Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firstadsolution Popups


  • Please log in to reply
7 replies to this topic

#1 hashan

hashan

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 28 March 2006 - 11:44 AM

here's my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 19:42:40, on 28.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\M-Audio Audiophile USB\Dmn\ma003dmn.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\Sam\LOCALS~1\Temp\Rar$EX00.265\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MA003DMN.LNK = C:\Program Files\M-Audio Audiophile USB\Dmn\ma003dmn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\ir2ol5f31.dll
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

BC AdBot (Login to Remove)

 


#2 Cloutz

Cloutz

    The Malware Killa


  • Members
  • 150 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec
  • Local time:07:01 PM

Posted 29 March 2006 - 05:05 PM

Hello hashan,

Welcome to BleepingComputer!

My name is Nick and I will be checking over your log.

You will want to print or save these instructions.

Moving HijackThis to a permanent folder
  • Since HijackThis makes backups of any entries you fix, you should create a folder just to hold the HijackThis program and its backups, so the backups and the program are not accidentally deleted.
  • Click Start.
  • Open My Computer.
  • Double-Click on C:/.
  • Select the File menu and select New > Folder
  • Name the folder "HijackThis" or "HJT"
  • Move the HijackThis.exe exacutable into the new folder
Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of Look2Me-Destroyer.txt (it can be found wherever you saved Look2Me-Destroyer.exe) and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

Thanks,
Nick :thumbsup:
BleepingComputer
Posted Image Did I help? Please consider a small donation via paypal. Thank You.

Ad-Aware SE|CWShredder|Spybot S&D|Ewido Security Suite|HijackThis 1.99.1

Please don't PM me asking for help. The forums are there for a reason.

Cloutz© 2006

#3 hashan

hashan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 31 March 2006 - 07:34 AM

hi, and thanks for your valuable advices Nick!

i scanned my system with the Look2Me-destroyer, and also ran the hijackThis.exe

here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 15:30:05, on 31.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\M-Audio Audiophile USB\Dmn\ma003dmn.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MA003DMN.LNK = C:\Program Files\M-Audio Audiophile USB\Dmn\ma003dmn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE


------------------------------------------------------------------------------------------------------------------------

here's the Look2Me-Destroyer txt.-file:


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 31.3.2006 15:21:02

Infected! C:\WINDOWS\system32\fpnq0355e.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP394\A0084066.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP397\A0084141.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP397\A0084147.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP397\A0084180.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084249.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084290.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084297.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084380.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084395.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084467.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084516.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084527.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084573.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084626.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084653.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084679.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084737.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084774.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084775.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084776.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084777.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084778.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084781.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084816.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0084847.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085477.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085478.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085479.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085480.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085481.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085482.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085483.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085484.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085487.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085488.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085520.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP400\A0085558.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP400\A0085565.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085569.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085570.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085582.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085606.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085625.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085671.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085704.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085774.dll
Infected! C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP402\A0085856.dll
Infected! C:\WINDOWS\system32\fpnq0355e.dll
Infected! C:\WINDOWS\system32\fxntsub.dll
Infected! C:\WINDOWS\system32\gpl4l33q1.dll
Infected! C:\WINDOWS\system32\kkdkyr.dll
Infected! C:\WINDOWS\system32\mzwstr10.dll
Infected! C:\WINDOWS\system32\ngtapi32.dll
Infected! C:\WINDOWS\system32\opmanage.dll
Infected! C:\WINDOWS\system32\p8p6li7s18.dll
Infected! C:\WINDOWS\system32\sjlogcfg.dll
Infected! C:\WINDOWS\system32\wzvcore2.dll
Infected! C:\WINDOWS\system32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\fpnq0355e.dll
C:\WINDOWS\system32\fpnq0355e.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP394\A0084066.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP394\A0084066.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP397\A0084141.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP397\A0084141.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP397\A0084147.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP397\A0084147.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP397\A0084180.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP397\A0084180.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084249.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084249.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084290.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084290.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084297.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084297.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084380.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084380.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084395.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084395.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084467.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084467.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084516.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084516.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084527.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084527.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084573.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084573.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084626.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084626.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084653.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084653.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084679.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084679.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084737.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084737.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084774.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084774.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084775.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084775.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084776.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084776.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084777.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084777.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084778.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084778.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084781.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084781.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084816.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP398\A0084816.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0084847.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0084847.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085477.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085477.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085478.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085478.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085479.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085479.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085480.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085480.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085481.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085481.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085482.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085482.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085483.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085483.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085484.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085484.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085487.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085487.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085488.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085488.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085520.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP399\A0085520.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP400\A0085558.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP400\A0085558.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP400\A0085565.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP400\A0085565.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085569.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085569.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085570.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085570.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085582.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085582.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085606.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085606.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085625.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085625.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085671.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085671.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085704.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085704.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085774.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP401\A0085774.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP402\A0085856.dll
C:\System Volume Information\_restore{10A3C65C-E82D-461C-AD58-22F84C30E35F}\RP402\A0085856.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\fpnq0355e.dll
C:\WINDOWS\system32\fpnq0355e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\fxntsub.dll
C:\WINDOWS\system32\fxntsub.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\gpl4l33q1.dll
C:\WINDOWS\system32\gpl4l33q1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kkdkyr.dll
C:\WINDOWS\system32\kkdkyr.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mzwstr10.dll
C:\WINDOWS\system32\mzwstr10.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ngtapi32.dll
C:\WINDOWS\system32\ngtapi32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\opmanage.dll
C:\WINDOWS\system32\opmanage.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\p8p6li7s18.dll
C:\WINDOWS\system32\p8p6li7s18.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\sjlogcfg.dll
C:\WINDOWS\system32\sjlogcfg.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\wzvcore2.dll
C:\WINDOWS\system32\wzvcore2.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A6423B72-2AFF-4AB5-939A-5CA20931E9EC}"
HKCR\Clsid\{A6423B72-2AFF-4AB5-939A-5CA20931E9EC}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{82AA42A5-E6A8-4D07-B6FF-E7A51F47EF3D}"
HKCR\Clsid\{82AA42A5-E6A8-4D07-B6FF-E7A51F47EF3D}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{81559C35-8464-49F7-BB0E-07A383BEF910}"
HKCR\Clsid\{81559C35-8464-49F7-BB0E-07A383BEF910}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FC881FE4-16D1-4C1F-9F1B-2204A2D2EA8A}"
HKCR\Clsid\{FC881FE4-16D1-4C1F-9F1B-2204A2D2EA8A}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{595D25F7-58C3-4479-B8AB-DD69B51AF727}"
HKCR\Clsid\{595D25F7-58C3-4479-B8AB-DD69B51AF727}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{ACAEBAAF-29D7-4785-A4AE-D466B7BA46E9}"
HKCR\Clsid\{ACAEBAAF-29D7-4785-A4AE-D466B7BA46E9}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DEDCEBED-A0E3-4ED0-894D-C169EE0D4A7B}"
HKCR\Clsid\{DEDCEBED-A0E3-4ED0-894D-C169EE0D4A7B}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{426897E0-F916-4E98-AB12-E6229D3EB335}"
HKCR\Clsid\{426897E0-F916-4E98-AB12-E6229D3EB335}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{56FB6791-D881-478E-A89A-197EFDDBD817}"
HKCR\Clsid\{56FB6791-D881-478E-A89A-197EFDDBD817}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{ECF9B472-1096-404B-88CD-0824A84D3777}"
HKCR\Clsid\{ECF9B472-1096-404B-88CD-0824A84D3777}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AE27305F-D9F0-4624-B6F2-CA97AF56EA71}"
HKCR\Clsid\{AE27305F-D9F0-4624-B6F2-CA97AF56EA71}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5D5CAA4D-5AC5-4202-A3D5-535E591F87A7}"
HKCR\Clsid\{5D5CAA4D-5AC5-4202-A3D5-535E591F87A7}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4C404BAF-847C-4906-A9FA-ACE81FDCF97D}"
HKCR\Clsid\{4C404BAF-847C-4906-A9FA-ACE81FDCF97D}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{29029EE2-CFB9-41B5-BDD0-C4906868923F}"
HKCR\Clsid\{29029EE2-CFB9-41B5-BDD0-C4906868923F}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D9677740-7C54-4907-B5AB-A03F35EDF901}"
HKCR\Clsid\{D9677740-7C54-4907-B5AB-A03F35EDF901}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B04EDCE1-72F8-4CB7-8091-11B403441995}"
HKCR\Clsid\{B04EDCE1-72F8-4CB7-8091-11B403441995}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{810B8FCB-4B95-4C6E-BC7E-0F6FEBBC96C2}"
HKCR\Clsid\{810B8FCB-4B95-4C6E-BC7E-0F6FEBBC96C2}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{879DA838-D26B-4AC9-AEFE-45A5C72A355E}"
HKCR\Clsid\{879DA838-D26B-4AC9-AEFE-45A5C72A355E}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6A9DBDFC-B8F8-4D57-9FCF-5E4487194A6E}"
HKCR\Clsid\{6A9DBDFC-B8F8-4D57-9FCF-5E4487194A6E}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{225243D2-19D5-403C-86B0-32E330083A8D}"
HKCR\Clsid\{225243D2-19D5-403C-86B0-32E330083A8D}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F5CB7730-F690-4B66-B310-D883D4B0AA3F}"
HKCR\Clsid\{F5CB7730-F690-4B66-B310-D883D4B0AA3F}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9B97D77D-668F-44BA-8C54-21626583FF45}"
HKCR\Clsid\{9B97D77D-668F-44BA-8C54-21626583FF45}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E8C4375B-A6F0-4F57-A78A-6BC21122286C}"
HKCR\Clsid\{E8C4375B-A6F0-4F57-A78A-6BC21122286C}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2D8BED41-3988-41F8-BD98-0BC4DA51ADE9}"
HKCR\Clsid\{2D8BED41-3988-41F8-BD98-0BC4DA51ADE9}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{21A652CF-125D-4F70-9BF0-EBECBDFBCB46}"
HKCR\Clsid\{21A652CF-125D-4F70-9BF0-EBECBDFBCB46}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E4CD8851-4C84-474A-90DC-FE69AA682A82}"
HKCR\Clsid\{E4CD8851-4C84-474A-90DC-FE69AA682A82}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Järjestelmänvalvojat - Succeeded

-------------------------------------------------------------------------------------------------------------------------

thanks for the help

"hashan" :thumbsup:

#4 Cloutz

Cloutz

    The Malware Killa


  • Members
  • 150 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec
  • Local time:07:01 PM

Posted 01 April 2006 - 11:37 AM

Hi hashan,

Please open HijackThis and scan. Place a check next to the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
Close any open browsers and click "Fix Checked". Close hijackthis.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
How's your pc running?
Any more pop-ups?

Please inlcude the Activesan report along with a fresh HijackThis log.

Thanks,
Nick :thumbsup:
BleepingComputer
Posted Image Did I help? Please consider a small donation via paypal. Thank You.

Ad-Aware SE|CWShredder|Spybot S&D|Ewido Security Suite|HijackThis 1.99.1

Please don't PM me asking for help. The forums are there for a reason.

Cloutz© 2006

#5 hashan

hashan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 02 April 2006 - 02:00 PM

hi!

after destroying the look2me files the advertisements stopped popping up.
i think your first advice was the cure to my problem, but just to make sure
i followed the instructions in your second reply.

i think my pc is running fine... maybe a little slow with the heaviest software.

the panda scan reported the following:

Incident
Adware:adware/dollarrevenue
C:\WINDOWS\keyboard41.dat

Potentially unwanted tool:application/winantivirus2006
C:\PROGRAM FILES\COMMON FILES\WinAntiVirus Pro 2006

i manually deleted the winantivirus folder.

hashan :thumbsup:

#6 Cloutz

Cloutz

    The Malware Killa


  • Members
  • 150 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec
  • Local time:07:01 PM

Posted 02 April 2006 - 04:22 PM

Hello,

Please make sure you delete this file:
C:\WINDOWS\keyboard41.dat

Can you give me a fresh HijackThis log in your next reply?
Just wanna make sure you're all cleaned up :thumbsup:

Thanks,
Nick :flowers:
BleepingComputer
Posted Image Did I help? Please consider a small donation via paypal. Thank You.

Ad-Aware SE|CWShredder|Spybot S&D|Ewido Security Suite|HijackThis 1.99.1

Please don't PM me asking for help. The forums are there for a reason.

Cloutz© 2006

#7 hashan

hashan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 06 April 2006 - 05:46 PM

....and here's the hijack logfile for the gp's of my pc :thumbsup:


Logfile of HijackThis v1.99.1
Scan saved at 1:46:00, on 7.4.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\M-Audio Audiophile USB\Dmn\ma003dmn.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MA003DMN.LNK = C:\Program Files\M-Audio Audiophile USB\Dmn\ma003dmn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

#8 Cloutz

Cloutz

    The Malware Killa


  • Members
  • 150 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec
  • Local time:07:01 PM

Posted 06 April 2006 - 09:54 PM

Everything looks great, your HijackThis log appears to be CLEAN!!!

Here is a list of tools I like to suggest to users to prevent future infections.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware -Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! -Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Firefox- Internet Explorer is NOT the most secure browser. I highly recommend Firefox as a safer alternative.
Got infected by malware and want to let others know how you feel?
Register Your Complaint About Malware That Has Infected You Here. Let others know how you feel about malware.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

Glad I can help,
Nick
Posted Image Did I help? Please consider a small donation via paypal. Thank You.

Ad-Aware SE|CWShredder|Spybot S&D|Ewido Security Suite|HijackThis 1.99.1

Please don't PM me asking for help. The forums are there for a reason.

Cloutz© 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users