Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help With Vx2 Variant..logs Included


  • Please log in to reply
1 reply to this topic

#1 tragen

tragen

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 06 January 2006 - 01:40 PM

Ok.. so here the long story goes.. I installed a bad installer which pretty much loaded my computer with spyware.. I mean tons.. Most of it was caught by anti-spyware at first, and then later on.. however, I am still stuck with some pretty tricky problems. I think I narrowed it down to a VX2 varient problem.. the ad-ware vx2 search return the message saying it found a possibly unknown variant, and I think these are all to blame :


01/06/2006 12:58 PM 233,935 mtrating.dll
01/06/2006 12:55 PM 236,212 fpr0039me.dll
01/06/2006 12:23 PM 233,935 irpol5731.dll
01/06/2006 10:03 AM 236,174 prrfdisk.dll
01/06/2006 10:02 AM 235,850 ir80l5lm1.dll
01/05/2006 10:21 PM 235,850 MBC71DEU.DLL
01/05/2006 10:21 PM 236,980 g0lmla311d.dll
01/05/2006 02:14 PM 235,722 ir0ml5d11.dll
06/01/2005 09:49 AM 10,856 KGyGaAvL.sys

however, I have no idea how to get rid of these b*sterds..
any help would be greatly appreciated

here are my outputs :

Hijack This:
--------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:33:53 PM, on 1/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spyware Doctor_new\swdoctor.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\AppServ\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor_new\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Robert Polak\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\Program Files\Rational\Rational Test\nutcroot\bin\ncoeenv.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor_new\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104169727687
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\irpol5731.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MySQL - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProxyServer Service (ProxyServerService) - Rational Software - C:\Program Files\Rational\Rational Test\rtpxsr.exe
O23 - Service: Rational Test Agent Service (RationalTestAgentService) - Rational Software - C:\Program Files\Rational\Rational Test\rtpsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor_new\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe



-----End of Hijack This---------


Find IT..:
--------------------------------

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Documents and Settings\Robert Polak\Desktop\Find It NT-2K-XP

------- System Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 7CDD-DA7A

Directory of C:\WINDOWS\System32

01/06/2006 12:58 PM 233,935 mtrating.dll
01/06/2006 12:55 PM 236,212 fpr0039me.dll
01/06/2006 12:23 PM 233,935 irpol5731.dll
01/06/2006 10:03 AM 236,174 prrfdisk.dll
01/06/2006 10:02 AM 235,850 ir80l5lm1.dll
01/05/2006 10:21 PM 235,850 MBC71DEU.DLL
01/05/2006 10:21 PM 236,980 g0lmla311d.dll
01/05/2006 02:14 PM 235,722 ir0ml5d11.dll
06/01/2005 09:49 AM 10,856 KGyGaAvL.sys
04/29/2004 08:27 PM <DIR> Microsoft
04/05/2001 12:43 PM 94,208 msstkprp.dll
10 File(s) 1,989,722 bytes
1 Dir(s) 436,940,800 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is 7CDD-DA7A

Directory of C:\WINDOWS\System32

06/15/2005 08:25 PM <DIR> GroupPolicy
06/01/2005 09:49 AM 10,856 KGyGaAvL.sys
04/29/2004 07:58 PM 488 logonui.exe.manifest
04/29/2004 07:58 PM 488 WindowsLogon.manifest
04/29/2004 07:58 PM 749 cdplayer.exe.manifest
04/29/2004 07:58 PM 749 sapi.cpl.manifest
04/29/2004 07:58 PM 749 nwc.cpl.manifest
04/29/2004 07:58 PM 749 wuaucpl.cpl.manifest
04/29/2004 07:58 PM 749 ncpa.cpl.manifest
8 File(s) 15,577 bytes
1 Dir(s) 436,940,800 bytes free

------------ Files Named "Guard" ---------------

Volume in drive C has no label.
Volume Serial Number is 7CDD-DA7A

Directory of C:\WINDOWS\System32


------ Temp Files in System32 Directory ------

Volume in drive C has no label.
Volume Serial Number is 7CDD-DA7A

Directory of C:\WINDOWS\System32

01/28/2005 03:44 PM 5,525,504 setb13.tmp
03/31/2003 07:00 AM 2,577 CONFIG.TMP
2 File(s) 5,528,081 bytes
0 Dir(s) 436,940,800 bytes free

------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{5A682EA8-05CD-66B3-4377-B858CCB0BA65}"=""


------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\StillImage]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\irpol5731.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


------------- Locate.com Results -------------

C:\WINDOWS\SYSTEM32\
fpr003~1.dll Fri Jan 6 2006 12:55:46p ..S.R 236,212 230.68 K
g0lmla~1.dll Thu Jan 5 2006 10:21:16p ..S.R 236,980 231.43 K
ir0ml5~1.dll Thu Jan 5 2006 2:14:20p ..S.R 235,722 230.20 K
ir80l5~1.dll Fri Jan 6 2006 10:02:10a ..S.R 235,850 230.32 K
irpol5~1.dll Fri Jan 6 2006 12:23:42p ..S.R 233,935 228.45 K
mbc71deu.dll Thu Jan 5 2006 10:21:16p ..S.R 235,850 230.32 K
mtrating.dll Fri Jan 6 2006 12:58:02p ..S.R 233,935 228.45 K
prrfdisk.dll Fri Jan 6 2006 10:03:48a ..S.R 236,174 230.64 K

8 items found: 8 files, 0 directories.
Total of file sizes: 1,884,658 bytes 1.80 M

-------- Strings.exe Qoologic Results --------


--------- Strings.exe Aspack Results ---------

C:\WINDOWS\system32\MRT.exe: (ASPack)
C:\WINDOWS\system32\MRT.exe: (AsPack2k)
C:\WINDOWS\system32\MRT.exe: (ASPack 1.00b)
C:\WINDOWS\system32\MRT.exe: (ASPack 2.1)
C:\WINDOWS\system32\MRT.exe: (ASPack 2.12)
C:\WINDOWS\system32\MRT.exe: (ASPack 2.11)
C:\WINDOWS\system32\MRT.exe: (ASPack 2.000)
C:\WINDOWS\system32\MRT.exe: (ASPack 2.001)
C:\WINDOWS\system32\MRT.exe: (ASPack 2.11x)
C:\WINDOWS\system32\MRT.exe: ASPack2000
C:\WINDOWS\system32\MRT.exe: ASPack 1.61
C:\WINDOWS\system32\MRT.exe: ASPack 1.084
C:\WINDOWS\system32\MRT.exe: ASPack 1.083
C:\WINDOWS\system32\MRT.exe: ASPack 1.08.02b
C:\WINDOWS\system32\MRT.exe: ASPack 1.07b
C:\WINDOWS\system32\MRT.exe: ASPack 1.05b
C:\WINDOWS\system32\MRT.exe: ASPack 1.02
C:\WINDOWS\system32\MRT.exe: ASPACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\MRT.exe: aspACK
C:\WINDOWS\system32\ntdll.dll: .aspack

-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\\WINDOWS\\ATK0100\\Hcontrol.exe"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"BluetoothAuthenticationAgent"="rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent"
"SonyPowerCfg"="C:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"
"HKSERV.EXE"="C:\\Program Files\\Sony\\HotKey Utility\\HKserv.exe"
"ISBMgr.exe"="C:\\Program Files\\Sony\\ISB Utility\\ISBMgr.exe"
"VAIO Recovery"="C:\\WINDOWS\\Sonysys\\VAIO Recovery\\PartSeal.exe"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"ezShieldProtector for Px"="C:\\WINDOWS\\system32\\ezSP_Px.exe"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"NuTCSetupEnviron"="C:\\Program Files\\Rational\\Rational Test\\nutcroot\\bin\\ncoeenv.exe"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"




------End of Find It------------

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:24 PM

Posted 08 January 2006 - 11:50 AM

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users