Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vx2 Problems I Think. Problems With Games That Have Punkbuster.


  • This topic is locked This topic is locked
8 replies to this topic

#1 PuddinTCB75

PuddinTCB75

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 20 June 2006 - 07:34 PM

This is my Hijackthis file.
I have run Adware and Spybot but the same stuff comes back there is always a couple.dlls that come back.
(Moderator edit: log posts moved to HJT Forum for team analysis and member help. jgweed)


ogfile of HijackThis v1.99.1
Scan saved at 8:33:14 PM, on 6/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PeerGuardian2\pg2.exe
E:\IMs\AIM\aim.exe
E:\IMs\Yahoo!\Messenger\YPager.exe
C:\Fraps\fraps.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\Pud\Desktop\HijackThis v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Startup: Banshee Screamer Alarm.lnk = C:\Alarms\Banshee Screamer Alarm V2.53\alarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\IMs\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\IMs\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\IMs\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.0.69.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase7617.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...708/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\i2jqlc151f.dll
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - (no file)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Here is my UNistall Log as well from Hijack this.


1602 A.D.
21CW1.0
Ad-Aware SE Personal
Adobe Photoshop 7.0
Adobe Reader 7.0.7
Age of Empires III
America's Army
AOL Instant Messenger
ATC for Battlefield 2 1.0
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATITool Overclocking Utility
Audacity 1.2.3
Bandwidth Monitor Pro
Banshee Screamer Alarm
Battlefield 2™
Battleground Europe: WWIIOL
Battleracer 1.2
BF2 Editor
BF2C 1.0
Call of Duty - United Offensive
Call of Duty Game of the Year Edition
Call of Duty® 2
Call of Duty® 2 Demo
Civilization III
Civilization III - Play the World v1.27F
Civilization III Play the World
Civilization III v1.29f
Command & Conquer Generals
Crimson Skies © Microsoft
CuteFTP 5.0 XP
EA SPORTS online 2006
EndItAll 2.0
EVEREST Home Edition v1.51
EverQuest II
Fallout
Fallout Tactics
Fallout2
FilePlanet Download Manager 2.1
Fraps (remove only)
Galactic Civilizations
GameSpy Arcade
GTA San Andreas
Guild Wars
Hamachi 0.9.9.9
Hegemonia (remove only)
Heroes of Might and Magic V Demo
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 4
K-Lite Mega Codec Pack 1.16
LG VX8000 USB-Handset Manager
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Logitech ImageStudio
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Flash Player 8
Macromedia Shockwave Player
Madden NFL 06
Maxthon Browser (remove only)
Microsoft .NET Framework 1.1
Microsoft MapPoint North America 2004
Microsoft Office Professional Edition 2003
Microsoft Rise Of Nations
mIRC
MSN Messenger 7.5
MYIE2 Browser (remove only)
NAVYFIELD
Need for Speed Underground 2
Norton AntiVirus 2003 Professional Edition
Norton Ghost
Norton WMI Update
NVIDIA Cg Compiler 1.2
NVIDIA Drivers
Pacific Fighters
PeerGuardian 2.0
PF+FB+AEP
PlayGATE Setup
Realtek AC'97 Audio
Rise of Nations Thrones and Patriots
Rome - Total War™
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
SETI@home
Sid Meier's Civilization 4
Sid Meier's SimGolf
SiSoftware Sandra Lite 2005 (Win64/32/CE)
Sound Blaster Extigy
Spybot - Search & Destroy 1.3
SST Programming Software
Star Trek Starfleet Command III
Star Wars Empire at War
Starcraft
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
ubi.com
Update for Windows XP (KB898461)
Ventrilo Client
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VoptXP v7.13
WinAVIVideoConverter
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Live Safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
World of Warcraft
X2 - The Threat
X˛-Plugins, v1.03.01
X3 Reunion
Xfire (remove only)
Yahoo! Internet Mail
Yahoo! Messenger

Edited by PuddinTCB75, 20 June 2006 - 07:40 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:31 PM

Posted 21 June 2006 - 08:51 AM

Hello,

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
    (If Look2Me-Destroyer does not reopen automatically, reboot and try again.)
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of Look2Me-Destroyer.txt present on your desktop and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

Concerning your issue with Games and punkbuster, better to start a new thread about that in the Games Forum here.
Keep in mind, when Punkbuster is being used, you won't be able to play certain games, because it prevents you using the tweaks.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 PuddinTCB75

PuddinTCB75
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 21 June 2006 - 08:40 PM

L2 Me Log


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 6/21/2006 9:32:01 PM

Infected! C:\WINDOWS\system32\n6l80g3ue6.dll
Infected! C:\RECYCLER\NPROTECT\00022355.dll
Infected! C:\System Volume Information\_restore{B116264E-8917-4875-B7EB-EA6A105F772F}\RP386\A0196204.dll
Infected! C:\System Volume Information\_restore{B116264E-8917-4875-B7EB-EA6A105F772F}\RP386\A0197208.dll
Infected! C:\System Volume Information\_restore{B116264E-8917-4875-B7EB-EA6A105F772F}\RP386\A0198209.dll
Infected! C:\WINDOWS\system32\avi2dvag.dll
Infected! C:\WINDOWS\system32\aza80e7ueh.dll
Infected! C:\WINDOWS\system32\d40m0ed1eh0.dll
Infected! C:\WINDOWS\system32\dn2401fqe.dll
Infected! C:\WINDOWS\system32\dn2u01f9e.dll
Infected! C:\WINDOWS\system32\dnr2019oe.dll
Infected! C:\WINDOWS\system32\e0202afmgd2a2.dll
Infected! C:\WINDOWS\system32\en46l1hs1.dll
Infected! C:\WINDOWS\system32\en60l1jm1.dll
Infected! C:\WINDOWS\system32\en62l1jo1.dll
Infected! C:\WINDOWS\system32\enlul1391.dll
Infected! C:\WINDOWS\system32\enr0l19m1.dll
Infected! C:\WINDOWS\system32\enrsl1971.dll
Infected! C:\WINDOWS\system32\f22m0cf1ef2.dll
Infected! C:\WINDOWS\system32\f42m0ef1eh2.dll
Infected! C:\WINDOWS\system32\fiamebuf.dll
Infected! C:\WINDOWS\system32\fp4o03h3e.dll
Infected! C:\WINDOWS\system32\fp6m03j1e.dll
Infected! C:\WINDOWS\system32\fpls0337e.dll
Infected! C:\WINDOWS\system32\fpn6035se.dll
Infected! C:\WINDOWS\system32\gpnul3591.dll
Infected! C:\WINDOWS\system32\h60q0gd5e60.dll
Infected! C:\WINDOWS\system32\h62o0gf3e62.dll
Infected! C:\WINDOWS\system32\hr4005hme.dll
Infected! C:\WINDOWS\system32\hrn8055ue.dll
Infected! C:\WINDOWS\system32\i0nmla511d.dll
Infected! C:\WINDOWS\system32\irl2l53o1.dll
Infected! C:\WINDOWS\system32\irrsl5971.dll
Infected! C:\WINDOWS\system32\isq.dll
Infected! C:\WINDOWS\system32\j8p0li7m18.dll
Infected! C:\WINDOWS\system32\jt8m07l1e.dll
Infected! C:\WINDOWS\system32\jtn2075oe.dll
Infected! C:\WINDOWS\system32\k0pm0a71ed.dll
Infected! C:\WINDOWS\system32\ktpsl7771.dll
Infected! C:\WINDOWS\system32\l26olcj31fo.dll
Infected! C:\WINDOWS\system32\l44qleh51h4.dll
Infected! C:\WINDOWS\system32\l48mlel11hq.dll
Infected! C:\WINDOWS\system32\l60u0gd9e60.dll
Infected! C:\WINDOWS\system32\l8p20i7oe8.dll
Infected! C:\WINDOWS\system32\lpefx12n.dll
Infected! C:\WINDOWS\system32\lv8q09l5e.dll
Infected! C:\WINDOWS\system32\lvl4093qe.dll
Infected! C:\WINDOWS\system32\m4po0e73eh.dll
Infected! C:\WINDOWS\system32\mad32.dll
Infected! C:\WINDOWS\system32\melogmgr.dll
Infected! C:\WINDOWS\system32\mv06l9ds1.dll
Infected! C:\WINDOWS\system32\mv0ml9d11.dll
Infected! C:\WINDOWS\system32\mv66l9js1.dll
Infected! C:\WINDOWS\system32\mvnql9551.dll
Infected! C:\WINDOWS\system32\mztask.dll
Infected! C:\WINDOWS\system32\n02ulaf91d2.dll
Infected! C:\WINDOWS\system32\n0l8la3u1d.dll
Infected! C:\WINDOWS\system32\o248lchu1f48.dll
Infected! C:\WINDOWS\system32\o2840clqefqe0.dll
Infected! C:\WINDOWS\system32\o4840elqehqe0.dll
Infected! C:\WINDOWS\system32\o6lulg3916.dll
Infected! C:\WINDOWS\system32\o8pqli7518.dll
Infected! C:\WINDOWS\system32\pbofmap.dll
Infected! C:\WINDOWS\system32\q0rqla951d.dll
Infected! C:\WINDOWS\system32\r0p8la7u1d.dll
Infected! C:\WINDOWS\system32\r4p80e7ueh.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\n6l80g3ue6.dll
C:\WINDOWS\system32\n6l80g3ue6.dll could not be deleted!

Attempting to delete: C:\RECYCLER\NPROTECT\00022355.dll
C:\RECYCLER\NPROTECT\00022355.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{B116264E-8917-4875-B7EB-EA6A105F772F}\RP386\A0196204.dll
C:\System Volume Information\_restore{B116264E-8917-4875-B7EB-EA6A105F772F}\RP386\A0196204.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{B116264E-8917-4875-B7EB-EA6A105F772F}\RP386\A0197208.dll
C:\System Volume Information\_restore{B116264E-8917-4875-B7EB-EA6A105F772F}\RP386\A0197208.dll could not be deleted!

Attempting to delete: C:\System Volume Information\_restore{B116264E-8917-4875-B7EB-EA6A105F772F}\RP386\A0198209.dll
C:\System Volume Information\_restore{B116264E-8917-4875-B7EB-EA6A105F772F}\RP386\A0198209.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\avi2dvag.dll
C:\WINDOWS\system32\avi2dvag.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\aza80e7ueh.dll
C:\WINDOWS\system32\aza80e7ueh.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\d40m0ed1eh0.dll
C:\WINDOWS\system32\d40m0ed1eh0.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\dn2401fqe.dll
C:\WINDOWS\system32\dn2401fqe.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\dn2u01f9e.dll
C:\WINDOWS\system32\dn2u01f9e.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\dnr2019oe.dll
C:\WINDOWS\system32\dnr2019oe.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\e0202afmgd2a2.dll
C:\WINDOWS\system32\e0202afmgd2a2.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\en46l1hs1.dll
C:\WINDOWS\system32\en46l1hs1.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\en60l1jm1.dll
C:\WINDOWS\system32\en60l1jm1.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\en62l1jo1.dll
C:\WINDOWS\system32\en62l1jo1.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\enlul1391.dll
C:\WINDOWS\system32\enlul1391.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\enr0l19m1.dll
C:\WINDOWS\system32\enr0l19m1.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\enrsl1971.dll
C:\WINDOWS\system32\enrsl1971.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\f22m0cf1ef2.dll
C:\WINDOWS\system32\f22m0cf1ef2.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\f42m0ef1eh2.dll
C:\WINDOWS\system32\f42m0ef1eh2.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\fiamebuf.dll
C:\WINDOWS\system32\fiamebuf.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\fp4o03h3e.dll
C:\WINDOWS\system32\fp4o03h3e.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\fp6m03j1e.dll
C:\WINDOWS\system32\fp6m03j1e.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\fpls0337e.dll
C:\WINDOWS\system32\fpls0337e.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\fpn6035se.dll
C:\WINDOWS\system32\fpn6035se.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\gpnul3591.dll
C:\WINDOWS\system32\gpnul3591.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\h60q0gd5e60.dll
C:\WINDOWS\system32\h60q0gd5e60.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\h62o0gf3e62.dll
C:\WINDOWS\system32\h62o0gf3e62.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\hr4005hme.dll
C:\WINDOWS\system32\hr4005hme.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\hrn8055ue.dll
C:\WINDOWS\system32\hrn8055ue.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\i0nmla511d.dll
C:\WINDOWS\system32\i0nmla511d.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\irl2l53o1.dll
C:\WINDOWS\system32\irl2l53o1.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\irrsl5971.dll
C:\WINDOWS\system32\irrsl5971.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\isq.dll
C:\WINDOWS\system32\isq.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\j8p0li7m18.dll
C:\WINDOWS\system32\j8p0li7m18.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\jt8m07l1e.dll
C:\WINDOWS\system32\jt8m07l1e.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\jtn2075oe.dll
C:\WINDOWS\system32\jtn2075oe.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\k0pm0a71ed.dll
C:\WINDOWS\system32\k0pm0a71ed.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\ktpsl7771.dll
C:\WINDOWS\system32\ktpsl7771.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\l26olcj31fo.dll
C:\WINDOWS\system32\l26olcj31fo.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\l44qleh51h4.dll
C:\WINDOWS\system32\l44qleh51h4.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\l48mlel11hq.dll
C:\WINDOWS\system32\l48mlel11hq.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\l60u0gd9e60.dll
C:\WINDOWS\system32\l60u0gd9e60.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\l8p20i7oe8.dll
C:\WINDOWS\system32\l8p20i7oe8.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\lpefx12n.dll
C:\WINDOWS\system32\lpefx12n.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\lv8q09l5e.dll
C:\WINDOWS\system32\lv8q09l5e.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\lvl4093qe.dll
C:\WINDOWS\system32\lvl4093qe.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\m4po0e73eh.dll
C:\WINDOWS\system32\m4po0e73eh.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\mad32.dll
C:\WINDOWS\system32\mad32.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\melogmgr.dll
C:\WINDOWS\system32\melogmgr.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\mv06l9ds1.dll
C:\WINDOWS\system32\mv06l9ds1.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\mv0ml9d11.dll
C:\WINDOWS\system32\mv0ml9d11.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\mv66l9js1.dll
C:\WINDOWS\system32\mv66l9js1.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\mvnql9551.dll
C:\WINDOWS\system32\mvnql9551.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\mztask.dll
C:\WINDOWS\system32\mztask.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\n02ulaf91d2.dll
C:\WINDOWS\system32\n02ulaf91d2.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\n0l8la3u1d.dll
C:\WINDOWS\system32\n0l8la3u1d.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\o248lchu1f48.dll
C:\WINDOWS\system32\o248lchu1f48.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\o2840clqefqe0.dll
C:\WINDOWS\system32\o2840clqefqe0.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\o4840elqehqe0.dll
C:\WINDOWS\system32\o4840elqehqe0.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\o6lulg3916.dll
C:\WINDOWS\system32\o6lulg3916.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\o8pqli7518.dll
C:\WINDOWS\system32\o8pqli7518.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\pbofmap.dll
C:\WINDOWS\system32\pbofmap.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\q0rqla951d.dll
C:\WINDOWS\system32\q0rqla951d.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\r0p8la7u1d.dll
C:\WINDOWS\system32\r0p8la7u1d.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\r4p80e7ueh.dll
C:\WINDOWS\system32\r4p80e7ueh.dll could not be deleted!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellScrap

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1CF6E75C-1BD5-48F0-9DB9-5452566DC1E5}"
HKCR\Clsid\{1CF6E75C-1BD5-48F0-9DB9-5452566DC1E5}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{469FFEEC-F73C-448A-92B7-95799CEB828D}"
HKCR\Clsid\{469FFEEC-F73C-448A-92B7-95799CEB828D}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AF615A16-D35B-4B45-95B8-2FC8F6B0F719}"
HKCR\Clsid\{AF615A16-D35B-4B45-95B8-2FC8F6B0F719}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D6F4D80E-E4B1-4583-8000-B53F067DA112}"
HKCR\Clsid\{D6F4D80E-E4B1-4583-8000-B53F067DA112}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D003D1F8-8BAD-474D-9F44-F777426E5468}"
HKCR\Clsid\{D003D1F8-8BAD-474D-9F44-F777426E5468}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3275E4EE-152D-4338-9030-422A64425272}"
HKCR\Clsid\{3275E4EE-152D-4338-9030-422A64425272}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{78FCB754-C75F-4E7E-94EE-DD66B43FFCDF}"
HKCR\Clsid\{78FCB754-C75F-4E7E-94EE-DD66B43FFCDF}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A17BF367-6E22-46BF-9687-AC45C504A5FE}"
HKCR\Clsid\{A17BF367-6E22-46BF-9687-AC45C504A5FE}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{53C13C02-C230-4F63-9D90-CE1D124B9106}"
HKCR\Clsid\{53C13C02-C230-4F63-9D90-CE1D124B9106}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FF8FF45C-0FA8-44E3-B2F8-3D3B51977587}"
HKCR\Clsid\{FF8FF45C-0FA8-44E3-B2F8-3D3B51977587}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F5DD5447-2891-4517-8033-16B3F034460D}"
HKCR\Clsid\{F5DD5447-2891-4517-8033-16B3F034460D}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D478D4FA-3CA3-4619-8342-69542CC4FDBB}"
HKCR\Clsid\{D478D4FA-3CA3-4619-8342-69542CC4FDBB}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D7EEF745-D7D0-4329-A9A7-38EE2290E0EF}"
HKCR\Clsid\{D7EEF745-D7D0-4329-A9A7-38EE2290E0EF}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3B9C9951-4E96-4D2A-B72C-AE1F4AE1A94A}"
HKCR\Clsid\{3B9C9951-4E96-4D2A-B72C-AE1F4AE1A94A}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0354F950-266F-480C-B3EA-B7885CCF30C3}"
HKCR\Clsid\{0354F950-266F-480C-B3EA-B7885CCF30C3}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3365516A-EEA9-4EAB-BB5E-AD8C2602431F}"
HKCR\Clsid\{3365516A-EEA9-4EAB-BB5E-AD8C2602431F}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DF343096-B4D1-489D-ABF5-434C767DBD45}"
HKCR\Clsid\{DF343096-B4D1-489D-ABF5-434C767DBD45}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded




New Hijack this txt

Logfile of HijackThis v1.99.1
Scan saved at 9:41:40 PM, on 6/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\Pud\Desktop\HijackThis v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Startup: Banshee Screamer Alarm.lnk = C:\Alarms\Banshee Screamer Alarm V2.53\alarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\IMs\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\IMs\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\IMs\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.0.69.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase7617.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...708/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - (no file)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by PuddinTCB75, 21 June 2006 - 08:42 PM.


#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:31 PM

Posted 22 June 2006 - 12:17 AM

Hello,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - (no file)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Also perform next...

Download Silent Runners
Unzip it to a permanent folder.
Start SilentRunners.vbs
When your antivirus is giving an alert, do not block this. Allow the script.
Please wait until it prompts you the scan is finished!
I need that log later.

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report together with the log from silent runners and a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 PuddinTCB75

PuddinTCB75
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 23 June 2006 - 11:00 PM

Silent Runners Log

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"PeerGuardian" = "C:\Program Files\PeerGuardian2\pg2.exe" ["Methlabs"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTStartup" = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run" ["Creative Technology Ltd."]
"SaiSmart" = "C:\Program Files\Saitek\Software\SaiSmart.exe" ["Saitek"]
"SaiMfd" = "C:\Program Files\Saitek\Software\SaiMfd.exe" ["Saitek"]
"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"
-> {HKLM...CLSID} = "PropPage Class"
\InProcServer32\(Default) = "C:\Program Files\Symantec\Norton Ghost 2003\GhoShExt.dll" ["Symantec Corporation"]
"{B446400D-0030-457b-8F64-422A19605186}" = "Logitech Gallery"
-> {HKLM...CLSID} = "Logitech Gallery"
\InProcServer32\(Default) = "C:\Program Files\Logitech\ImageStudio\NameSpc.dll" ["Logitech Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{8F7261D0-D2B9-11D2-9909-00605205B24C}" = "CuteFTP Shell Extension"
-> {HKLM...CLSID} = "CuteFTP Shell Extension"
\InProcServer32\(Default) = "e:\Apps\GlobalSCAPE\CuteFTP\Cuteshell.dll" ["GlobalSCAPE, Inc."]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "E:\IMs\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\K-Lite Codec Pack\Real\rpshell.dll" ["RealNetworks, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
-> {HKLM...CLSID} = "My Logitech Pictures"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Microsoft Office\OFFICE11\msohev.dll" [MS]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
CuteFTP\(Default) = "{8f7261d0-d2b9-11d2-9909-00605205b24c}"
-> {HKLM...CLSID} = "CuteFTP Shell Extension"
\InProcServer32\(Default) = "e:\Apps\GlobalSCAPE\CuteFTP\Cuteshell.dll" ["GlobalSCAPE, Inc."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "E:\IMs\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
CuteFTP\(Default) = "{8f7261d0-d2b9-11d2-9909-00605205b24c}"
-> {HKLM...CLSID} = "CuteFTP Shell Extension"
\InProcServer32\(Default) = "e:\Apps\GlobalSCAPE\CuteFTP\Cuteshell.dll" ["GlobalSCAPE, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Startup items in "Pud" & "All Users" startup folders:
-----------------------------------------------------

C:\Documents and Settings\Pud\Start Menu\Programs\Startup
"Banshee Screamer Alarm" -> shortcut to: "C:\Alarms\Banshee Screamer Alarm V2.53\alarm.exe" [null data]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Explorer Bars

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "E:\IMs\AIM\aim.exe" ["America Online, Inc."]

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\
"ButtonText" = "Yahoo! Messenger"
"MenuText" = "Yahoo! Messenger"
"Exec" = "E:\IMs\Yahoo!\MESSEN~1\YPager.exe" ["Yahoo! Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
GhostStartService, GhostStartService, "C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe" ["Symantec Corporation"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Norton AntiVirus Auto Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton Unerase Protection, NProtectService, ""C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE"" ["Symantec Corporation"]
StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
SymWMI Service, SymWSC, ""C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 171 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 8 seconds.
---------- (total run time: 206 seconds)










Panda Scan Log


Incident Status Location

Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Pud\Application Data\Sskcwrd.dll
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Pud\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv438.jar-78b6f9a-44a03b4a.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Pud\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv438.jar-78b6f9a-44a03b4a.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Pud\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv438.jar-78b6f9a-44a03b4a.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Pud\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv438.jar-78b6f9a-44a03b4a.zip[Parser.class]
Adware:adware/pacimedia Not disinfected C:\Documents and Settings\Pud\Desktop\Click to Find and Fix Errors.url
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Pud\Desktop\smitrem\smitRem\Process.exe
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\180461.tmp
Virus:Trj/Spamer.T Disinfected C:\Documents and Settings\Pud\Local Settings\Temp\18DD.tmp
Virus:Trj/Spammer.B Disinfected C:\Documents and Settings\Pud\Local Settings\Temp\18DE.tmp
Virus:Trj/MailSpy.A Disinfected C:\Documents and Settings\Pud\Local Settings\Temp\18DF.tmp
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@adopt.hbmediapro[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@adultfriendfinder[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@belnk[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@c.enhance[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@c.goclick[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@ccbill[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@com[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@doubleclick[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@findwhat[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@google.com[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@hitbox[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@i.screensavers[2].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@kmpads[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@microsofteup.112.2o7[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@microsoftwga.112.2o7[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@searchportal.information[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@stats1.reliablestats[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@target[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@webpower[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@www.burstbeacon[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\Cookies\pud@xiti[1].txt
Virus:Trj/Spammer.B Disinfected C:\Documents and Settings\Pud\Local Settings\Temp\EDAC.tmp
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\i18E9.tmp
Virus:Trj/Torpig.CC Disinfected C:\Documents and Settings\Pud\Local Settings\Temp\start.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\temp.fr0B34\Ssk.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\temp.fr0B34\SskBho.dll
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Pud\Local Settings\Temp\temp.fr0B34\SskFFCore.dll










New Hijack this Log

Logfile of HijackThis v1.99.1
Scan saved at 11:57:33 PM, on 6/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Fraps\fraps.exe
C:\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\Pud\Desktop\HijackThis v1.99.1.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Startup: Banshee Screamer Alarm.lnk = C:\Alarms\Banshee Screamer Alarm V2.53\alarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\IMs\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\IMs\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\IMs\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase7617.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:31 PM

Posted 24 June 2006 - 12:20 AM

Hello;

Your hijackthislog looks clean again. :thumbsup:

I see Panda already deleted some files as well.

Delete next files:

C:\Documents and Settings\Pud\Application Data\Sskcwrd.dll
C:\Documents and Settings\Pud\Desktop\Click to Find and Fix Errors.url

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Clearing Java Cache:
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Other Files
  • Click OK on Delete Temporary Files Window.

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
Let me know in your next reply how things are running now. :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 PuddinTCB75

PuddinTCB75
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 24 June 2006 - 09:17 PM

Your a god send. PunkBuster does not kick me anymore, cause the spyware was giving that false admistratoior deal. This is awsome and no ned to reformat. i have alot installed and such and it always takes about 3 months to get my stuff installed and get it back the way i enjoy it. Not to mention you rember the stuff you missed like logs of chats and pictures of friends and such.


So far my computer is running great. I had a "windows recovered from a serious error" but once i deleted that .dll that went away.

My videogames get slightly better frames, my ram is not as tied upp, no annoying popups. I will definitly recomend this to freidns and tell e to donate some cash as well, cause this was betetr then anything we have tried before. Free or paid for. I hope to bring you some well deserved busniess :-P

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:31 PM

Posted 25 June 2006 - 01:46 AM

Glad I could help. :thumbsup:

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

Also visit this Free Online Scanner for PC Health and Safety and Microsoft Security At Home for tips to Protect your Pc, Protect yourself and Protect your Family.

More info on how to prevent malware you can also find here (By Tony Klein)
and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

If you want to fight back the Malware Writers that have made your life a misery, please take a look here.

Happy surfing again! :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:31 PM

Posted 26 June 2006 - 01:33 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users