www.ad-w-a-r-e.com [RESOLVED] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

www.ad-w-a-r-e.com [RESOLVED]

#1 mck0271

  • Group: Member
  • Posts: 25
  • Joined: 29-January 06

Posted 29 January 2006 - 12:01 PM

First time post here. Ive been cleaning up sypeare for quite some time but have never run into this much trouble before. I've run adaware, spybot and advanced spyare remover. Anti virus is AVG Free. WinXP SP2, updates are up to date. Installed sygate firewall (free). All spyare scans say the system is clean but i the firewall is constantly wanting to connect to www.ad-w-a-r-e.com. Also the firewall reports that a rundll32 as an app is always trying to connect out to the internet as well. Ive posted a hijack this log. let me know if you need anything else.

Logfile of HijackThis v1.99.1
Scan saved at 12:42:11 PM, on 1/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\JACKIE~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wvu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://softdev.adelp...ad/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL...aller_2-0-0.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} (Personal System Administrator Control) -
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\enr2l19o1.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

#2 Flrman1

  • Group: Retired Staff
  • Posts: 6,596
  • Joined: 17-April 05

Posted 29 January 2006 - 12:13 PM

Hi mck0271

Welcome to G2G! :tazz:

* First you need to unzip (extract) Hijack This and move it to a permanent folder. It will not function properly when run from the zip folder or the Temp folder.

You need to create a new folder in My Documents and name it Hijack This. Right click on the HijackThis.zip file and choose "Extract all" and extract it to the Hijack This folder you created. That way it can create and restore backups if needed. HJT will store the backups in the same location that it is run from.


* Download L2mfix from here or here.
  • Save the file to your desktop and double click l2mfix.exe.
  • Click the Install button to extract the files and follow the prompts.
  • Open the newly added l2mfix folder on your desktop.
  • Double click l2mfix.bat and click Accept after reading the agreement.
  • At the next screen, press any key on your keyboard to continue.
  • Select option #1 for Run Find Log by typing 1 and then pressing enter.
  • This will scan your computer and it may appear nothing is happening.
  • After a minute or two, notepad will open with a log.
  • Copy the contents of that log and paste it into this thread.
  • IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

* Note: If you receive an error while running option #1 like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications, choose close to terminate the application.."...then do one of the following:
    1: Click on the l2mfix.bat again and choose option # 5 for Fix Autoexec.nt/cmd.exe error.
    2: Alternatively, you can click the fixautont.html link in the l2mfix folder and follow the directions there.
  • Do not run the fix portion without fixing the error first.
  • After you have performed the procedures to fix the error, repeat the steps above to run option #1 for Run Find Log.

#3 mck0271

  • Group: Member
  • Posts: 25
  • Joined: 29-January 06

Posted 29 January 2006 - 04:39 PM

O.K. here is the l2mfix log

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunServices]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\i606lgds1606.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{BDF68D0E-9D89-251D-A677-F5BDBD100279}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{ED58A35B-B554-42AF-A26C-6F3D424200D3}"="Sony Power Management Extensiond"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{CA5CF48C-E54D-41FF-A853-BB35A82616F3}"=""
"{0AB24450-32EE-4E76-AB34-79973DF8031E}"=""
"{F0D6F8CC-25BF-4906-93E7-9E258DA35797}"=""
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References"
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"
"{80DEE5E5-E592-4854-9A6A-596F003A972F}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0AB24450-32EE-4E76-AB34-79973DF8031E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AB24450-32EE-4E76-AB34-79973DF8031E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AB24450-32EE-4E76-AB34-79973DF8031E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AB24450-32EE-4E76-AB34-79973DF8031E}\InprocServer32]
@="C:\\WINDOWS\\system32\\trpmonui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{80DEE5E5-E592-4854-9A6A-596F003A972F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{80DEE5E5-E592-4854-9A6A-596F003A972F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{80DEE5E5-E592-4854-9A6A-596F003A972F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{80DEE5E5-E592-4854-9A6A-596F003A972F}\InprocServer32]
@="C:\\WINDOWS\\system32\\lqkrn10N.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
0kg0an0q.dll Sat Jan 21 2006 8:16:22p A.... 44,544 43.50 K
ail70.dll Sun Jan 22 2006 9:49:06p ..S.R 236,175 230.64 K
browseui.dll Wed Nov 23 2005 8:06:34p A.... 1,022,464 998.50 K
bssesrv.dll Sat Jan 21 2006 5:36:36p ..S.R 234,561 229.06 K
cdcdll.dll Fri Jan 27 2006 11:46:56p ..S.R 234,117 228.63 K
danim.dll Fri Nov 4 2005 10:16:24p A.... 1,054,208 1.00 M
db8vb.dll Sat Jan 21 2006 6:29:52p ..S.R 236,551 231.00 K
dbloader.dll Wed Jan 18 2006 3:51:54p ..S.R 235,177 229.66 K
drgest.dll Sat Jan 21 2006 5:43:40p ..S.R 234,561 229.06 K
dsskadp.dll Sat Jan 21 2006 6:09:44p ..S.R 236,462 230.92 K
enl8l1~1.dll Wed Jan 18 2006 2:57:52p ..S.R 236,103 230.57 K
enp8l1~1.dll Fri Jan 27 2006 11:32:08p ..S.R 234,117 228.63 K
f4l00e~1.dll Sat Jan 21 2006 4:28:22p ..S.R 236,153 230.62 K
f80o0i~1.dll Sat Jan 28 2006 7:50:26a ..S.R 235,916 230.39 K
gdi32.dll Wed Dec 28 2005 9:54:36p A.... 280,064 273.50 K
hbfci007.dll Sat Jan 28 2006 6:38:20p ..S.R 234,545 229.05 K
hcfci007.dll Sat Jan 21 2006 7:40:32p ..S.R 234,520 229.02 K
i0lola~1.dll Sat Jan 21 2006 3:25:44p ..S.R 235,602 230.08 K
i606lg~1.dll Sun Jan 29 2006 3:39:26p ..S.R 234,930 229.42 K
inires~1.dll Sat Jan 21 2006 5:57:48p ..S.R 236,462 230.92 K
ir00l5~1.dll Sun Jan 29 2006 2:20:36p ..S.R 233,750 228.27 K
iyrop.dll Sat Jan 21 2006 3:42:24p ..S.R 236,153 230.62 K
j60slg~1.dll Sun Jan 29 2006 11:54:46a ..S.R 235,900 230.37 K
k6lqlg~1.dll Sun Jan 22 2006 11:11:20p ..S.R 236,075 230.54 K
kcdmaori.dll Sat Jan 28 2006 7:29:54a ..S.R 234,117 228.63 K
khdpl.dll Sat Jan 28 2006 7:50:26a ..S.R 235,608 230.09 K
khymgr.dll Sun Jan 22 2006 9:51:40p ..S.R 235,530 230.01 K
kxdblr.dll Sat Jan 28 2006 8:58:22a ..S.R 235,608 230.09 K
legitc~1.dll Fri Nov 4 2005 4:27:24p A.... 534,280 521.76 K
loefx10n.dll Sat Jan 21 2006 7:22:20p ..S.R 233,805 228.32 K
lqkrn10n.dll Sun Jan 29 2006 11:43:46a ..S.R 235,900 230.37 K
lv4o09~1.dll Sat Jan 28 2006 7:45:28a ..S.R 235,957 230.43 K
lvl409~1.dll Sat Jan 21 2006 4:48:10p ..S.R 236,616 231.07 K
lvr009~1.dll Sat Jan 21 2006 5:25:38p ..S.R 234,071 228.58 K
lvr809~1.dll Sun Jan 29 2006 5:28:00p ..S.R 235,829 230.30 K
lvro09~1.dll Wed Jan 18 2006 4:01:42p ..S.R 234,671 229.17 K
lvrq09~1.dll Sat Jan 28 2006 5:16:28p ..S.R 235,144 229.63 K
m082la~1.dll Fri Jan 27 2006 11:11:56p ..S.R 234,117 228.63 K
m4po0e~1.dll Fri Jan 27 2006 9:46:58p ..S.R 234,003 228.52 K
mshtml.dll Wed Nov 23 2005 8:06:34p A.... 3,015,680 2.88 M
msrep32.dll Sun Jan 29 2006 3:35:54p A.... 10,035 9.80 K
mtmdd.dll Sun Jan 22 2006 9:13:16p ..S.R 235,530 230.01 K
mzi.dll Sun Jan 22 2006 11:47:10a ..S.R 236,323 230.78 K
oeuninst.dll Sat Jan 21 2006 5:47:16p ..S.R 235,036 229.53 K
olbccr32.dll Sat Jan 21 2006 4:29:56p ..S.R 236,177 230.64 K
ote2.dll Sat Jan 28 2006 7:45:28a ..S.R 235,608 230.09 K
shdocvw.dll Wed Nov 30 2005 10:59:30p A.... 1,492,480 1.42 M
sporder.dll Wed Jan 18 2006 2:38:50p A.... 8,464 8.27 K
suns.dll Sat Jan 21 2006 5:41:20p ..S.R 235,036 229.53 K
trpmonui.dll Sun Jan 29 2006 5:28:00p ..S.R 234,930 229.42 K
urlmon.dll Fri Nov 4 2005 10:16:28p A.... 609,280 595.00 K
wfnchip.dll Sat Jan 21 2006 6:08:12p ..S.R 233,968 228.48 K

52 items found: 52 files (42 H/S), 0 directories.
Total of file sizes: 17,952,913 bytes 17.12 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
atmtdd~1.tmp Sat Jan 21 2006 3:41:18p A.... 0 0.00 K
lat7.tmp Wed Jan 18 2006 3:38:26p A.... 0 0.00 K
lat8.tmp Wed Jan 18 2006 4:02:54p A.... 0 0.00 K
lat9.tmp Wed Jan 18 2006 3:00:04p A.... 0 0.00 K
lata.tmp Wed Jan 18 2006 3:53:08p A.... 0 0.00 K

5 items found: 5 files, 0 directories.
Total of file sizes: 0 bytes 0.00 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is B4EB-7C2A

Directory of C:\WINDOWS\System32

01/29/2006 05:27 PM 234,930 trpmonui.dll
01/29/2006 05:27 PM 235,829 lvr8099ue.dll
01/29/2006 03:39 PM 234,930 i606lgds1606.dll
01/29/2006 02:20 PM 233,750 ir00l5dm1.dll
01/29/2006 11:54 AM 235,900 j60slgd7160.dll
01/29/2006 11:43 AM 235,900 lqkrn10N.dll
01/28/2006 06:38 PM 234,545 HBFCI007.dll
01/28/2006 05:16 PM 235,144 lvrq0995e.dll
01/28/2006 08:58 AM 235,608 kxdblr.dll
01/28/2006 07:50 AM 235,608 khdpl.dll
01/28/2006 07:50 AM 235,916 f80o0id3e80.dll
01/28/2006 07:45 AM 235,608 ote2.dll
01/28/2006 07:45 AM 235,957 lv4o09h3e.dll
01/28/2006 07:29 AM 234,117 kcdmaori.dll
01/27/2006 11:46 PM 234,117 cdcdll.dll
01/27/2006 11:32 PM 234,117 enp8l17u1.dll
01/27/2006 11:11 PM 234,117 m082lalo1dqc.dll
01/27/2006 09:46 PM 234,003 m4po0e73eh.dll
01/22/2006 11:11 PM 236,075 k6lqlg3516.dll
01/22/2006 09:51 PM 235,530 khymgr.dll
01/22/2006 09:49 PM 236,175 ail70.dll
01/22/2006 09:13 PM 235,530 mtmdd.dll
01/22/2006 11:47 AM 236,323 mzi.dll
01/21/2006 07:40 PM 234,520 HCFCI007.dll
01/21/2006 07:22 PM 233,805 loefx10N.dll
01/21/2006 06:29 PM 236,551 db8vb.dll
01/21/2006 06:09 PM 236,462 dsskadp.dll
01/21/2006 06:08 PM 233,968 wfnchip.dll
01/21/2006 05:57 PM 236,462 INIresizeM6.dll
01/21/2006 05:47 PM 235,036 oeuninst.dll
01/21/2006 05:43 PM 234,561 drgest.dll
01/21/2006 05:41 PM 235,036 suns.dll
01/21/2006 05:36 PM 234,561 bSsesrv.dll
01/21/2006 05:25 PM 234,071 lvr0099me.dll
01/21/2006 04:48 PM 236,616 lvl4093qe.dll
01/21/2006 04:29 PM 236,177 olbccr32.dll
01/21/2006 04:28 PM 236,153 f4l00e3meh.dll
01/21/2006 03:42 PM 236,153 iyrop.dll
01/21/2006 03:25 PM 235,602 i0lola331d.dll
01/18/2006 04:01 PM 234,671 lvro0993e.dll
01/18/2006 03:51 PM 235,177 dbloader.dll
01/18/2006 02:57 PM 236,103 enl8l13u1.dll
04/27/2004 08:23 PM <DIR> Microsoft
42 File(s) 9,881,414 bytes
1 Dir(s) 6,096,396,288 bytes free

#4 Flrman1

  • Group: Retired Staff
  • Posts: 6,596
  • Joined: 17-April 05

Posted 29 January 2006 - 04:47 PM

* Close any programs you have open since this step requires a reboot.
  • Open the l2mfix folder and double click l2mfix.bat.
  • Select option #2 for Run Fix by typing 2 then pressing enter.
  • Your desktop and icons will disappear (this is normal).
  • L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot.
  • Press any key to reboot.
  • After the reboot notepad will open with a log.
  • Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.
  • IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
  • If after the reboot the log does not open, double click on it in the l2mfix folder.

#5 mck0271

  • Group: Member
  • Posts: 25
  • Joined: 29-January 06

Posted 29 January 2006 - 05:04 PM

O.K here is the new l2mfix and the hijack this is after this...

L2mfix 010406
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 788 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 888 'winlogon.exe'
Killing PID 888 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 716 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1500 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
Deleting: C:\WINDOWS\system32\ail70.dll
Successfully Deleted: C:\WINDOWS\system32\ail70.dll
Deleting: C:\WINDOWS\system32\bSsesrv.dll
Successfully Deleted: C:\WINDOWS\system32\bSsesrv.dll
Deleting: C:\WINDOWS\system32\cdcdll.dll
Successfully Deleted: C:\WINDOWS\system32\cdcdll.dll
Deleting: C:\WINDOWS\system32\db8vb.dll
Successfully Deleted: C:\WINDOWS\system32\db8vb.dll
Deleting: C:\WINDOWS\system32\dbloader.dll
Successfully Deleted: C:\WINDOWS\system32\dbloader.dll
Deleting: C:\WINDOWS\system32\drgest.dll
Successfully Deleted: C:\WINDOWS\system32\drgest.dll
Deleting: C:\WINDOWS\system32\dsskadp.dll
Successfully Deleted: C:\WINDOWS\system32\dsskadp.dll
Deleting: C:\WINDOWS\system32\enl8l13u1.dll
Successfully Deleted: C:\WINDOWS\system32\enl8l13u1.dll
Deleting: C:\WINDOWS\system32\enp8l17u1.dll
Successfully Deleted: C:\WINDOWS\system32\enp8l17u1.dll
Deleting: C:\WINDOWS\system32\f4l00e3meh.dll
Successfully Deleted: C:\WINDOWS\system32\f4l00e3meh.dll
Deleting: C:\WINDOWS\system32\f80o0id3e80.dll
Successfully Deleted: C:\WINDOWS\system32\f80o0id3e80.dll
Deleting: C:\WINDOWS\system32\HBFCI007.dll
Successfully Deleted: C:\WINDOWS\system32\HBFCI007.dll
Deleting: C:\WINDOWS\system32\HCFCI007.dll
Successfully Deleted: C:\WINDOWS\system32\HCFCI007.dll
Deleting: C:\WINDOWS\system32\i0lola331d.dll
Successfully Deleted: C:\WINDOWS\system32\i0lola331d.dll
Deleting: C:\WINDOWS\system32\i606lgds1606.dll
Successfully Deleted: C:\WINDOWS\system32\i606lgds1606.dll
Deleting: C:\WINDOWS\system32\INIresizeM6.dll
Successfully Deleted: C:\WINDOWS\system32\INIresizeM6.dll
Deleting: C:\WINDOWS\system32\ir00l5dm1.dll
Successfully Deleted: C:\WINDOWS\system32\ir00l5dm1.dll
Deleting: C:\WINDOWS\system32\iyrop.dll
Successfully Deleted: C:\WINDOWS\system32\iyrop.dll
Deleting: C:\WINDOWS\system32\j60slgd7160.dll
Successfully Deleted: C:\WINDOWS\system32\j60slgd7160.dll
Deleting: C:\WINDOWS\system32\k6lqlg3516.dll
Successfully Deleted: C:\WINDOWS\system32\k6lqlg3516.dll
Deleting: C:\WINDOWS\system32\kcdmaori.dll
Successfully Deleted: C:\WINDOWS\system32\kcdmaori.dll
Deleting: C:\WINDOWS\system32\khdpl.dll
Successfully Deleted: C:\WINDOWS\system32\khdpl.dll
Deleting: C:\WINDOWS\system32\khymgr.dll
Successfully Deleted: C:\WINDOWS\system32\khymgr.dll
Deleting: C:\WINDOWS\system32\kxdblr.dll
Successfully Deleted: C:\WINDOWS\system32\kxdblr.dll
Deleting: C:\WINDOWS\system32\loefx10N.dll
Successfully Deleted: C:\WINDOWS\system32\loefx10N.dll
Deleting: C:\WINDOWS\system32\lqkrn10N.dll
Successfully Deleted: C:\WINDOWS\system32\lqkrn10N.dll
Deleting: C:\WINDOWS\system32\lv4o09h3e.dll
Successfully Deleted: C:\WINDOWS\system32\lv4o09h3e.dll
Deleting: C:\WINDOWS\system32\lvl4093qe.dll
Successfully Deleted: C:\WINDOWS\system32\lvl4093qe.dll
Deleting: C:\WINDOWS\system32\lvr0099me.dll
Successfully Deleted: C:\WINDOWS\system32\lvr0099me.dll
Deleting: C:\WINDOWS\system32\lvr8099ue.dll
Successfully Deleted: C:\WINDOWS\system32\lvr8099ue.dll
Deleting: C:\WINDOWS\system32\lvro0993e.dll
Successfully Deleted: C:\WINDOWS\system32\lvro0993e.dll
Deleting: C:\WINDOWS\system32\lvrq0995e.dll
Successfully Deleted: C:\WINDOWS\system32\lvrq0995e.dll
Deleting: C:\WINDOWS\system32\m082lalo1dqc.dll
Successfully Deleted: C:\WINDOWS\system32\m082lalo1dqc.dll
Deleting: C:\WINDOWS\system32\m4po0e73eh.dll
Successfully Deleted: C:\WINDOWS\system32\m4po0e73eh.dll
Deleting: C:\WINDOWS\system32\mtmdd.dll
Successfully Deleted: C:\WINDOWS\system32\mtmdd.dll
Deleting: C:\WINDOWS\system32\mzi.dll
Successfully Deleted: C:\WINDOWS\system32\mzi.dll
Deleting: C:\WINDOWS\system32\oeuninst.dll
Successfully Deleted: C:\WINDOWS\system32\oeuninst.dll
Deleting: C:\WINDOWS\system32\olbccr32.dll
Successfully Deleted: C:\WINDOWS\system32\olbccr32.dll
Deleting: C:\WINDOWS\system32\ote2.dll
Successfully Deleted: C:\WINDOWS\system32\ote2.dll
Deleting: C:\WINDOWS\system32\suns.dll
Successfully Deleted: C:\WINDOWS\system32\suns.dll
Deleting: C:\WINDOWS\system32\trpmonui.dll
Successfully Deleted: C:\WINDOWS\system32\trpmonui.dll
Deleting: C:\WINDOWS\system32\wfnchip.dll
Successfully Deleted: C:\WINDOWS\system32\wfnchip.dll

msg11?.dll
0 file(s) copied.



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunServices]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\i606lgds1606.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\ail70.dll
C:\WINDOWS\system32\bSsesrv.dll
C:\WINDOWS\system32\cdcdll.dll
C:\WINDOWS\system32\db8vb.dll
C:\WINDOWS\system32\dbloader.dll
C:\WINDOWS\system32\drgest.dll
C:\WINDOWS\system32\dsskadp.dll
C:\WINDOWS\system32\enl8l13u1.dll
C:\WINDOWS\system32\enp8l17u1.dll
C:\WINDOWS\system32\f4l00e3meh.dll
C:\WINDOWS\system32\f80o0id3e80.dll
C:\WINDOWS\system32\HBFCI007.dll
C:\WINDOWS\system32\HCFCI007.dll
C:\WINDOWS\system32\i0lola331d.dll
C:\WINDOWS\system32\i606lgds1606.dll
C:\WINDOWS\system32\INIresizeM6.dll
C:\WINDOWS\system32\ir00l5dm1.dll
C:\WINDOWS\system32\iyrop.dll
C:\WINDOWS\system32\j60slgd7160.dll
C:\WINDOWS\system32\k6lqlg3516.dll
C:\WINDOWS\system32\kcdmaori.dll
C:\WINDOWS\system32\khdpl.dll
C:\WINDOWS\system32\khymgr.dll
C:\WINDOWS\system32\kxdblr.dll
C:\WINDOWS\system32\loefx10N.dll
C:\WINDOWS\system32\lqkrn10N.dll
C:\WINDOWS\system32\lv4o09h3e.dll
C:\WINDOWS\system32\lvl4093qe.dll
C:\WINDOWS\system32\lvr0099me.dll
C:\WINDOWS\system32\lvr8099ue.dll
C:\WINDOWS\system32\lvro0993e.dll
C:\WINDOWS\system32\lvrq0995e.dll
C:\WINDOWS\system32\m082lalo1dqc.dll
C:\WINDOWS\system32\m4po0e73eh.dll
C:\WINDOWS\system32\mtmdd.dll
C:\WINDOWS\system32\mzi.dll
C:\WINDOWS\system32\oeuninst.dll
C:\WINDOWS\system32\olbccr32.dll
C:\WINDOWS\system32\ote2.dll
C:\WINDOWS\system32\suns.dll
C:\WINDOWS\system32\trpmonui.dll
C:\WINDOWS\system32\wfnchip.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0AB24450-32EE-4E76-AB34-79973DF8031E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AB24450-32EE-4E76-AB34-79973DF8031E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AB24450-32EE-4E76-AB34-79973DF8031E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AB24450-32EE-4E76-AB34-79973DF8031E}\InprocServer32]
@="C:\\WINDOWS\\system32\\trpmonui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{80DEE5E5-E592-4854-9A6A-596F003A972F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{80DEE5E5-E592-4854-9A6A-596F003A972F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{80DEE5E5-E592-4854-9A6A-596F003A972F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{80DEE5E5-E592-4854-9A6A-596F003A972F}\InprocServer32]
@="C:\\WINDOWS\\system32\\lqkrn10N.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{CA5CF48C-E54D-41FF-A853-BB35A82616F3}"=-
"{0AB24450-32EE-4E76-AB34-79973DF8031E}"=-
"{F0D6F8CC-25BF-4906-93E7-9E258DA35797}"=-
"{80DEE5E5-E592-4854-9A6A-596F003A972F}"=-
[-HKEY_CLASSES_ROOT\CLSID\{CA5CF48C-E54D-41FF-A853-BB35A82616F3}]
[-HKEY_CLASSES_ROOT\CLSID\{0AB24450-32EE-4E76-AB34-79973DF8031E}]
[-HKEY_CLASSES_ROOT\CLSID\{F0D6F8CC-25BF-4906-93E7-9E258DA35797}]
[-HKEY_CLASSES_ROOT\CLSID\{80DEE5E5-E592-4854-9A6A-596F003A972F}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/ail70.dll (164 bytes security) (deflated 5%)
adding: dlls/bSsesrv.dll (164 bytes security) (deflated 5%)
adding: dlls/cdcdll.dll (164 bytes security) (deflated 4%)
adding: dlls/db8vb.dll (164 bytes security) (deflated 5%)
adding: dlls/dbloader.dll (164 bytes security) (deflated 5%)
adding: dlls/drgest.dll (164 bytes security) (deflated 5%)
adding: dlls/dsskadp.dll (164 bytes security) (deflated 5%)
adding: dlls/enl8l13u1.dll (164 bytes security) (deflated 5%)
adding: dlls/enp8l17u1.dll (164 bytes security) (deflated 4%)
adding: dlls/f4l00e3meh.dll (164 bytes security) (deflated 5%)
adding: dlls/f80o0id3e80.dll (164 bytes security) (deflated 5%)
adding: dlls/HBFCI007.dll (164 bytes security) (deflated 5%)
adding: dlls/HCFCI007.dll (164 bytes security) (deflated 5%)
adding: dlls/i0lola331d.dll (164 bytes security) (deflated 5%)
adding: dlls/i606lgds1606.dll (164 bytes security) (deflated 5%)
adding: dlls/INIresizeM6.dll (164 bytes security) (deflated 5%)
adding: dlls/ir00l5dm1.dll (164 bytes security) (deflated 4%)
adding: dlls/iyrop.dll (164 bytes security) (deflated 5%)
adding: dlls/j60slgd7160.dll (164 bytes security) (deflated 5%)
adding: dlls/k6lqlg3516.dll (164 bytes security) (deflated 5%)
adding: dlls/kcdmaori.dll (164 bytes security) (deflated 4%)
adding: dlls/khdpl.dll (164 bytes security) (deflated 5%)
adding: dlls/khymgr.dll (164 bytes security) (deflated 5%)
adding: dlls/kxdblr.dll (164 bytes security) (deflated 5%)
adding: dlls/loefx10N.dll (164 bytes security) (deflated 4%)
adding: dlls/lqkrn10N.dll (164 bytes security) (deflated 5%)
adding: dlls/lv4o09h3e.dll (164 bytes security) (deflated 5%)
adding: dlls/lvl4093qe.dll (164 bytes security) (deflated 5%)
adding: dlls/lvr0099me.dll (164 bytes security) (deflated 4%)
adding: dlls/lvr8099ue.dll (164 bytes security) (deflated 5%)
adding: dlls/lvro0993e.dll (164 bytes security) (deflated 4%)
adding: dlls/lvrq0995e.dll (164 bytes security) (deflated 5%)
adding: dlls/m082lalo1dqc.dll (164 bytes security) (deflated 4%)
adding: dlls/m4po0e73eh.dll (164 bytes security) (deflated 4%)
adding: dlls/mtmdd.dll (164 bytes security) (deflated 5%)
adding: dlls/mzi.dll (164 bytes security) (deflated 5%)
adding: dlls/oeuninst.dll (164 bytes security) (deflated 5%)
adding: dlls/olbccr32.dll (164 bytes security) (deflated 5%)
adding: dlls/ote2.dll (164 bytes security) (deflated 5%)
adding: dlls/suns.dll (164 bytes security) (deflated 5%)
adding: dlls/trpmonui.dll (164 bytes security) (deflated 5%)
adding: dlls/wfnchip.dll (164 bytes security) (deflated 4%)
adding: backregs/0AB24450-32EE-4E76-AB34-79973DF8031E.reg (188 bytes security) (deflated 70%)
adding: backregs/80DEE5E5-E592-4854-9A6A-596F003A972F.reg (188 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
adding: backregs/shell.reg (164 bytes security) (deflated 74%)


Logfile of HijackThis v1.99.1
Scan saved at 6:01:23 PM, on 1/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJack This\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wvu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://softdev.adelp...ad/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL...aller_2-0-0.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} (Personal System Administrator Control) -
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\i606lgds1606.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

#6 Flrman1

  • Group: Retired Staff
  • Posts: 6,596
  • Joined: 17-April 05

Posted 29 January 2006 - 05:24 PM

* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} (Personal System Administrator Control) -

O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\i606lgds1606.dll (file missing)


* Restart your computer.


* Run ActiveScan online virus scan here

When the scan is finished, save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan

#7 mck0271

  • Group: Member
  • Posts: 25
  • Joined: 29-January 06

Posted 29 January 2006 - 06:21 PM

Incident Status Location

Adware:Adware/nCase Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TM10JGD\AppWrap[1].exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jackie Rodavich\Cookies\jackie rodavich@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Jackie Rodavich\Cookies\jackie rodavich@adopt.hbmediapro[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Jackie Rodavich\Cookies\jackie rodavich@ask[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Jackie Rodavich\Cookies\jackie rodavich@azjmp[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Jackie Rodavich\Cookies\jackie rodavich@i.screensavers[1].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\Jackie Rodavich\Cookies\jackie rodavich@paypopup[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Jackie Rodavich\Cookies\jackie rodavich@rn11[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Jackie Rodavich\Cookies\jackie rodavich@stats1.reliablestats[2].txt
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[ail70.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[bSsesrv.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[cdcdll.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[db8vb.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[dbloader.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[drgest.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[dsskadp.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[enl8l13u1.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[enp8l17u1.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[f4l00e3meh.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[f80o0id3e80.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[HBFCI007.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[HCFCI007.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[i0lola331d.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[i606lgds1606.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[INIresizeM6.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[ir00l5dm1.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[iyrop.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[j60slgd7160.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[k6lqlg3516.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[kcdmaori.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[khdpl.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[khymgr.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[kxdblr.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[loefx10N.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[lqkrn10N.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[lv4o09h3e.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[lvl4093qe.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[lvr0099me.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[lvr8099ue.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[lvro0993e.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[lvrq0995e.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[m082lalo1dqc.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[m4po0e73eh.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[mtmdd.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[mzi.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[oeuninst.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[olbccr32.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[ote2.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[suns.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[trpmonui.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\backup.zip[wfnchip.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\ail70.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\bSsesrv.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\cdcdll.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\db8vb.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\dbloader.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\drgest.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\dsskadp.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\enl8l13u1.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\enp8l17u1.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\f4l00e3meh.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\f80o0id3e80.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\HBFCI007.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\HCFCI007.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\i0lola331d.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\i606lgds1606.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\INIresizeM6.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\ir00l5dm1.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\iyrop.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\j60slgd7160.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\k6lqlg3516.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\kcdmaori.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\khdpl.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\khymgr.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\kxdblr.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\loefx10N.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\lqkrn10N.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\lv4o09h3e.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\lvl4093qe.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\lvr0099me.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\lvr8099ue.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\lvro0993e.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\lvrq0995e.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\m082lalo1dqc.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\m4po0e73eh.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\mtmdd.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\mzi.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\oeuninst.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\olbccr32.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\ote2.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\suns.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\trpmonui.dll
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\dlls\wfnchip.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jackie Rodavich\Desktop\l2mfix.exe[Process.exe]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jackie Rodavich\Local Settings\Temp\Cookies\jackie rodavich@ad.yieldmanager[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jackie Rodavich\Local Settings\Temp\Temporary Internet Files\Content.IE5\KLJ0RGHO\l2mfix[1].exe[Process.exe]
Adware:Adware/nCase Not disinfected C:\Documents and Settings\Jackie Rodavich\Local Settings\Temporary Internet Files\Content.IE5\EPWBILA1\AppWrap[1].exe
Adware:Adware/nCase Not disinfected C:\Documents and Settings\Jackie Rodavich\Local Settings\Temporary Internet Files\Content.IE5\EPWBILA1\AppWrap[2].exe
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Jackie Rodavich\Local Settings\Temporary Internet Files\Ssk.log
Adware:Adware/WebHancer Not disinfected C:\Program Files\whInstall\whAgent.inf
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\drsmartload.dat
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\is742.exe
Adware:Adware/nCase Not disinfected C:\WINDOWS\Temp\bw2.com
Spyware:Cookie/Reliablestats Not disinfected C:\WINDOWS\Temp\Cookies\administrator@stats1.reliablestats[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Temp\Cookies\jackie rodavich@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\WINDOWS\Temp\Cookies\jackie rodavich@adopt.hbmediapro[2].txt
Spyware:Cookie/Ask Not disinfected C:\WINDOWS\Temp\Cookies\jackie rodavich@ask[1].txt
Spyware:Cookie/Paypopup Not disinfected C:\WINDOWS\Temp\Cookies\jackie rodavich@paypopup[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Temp\Cookies\jackie rodavich@www.burstbeacon[1].txt
Spyware:Spyware/SurfSideKick Not disinfected C:\WINDOWS\Temp\i3E.tmp
Spyware:Spyware/SurfSideKick Not disinfected C:\WINDOWS\Temp\SskUpdater3.exe
Logfile of HijackThis v1.99.1
Scan saved at 7:20:17 PM, on 1/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJack This\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wvu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://softdev.adelp...ad/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL...aller_2-0-0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

#8 Flrman1

  • Group: Retired Staff
  • Posts: 6,596
  • Joined: 17-April 05

Posted 29 January 2006 - 06:31 PM

* Go ahead and delete the L2mfix folder from your desktop.


* Click Here and download Killbox and save it to your desktop.


*Download Cleanup from here
  • Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • Click the Options... button on the right.
  • Move the arrow down to "Custom CleanUp!"
  • Put a check next to the following (Make sure nothing else is checked!):
    • Empty Recycle Bins
    • Delete Cookies
    • Cleanup! All Users
    Click OK
  • DO NOT RUN IT YET


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    C:\Program Files\whInstall

    C:\WINDOWS\drsmartload.dat

    C:\WINDOWS\is742.exe


  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Exit the Killbox.


* Run Cleanup:
  • Click on the "Cleanup" button and let it run.
  • Once its done, close the program.


* Restart back into Windows normally now.


* Run Kaspersky online virus scan here.

When given the option, choose the "Extended database" for the scan.

When the scan is finished, Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan

#9 mck0271

  • Group: Member
  • Posts: 25
  • Joined: 29-January 06

Posted 29 January 2006 - 07:48 PM

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, January 29, 2006 20:46:50
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 30/01/2006
Kaspersky Anti-Virus database records: 173825
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 50852
Number of viruses found: 8
Number of infected objects: 20
Number of suspicious objects: 0
Duration of the scan process: 2713 sec

Infected Object Name - Virus Name
C:\!KillBox\is742.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.gen
C:\!KillBox\is742.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15A3423E.exe Infected: Backdoor.Win32.Agent.jn
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18376368.exe Infected: Backdoor.Win32.Agent.jn
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41444CBC.exe Infected: Backdoor.Win32.SdBot.gen
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F2E57C6.exe Infected: Backdoor.Win32.SdBot.gen
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CA27CAF.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.u
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CA526AC.EXE Infected: not-a-virus:AdWare.Win32.Maxifiles.u
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CF64052.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.u
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CFA6A4E.EXE Infected: not-a-virus:AdWare.Win32.Maxifiles.u
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D313411.exe Infected: Trojan.Win32.StartPage.ahg
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D8921B0.exe Infected: Trojan-Clicker.Win32.VB.ij
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DAD6F89.exe Infected: Trojan-Downloader.Win32.VB.nw
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E9723F1.x Infected: Backdoor.Win32.SdBot.gen
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5ED541AD.x Infected: Backdoor.Win32.SdBot.gen
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F1D5D5E.x Infected: Backdoor.Win32.SdBot.gen
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EE11404.exe Infected: Backdoor.Win32.SdBot.gen
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\700C1B52.exe Infected: Trojan.Win32.StartPage.ahg
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74762CC1.com Infected: Backdoor.Win32.Agent.jn
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74935456.exe Infected: Backdoor.Win32.SdBot.ahj

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 8:47:42 PM, on 1/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJack This\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wvu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://softdev.adelp...ad/tgctlins.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL...aller_2-0-0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

#10 Flrman1

  • Group: Retired Staff
  • Posts: 6,596
  • Joined: 17-April 05

Posted 29 January 2006 - 08:00 PM

Empty Norton's quarantine folder.

Delete the c:\!killbox folder.

Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.

#11 mck0271

  • Group: Member
  • Posts: 25
  • Joined: 29-January 06

Posted 29 January 2006 - 08:06 PM

Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader 7.0
Advanced Spyware Remover 1.76
Advanced Spyware Remover 1.77
ALLTEL DSL Check-up Center
AOL Instant Messenger
AOL Setup
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATK0100 ACPI UTILITY
AVG Free Edition
CleanUp!
Click to DVD 2.0 Menu Data
Click to DVD 2.0.02
Drag'n Drop CD+DVD
DVgate Plus
FoodWise
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
HotKey Utility
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
HP Software Update
Intel® PRO Network Adapters and Drivers
InterActual Player
InterVideo WinDVD 5 for VAIO
Java 2 Runtime Environment, SE v1.4.2_01
Kaspersky On-line Scanner
Lavasoft VX2 Cleaner
Memories Disc Creator 2.0
Memory Stick Formatter
Messenger Control Plugin for Ad-aware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office Standard Edition 2003
Microsoft Works 7.0
MoodLogic
Netscape (7.02)
Netscape Internet Service Setup
Norton AntiVirus 2006
OpenMG Limited Patch 3.4-03-12-16-01
OpenMG Secure Module 3.4.00
Panda ActiveScan
PictureGear Studio 2.0
Quicken 2004
Realtek AC'97 Audio
Security Task Manager 1.6f
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
SoftV92 Data Fax Modem
SonicStage 2.0.02
Sony Certificate PCH
Sony Notebook Setup
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
Sony XBRITE Screen Saver
Spybot - Search & Destroy 1.4
Sygate Personal Firewall
Update for Windows XP (KB898461)
Update for Windows XP (KB900930)
Update for Windows XP (KB910437)
VAIO Entertainment Platform
VAIO Help and Support
VAIO Media 3.0
VAIO Media Integrated Server 3.0
VAIO Media Redistribution 3.0
VAIO Power Management
VAIO Registration
VAIO SLIT Pattern Wallpaper
VAIO SLIT-C Screen Saver
VAIO Survey Standalone
VAIO Update 2
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Welcome to VAIO life
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2

#12 Flrman1

  • Group: Retired Staff
  • Posts: 6,596
  • Joined: 17-April 05

Posted 29 January 2006 - 08:15 PM

* Go to Add/Remove programs and uninstall the following:

Advanced Spyware Remover 1.76
Advanced Spyware Remover 1.77

See here for info on Advanced Spyware Remover:
http://www.spywarewa...nti-spyware.htm

Java 2 Runtime Environment, SE v1.4.2_01
Viewpoint Manager (Remove Only)
Viewpoint Media Player


* Now go here and install the latest version of Java.


How is everything now?

#13 mck0271

  • Group: Member
  • Posts: 25
  • Joined: 29-January 06

Posted 29 January 2006 - 08:34 PM

purring like a kitten!!!! Thanks a lot for the help. I never would have figured all that out on my own.....

#14 Flrman1

  • Group: Retired Staff
  • Posts: 6,596
  • Joined: 17-April 05

Posted 29 January 2006 - 08:41 PM

You're Welcome! :tazz:

Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.

Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

#15 Flrman1

  • Group: Retired Staff
  • Posts: 6,596
  • Joined: 17-April 05

Posted 07 February 2006 - 07:51 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Share this topic:


Page 1 of 1