 PM 252,176 Msrd2x35.dll
04/25/1999 05:00 PM 287,504 Msxbse35.dll
33 File(s) 6,502,580 bytes
4 Dir(s) 11,783,532,544 bytes free
  • 0

#11
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Did you run option #4 in L2MFix yet? Some of those registry entries are just missing and we need to repair it.
  • 0

#12
Hitman0150

Hitman0150

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
if i try to run #4 it says cant find noti.txt
  • 0

#13
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hold on. This is just getting weird now. I will ask other staff members to take a look on this one and see what they think.
  • 0

#14
Hitman0150

Hitman0150

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
ok thanks
  • 0

#15
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP