Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer is infested, I have tried everything :( [CLOSED]

Started by infliktah , Feb 20 2006 07:39 PM

  • This topic is locked This topic is locked

#16
MasterJ
Posted 22 February 2006 - 06:50 PM

MasterJ

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,623 posts

Jotti File Submission:

  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:[list]
  • C:\WINDOWS\nvcr32.exe
[*] Click on the submit button

[*] Please submit this file too:

yahootray.exe <-------You will need to search for it to find its file path
[*] Please post the results in your next reply.

Please post these results.

Did you submit the two files to submit AT atribune.org?

C:\WINDOWS\SYSTEM32\ursqn.dll
C:\WINDOWS\System32\wvwwu.dll

Edited by MasterJ, 22 February 2006 - 06:51 PM.

  • 0

Advertisements

#17
infliktah
Posted 22 February 2006 - 07:02 PM

infliktah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
The server is busy, i can't do it, not that it matters, those files are no longer on my computer, i dont believe
  • 0

#18
MasterJ
Posted 22 February 2006 - 07:04 PM

MasterJ

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,623 posts
Could you try again later and submit these files?

C:\WINDOWS\nvcr32.exe

yahootray.exe

Edited by MasterJ, 22 February 2006 - 07:05 PM.

  • 0

#19
infliktah
Posted 22 February 2006 - 07:33 PM

infliktah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
sounds good, btw, i submitted one of those two files to submitATatribune, one of them i couldnt find on my system , the one that was under folder SYSTEM32 and not system32
  • 0

#20
infliktah
Posted 22 February 2006 - 07:38 PM

infliktah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
C:\WINDOWS\nvcr32.exe
at jottie scan thing, was shown as "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"

and the other file, was not found on my system yahootray
  • 0

#21
MasterJ
Posted 22 February 2006 - 11:47 PM

MasterJ

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,623 posts
You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.downloads....org/l2mfix.exe
http://www.atribune....oads/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe,
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.

MasterJ :tazz:
  • 0

#22
infliktah
Posted 23 February 2006 - 10:55 PM

infliktah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\i8420ihoe84c0.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{7F20C590-E8C3-63C1-1556-82AFBF819768}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Logitech Pictures"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{5E2121EE-0300-11D4-8D3B-444553540000}"="Catalyst Context Menu extension"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"
"{CCA60260-A2C9-11D2-BA62-0020188191B2}"="Registrar Registry Manager SHell Extension"
"{7C0457A9-4870-4C73-82B7-5826CFFE8299}"=""
"{FC36BBF0-CE50-479F-BA83-3FCA343862AF}"=""
"{C5FF6C3A-2CDE-4198-8530-32C2A18121FF}"=""
"{BDEDD2F8-5EC7-4FBD-A243-F420D51069F9}"=""
"{398B43B5-0EF1-4E52-A1DC-9CBC143E426E}"=""
"{538D52E2-D6AD-4935-BFAB-0F0984555F00}"=""
"{32EF95A3-F920-4ED0-9D83-0B6EE5104A03}"=""
"{FE3A0BA3-C2B4-476D-AB69-8B8C43D67F56}"=""
"{F89980A6-7D69-4EAD-8D7D-8C1AFC148C5A}"=""
"{0CD26517-417A-4AAC-AA9A-8C7B123CC641}"=""
"{97013938-08B6-44E4-8589-2DCD82D7A759}"=""
"{7F784EE7-86F5-465F-BA9A-CB72D26F2AD0}"=""
"{7BD07981-FB08-4692-959F-B0D15458E69F}"=""
"{6A44BA6F-07EB-4CF7-AC8E-A71C1438D265}"=""
"{82F9EFBB-F07C-42F5-A6E2-F40F553702B1}"=""
"{7E48898B-13F3-4294-A245-607811D864DF}"=""
"{46BFD650-6AC9-46A5-B19F-7A6E76360100}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{538D52E2-D6AD-4935-BFAB-0F0984555F00}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{538D52E2-D6AD-4935-BFAB-0F0984555F00}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{538D52E2-D6AD-4935-BFAB-0F0984555F00}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{538D52E2-D6AD-4935-BFAB-0F0984555F00}\InprocServer32]
@="C:\\WINDOWS\\system32\\iwfosoft.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0CD26517-417A-4AAC-AA9A-8C7B123CC641}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0CD26517-417A-4AAC-AA9A-8C7B123CC641}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0CD26517-417A-4AAC-AA9A-8C7B123CC641}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0CD26517-417A-4AAC-AA9A-8C7B123CC641}\InprocServer32]
@="C:\\WINDOWS\\system32\\csyptui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7BD07981-FB08-4692-959F-B0D15458E69F}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{7BD07981-FB08-4692-959F-B0D15458E69F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7BD07981-FB08-4692-959F-B0D15458E69F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7BD07981-FB08-4692-959F-B0D15458E69F}\InprocServer32]
@="C:\\WINDOWS\\system32\\dcvoice.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6A44BA6F-07EB-4CF7-AC8E-A71C1438D265}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{6A44BA6F-07EB-4CF7-AC8E-A71C1438D265}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A44BA6F-07EB-4CF7-AC8E-A71C1438D265}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A44BA6F-07EB-4CF7-AC8E-A71C1438D265}\InprocServer32]
@="C:\\WINDOWS\\system32\\itsetup.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{82F9EFBB-F07C-42F5-A6E2-F40F553702B1}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{82F9EFBB-F07C-42F5-A6E2-F40F553702B1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{82F9EFBB-F07C-42F5-A6E2-F40F553702B1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{82F9EFBB-F07C-42F5-A6E2-F40F553702B1}\InprocServer32]
@="C:\\WINDOWS\\system32\\keduk.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7E48898B-13F3-4294-A245-607811D864DF}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{7E48898B-13F3-4294-A245-607811D864DF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7E48898B-13F3-4294-A245-607811D864DF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7E48898B-13F3-4294-A245-607811D864DF}\InprocServer32]
@="C:\\WINDOWS\\system32\\hlui.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
ati2cqag.dll Sun Dec 11 2005 9:33:44p A.... 237,568 232.00 K
ati2dvag.dll Sun Dec 11 2005 10:41:04p A.... 252,928 247.00 K
ati2edxx.dll Sun Dec 11 2005 10:35:08p A.... 40,960 40.00 K
ati2evxx.dll Sun Dec 11 2005 10:34:56p A.... 47,104 46.00 K
ati3duag.dll Sun Dec 11 2005 10:25:10p A.... 2,518,016 2.40 M
atiddc.dll Sun Dec 11 2005 10:33:14p A.... 53,248 52.00 K
atidemgr.dll Mon Dec 12 2005 1:01:40a A.... 258,048 252.00 K
atiiiexx.dll Mon Dec 12 2005 1:44:34a A.... 307,200 300.00 K
atikvmag.dll Sun Dec 11 2005 10:04:22p A.... 151,552 148.00 K
atioglx1.dll Mon Dec 12 2005 12:09:54a A.... 6,684,672 6.38 M
atioglxx.dll Sun Dec 11 2005 10:57:46p A.... 4,968,448 4.74 M
atipdlxx.dll Sun Dec 11 2005 10:35:38p A.... 110,592 108.00 K
atitvo32.dll Sun Dec 11 2005 9:39:32p A.... 17,408 17.00 K
ativvaxx.dll Sun Dec 11 2005 10:18:38p A.... 862,464 842.25 K
atmtd.dll Wed Feb 22 2006 9:27:12p A.... 687,592 671.48 K
cbabc.dll Sun Feb 19 2006 9:11:08p ..SH. 38,925 38.01 K
csyptui.dll Wed Feb 22 2006 10:37:28p ..... 236,103 230.57 K
d3dx9_28.dll Mon Dec 5 2005 6:09:18p A.... 2,323,664 2.21 M
dlmsvinn.dll Wed Feb 22 2006 9:34:20p ..S.R 235,616 230.09 K
dud9.dll Wed Feb 22 2006 6:34:00p ..S.R 234,938 229.43 K
en84l1~1.dll Wed Feb 22 2006 5:00:16p ..S.R 236,419 230.88 K
gkkgm.dll Wed Feb 22 2006 10:17:30p A.... 24,064 23.50 K
hgddb.dll Sat Feb 18 2006 1:00:48a ..SH. 38,925 38.01 K
hr4s05~1.dll Wed Feb 22 2006 8:07:12p ..S.R 235,302 229.79 K
hrpq05~1.dll Wed Feb 22 2006 6:34:00p ..S.R 235,513 229.99 K
i8420i~1.dll Wed Feb 22 2006 10:23:40p ..S.R 236,103 230.57 K
k4620e~1.dll Wed Feb 22 2006 10:25:40p ..S.R 235,855 230.32 K
nst18.dll Wed Jan 18 2006 4:19:02p A.... 84,480 82.50 K
oemdspif.dll Sun Dec 11 2005 10:35:24p A.... 77,824 76.00 K
p6p6lg~1.dll Wed Feb 22 2006 9:13:58p ..S.R 235,616 230.09 K
px.dll Mon Dec 5 2005 12:12:26a ..... 339,968 332.00 K
pxdrv.dll Mon Dec 5 2005 12:12:26a ..... 405,504 396.00 K
pxmas.dll Mon Dec 5 2005 12:12:26a ..... 172,032 168.00 K
pxwave.dll Mon Dec 5 2005 12:12:26a ..... 339,968 332.00 K
quiqpai.dll Wed Feb 22 2006 10:17:30p A.... 67,072 65.50 K
sirenacm.dll Tue Jan 24 2006 2:34:24p A.... 118,784 116.00 K
ursqn.dll Sat Feb 18 2006 10:23:02a ..SH. 38,925 38.01 K
vxblock.dll Mon Dec 5 2005 12:12:26a ..... 28,672 28.00 K
wlnscard.dll Wed Feb 22 2006 10:17:20p ..S.R 235,616 230.09 K
wvwwu.dll Sat Feb 18 2006 1:07:58a ..... 577,588 564.05 K
xinput~1.dll Mon Dec 5 2005 6:07:30p A.... 61,136 59.70 K
xxwxu.dll Sun Feb 19 2006 8:55:00p ..SH. 38,925 38.01 K

42 items found: 42 files (13 H/S), 0 directories.
Total of file sizes: 24,331,337 bytes 23.20 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Wed Feb 22 2006 10:40:28p ..S.R 236,103 230.57 K
mcrh.tmp Tue Feb 21 2006 8:21:10p A.... 143 0.14 K

2 items found: 2 files (1 H/S), 0 directories.
Total of file sizes: 236,246 bytes 230.71 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is A8CD-8F61

Directory of C:\WINDOWS\System32

02/22/2006 10:40 PM 236,103 guard.tmp
02/22/2006 10:25 PM 235,855 k4620ejoehoc0.dll
02/22/2006 10:23 PM 236,103 i8420ihoe84c0.dll
02/22/2006 10:17 PM 235,616 wlnscard.dll
02/22/2006 09:34 PM 235,616 dlmsvinn.dLL
02/22/2006 09:13 PM 235,616 p6p6lg7s16.dll
02/22/2006 08:07 PM 235,302 hr4s05h7e.dll
02/22/2006 06:33 PM 234,938 dUd9.dll
02/22/2006 06:33 PM 235,513 hrpq0575e.dll
02/22/2006 05:00 PM 236,419 en84l1lq1.dll
02/21/2006 08:19 PM 2,248 uwwvw.ini
02/20/2006 10:26 PM 351,346 uwwvw.bak2
02/20/2006 10:23 PM 244,965 uwwvw.ini2
02/19/2006 09:11 PM 38,925 cbabc.dll
02/19/2006 08:54 PM 38,925 xxwxu.dll
02/18/2006 10:23 AM 38,925 ursqn.dll
02/18/2006 01:00 AM 38,925 hgddb.dll
01/10/2006 06:39 PM <DIR> dllcache
01/03/2006 01:05 PM <DIR> Microsoft
08/29/2002 02:41 AM 109,568 yahootray.exe
08/29/2002 02:41 AM 102,400 winlogin.exe
19 File(s) 3,323,308 bytes
2 Dir(s) 17,200,242,688 bytes free
  • 0

#23
MasterJ
Posted 25 February 2006 - 08:26 AM

MasterJ

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,623 posts
I apologize for the delay. I was gone all day yesterday at a Jazz Band Festival.

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
If after the reboot the log does not open double click on it in the l2mfix folder.

MasterJ :tazz:
  • 0

#24
infliktah
Posted 25 February 2006 - 09:29 AM

infliktah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
L2mfix 010406
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (164 bytes security) (deflated 73%)
  • 0

#25
MasterJ
Posted 26 February 2006 - 04:10 PM

MasterJ

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,623 posts
Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive...ib/MSWINSCK.OCX
  • 0

Advertisements

#26
infliktah
Posted 26 February 2006 - 08:22 PM

infliktah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Look2Me-Destroyer V1.0.6

Scanning for infected files.....
Scan started at 2/25/2006 10:57:56 AM

Infected! C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074045.dll
Infected! C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074046.dll
Infected! C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074047.dll
Infected! C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074048.dll
Infected! C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074049.dll
Infected! C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074050.dll
Infected! C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074051.dll
Infected! C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074052.dll
Infected! C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074053.dll
Infected! C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074054.dll
Infected! C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074055.dll
Infected! C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074056.dll
Infected! C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074057.dll
Infected! C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074058.dll
Infected! C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074059.dll

Attempting to delete infected files...

Attempting to delete: C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074045.dll
C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074045.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074046.dll
C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074046.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074047.dll
C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074047.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074048.dll
C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074048.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074049.dll
C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074049.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074050.dll
C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074050.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074051.dll
C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074051.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074052.dll
C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074052.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074053.dll
C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074053.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074054.dll
C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074054.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074055.dll
C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074055.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074056.dll
C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074056.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074057.dll
C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074057.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074058.dll
C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074058.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074059.dll
C:\System Volume Information\_restore{11B05791-F16C-4D1D-990B-658E171605BC}\RP61\A0074059.dll Deleted successfully!

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded
  • 0

#27
MasterJ
Posted 27 February 2006 - 04:58 PM

MasterJ

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,623 posts
Please post a new Hijackthis log.
  • 0

#28
infliktah
Posted 01 March 2006 - 10:38 PM

infliktah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:38:27 PM, on 3/1/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Access Manager\app\TangoService.exe
C:\WINDOWS\winmgmc.exe
C:\Documents and Settings\Brandon1\Desktop\apps\HijackThis.exe

O2 - BHO: ADOUsefulNet Object - {22E85F2A-4A67-4835-B2C3-C575FE4EC322} - C:\WINDOWS\System32\pmnmj.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\yopyak.exe reg_run
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D26235C-B977-4564-8514-B22928DA66CE}: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEB044F9-39C8-4576-925F-A2BBC7895333}: NameServer = 67.69.184.135 206.47.244.51
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: pmnmj - C:\WINDOWS\System32\pmnmj.dll
O23 - Service: AppGateway - Unknown owner - C:\WINDOWS\alg.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SSMC (SpoolSvcw) - Unknown owner - C:\WINDOWS\spoolsc.exe (file missing)
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Bell\Access Manager\app\TangoService.exe
O23 - Service: windows virus scanner (windows antivirus) - Unknown owner - C:\WINDOWS\nav32.exe (file missing)
O23 - Service: windows kernel 386 (windows kernel) - Unknown owner - C:\WINDOWS\krnl386.exe (file missing)
O23 - Service: network monitoring tools (windows network) - Unknown owner - C:\WINDOWS\nvcr32.exe (file missing)
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Windows Logon (winlog) - Unknown owner - C:\WINDOWS\winlog.exe (file missing)
O23 - Service: Windows Control MnG (winmgmc) - Unknown owner - C:\WINDOWS\winmgmc.exe
  • 0

#29
MasterJ
Posted 01 March 2006 - 10:41 PM

MasterJ

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,623 posts
Vundofix has been updated.

Please download the updated VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
MasterJ :tazz:
  • 0

#30
infliktah
Posted 02 March 2006 - 09:03 PM

infliktah

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
VundoFix V4.0

Listing files found while scanning....



VundoFix V4.2.27
Scan started at 7:27:05 AM 3/2/2006

Listing files found while scanning....

C:\WINDOWS\system32\ursqn.dll
C:\WINDOWS\System32\wvwwu.dll
C:\WINDOWS\System32\uwwvw.ini
C:\WINDOWS\System32\uwwvw.bak2
C:\WINDOWS\System32\uwwvw.ini2
C:\WINDOWS\System32\pmnmj.dll
C:\WINDOWS\System32\jmnmp.ini
C:\WINDOWS\System32\jmnmp.bak1
C:\WINDOWS\System32\jmnmp.bak2

C:\WINDOWS\system32\jmnmp.bak1
C:\WINDOWS\system32\jmnmp.bak2
C:\WINDOWS\system32\jmnmp.ini
C:\WINDOWS\system32\pmnmj.dll
C:\WINDOWS\system32\uwwvw.ini2
C:\WINDOWS\system32\uwwvw.bak2
C:\WINDOWS\system32\uwwvw.ini
C:\WINDOWS\system32\uwwvw.ini2
C:\WINDOWS\system32\wvwwu.dll
Attempting to delete C:\WINDOWS\system32\ursqn.dll
C:\WINDOWS\system32\ursqn.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\wvwwu.dll
C:\WINDOWS\System32\wvwwu.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\uwwvw.ini
C:\WINDOWS\System32\uwwvw.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\uwwvw.bak2
C:\WINDOWS\System32\uwwvw.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\uwwvw.ini2
C:\WINDOWS\System32\uwwvw.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\pmnmj.dll
C:\WINDOWS\System32\pmnmj.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\jmnmp.ini
C:\WINDOWS\System32\jmnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\jmnmp.bak1
C:\WINDOWS\System32\jmnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\jmnmp.bak2
C:\WINDOWS\System32\jmnmp.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 10:03:10 PM, on 3/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Access Manager\app\TangoService.exe
C:\WINDOWS\wscntify.exe
C:\WINDOWS\winmgmc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Brandon1\Desktop\apps\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\yopyak.exe reg_run
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D26235C-B977-4564-8514-B22928DA66CE}: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEB044F9-39C8-4576-925F-A2BBC7895333}: NameServer = 67.69.184.135 206.47.244.51
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AppGateway - Unknown owner - C:\WINDOWS\alg.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SSMC (SpoolSvcw) - Unknown owner - C:\WINDOWS\spoolsc.exe (file missing)
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Bell\Access Manager\app\TangoService.exe
O23 - Service: windows virus scanner (windows antivirus) - Unknown owner - C:\WINDOWS\nav32.exe (file missing)
O23 - Service: windows kernel 386 (windows kernel) - Unknown owner - C:\WINDOWS\krnl386.exe (file missing)
O23 - Service: network monitoring tools (windows network) - Unknown owner - C:\WINDOWS\nvcr32.exe (file missing)
O23 - Service: security centre (windows security centre) - Unknown owner - C:\WINDOWS\wscntify.exe
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Windows Logon (winlog) - Unknown owner - C:\WINDOWS\winlog.exe (file missing)
O23 - Service: Windows Control MnG (winmgmc) - Unknown owner - C:\WINDOWS\winmgmc.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP