Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vx2.look2me / Hijackthis Log Included


  • Please log in to reply
5 replies to this topic

#1 Ice_man

Ice_man

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 28 November 2005 - 09:42 AM

Logfile of HijackThis v1.99.1
Scan saved at 6:47:12 AM, on 11/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\lsas.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Updater.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\1127816505\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1127816505\ee\AOLServiceHost.exe
c:\program files\common files\aol\1127816505\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1127816505\ee\AOLServiceHost.exe
C:\Program Files\NoteTab Light\NoteTab.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myyahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127816505\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/share...83/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/share...,20/McGDMgr.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab36116.cab
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\s0pu0a79ed.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: httpsecure (Explore HTTP server) - Unknown owner - C:\WINDOWS\lsas.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

other information ============================

Spyware Doctor Activity Report
Generated on 11/28/2005 6:24:11 AM
Spyware Doctor Homepage PC Tools Homepage Technical Support
Scans (basic information only):
Scan Results:
scan start: 11/28/2005 6:28:43 AM
scan stop: 11/28/2005 6:42:49 AM
scanned items: 114072
found items: 141
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner

Infection Name Location Risk
DelfinProject HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebDP High
DelfinProject HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebDP## High
DelfinProject HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebDP##DisplayName High
DelfinProject HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebDP##UninstallString High
DelfinProject HKLM\SOFTWARE\Imon High
DelfinProject HKLM\SOFTWARE\Imon## High
DelfinProject HKLM\SOFTWARE\Imon##Version High
DelfinProject HKLM\SOFTWARE\Imon##Install High
DelfinProject HKLM\SOFTWARE\Imon##Data High
DelfinProject HKLM\SOFTWARE\Imon##id High
DelfinProject HKLM\SOFTWARE\Imon##map High
DelfinProject HKLM\SOFTWARE\vidmon High
DelfinProject HKLM\SOFTWARE\vidmon## High
DelfinProject HKLM\SOFTWARE\vidmon##id High
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920} Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}## Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##Contact Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##DisplayName Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##DisplayVersion Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##NoModify Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##NoRemove Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##NoRepair Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##UninstallString Elevated
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WJYUI0N2\mower[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WJYUI0N2\whackadregion[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5526WNWU\PopupV2A[1].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WJYUI0N2\laptop[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5MD3ZMF6\freeinternetregion[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5MD3ZMF6\PopupV2A[4].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5526WNWU\unreliablehost[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5526WNWU\software02[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5526WNWU\dogs[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5MD3ZMF6\newhouseregion[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\1TQRNOZY\auto03[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\1TQRNOZY\laptop[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5526WNWU\cellphones03[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WJYUI0N2\newHouse[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\1TQRNOZY\PopupV2A[4].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5MD3ZMF6\PopupV2A[3].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5526WNWU\travel03[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WJYUI0N2\PopupV2A[1].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5526WNWU\PopupV2A[6].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WJYUI0N2\online_learning[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WJYUI0N2\auto03[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5MD3ZMF6\scale02[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\1TQRNOZY\no_popups[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5MD3ZMF6\newspaper[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WJYUI0N2\freeInternet[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5MD3ZMF6\online_learning[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5MD3ZMF6\software02[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\1TQRNOZY\PopupV2A[6].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5526WNWU\auto05[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WJYUI0N2\newspaper[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\1TQRNOZY\travel03[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WJYUI0N2\PopupV2A[5].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WJYUI0N2\homes03[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\1TQRNOZY\PopupV2A[2].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WJYUI0N2\no_popups[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WJYUI0N2\scale02[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WJYUI0N2\PopupV2A[4].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5MD3ZMF6\dogs[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5526WNWU\PopupV2A[3].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5MD3ZMF6\internet04[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5526WNWU\internet04[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\1TQRNOZY\PopupV2A[3].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WJYUI0N2\terrier[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WJYUI0N2\PopupV2A[6].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WJYUI0N2\PopupV2A[2].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5526WNWU\homes04[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5MD3ZMF6\homes03[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5MD3ZMF6\mower[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WJYUI0N2\PopupV2A[3].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\1TQRNOZY\PopupV2A[1].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5MD3ZMF6\laptop[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\1TQRNOZY\terrier[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WJYUI0N2\laptop[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\1TQRNOZY\cellphones03[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\1TQRNOZY\PopupV2A[5].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5MD3ZMF6\PopupV2A[2].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5MD3ZMF6\PopupV2A[1].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5MD3ZMF6\auto05[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\1TQRNOZY\homes04[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5MD3ZMF6\PopupV2A[5].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\1TQRNOZY\unreliablehost[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\1TQRNOZY\PopupV2A[7].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5526WNWU\PopupV2A[5].htm High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WJYUI0N2\auto02[1].rgn High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\1TQRNOZY\whackAd[1].swf High
VX2.Look2Me C:\DOCUME~1\Ian\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\1TQRNOZY\auto02[1].swf High
Advertising C:\Documents and Settings\Ian\Cookies\ian@1.primaryads[2].txt (Remnant) Low
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@2o7[2].txt (Remnant) Medium
Advertising C:\Documents and Settings\Ian\Cookies\ian@39398664[1].txt (Remnant) Low
Advertising C:\Documents and Settings\Ian\Cookies\ian@ads.addynamix[2].txt (Remnant) Low
Advertising C:\Documents and Settings\Ian\Cookies\ian@advertising[1].txt (Remnant) Low
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@atdmt[2].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@atwola[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@bizrate[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@bluestreak[2].txt (Remnant) Medium
Known Bad Sites C:\Documents and Settings\Ian\Cookies\ian@buy.rpts[2].txt (Remnant) High
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@buycom.122.2o7[2].txt (Remnant) Medium
Advertising C:\Documents and Settings\Ian\Cookies\ian@casalemedia[1].txt (Remnant) Low
Advertising C:\Documents and Settings\Ian\Cookies\ian@centrport[2].txt (Remnant) Low
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@cgi-bin[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@citi.bridgetrack[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@clubmom.122.2o7[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@did-it[1].txt (Remnant) Medium
Advertising C:\Documents and Settings\Ian\Cookies\ian@doubleclick[1].txt (Remnant) Low
Known Bad Sites C:\Documents and Settings\Ian\Cookies\ian@ea.rpts[1].txt (Remnant) High
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@edge.ru4[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@ehg-hyundaiusa.hitbox[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@ehg-nestleusainc.hitbox[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@hitbox[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@homestore[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@indextools[1].txt (Remnant) Medium
Known Bad Sites C:\Documents and Settings\Ian\Cookies\ian@link[1].txt (Remnant) High
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@login[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@maxserving[1].txt (Remnant) Medium
Advertising C:\Documents and Settings\Ian\Cookies\ian@mediaplex[1].txt (Remnant) Low
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@questionmarket[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@serving-sys[1].txt (Remnant) Medium
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@tradedoubler[1].txt (Remnant) Medium
eXact Advertising C:\Documents and Settings\Ian\Cookies\ian@trafficmp[2].txt (Remnant) Elevated
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@tribalfusion[1].txt (Remnant) Medium
Advertising C:\Documents and Settings\Ian\Cookies\ian@z1.adserver[1].txt (Remnant) Low
Tracking Cookie(s) C:\Documents and Settings\Ian\Cookies\ian@zedo[2].txt (Remnant) Medium
DelfinProject C:\WINDOWS\system32\nfomon High
DelfinProject C:\WINDOWS\system32\nfomon\License.txt High
DelfinProject C:\WINDOWS\system32\nfomon\nfo.ocx High
DelfinProject C:\WINDOWS\system32\nfomon\nfom.dll High
DelfinProject C:\WINDOWS\system32\nfomon\nfomon.exe High
SP2Update C:\WINDOWS\teller2.chk High
Trojan.Downloader.VB.RI C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0X6BKPI7\drsmartload[1].exe Elevated
Trojan.Downloader.VB.RI C:\drsmartload1.exe Elevated
DelfinProject C:\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe High
Trojan.Downloader.VB.RI C:\RECYCLER\S-1-5-21-613432328-2293213641-2430166593-1006\Dc83.exe Elevated
TargetSavers C:\RECYCLER\S-1-5-21-613432328-2293213641-2430166593-1006\Dc84.exe High
TargetSavers C:\RECYCLER\S-1-5-21-613432328-2293213641-2430166593-1006\Dc85.exe High
TargetSavers C:\RECYCLER\S-1-5-21-613432328-2293213641-2430166593-1006\Dc86.exe High
TargetSavers C:\RECYCLER\S-1-5-21-613432328-2293213641-2430166593-1006\Dc87.dll High
AproposMedia C:\WINDOWS\SYSTEM32\atmtd.dll Medium
AproposMedia C:\WINDOWS\SYSTEM32\atmtd.dll._ Medium


Other Sections:

Copyright 2003 PC Tools Research Pty Ltd. All rights reserved. Legal Notice



I downloaded L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe


But the post I read warn to do nothing unless you have the advice of a professional familiar with the programs and removal.

So I need profession advice on running l2mfix.exe.

Thanks in advance

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:01 AM

Posted 28 November 2005 - 12:49 PM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log

David

#3 Ice_man

Ice_man
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 29 November 2005 - 07:05 AM

Logfile of HijackThis v1.99.1
Scan saved at 7:01:19 AM, on 11/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\lsas.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Updater.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\1127816505\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1127816505\ee\AOLServiceHost.exe
c:\program files\common files\aol\1127816505\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1127816505\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myyahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127816505\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/share...83/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/share...,20/McGDMgr.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab36116.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: httpsecure (Explore HTTP server) - Unknown owner - C:\WINDOWS\lsas.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:01 AM

Posted 30 November 2005 - 03:23 PM

Fix this:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

How's everything running>?

David

#5 Ice_man

Ice_man
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 01 December 2005 - 11:54 AM

OK, thanks for the help.

Spysweep blocked another trojan last night, but my daughter was using the computer so I can't tell you what it was.

Everything seems to be OK, but I feel like I'm in a war zone.
The bad guys keep shooting at me and I have no way to shoot back, LOL

ice_man

PS - I'm sending a contribution, thanks again

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:01 AM

Posted 01 December 2005 - 01:36 PM

Enable restore points
Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Un-Check Turn off System Restore.
  • Click Apply
  • ClickOK.
{Update with SP2}
Visit Windows Update and follow the onscreen instructions to download and install SP2.
This is a time consuming process, even with a fast connection. If you use a dial-up connection you should consider getting a FREE copy
directly from Microsoft or get a friend with a fast connection to burn a copy of the upgrade to CD for you.

Update the OS regularly

Set up system to ensure a regular update of the Operating System.

Manually:

Visit Windows Update on a weekly/fortnightly REGULAR basis.

Automatically:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click on Automatic Updates
  • Check the option of choice (I use Automatic (Recommended)). If you use dial-up I would recommend using the
    Notify Me option so that you can download when you can afford the time and bandwidth overheads.
  • Select the Day/Time of choice
  • Click Apply
  • Click OK


Secure your web browser
  • Open Internet Explorer and click on the Tools menu and then click on
    Options.
  • Click onSecurity
  • Click the Internet icon
  • Click onCustom Level.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • Change the Allow paste operations via script to Disable
  • Click on OK
  • Save (if asked).
  • Click on Apply button
  • Click on OK

Alternatively you could use another browser such as
Mozilla Firefox
Opera or
Netscape


Get Some Protection
The following programs are useful in the fight against Malware. Best of all, they're FREE.
Download and install any or all . Be warned though ---- Unless you keep them regularly updated you are living with a false
sense of security.
  • Ad-Aware SE - This is a
    program that scans for and removes known spyware from your machine.
  • Spybot Search &
    Destroy
    -Similar to Ad-Aware but more configurable and incorporates Teatime, a memory resident utility that protects the system
    registry. I recommend use both of these in tandem.
  • Spyware Blaster -
    Prevents the addition of ActiveX Controls on your machines by
    isolating the system registry.
  • IE_Spyad - Uses the inbuilt IE restriction policy to stop your browser
    from opening web pages in a much enhanced list of undesirable addresses.
    Tutorial
A good antiviral program is essential.AVG is one of the better known, and trusted, antivirals.

And Finally.........Lock the door with a Firewall . XP comes with its own simple firewall but I prefer to substitute it with
ZoneAlarm.
Remember, Paranoia is a state of mind.
I mind who watches me.


David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users