Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Popups problem here too [CLOSED]


  • This topic is locked This topic is locked

#1
elixir

elixir

    New Member

  • Member
  • Pip
  • 3 posts
Hi i'm Ariel,
I know what file need to be removed, yet it seems like it doesn't want to be removed!
Tried to remove it with "KillBox" with no success.

Logfile of HijackThis v1.99.1
Scan saved at 21:40:08, on 22/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\rel\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe"
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted IP range: 67.19.185.246
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110541124483
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125580500718
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\hr6m05j1e.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe


---------------- FindVX2 NT-2K-XP ----------------

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

***** Operating System *****

Microsoft Windows XP Professional 5.1 (Build 2600)

********* Date/Time ********

(22/11/2005)
21:40,
*********** Path ***********

FindVX2.bat is running from: C:\Documents and Settings\rel\My Documents\Unzipped\FindIt NT-2K-XP\FindIt NT-2K-XP

------- System Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 00B0-13AE

Directory of C:\WINDOWS\System32

11/22/2005 09:23 PM 236,413 mbvidc32.dll
11/22/2005 09:06 PM 237,255 g4400ehmeh4a0.dll
11/22/2005 09:06 PM 236,248 wwwfaxui.dll
11/22/2005 09:06 PM 236,413 hr6m05j1e.dll
11/22/2005 04:39 PM 235,681 MEIMUSIC.DLL
11/22/2005 03:54 PM 237,189 msminst.dll
11/22/2005 12:49 PM 235,456 slcpack.dll
11/22/2005 11:56 AM 235,496 miisip.dll
11/22/2005 07:55 AM 235,456 dulayx.dll
11/22/2005 07:46 AM 234,070 shtupdll.dll
11/21/2005 11:49 PM 234,188 ncasio.dll
11/21/2005 11:06 PM 236,120 wiwfaxui.dll
11/21/2005 09:44 PM 236,083 doskcopy.dll
11/21/2005 08:18 PM 236,120 vupodbc.dll
10/08/2005 12:55 AM <DIR> dllcache
07/28/2005 08:06 PM 206 eta.dat
07/28/2005 08:01 PM 32 eta.le
07/28/2005 07:32 PM 846 .dat
07/28/2005 06:30 PM 32 .le
04/14/2005 12:56 AM <DIR> Microsoft
03/12/2005 09:39 AM 56 36C7CCFBBD.sys
03/11/2005 02:41 PM 65,024 up2date.dll
03/11/2005 02:41 PM 65,024 iftp.dll
08/23/2001 02:00 PM 10,240 ws_32.dll
22 File(s) 3,443,648 bytes
2 Dir(s) 26,438,176,768 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 00B0-13AE

Directory of C:\WINDOWS\System32

10/08/2005 12:55 AM <DIR> dllcache
07/28/2005 08:06 PM 206 eta.dat
07/28/2005 08:01 PM 32 eta.le
07/28/2005 07:32 PM 846 .dat
07/28/2005 06:30 PM 32 .le
03/31/2005 12:58 AM <DIR> GroupPolicy
03/12/2005 09:39 AM 56 36C7CCFBBD.sys
03/11/2005 10:53 PM 488 logonui.exe.manifest
03/11/2005 10:53 PM 488 WindowsLogon.manifest
03/11/2005 10:53 PM 749 ncpa.cpl.manifest
03/11/2005 10:53 PM 749 nwc.cpl.manifest
03/11/2005 10:53 PM 749 sapi.cpl.manifest
03/11/2005 10:53 PM 749 wuaucpl.cpl.manifest
03/11/2005 10:53 PM 749 cdplayer.exe.manifest
03/11/2005 02:41 PM 65,024 iftp.dll
03/11/2005 02:41 PM 65,024 up2date.dll
14 File(s) 135,941 bytes
2 Dir(s) 26,438,172,672 bytes free

--------------- Files Named "Guard" --------------

Volume in drive C has no label.
Volume Serial Number is 00B0-13AE

Directory of C:\WINDOWS\System32

11/22/2005 09:23 PM 237,253 guard.tmp
1 File(s) 237,253 bytes
0 Dir(s) 26,438,172,672 bytes free

-------- Temp Files in System32 Directory --------

Volume in drive C has no label.
Volume Serial Number is 00B0-13AE

Directory of C:\WINDOWS\System32

11/22/2005 09:23 PM 237,253 guard.tmp
1 File(s) 237,253 bytes
0 Dir(s) 26,438,172,672 bytes free

------------------- User Agent -------------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{A04BD1CF-41B8-CA8E-8434-81D3638A6BB8}"=""

--------------- Keys Under Notify ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\hr6m05j1e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

------------ Shell Extensions Approved -----------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{BFAF52FE-B8C5-49DF-9A57-6B7FB371C8D9}"=""
"{D4F0302B-2162-4457-B0FE-73B4F3F0EFC6}"=""
"{0725E84A-417D-4D4D-A10A-8F09CA8B850E}"=""
"{213661AD-79AB-4031-9144-04FE95D3BB64}"=""
"{4613881C-BCE7-4201-9CAE-735C4B770E06}"=""
"{C498DEBA-48BE-4FE3-891F-DAFEFA0B75B3}"=""
"{F89239CC-EF76-430D-8AF0-51B1AE501DDD}"=""
"{0DC92B82-F2C4-4150-8CD4-E50FC7955582}"=""
"{831DA30C-64E4-431F-B4B9-EC31C80AC9B2}"=""
"{2680D6E0-F360-41FC-ACF2-352A1C20F26F}"=""
"{EE71C168-98EA-41B2-9A81-548793C9648E}"=""
"{C9900C66-F6C5-4948-B739-101F0DD41CED}"=""
"{AB1CFC9E-9550-47DC-BBB1-2C40C10A3954}"=""
"{B4B774D0-B392-43C1-B58D-D19425486048}"=""
"{0F26C17C-0F03-4B89-9C7C-EF76328CA7AD}"=""
"{290E67A4-AE9A-4AB4-A9AA-7B3987212868}"=""

--------------- Locate.com Results ---------------
---------------- FindVX2 NT-2K-XP ----------------


---------------- FindNarrator NT-2K-XP ----------------

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

***** Operating System *****

Microsoft Windows XP Professional 5.1 (Build 2600)

********* Date/Time ********

(22/11/2005)
21:41,
*********** Path ***********

FindNarrator.bat is running from: C:\Documents and Settings\rel\My Documents\Unzipped\FindIt NT-2K-XP\FindIt NT-2K-XP

---------------- Strings.exe Qoologic Results ----------------


---------------- Strings.exe Aspack Results ----------------

C:\WINDOWS\system32\d3dx9_26.dll: D3DXUVAtlasPack
C:\WINDOWS\system32\Incinerator.dll: .aspack
C:\WINDOWS\system32\MRT.exe: (ASPack)
C:\WINDOWS\system32\MRT.exe: (AsPack2k)
C:\WINDOWS\system32\MRT.exe: (ASPack 1.00b)
C:\WINDOWS\system32\MRT.exe: (ASPack 2.1)
C:\WINDOWS\system32\MRT.exe: (ASPack 2.12)
C:\WINDOWS\system32\MRT.exe: (ASPack 2.11)
C:\WINDOWS\system32\MRT.exe: (ASPack 2.000)
C:\WINDOWS\system32\MRT.exe: (ASPack 2.001)
C:\WINDOWS\system32\MRT.exe: (ASPack 2.11x)
C:\WINDOWS\system32\MRT.exe: ASPack2000
C:\WINDOWS\system32\MRT.exe: ASPack 1.61
C:\WINDOWS\system32\MRT.exe: ASPack 1.084
C:\WINDOWS\system32\MRT.exe: ASPack 1.083
C:\WINDOWS\system32\MRT.exe: ASPack 1.08.02b
C:\WINDOWS\system32\MRT.exe: ASPack 1.07b
C:\WINDOWS\system32\MRT.exe: ASPack 1.05b
C:\WINDOWS\system32\MRT.exe: ASPack 1.02
C:\WINDOWS\system32\MRT.exe: ASPACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK

---------------- Active Setup Installed Components ----------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3e7bb08a-a7a3-4692-8eac-ac5e7895755b}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7A1ADD0C-17F3-47B8-B033-A06E189C835D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AB08D0A0-B5D8-1EBA-2E8D-6670312B5C6A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

---------------- Context Menu Handlers ----------------
REGEDIT4

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files]
@="{750fdf0e-2a26-11d1-a3ea-080036587f03}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With]
@="{09799AFB-AD67-11d1-ABCD-00C04FC30936}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu]
@="{A470F8CF-A1E8-4f65-8335-227475AA5C46}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR]
@="{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip]
@="{E0D79304-84BE-11CE-9641-444553540000}"

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}]
@="Start Menu Pin"

---------------- Run Key ----------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"SystemGuardAlerter"="\"C:\\Program Files\\iolo\\System Mechanic 6\\SystemGuardAlerter.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

---------------- FindNarrator NT-2K-XP ----------------


I saw the person in the following thread had the same problem and he fixed it: http://www.geekstogo...topic=6822&st=0 .

Yet I noticed that the help he got was by the logs he gave, so here I give my logs too.

THANKS IN ADVANCE TO ALL HELPERS!!

Edited by elixir, 22 November 2005 - 01:50 PM.

  • 0

Advertisements


#2
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Removed.

Edited by OwNt, 22 November 2005 - 02:41 PM.

  • 0

#3
elixir

elixir

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi OwNt!

I used the 1st option of the L2MFIX and I got an error so I clicked option 5, downloaded the files and clicked option 1 again and still got the error.. what should I do?

Edited by elixir, 22 November 2005 - 02:09 PM.

  • 0

#4
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, elixir.

Let's get your system updated, the first step is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#5
elixir

elixir

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I would update my windows long ago even to SP2, but since the only thing I can afford myself is a copy of windows from a friend, I cannot update to SP1/SP2 :)

:tazz:

Edited by elixir, 22 November 2005 - 02:36 PM.

  • 0

#6
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, elixir.

Since your copy of windows is not legit, I'm afraid I can't help you any further on this site.

If you are able at some point in time to secure a legal version of windows, I'll show you how to graft it onto your current installation.

Then I'll be able to help you remove Look2Me. :tazz:
  • 0

#7
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP