Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Is Really Slow And Getting Alot Of Popups


  • Please log in to reply
13 replies to this topic

#1 helpme!!

helpme!!

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 10 July 2006 - 04:35 AM

hi

im new to this im in desperate help every 10mins or so i get lots of popups like fastclick.com and ad-wa-re.com im getting really fustrated ive tried mcaffe registry cleaner and macaffe stinger heres my log



Logfile of HijackThis v1.99.1
Scan saved at 9:26:29 p.m., on 10/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOCUME~1\11004\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\01ECIT0W\stng260[1].exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
D:\Settings\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.saintkentigern.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.saintkentigern.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://skcproxy/proxy1.pac
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [ThpSrv] c:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [TurboConnect] C:\PROGRA~1\TURBOC~1\TurboConnect.exe 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZC
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra 'Tools' menuitem: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.sk.edu
O17 - HKLM\Software\..\Telephony: DomainName = student.sk.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = student.sk.edu
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\ir42l5ho1.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)

plz help me!!! :thumbsup:

BC AdBot (Login to Remove)

 


m

#2 njustice

njustice

  • Security Colleague
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 10 July 2006 - 04:56 AM

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.downloads.subratam.org/l2mfix.exe
http://www.atribune.org/downloads/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe,
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.
Have I helped you? Please consider donating to help me continue my fight against malware Posted Image

#3 helpme!!

helpme!!
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 10 July 2006 - 05:06 AM

here ya go njustice!


L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\ir42l5ho1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{072C8A97-0B2E-3ABF-DFFD-2BBABB71924A}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel"
"{C4213067-97B3-4929-9B98-B5600FBBBA13}"="TouchED"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References"
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{E6C234C3-D4E0-4A5C-B440-4356153107A3}"=""
"{0C91DFF6-F8A6-4CEF-A8A4-912AEDEAA148}"=""
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"
"{644872B7-61B6-4459-B239-0126B3DD2AFD}"=""
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
"{AF20B58C-CB0A-46EB-B554-8A7FBE39F412}"=""
"{A83D5989-27CF-4CC8-BEB8-A91DDB4D5B70}"=""
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0C91DFF6-F8A6-4CEF-A8A4-912AEDEAA148}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C91DFF6-F8A6-4CEF-A8A4-912AEDEAA148}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C91DFF6-F8A6-4CEF-A8A4-912AEDEAA148}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C91DFF6-F8A6-4CEF-A8A4-912AEDEAA148}\InprocServer32]
@="blank"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{644872B7-61B6-4459-B239-0126B3DD2AFD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{644872B7-61B6-4459-B239-0126B3DD2AFD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{644872B7-61B6-4459-B239-0126B3DD2AFD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{644872B7-61B6-4459-B239-0126B3DD2AFD}\InprocServer32]
@="C:\\WINDOWS\\system32\\wxaservc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AF20B58C-CB0A-46EB-B554-8A7FBE39F412}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AF20B58C-CB0A-46EB-B554-8A7FBE39F412}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AF20B58C-CB0A-46EB-B554-8A7FBE39F412}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AF20B58C-CB0A-46EB-B554-8A7FBE39F412}\InprocServer32]
@="blank"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A83D5989-27CF-4CC8-BEB8-A91DDB4D5B70}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A83D5989-27CF-4CC8-BEB8-A91DDB4D5B70}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A83D5989-27CF-4CC8-BEB8-A91DDB4D5B70}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A83D5989-27CF-4CC8-BEB8-A91DDB4D5B70}\InprocServer32]
@="C:\\WINDOWS\\system32\\wtnshfhc.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
asferror.dll Tue 9 May 2006 22:26:32 A.... 7,168 7.00 K
audiodev.dll Tue 9 May 2006 22:26:34 A.... 267,776 261.50 K
bassmod.dll Wed 14 Jun 2006 20:01:28 A.... 34,308 33.50 K
bfsesrv.dll Tue 4 Jul 2006 12:58:42 ..S.R 237,038 231.48 K
blackbox.dll Tue 9 May 2006 20:59:14 A.... 585,216 571.50 K
browseui.dll Wed 10 May 2006 17:23:00 A.... 1,022,976 999.00 K
cdfview.dll Wed 10 May 2006 17:23:00 A.... 151,040 147.50 K
cdm.dll Tue 9 May 2006 10:50:00 A.... 75,736 73.96 K
cedial32.dll Fri 30 Jun 2006 8:53:54 ..S.R 236,012 230.48 K
cewmdm.dll Tue 9 May 2006 22:26:34 A.... 219,648 214.50 K
chrpol.dll Mon 26 Jun 2006 12:46:36 ..S.R 234,289 228.80 K
cudial32.dll Mon 3 Jul 2006 19:57:18 ..S.R 235,092 229.58 K
danim.dll Wed 10 May 2006 17:23:00 A.... 1,054,208 1.00 M
dgcprop2.dll Fri 30 Jun 2006 13:15:18 ..S.R 236,012 230.48 K
disrslvr.dll Tue 4 Jul 2006 9:22:46 ..S.R 237,038 231.48 K
divx.dll Fri 16 Jun 2006 9:55:04 A.... 620,180 605.64 K
divxwm~1.dll Wed 19 Apr 2006 12:04:54 A.... 12,288 12.00 K
divx_x~1.dll Fri 16 Jun 2006 9:55:04 A.... 778,240 760.00 K
divx_x~2.dll Fri 16 Jun 2006 9:55:04 A.... 778,240 760.00 K
divx_x~3.dll Fri 16 Jun 2006 9:55:04 A.... 761,856 744.00 K
dpl100.dll Thu 25 May 2006 10:46:44 A.... 90,112 88.00 K
dpu10.dll Thu 25 May 2006 10:46:44 A.... 294,912 288.00 K
dpu11.dll Thu 25 May 2006 10:46:44 A.... 294,912 288.00 K
dpugui10.dll Thu 25 May 2006 10:46:52 A.... 53,248 52.00 K
dpugui11.dll Thu 25 May 2006 10:46:44 A.... 593,920 580.00 K
dpus11.dll Thu 25 May 2006 10:46:44 A.... 344,064 336.00 K
dpv11.dll Thu 25 May 2006 10:46:44 A.... 57,344 56.00 K
drmv2clt.dll Tue 9 May 2006 21:00:02 A.... 1,350,656 1.29 M
dskern~1.dll Wed 31 May 2006 17:40:18 ..... 167,936 164.00 K
dtu100.dll Thu 25 May 2006 10:46:44 A.... 200,704 196.00 K
dxtmsft.dll Wed 10 May 2006 17:23:00 A.... 357,888 349.50 K
dxtrans.dll Wed 10 May 2006 17:23:00 A.... 205,312 200.50 K
e020la~1.dll Fri 7 Jul 2006 20:48:16 ..S.R 237,038 231.48 K
e820li~1.dll Sun 25 Jun 2006 22:45:08 ..S.R 235,300 229.79 K
ehetw.dll Tue 9 May 2006 20:57:06 A.... 11,264 11.00 K
ev.dll Wed 28 Jun 2006 10:55:32 ..S.R 236,012 230.48 K
extmgr.dll Wed 10 May 2006 17:23:00 A.... 55,808 54.50 K
f8l00i~1.dll Sun 2 Jul 2006 23:07:50 ..S.R 233,932 228.45 K
g4040e~1.dll Mon 10 Jul 2006 20:53:46 ..S.R 237,038 231.48 K
h263de~1.dll Fri 12 May 2006 21:08:56 A.... 143,360 140.00 K
h263en~1.dll Fri 12 May 2006 21:09:18 A.... 229,376 224.00 K
h@tkey~1.dll Sat 1 Jul 2006 20:08:18 A.... 20,480 20.00 K
i4lo0e~1.dll Wed 28 Jun 2006 16:53:16 ..S.R 236,012 230.48 K
iepeers.dll Wed 10 May 2006 17:23:00 A.... 251,392 245.50 K
imlmgicd.dll Wed 28 Jun 2006 13:14:44 ..S.R 236,012 230.48 K
insecsnp.dll Tue 4 Jul 2006 22:01:38 ..S.R 237,038 231.48 K
inseng.dll Wed 10 May 2006 17:23:00 A.... 96,256 94.00 K
ir42l5~1.dll Mon 10 Jul 2006 19:02:48 ..S.R 234,272 228.78 K
irl4l5~1.dll Fri 30 Jun 2006 11:34:38 ..S.R 236,012 230.48 K
irnol5~1.dll Tue 27 Jun 2006 13:26:38 ..S.R 233,925 228.44 K
iuengine.dll Tue 9 May 2006 10:50:00 A.... 198,616 193.96 K
j02qla~1.dll Tue 27 Jun 2006 10:55:34 ..S.R 236,012 230.48 K
jgdw400.dll Fri 2 Jun 2006 6:47:08 A.... 163,840 160.00 K
jgpl400.dll Fri 2 Jun 2006 6:47:08 A.... 27,648 27.00 K
jhbexec.dll Mon 10 Jul 2006 17:40:10 A.... 234,272 228.78 K
jscript.dll Thu 18 May 2006 17:24:26 A.... 450,560 440.00 K
jsproxy.dll Wed 10 May 2006 17:23:00 A.... 16,384 16.00 K
laprxy.dll Tue 9 May 2006 22:26:32 A.... 9,728 9.50 K
lcodc2~1.dll Fri 12 May 2006 23:47:28 A.... 65,536 64.00 K
lcodc2~2.dll Fri 12 May 2006 21:09:34 A.... 139,264 136.00 K
lcodcc~1.dll Fri 26 May 2006 18:38:22 A.... 331,776 324.00 K
lcodcc~2.dll Wed 26 Apr 2006 15:23:44 A.... 122,880 120.00 K
lcodcj~1.dll Mon 22 May 2006 19:17:22 A.... 106,496 104.00 K
ldecaac.dll Thu 27 Apr 2006 16:38:52 A.... 393,216 384.00 K
ldecaa~1.dll Thu 27 Apr 2006 16:35:30 A.... 278,528 272.00 K
ldech2~1.dll Tue 16 May 2006 20:06:52 A.... 192,581 188.07 K
ldech2~2.dll Tue 16 May 2006 20:08:40 A.... 98,304 96.00 K
ldech2~3.dll Mon 1 May 2006 20:48:22 A.... 118,784 116.00 K
ldecmpg4.dll Mon 17 Apr 2006 12:03:26 A.... 380,928 372.00 K
ldecmp~1.dll Thu 20 Apr 2006 15:16:26 A.... 131,072 128.00 K
ldecmp~2.dll Thu 20 Apr 2006 15:17:14 A.... 110,592 108.00 K
ldecmp~3.dll Mon 17 Apr 2006 12:03:32 A.... 327,680 320.00 K
ldecvo~1.dll Sun 28 May 2006 18:35:14 A.... 299,008 292.00 K
lef5e3~1.dll Mon 17 Apr 2006 12:04:04 A.... 405,504 396.00 K
legitc~1.dll Fri 2 Jun 2006 13:39:54 A.... 579,888 566.30 K
lencaac.dll Thu 27 Apr 2006 16:36:12 A.... 184,320 180.00 K
lencaa~1.dll Thu 27 Apr 2006 16:35:58 A.... 122,880 120.00 K
lencac3.dll Mon 17 Apr 2006 11:51:40 A.... 151,552 148.00 K
lencac~1.dll Mon 17 Apr 2006 11:51:28 A.... 65,536 64.00 K
lench2~1.dll Tue 16 May 2006 20:08:10 A.... 356,352 348.00 K
lench2~2.dll Tue 16 May 2006 20:08:30 A.... 139,264 136.00 K
lench2~3.dll Mon 1 May 2006 20:46:32 A.... 200,704 196.00 K
lencmpg4.dll Mon 17 Apr 2006 12:03:58 A.... 425,984 416.00 K
lencmp~1.dll Wed 24 May 2006 15:14:20 A.... 167,936 164.00 K
lencmp~2.dll Wed 24 May 2006 15:39:10 A.... 155,648 152.00 K
lencmp~3.dll Wed 24 May 2006 15:16:32 A.... 217,088 212.00 K
lencmp~4.dll Sat 20 May 2006 12:03:56 A.... 155,648 152.00 K
lencvo~1.dll Sun 28 May 2006 18:35:26 A.... 1,273,856 1.21 M
lfacs14n.dll Sun 4 Jun 2006 10:47:40 A.... 36,864 36.00 K
lfafp14n.dll Mon 1 May 2006 18:29:06 A.... 245,760 240.00 K
lfbmp14n.dll Sun 4 Jun 2006 10:48:28 A.... 36,864 36.00 K
lfcmp14n.dll Wed 26 Apr 2006 18:14:14 A.... 364,544 356.00 K
lfcmw14n.dll Wed 26 Apr 2006 18:14:34 A.... 417,792 408.00 K
lfdcr14n.dll Sun 4 Jun 2006 10:48:56 A.... 28,672 28.00 K
lffax14n.dll Thu 1 Jun 2006 13:02:18 A.... 81,920 80.00 K
lfflc14n.dll Mon 1 May 2006 18:30:50 A.... 45,056 44.00 K
lffpx14n.dll Sun 4 Jun 2006 10:49:44 A.... 61,440 60.00 K
lfgif14n.dll Sun 4 Jun 2006 10:49:52 A.... 40,960 40.00 K
lfiff14n.dll Sun 4 Jun 2006 10:50:00 A.... 32,768 32.00 K
lfj2k14n.dll Thu 1 Jun 2006 13:02:52 A.... 217,088 212.00 K
lfjbg14n.dll Sun 4 Jun 2006 10:50:16 A.... 69,632 68.00 K
lfkdc14n.dll Sun 4 Jun 2006 10:50:18 A.... 24,576 24.00 K
lflmb14n.dll Mon 29 May 2006 16:14:28 A.... 32,768 32.00 K
lfmac14n.dll Sun 4 Jun 2006 10:50:18 A.... 24,576 24.00 K
lfpcd14n.dll Sun 4 Jun 2006 10:50:36 A.... 24,576 24.00 K
lfpct14n.dll Sun 4 Jun 2006 10:50:44 A.... 61,440 60.00 K
lfpcx14n.dll Sun 4 Jun 2006 10:50:46 A.... 32,768 32.00 K
lfpng14n.dll Mon 1 May 2006 18:32:36 A.... 102,400 100.00 K
lfpnm14n.dll Sun 4 Jun 2006 10:51:04 A.... 28,672 28.00 K
lfpsd14n.dll Mon 1 May 2006 18:32:44 A.... 45,056 44.00 K
lfptk14n.dll Sun 4 Jun 2006 10:51:18 A.... 45,056 44.00 K
lfras14n.dll Sun 4 Jun 2006 10:51:20 A.... 28,672 28.00 K
lfsgi14n.dll Sun 4 Jun 2006 10:51:44 A.... 28,672 28.00 K
lftga14n.dll Sun 4 Jun 2006 10:52:20 A.... 28,672 28.00 K
lftif14n.dll Wed 26 Apr 2006 18:14:42 A.... 147,456 144.00 K
lfwmf14n.dll Sun 4 Jun 2006 10:52:32 A.... 32,768 32.00 K
lfwmp14n.dll Sun 4 Jun 2006 10:52:36 A.... 24,576 24.00 K
lfxbm14n.dll Sun 4 Jun 2006 10:52:42 A.... 28,672 28.00 K
lfxpm14n.dll Sun 4 Jun 2006 10:52:46 A.... 36,864 36.00 K
libdivx.dll Thu 25 May 2006 10:43:44 A.... 1,044,480 1020.00 K
lmachrs.dll Sun 28 May 2006 18:20:56 A.... 139,264 136.00 K
lmaecho.dll Sun 28 May 2006 18:23:50 A.... 139,264 136.00 K
lmaflng.dll Sun 28 May 2006 18:24:34 A.... 147,456 144.00 K
lmampg~1.dll Sun 28 May 2006 18:31:34 A.... 102,400 100.00 K
lmaphase.dll Sun 28 May 2006 18:33:36 A.... 147,456 144.00 K
lmavol.dll Sun 28 May 2006 18:35:04 A.... 126,976 124.00 K
lmavum~1.dll Sun 28 May 2006 18:35:58 A.... 122,880 120.00 K
lmisodmx.dll Tue 23 May 2006 10:14:34 A.... 86,016 84.00 K
lmisomux.dll Sun 23 Apr 2006 13:01:32 A.... 86,016 84.00 K
lmj2k2.dll Mon 22 May 2006 19:17:02 A.... 180,224 176.00 K
lmmpg1~1.dll Mon 17 Apr 2006 12:04:36 A.... 61,440 60.00 K
lmmpg2~1.dll Tue 23 May 2006 14:46:22 A.... 73,728 72.00 K
lmoggmux.dll Sun 28 May 2006 10:39:34 A.... 172,032 168.00 K
lmoggspl.dll Sun 28 May 2006 18:33:24 A.... 196,608 192.00 K
lmvadd.dll Sun 28 May 2006 18:19:00 A.... 102,400 100.00 K
lmvaut~1.dll Sun 28 May 2006 18:19:44 A.... 94,208 92.00 K
lmvaut~2.dll Sun 28 May 2006 18:20:00 A.... 94,208 92.00 K
lmvaut~3.dll Sun 28 May 2006 18:20:14 A.... 94,208 92.00 K
lmvclr.dll Sun 28 May 2006 18:20:30 A.... 143,360 140.00 K
lmvclrrp.dll Sun 28 May 2006 18:21:10 A.... 110,592 108.00 K
lmvcrop2.dll Sun 28 May 2006 18:21:54 A.... 131,072 128.00 K
lmvdblck.dll Sun 28 May 2006 18:22:08 A.... 106,496 104.00 K
lmvdei~1.dll Sun 28 May 2006 18:22:30 A.... 163,840 160.00 K
lmvedg~1.dll Sun 28 May 2006 18:24:04 A.... 102,400 100.00 K
lmvembs.dll Sun 28 May 2006 18:24:20 A.... 131,072 128.00 K
lmvfra~1.dll Sun 28 May 2006 18:24:46 A.... 86,016 84.00 K
lmvgamma.dll Sun 28 May 2006 18:25:00 A.... 102,400 100.00 K
lmvhstg2.dll Mon 17 Apr 2006 11:58:34 A.... 122,880 120.00 K
lmvmis~1.dll Sun 28 May 2006 18:28:48 A.... 274,432 268.00 K
lmvmosc.dll Sun 28 May 2006 18:29:08 A.... 118,784 116.00 K
lmvmtnfx.dll Sun 28 May 2006 18:30:14 A.... 319,488 312.00 K
lmvrgbxf.dll Sun 28 May 2006 18:21:24 A.... 253,952 248.00 K
lmvrot2.dll Sun 28 May 2006 18:34:08 A.... 110,592 108.00 K
lmvrsz2.dll Sun 28 May 2006 18:33:52 A.... 139,264 136.00 K
lmvtov~1.dll Sun 28 May 2006 18:34:36 A.... 192,512 188.00 K
lmvusm~1.dll Sun 28 May 2006 18:34:52 A.... 110,592 108.00 K
lmvvov~1.dll Sun 28 May 2006 18:35:44 A.... 143,360 140.00 K
lmvyuvxf.dll Sun 28 May 2006 18:21:38 A.... 131,072 128.00 K
ltclr14n.dll Sun 4 Jun 2006 10:41:10 A.... 1,703,936 1.63 M
ltdic14n.dll Fri 2 Jun 2006 20:21:30 A.... 1,429,504 1.36 M
ltdicrd2.dll Sun 28 May 2006 18:27:12 A.... 1,662,976 1.59 M
ltdicw~1.dll Sun 28 May 2006 18:27:32 A.... 2,519,040 2.40 M
ltdis14n.dll Thu 27 Apr 2006 16:44:32 A.... 262,144 256.00 K
ltdvdb~1.dll Wed 24 May 2006 23:58:22 A.... 147,456 144.00 K
ltdvdw~1.dll Mon 29 May 2006 13:00:02 A.... 200,704 196.00 K
ltefx14n.dll Sun 4 Jun 2006 10:42:06 A.... 241,664 236.00 K
ltfil14n.dll Wed 26 Apr 2006 18:10:10 A.... 155,648 152.00 K
ltimg14n.dll Tue 2 May 2006 9:35:48 A.... 1,122,304 1.07 M
ltkrn14n.dll Mon 24 Apr 2006 17:20:54 A.... 434,176 424.00 K
ltmm15_n.dll Tue 23 May 2006 8:35:22 A.... 1,814,528 1.73 M
ltstli~1.dll Sun 28 May 2006 18:28:02 A.... 217,088 212.00 K
ltstli~2.dll Sun 28 May 2006 18:27:50 A.... 192,512 188.00 K
lvn609~1.dll Thu 29 Jun 2006 15:27:14 ..S.R 234,103 228.61 K
mcvcr71.dll Thu 6 Jul 2006 11:52:42 ..S.R 233,733 228.25 K
mfplat.dll Tue 9 May 2006 21:00:08 A.... 382,976 374.00 K
mhmdd.dll Thu 29 Jun 2006 14:44:14 ..S.R 236,012 230.48 K
mjtlsapi.dll Thu 29 Jun 2006 10:55:24 ..S.R 236,012 230.48 K
mlrd3x40.dll Tue 27 Jun 2006 17:24:34 ..S.R 236,012 230.48 K
mp43decd.dll Tue 9 May 2006 21:00:56 A.... 241,152 235.50 K
mp43dmod.dll Tue 9 May 2006 22:26:34 A.... 4,096 4.00 K
mp4sdecd.dll Tue 9 May 2006 21:00:58 A.... 299,520 292.50 K
mp4sdmod.dll Tue 9 May 2006 22:26:34 A.... 4,096 4.00 K
mpg4decd.dll Tue 9 May 2006 21:00:58 A.... 241,152 235.50 K
mpg4dmod.dll Tue 9 May 2006 22:26:34 A.... 4,096 4.00 K
msdelta.dll Tue 9 May 2006 20:45:20 A.... 304,640 297.50 K
mshtml.dll Sat 20 May 2006 3:08:32 A.... 3,052,544 2.91 M
mshtmled.dll Wed 10 May 2006 17:23:02 A.... 448,512 438.00 K
msnetobj.dll Tue 9 May 2006 22:26:34 A.... 212,480 207.50 K
mspmsnsv.dll Tue 9 May 2006 22:26:34 A.... 26,112 25.50 K
mspmsp.dll Tue 9 May 2006 22:26:34 A.... 165,376 161.50 K
msrating.dll Wed 10 May 2006 17:23:02 A.... 146,432 143.00 K
msscp.dll Tue 9 May 2006 20:59:20 A.... 417,280 407.50 K
mstime.dll Wed 10 May 2006 17:23:02 A.... 532,480 520.00 K
mswmdm.dll Tue 9 May 2006 22:26:34 A.... 306,688 299.50 K
mv22l9~1.dll Mon 26 Jun 2006 9:08:00 ..S.R 235,300 229.79 K
mzhtmled.dll Tue 27 Jun 2006 10:55:34 ..S.R 234,492 228.99 K
n64slg~1.dll Mon 3 Jul 2006 22:54:22 ..S.R 235,092 229.58 K
n8p40i~1.dll Mon 26 Jun 2006 13:48:22 ..S.R 234,918 229.41 K
namsdba.dll Thu 29 Jun 2006 16:14:50 ..S.R 236,012 230.48 K
o4840e~1.dll Thu 6 Jul 2006 19:12:52 ..S.R 233,490 228.02 K
pncrt.dll Fri 9 Jun 2006 19:49:30 A.... 278,528 272.00 K
pndx5016.dll Fri 9 Jun 2006 19:49:30 A.... 6,656 6.50 K
pndx5032.dll Fri 9 Jun 2006 19:49:30 A.... 5,632 5.50 K
pngfilt.dll Wed 10 May 2006 17:23:02 A.... 39,424 38.50 K
po1676~1.dll Tue 9 May 2006 20:58:48 A.... 188,928 184.50 K
portab~1.dll Tue 9 May 2006 20:58:48 A.... 345,600 337.50 K
portab~2.dll Tue 9 May 2006 20:58:48 A.... 101,376 99.00 K
portab~3.dll Tue 9 May 2006 20:58:38 A.... 168,960 165.00 K
portab~4.dll Tue 9 May 2006 20:58:50 A.... 103,424 101.00 K
px.dll Fri 2 Jun 2006 10:11:08 A.... 372,736 364.00 K
pxdrv.dll Fri 2 Jun 2006 10:11:08 A.... 421,888 412.00 K
pxmas.dll Fri 2 Jun 2006 10:11:08 A.... 172,032 168.00 K
pxwave.dll Fri 2 Jun 2006 10:11:08 A.... 339,968 332.00 K
q668lg~1.dll Thu 6 Jul 2006 22:18:52 ..S.R 237,038 231.48 K
qasf.dll Tue 9 May 2006 22:26:34 A.... 201,728 197.00 K
qt-dx331.dll Thu 25 May 2006 10:47:12 A.... 3,596,288 3.43 M
rasmans.dll Sun 14 May 2006 20:44:08 A.... 181,248 177.00 K
rmoc3260.dll Fri 9 Jun 2006 19:55:46 A.... 24,576 24.00 K
rmocx.dll Fri 9 Jun 2006 19:55:46 A.... 176,167 172.04 K
rustls.dll Mon 26 Jun 2006 16:20:24 ..S.R 234,289 228.80 K
rwcss.dll Mon 26 Jun 2006 8:55:00 ..S.R 235,300 229.79 K
s0rs0a~1.dll Tue 4 Jul 2006 12:58:42 ..S.R 233,643 228.16 K
shdocvw.dll Tue 30 May 2006 3:30:34 A.... 1,494,016 1.42 M
shlwapi.dll Wed 10 May 2006 17:23:02 A.... 474,112 463.00 K
sirenacm.dll Fri 16 Jun 2006 14:34:44 A.... 48,936 47.79 K
snrmfilt.dll Fri 30 Jun 2006 10:56:38 ..S.R 236,012 230.48 K
splogcfg.dll Tue 27 Jun 2006 9:46:48 ..S.R 234,289 228.80 K
spmsg.dll Thu 1 Jun 2006 22:18:32 ..... 14,048 13.72 K
sporder.dll Tue 27 Jun 2006 17:56:30 A.... 8,464 8.27 K
ssldivx.dll Thu 25 May 2006 10:43:44 A.... 200,704 196.00 K
stream~1.dll Sun 25 Jun 2006 23:20:32 ....R 59,392 58.00 K
tbd32.dll Thu 29 Jun 2006 9:43:34 ..S.R 234,103 228.61 K
tbsavd~1.dll Thu 6 Jul 2006 14:49:56 ..S.R 237,038 231.48 K
towrreg.dll Wed 28 Jun 2006 14:01:44 ..S.R 236,012 230.48 K
tqddd.dll Wed 28 Jun 2006 8:55:26 ..S.R 236,012 230.48 K
unicows.dll Thu 25 May 2006 10:43:40 A.... 245,408 239.66 K
urlmon.dll Wed 10 May 2006 17:23:02 A.... 613,888 599.50 K
uxtheme.dll Wed 14 Jun 2006 11:08:02 A.... 218,624 213.50 K
vnrsion.dll Tue 27 Jun 2006 20:57:00 ..S.R 236,012 230.48 K
vxblock.dll Fri 2 Jun 2006 10:11:08 A.... 28,672 28.00 K
wdfapi.dll Tue 9 May 2006 22:26:34 A.... 4,096 4.00 K
wgalogon.dll Fri 2 Jun 2006 13:39:46 ..... 402,736 393.30 K
wininet.dll Wed 10 May 2006 17:23:04 A.... 658,432 643.00 K
wmadmod.dll Tue 9 May 2006 22:26:34 A.... 705,024 688.50 K
wmadmoe.dll Tue 9 May 2006 22:26:34 A.... 1,063,424 1.01 M
wmasf.dll Tue 9 May 2006 22:26:34 A.... 221,696 216.50 K
wmdmlog.dll Tue 9 May 2006 22:26:34 A.... 31,744 31.00 K
wmdmps.dll Tue 9 May 2006 22:26:34 A.... 36,864 36.00 K
wmdrmdev.dll Tue 9 May 2006 22:26:34 A.... 417,280 407.50 K
wmdrmnet.dll Tue 9 May 2006 22:26:34 A.... 337,408 329.50 K
wmdrmsdk.dll Tue 9 May 2006 20:59:34 A.... 513,536 501.50 K
wmerror.dll Tue 9 May 2006 22:26:32 A.... 218,112 213.00 K
wmidx.dll Tue 9 May 2006 22:26:34 A.... 155,136 151.50 K
wmnetmgr.dll Tue 9 May 2006 22:26:34 A.... 992,256 969.00 K
wmp.dll Tue 9 May 2006 22:26:34 A.... 10,394,624 9.91 M
wmpasf.dll Tue 9 May 2006 22:26:34 A.... 237,056 231.50 K
wmpdxm.dll Tue 9 May 2006 22:26:34 A.... 301,056 294.00 K
wmpeff~1.dll Tue 9 May 2006 22:26:34 A.... 433,152 423.00 K
wmpencen.dll Tue 9 May 2006 22:26:34 A.... 1,641,472 1.56 M
wmploc.dll Tue 9 May 2006 22:26:34 A.... 7,706,112 7.35 M
wmpmde.dll Tue 9 May 2006 21:00:22 A.... 546,816 534.00 K
wmpps.dll Tue 9 May 2006 22:26:34 A.... 135,680 132.50 K
wmpshell.dll Tue 9 May 2006 22:26:34 A.... 97,792 95.50 K
wmpsrcwp.dll Tue 9 May 2006 22:26:34 A.... 203,776 199.00 K
wmsdmod.dll Tue 9 May 2006 22:26:34 A.... 4,096 4.00 K
wmsdmoe2.dll Tue 9 May 2006 22:26:34 A.... 4,096 4.00 K
wmspdmod.dll Tue 9 May 2006 22:26:34 A.... 564,736 551.50 K
wmspdmoe.dll Tue 9 May 2006 22:26:34 A.... 1,280,000 1.22 M
wmvadvd.dll Tue 9 May 2006 22:26:34 A.... 4,096 4.00 K
wmvadve.dll Tue 9 May 2006 22:26:34 A.... 4,096 4.00 K
wmvcore.dll Tue 9 May 2006 22:22:32 A.... 2,463,744 2.35 M
wmvdecod.dll Tue 9 May 2006 21:01:06 A.... 1,463,808 1.39 M
wmvdmod.dll Tue 9 May 2006 22:26:34 A.... 4,096 4.00 K
wmvdmoe2.dll Tue 9 May 2006 22:26:34 A.... 4,096 4.00 K
wmvencod.dll Tue 9 May 2006 21:00:58 A.... 1,455,616 1.39 M
wmvsdecd.dll Tue 9 May 2006 21:01:06 A.... 1,359,360 1.29 M
wmvsencd.dll Tue 9 May 2006 21:00:58 A.... 770,560 752.50 K
wmvxencd.dll Tue 9 May 2006 21:00:56 A.... 636,928 622.00 K
wpdconns.dll Tue 9 May 2006 20:58:40 A.... 35,840 35.00 K
wpdmtp.dll Tue 9 May 2006 20:58:40 A.... 144,896 141.50 K
wpdmtpus.dll Tue 9 May 2006 20:58:40 A.... 55,808 54.50 K
wpdshext.dll Tue 9 May 2006 20:58:54 A.... 3,745,280 3.57 M
wpdshs~1.dll Tue 9 May 2006 20:58:54 A.... 52,224 51.00 K
wpdsp.dll Tue 9 May 2006 20:58:46 A.... 343,552 335.50 K
wpdtrace.dll Tue 9 May 2006 20:58:38 A.... 13,312 13.00 K
wpd_ci.dll Tue 9 May 2006 20:58:50 A.... 670,208 654.50 K
wtnshfhc.dll Mon 10 Jul 2006 20:55:52 ..S.R 234,272 228.78 K
wuapi.dll Tue 9 May 2006 10:50:00 A.... 465,368 454.46 K
wuaueng.dll Tue 9 May 2006 10:50:00 A.... 1,347,544 1.28 M
wuaueng1.dll Tue 9 May 2006 10:50:00 A.... 194,520 189.96 K
wucltui.dll Tue 9 May 2006 10:50:00 A.... 127,448 124.46 K
wudfco~1.dll Tue 11 Apr 2006 14:30:44 A.... 93,752 91.55 K
wudfpl~1.dll Tue 11 Apr 2006 14:26:44 A.... 158,208 154.50 K
wudfsvc.dll Tue 11 Apr 2006 14:26:56 A.... 54,272 53.00 K
wudfx.dll Tue 11 Apr 2006 14:27:18 A.... 304,640 297.50 K
wups.dll Tue 9 May 2006 10:50:00 A.... 41,432 40.46 K
wups2.dll Tue 9 May 2006 10:50:00 A.... 18,392 17.96 K
wuweb.dll Tue 9 May 2006 10:50:00 A.... 174,040 169.96 K
wvhext.dll Thu 29 Jun 2006 13:14:44 ..S.R 234,103 228.61 K
wxaservc.dll Mon 3 Jul 2006 7:36:32 ..S.R 235,092 229.58 K
xpsp3res.dll Thu 11 May 2006 20:23:24 A.... 24,576 24.00 K

301 items found: 301 files (43 H/S), 0 directories.
Total of file sizes: 113,337,847 bytes 108.09 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C is SYSTEM
Volume Serial Number is 902E-DF62

Directory of C:\WINDOWS\System32

10/07/2006 08:55 p.m. 234,272 wtnshfhc.dll
10/07/2006 08:53 p.m. 237,038 g4040edqeh0e0.dll
10/07/2006 07:02 p.m. 234,272 ir42l5ho1.dll
07/07/2006 08:48 p.m. 237,038 e020lafm1d2a.dll
06/07/2006 10:18 p.m. 237,038 q668lgju16o8.dll
06/07/2006 07:12 p.m. 233,490 o4840elqehqe0.dll
06/07/2006 02:49 p.m. 237,038 TbsAvdtAPI.dll
06/07/2006 11:52 a.m. 233,733 mcvcr71.dll
04/07/2006 10:01 p.m. 237,038 insecsnp.dll
04/07/2006 12:58 p.m. 237,038 bFsesrv.dll
04/07/2006 12:58 p.m. 233,643 s0rs0a97ed.dll
04/07/2006 09:22 a.m. 237,038 disrslvr.dll
03/07/2006 10:54 p.m. 235,092 n64slgh7164.dll
03/07/2006 07:57 p.m. 235,092 cudial32.dll
03/07/2006 07:36 a.m. 235,092 wxaservc.dll
02/07/2006 11:07 p.m. 233,932 f8l00i3me8.dll
30/06/2006 01:15 p.m. 236,012 dgcprop2.dll
30/06/2006 11:34 a.m. 236,012 irl4l53q1.dll
30/06/2006 10:56 a.m. 236,012 snrmfilt.dll
30/06/2006 08:53 a.m. 236,012 cedial32.dll
29/06/2006 04:14 p.m. 236,012 namsdba.dll
29/06/2006 03:27 p.m. 234,103 lvn6095se.dll
29/06/2006 02:44 p.m. 236,012 mhmdd.dll
29/06/2006 01:14 p.m. 234,103 wvhext.dll
29/06/2006 10:55 a.m. 236,012 mjtlsapi.dll
29/06/2006 09:43 a.m. 234,103 tbd32.dll
28/06/2006 04:53 p.m. 236,012 i4lo0e33eh.dll
28/06/2006 02:01 p.m. 236,012 TOwrReg.dll
28/06/2006 01:14 p.m. 236,012 iMlmgicd.dll
28/06/2006 10:55 a.m. 236,012 ev.dll
28/06/2006 08:55 a.m. 236,012 tqddd.dll
27/06/2006 08:56 p.m. 236,012 vnrsion.dll
27/06/2006 05:24 p.m. 236,012 mlrd3x40.dll
27/06/2006 01:26 p.m. 233,925 irnol5531.dll
27/06/2006 10:55 a.m. 234,492 mzhtmled.dll
27/06/2006 10:55 a.m. 236,012 j02qlaf51d2.dll
27/06/2006 09:46 a.m. 234,289 splogcfg.dll
26/06/2006 04:20 p.m. 234,289 rUstls.dll
26/06/2006 01:48 p.m. 234,918 n8p40i7qe8.dll
26/06/2006 12:46 p.m. 234,289 chrpol.dll
26/06/2006 09:07 a.m. 235,300 mv22l9fo1.dll
26/06/2006 08:54 a.m. 235,300 rwcss.dll
25/06/2006 11:09 p.m. <DIR> dllcache
25/06/2006 10:45 p.m. 235,300 e820lifm182a.dll
23/11/2004 07:32 a.m. <DIR> Microsoft
22/10/2004 01:51 p.m. 5,120 Thumbs.db
05/08/2004 12:00 a.m. 22,145 msddm.dcv
45 File(s) 10,149,740 bytes
2 Dir(s) 1,822,846,976 bytes free

#4 njustice

njustice

  • Security Colleague
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 10 July 2006 - 05:07 AM

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
If after the reboot the log does not open double click on it in the l2mfix folder.
Have I helped you? Please consider donating to help me continue my fight against malware Posted Image

#5 helpme!!

helpme!!
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 10 July 2006 - 05:22 AM

this is the scanner log i will post hijack log after


L2mfix 051206
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (692)
Killing 'winlogon.exe'
winlogon.exe (784)
Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (1948)
Killing 'rundll32.exe'
rundll32.exe "C:\WINDOWS\system32\wtnshfhc.dll",DllGetVersion (1704)
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
Deleting: C:\WINDOWS\system32\bFsesrv.dll
Successfully Deleted: C:\WINDOWS\system32\bFsesrv.dll
Deleting: C:\WINDOWS\system32\cedial32.dll
Successfully Deleted: C:\WINDOWS\system32\cedial32.dll
Deleting: C:\WINDOWS\system32\chrpol.dll
Successfully Deleted: C:\WINDOWS\system32\chrpol.dll
Deleting: C:\WINDOWS\system32\cudial32.dll
Successfully Deleted: C:\WINDOWS\system32\cudial32.dll
Deleting: C:\WINDOWS\system32\dgcprop2.dll
Successfully Deleted: C:\WINDOWS\system32\dgcprop2.dll
Deleting: C:\WINDOWS\system32\disrslvr.dll
Successfully Deleted: C:\WINDOWS\system32\disrslvr.dll
Deleting: C:\WINDOWS\system32\e020lafm1d2a.dll
Successfully Deleted: C:\WINDOWS\system32\e020lafm1d2a.dll
Deleting: C:\WINDOWS\system32\e820lifm182a.dll
Successfully Deleted: C:\WINDOWS\system32\e820lifm182a.dll
Deleting: C:\WINDOWS\system32\ev.dll
Successfully Deleted: C:\WINDOWS\system32\ev.dll
Deleting: C:\WINDOWS\system32\f8l00i3me8.dll
Successfully Deleted: C:\WINDOWS\system32\f8l00i3me8.dll
Deleting: C:\WINDOWS\system32\g4040edqeh0e0.dll
Successfully Deleted: C:\WINDOWS\system32\g4040edqeh0e0.dll
Deleting: C:\WINDOWS\system32\i4lo0e33eh.dll
Successfully Deleted: C:\WINDOWS\system32\i4lo0e33eh.dll
Deleting: C:\WINDOWS\system32\iMlmgicd.dll
Successfully Deleted: C:\WINDOWS\system32\iMlmgicd.dll
Deleting: C:\WINDOWS\system32\insecsnp.dll
Successfully Deleted: C:\WINDOWS\system32\insecsnp.dll
Deleting: C:\WINDOWS\system32\ir42l5ho1.dll
Successfully Deleted: C:\WINDOWS\system32\ir42l5ho1.dll
Deleting: C:\WINDOWS\system32\irl4l53q1.dll
Successfully Deleted: C:\WINDOWS\system32\irl4l53q1.dll
Deleting: C:\WINDOWS\system32\irnol5531.dll
Successfully Deleted: C:\WINDOWS\system32\irnol5531.dll
Deleting: C:\WINDOWS\system32\j02qlaf51d2.dll
Successfully Deleted: C:\WINDOWS\system32\j02qlaf51d2.dll
Deleting: C:\WINDOWS\system32\jhbexec.dll
Successfully Deleted: C:\WINDOWS\system32\jhbexec.dll
Deleting: C:\WINDOWS\system32\lvn6095se.dll
Successfully Deleted: C:\WINDOWS\system32\lvn6095se.dll
Deleting: C:\WINDOWS\system32\mcvcr71.dll
Successfully Deleted: C:\WINDOWS\system32\mcvcr71.dll
Deleting: C:\WINDOWS\system32\mhmdd.dll
Successfully Deleted: C:\WINDOWS\system32\mhmdd.dll
Deleting: C:\WINDOWS\system32\mjtlsapi.dll
Successfully Deleted: C:\WINDOWS\system32\mjtlsapi.dll
Deleting: C:\WINDOWS\system32\mlrd3x40.dll
Successfully Deleted: C:\WINDOWS\system32\mlrd3x40.dll
Deleting: C:\WINDOWS\system32\mv22l9fo1.dll
Successfully Deleted: C:\WINDOWS\system32\mv22l9fo1.dll
Deleting: C:\WINDOWS\system32\mzhtmled.dll
Successfully Deleted: C:\WINDOWS\system32\mzhtmled.dll
Deleting: C:\WINDOWS\system32\n64slgh7164.dll
Successfully Deleted: C:\WINDOWS\system32\n64slgh7164.dll
Deleting: C:\WINDOWS\system32\n8p40i7qe8.dll
Successfully Deleted: C:\WINDOWS\system32\n8p40i7qe8.dll
Deleting: C:\WINDOWS\system32\namsdba.dll
Successfully Deleted: C:\WINDOWS\system32\namsdba.dll
Deleting: C:\WINDOWS\system32\o4840elqehqe0.dll
Successfully Deleted: C:\WINDOWS\system32\o4840elqehqe0.dll
Deleting: C:\WINDOWS\system32\q668lgju16o8.dll
Successfully Deleted: C:\WINDOWS\system32\q668lgju16o8.dll
Deleting: C:\WINDOWS\system32\rUstls.dll
Successfully Deleted: C:\WINDOWS\system32\rUstls.dll
Deleting: C:\WINDOWS\system32\rwcss.dll
Successfully Deleted: C:\WINDOWS\system32\rwcss.dll
Deleting: C:\WINDOWS\system32\s0rs0a97ed.dll
Successfully Deleted: C:\WINDOWS\system32\s0rs0a97ed.dll
Deleting: C:\WINDOWS\system32\snrmfilt.dll
Successfully Deleted: C:\WINDOWS\system32\snrmfilt.dll
Deleting: C:\WINDOWS\system32\splogcfg.dll
Successfully Deleted: C:\WINDOWS\system32\splogcfg.dll
Deleting: C:\WINDOWS\system32\tbd32.dll
Successfully Deleted: C:\WINDOWS\system32\tbd32.dll
Deleting: C:\WINDOWS\system32\TbsAvdtAPI.dll
Successfully Deleted: C:\WINDOWS\system32\TbsAvdtAPI.dll
Deleting: C:\WINDOWS\system32\TOwrReg.dll
Successfully Deleted: C:\WINDOWS\system32\TOwrReg.dll
Deleting: C:\WINDOWS\system32\tqddd.dll
Successfully Deleted: C:\WINDOWS\system32\tqddd.dll
Deleting: C:\WINDOWS\system32\vnrsion.dll
Successfully Deleted: C:\WINDOWS\system32\vnrsion.dll
Deleting: C:\WINDOWS\system32\wtnshfhc.dll
Successfully Deleted: C:\WINDOWS\system32\wtnshfhc.dll
Deleting: C:\WINDOWS\system32\wvhext.dll
Successfully Deleted: C:\WINDOWS\system32\wvhext.dll
Deleting: C:\WINDOWS\system32\wxaservc.dll
Successfully Deleted: C:\WINDOWS\system32\wxaservc.dll

msg11?.dll
0 file(s) copied.



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\ir42l5ho1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\bFsesrv.dll
C:\WINDOWS\system32\cedial32.dll
C:\WINDOWS\system32\chrpol.dll
C:\WINDOWS\system32\cudial32.dll
C:\WINDOWS\system32\dgcprop2.dll
C:\WINDOWS\system32\disrslvr.dll
C:\WINDOWS\system32\e020lafm1d2a.dll
C:\WINDOWS\system32\e820lifm182a.dll
C:\WINDOWS\system32\ev.dll
C:\WINDOWS\system32\f8l00i3me8.dll
C:\WINDOWS\system32\g4040edqeh0e0.dll
C:\WINDOWS\system32\i4lo0e33eh.dll
C:\WINDOWS\system32\iMlmgicd.dll
C:\WINDOWS\system32\insecsnp.dll
C:\WINDOWS\system32\ir42l5ho1.dll
C:\WINDOWS\system32\irl4l53q1.dll
C:\WINDOWS\system32\irnol5531.dll
C:\WINDOWS\system32\j02qlaf51d2.dll
C:\WINDOWS\system32\jhbexec.dll
C:\WINDOWS\system32\lvn6095se.dll
C:\WINDOWS\system32\mcvcr71.dll
C:\WINDOWS\system32\mhmdd.dll
C:\WINDOWS\system32\mjtlsapi.dll
C:\WINDOWS\system32\mlrd3x40.dll
C:\WINDOWS\system32\mv22l9fo1.dll
C:\WINDOWS\system32\mzhtmled.dll
C:\WINDOWS\system32\n64slgh7164.dll
C:\WINDOWS\system32\n8p40i7qe8.dll
C:\WINDOWS\system32\namsdba.dll
C:\WINDOWS\system32\o4840elqehqe0.dll
C:\WINDOWS\system32\q668lgju16o8.dll
C:\WINDOWS\system32\rUstls.dll
C:\WINDOWS\system32\rwcss.dll
C:\WINDOWS\system32\s0rs0a97ed.dll
C:\WINDOWS\system32\snrmfilt.dll
C:\WINDOWS\system32\splogcfg.dll
C:\WINDOWS\system32\tbd32.dll
C:\WINDOWS\system32\TbsAvdtAPI.dll
C:\WINDOWS\system32\TOwrReg.dll
C:\WINDOWS\system32\tqddd.dll
C:\WINDOWS\system32\vnrsion.dll
C:\WINDOWS\system32\wtnshfhc.dll
C:\WINDOWS\system32\wvhext.dll
C:\WINDOWS\system32\wxaservc.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0C91DFF6-F8A6-4CEF-A8A4-912AEDEAA148}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C91DFF6-F8A6-4CEF-A8A4-912AEDEAA148}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C91DFF6-F8A6-4CEF-A8A4-912AEDEAA148}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C91DFF6-F8A6-4CEF-A8A4-912AEDEAA148}\InprocServer32]
@="blank"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{644872B7-61B6-4459-B239-0126B3DD2AFD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{644872B7-61B6-4459-B239-0126B3DD2AFD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{644872B7-61B6-4459-B239-0126B3DD2AFD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{644872B7-61B6-4459-B239-0126B3DD2AFD}\InprocServer32]
@="C:\\WINDOWS\\system32\\wxaservc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AF20B58C-CB0A-46EB-B554-8A7FBE39F412}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AF20B58C-CB0A-46EB-B554-8A7FBE39F412}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AF20B58C-CB0A-46EB-B554-8A7FBE39F412}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AF20B58C-CB0A-46EB-B554-8A7FBE39F412}\InprocServer32]
@="blank"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A83D5989-27CF-4CC8-BEB8-A91DDB4D5B70}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A83D5989-27CF-4CC8-BEB8-A91DDB4D5B70}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A83D5989-27CF-4CC8-BEB8-A91DDB4D5B70}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A83D5989-27CF-4CC8-BEB8-A91DDB4D5B70}\InprocServer32]
@="C:\\WINDOWS\\system32\\wtnshfhc.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{E6C234C3-D4E0-4A5C-B440-4356153107A3}"=-
"{0C91DFF6-F8A6-4CEF-A8A4-912AEDEAA148}"=-
"{644872B7-61B6-4459-B239-0126B3DD2AFD}"=-
"{AF20B58C-CB0A-46EB-B554-8A7FBE39F412}"=-
"{A83D5989-27CF-4CC8-BEB8-A91DDB4D5B70}"=-
[-HKEY_CLASSES_ROOT\CLSID\{E6C234C3-D4E0-4A5C-B440-4356153107A3}]
[-HKEY_CLASSES_ROOT\CLSID\{0C91DFF6-F8A6-4CEF-A8A4-912AEDEAA148}]
[-HKEY_CLASSES_ROOT\CLSID\{644872B7-61B6-4459-B239-0126B3DD2AFD}]
[-HKEY_CLASSES_ROOT\CLSID\{AF20B58C-CB0A-46EB-B554-8A7FBE39F412}]
[-HKEY_CLASSES_ROOT\CLSID\{A83D5989-27CF-4CC8-BEB8-A91DDB4D5B70}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/bFsesrv.dll (104 bytes security) (deflated 6%)
adding: dlls/cedial32.dll (104 bytes security) (deflated 5%)
adding: dlls/chrpol.dll (104 bytes security) (deflated 4%)
adding: dlls/cudial32.dll (104 bytes security) (deflated 5%)
adding: dlls/dgcprop2.dll (104 bytes security) (deflated 5%)
adding: dlls/disrslvr.dll (104 bytes security) (deflated 6%)
adding: dlls/e020lafm1d2a.dll (104 bytes security) (deflated 6%)
adding: dlls/e820lifm182a.dll (104 bytes security) (deflated 5%)
adding: dlls/ev.dll (104 bytes security) (deflated 5%)
adding: dlls/f8l00i3me8.dll (104 bytes security) (deflated 4%)
adding: dlls/g4040edqeh0e0.dll (104 bytes security) (deflated 6%)
adding: dlls/i4lo0e33eh.dll (104 bytes security) (deflated 5%)
adding: dlls/iMlmgicd.dll (104 bytes security) (deflated 5%)
adding: dlls/insecsnp.dll (104 bytes security) (deflated 6%)
adding: dlls/ir42l5ho1.dll (104 bytes security) (deflated 4%)
adding: dlls/irl4l53q1.dll (104 bytes security) (deflated 5%)
adding: dlls/irnol5531.dll (104 bytes security) (deflated 4%)
adding: dlls/j02qlaf51d2.dll (104 bytes security) (deflated 5%)
adding: dlls/jhbexec.dll (104 bytes security) (deflated 4%)
adding: dlls/lvn6095se.dll (104 bytes security) (deflated 4%)
adding: dlls/mcvcr71.dll (104 bytes security) (deflated 4%)
adding: dlls/mhmdd.dll (104 bytes security) (deflated 5%)
adding: dlls/mjtlsapi.dll (104 bytes security) (deflated 5%)
adding: dlls/mlrd3x40.dll (104 bytes security) (deflated 5%)
adding: dlls/mv22l9fo1.dll (104 bytes security) (deflated 5%)
adding: dlls/mzhtmled.dll (104 bytes security) (deflated 4%)
adding: dlls/n64slgh7164.dll (104 bytes security) (deflated 5%)
adding: dlls/n8p40i7qe8.dll (104 bytes security) (deflated 5%)
adding: dlls/namsdba.dll (104 bytes security) (deflated 5%)
adding: dlls/o4840elqehqe0.dll (104 bytes security) (deflated 4%)
adding: dlls/q668lgju16o8.dll (104 bytes security) (deflated 6%)
adding: dlls/rUstls.dll (104 bytes security) (deflated 4%)
adding: dlls/rwcss.dll (104 bytes security) (deflated 5%)
adding: dlls/s0rs0a97ed.dll (104 bytes security) (deflated 4%)
adding: dlls/snrmfilt.dll (104 bytes security) (deflated 5%)
adding: dlls/splogcfg.dll (104 bytes security) (deflated 4%)
adding: dlls/tbd32.dll (104 bytes security) (deflated 4%)
adding: dlls/TbsAvdtAPI.dll (104 bytes security) (deflated 6%)
adding: dlls/TOwrReg.dll (104 bytes security) (deflated 5%)
adding: dlls/tqddd.dll (104 bytes security) (deflated 5%)
adding: dlls/vnrsion.dll (104 bytes security) (deflated 5%)
adding: dlls/wtnshfhc.dll (104 bytes security) (deflated 4%)
adding: dlls/wvhext.dll (104 bytes security) (deflated 4%)
adding: dlls/wxaservc.dll (104 bytes security) (deflated 5%)
adding: backregs/0C91DFF6-F8A6-4CEF-A8A4-912AEDEAA148.reg (104 bytes security) (deflated 71%)
adding: backregs/644872B7-61B6-4459-B239-0126B3DD2AFD.reg (104 bytes security) (deflated 70%)
adding: backregs/A83D5989-27CF-4CC8-BEB8-A91DDB4D5B70.reg (104 bytes security) (deflated 70%)
adding: backregs/AF20B58C-CB0A-46EB-B554-8A7FBE39F412.reg (104 bytes security) (deflated 71%)
adding: backregs/notibac.reg (104 bytes security) (deflated 72%)
adding: backregs/shell.reg (104 bytes security) (deflated 73%)

#6 helpme!!

helpme!!
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 10 July 2006 - 05:23 AM

this is the hijack log



Logfile of HijackThis v1.99.1
Scan saved at 10:22:49 p.m., on 10/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
D:\Settings\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.saintkentigern.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.saintkentigern.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://skcproxy/proxy1.pac
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [ThpSrv] c:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [TurboConnect] C:\PROGRA~1\TURBOC~1\TurboConnect.exe 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZC
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra 'Tools' menuitem: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.sk.edu
O17 - HKLM\Software\..\Telephony: DomainName = student.sk.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = student.sk.edu
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\ir42l5ho1.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)

#7 njustice

njustice

  • Security Colleague
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 10 July 2006 - 05:34 AM

Hi there,
  • The following explains how to remove items from your computer that are malware. These items must be fixed!
  • Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZC
    O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\ir42l5ho1.dll (file missing)
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)


    Click on Fix Checked when finished and exit HijackThis.
  • Reboot into Safe Mode: please see here if you are not sure how to do this.


    Using Windows Explorer, locate the following folder, and delete:

    C:\Program Files\Network Monitor

    Exit Explorer, and reboot as normal afterwards.


    reboot.
Post back a fresh HijackThis log and we will take another look.
Have I helped you? Please consider donating to help me continue my fight against malware Posted Image

#8 helpme!!

helpme!!
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 10 July 2006 - 06:00 AM

thanks for ur help i hope this does it


Logfile of HijackThis v1.99.1
Scan saved at 10:58:56 p.m., on 10/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\TURBOC~1\TurboConnect.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\userinit.exe
D:\Settings\Desktop\HijackThis.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.saintkentigern.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://skcproxy/proxy1.pac
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [ThpSrv] c:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [TurboConnect] C:\PROGRA~1\TURBOC~1\TurboConnect.exe 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra 'Tools' menuitem: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.sk.edu
O17 - HKLM\Software\..\Telephony: DomainName = student.sk.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = student.sk.edu
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)

#9 njustice

njustice

  • Security Colleague
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 10 July 2006 - 06:07 AM

Hello, for a final cleanup please do the following:

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Next download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.

Have I helped you? Please consider donating to help me continue my fight against malware Posted Image

#10 helpme!!

helpme!!
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 10 July 2006 - 05:14 PM

hi njustice hers the ewodo scan results

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:10:02 a.m. 11/07/2006

+ Scan result:



D:\Settings\Desktop\l2mfix\backup.zip/dlls/TOwrReg.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/TbsAvdtAPI.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/bFsesrv.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/cedial32.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/chrpol.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/cudial32.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/dgcprop2.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/disrslvr.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/e020lafm1d2a.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/e820lifm182a.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/ev.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/f8l00i3me8.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/g4040edqeh0e0.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/i4lo0e33eh.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/iMlmgicd.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/insecsnp.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/ir42l5ho1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/irl4l53q1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/irnol5531.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/j02qlaf51d2.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/jhbexec.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/lvn6095se.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/mcvcr71.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/mhmdd.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/mjtlsapi.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/mlrd3x40.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/mv22l9fo1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/mzhtmled.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/n64slgh7164.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/n8p40i7qe8.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/namsdba.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/o4840elqehqe0.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/q668lgju16o8.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/rUstls.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/rwcss.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/s0rs0a97ed.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/snrmfilt.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/splogcfg.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/tbd32.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/tqddd.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/vnrsion.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/wtnshfhc.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/wvhext.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\backup.zip/dlls/wxaservc.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\TOwrReg.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\TbsAvdtAPI.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\bFsesrv.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\cedial32.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\chrpol.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\cudial32.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\dgcprop2.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\disrslvr.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\e020lafm1d2a.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\e820lifm182a.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\ev.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\f8l00i3me8.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\g4040edqeh0e0.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\i4lo0e33eh.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\iMlmgicd.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\insecsnp.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\ir42l5ho1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\irl4l53q1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\irnol5531.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\j02qlaf51d2.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\jhbexec.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\lvn6095se.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\mcvcr71.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\mhmdd.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\mjtlsapi.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\mlrd3x40.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\mv22l9fo1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\mzhtmled.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\n64slgh7164.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\n8p40i7qe8.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\namsdba.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\o4840elqehqe0.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\q668lgju16o8.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\rUstls.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\rwcss.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\s0rs0a97ed.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\snrmfilt.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\splogcfg.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\tbd32.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\tqddd.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\vnrsion.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\wtnshfhc.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\wvhext.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Settings\Desktop\l2mfix\dlls\wxaservc.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Common Files\svchostsys\svchostrun.exe -> Downloader.Agent.a : Cleaned with backup (quarantined).
D:\Settings\Desktop\VirusScan\ErrorSafeFreeInstall.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
D:\Settings\Desktop\games\Need For Speed 5 - Porsche Unleashed\trainer\Cash.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\WINDOWS\updater\nicksupdaterhk.dll -> Not-A-Virus.Monitor.Win32.Perflogger.al : Cleaned with backup (quarantined).


::Report end

#11 njustice

njustice

  • Security Colleague
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 14 July 2006 - 06:38 AM

Hello helpme, sorry for the delay my e-mail subscription worked fine to this topic, but I was having server troubles on my side.

Looks like Ewido did a fine job of cleaning up your computer. All I need now is to see a fresh new hijackthis log to see if any infections remain.

Please post a new log here in this topic.
Have I helped you? Please consider donating to help me continue my fight against malware Posted Image

#12 helpme!!

helpme!!
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 14 July 2006 - 07:47 AM

hi sorry for the delay

Logfile of HijackThis v1.99.1
Scan saved at 12:45:35 a.m., on 15/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Settings\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.saintkentigern.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://skcproxy/proxy1.pac
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\StopzillaBHO.dll
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [ThpSrv] c:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [TurboConnect] C:\PROGRA~1\TURBOC~1\TurboConnect.exe 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra 'Tools' menuitem: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.sk.edu
O17 - HKLM\Software\..\Telephony: DomainName = student.sk.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = student.sk.edu
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)

my comp has been quite fast now :thumbsup:

#13 njustice

njustice

  • Security Colleague
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 15 July 2006 - 04:54 AM

C:thumbsup:NGRATULATI:DNS! at last, your system is clean and free of spyware! Want to keep it that way?

Here are some simple steps you can take to reduce the chance of infection in the future. Please do these steps as soon as possible if you haven't already.

1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
a. Windows Update: http://v5.windowsupdate.microsoft.com/en/default.asp

2. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first option, 'Download signed controls', to 'Prompt; set the
second option, 'Download unsigned controls', to 'Disable'; and finally, set 'Initialize and Script ActiveX controls not marked as safe" to 'Disable'.

3. Download and install the following free programs
a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
b. SpywareGuard: http://www.wilderssecurity.net/spywareguard.html
c. IE/Spyad: http://www.spywarewarrior.com/uiuc/resource.htm
d. Bugoff: http://www.majorgeeks.com/download4308.html

4. Install Spyware Detection and Removal Programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
a. AdAware: http://www.lavasoft.de/
b. Spybot S&D: http://security.kolla.de/index.php?lang=en&page=download

Before adding any other Spyware Detection and Removal programs always check the Rogue Anti-Spyware List for programs known to be misleading, mistaken, or just outright "Foistware". You will find the list here: http://www.spywarewarrior.com/rogue_anti-spyware.htm

5. Install 'Spoofstick"
Spoofstick is a simple browser extension that helps users detect spoofed (fake) websites. This extension is free and installs in Internet Explorer and Mozilla Firefox.
a. http://www.corestreet.com

6. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. See the links below:
a. ZoneAlarm
b. Kerio

7. Reset System Restore
If you are using Windows ME or Windows XP, please reset your System Restore.
a. Turn off system restore by right clicking on "My Computer" and go to "Properties"->"System Restore" and check the box for "Turn off System Restore". Click "Apply" and then "OK". Restart your computer. Reverse these steps and turn "System Restore" back on and create a new restore point.

8. Use GoogleToolbar - It's free, blocks popups and takes seconds to install. Use the toolbar without the advanced features enabled(check this during install), the toolbar is completely inert--it doesn't send any information to Google whatsoever as you surf.
a. GoogleToolbar

9. RegScrubXP 3.25 - Safely cleans junk out of the Windows. 2000/XP system registry. All changes made to the registry are fully restorable to it's original condition.
a. RegScrubXP 3.25

10. Online Virus Scans - Run these on a regular basis(I usually do about once a month or suspect a problem):
a. http://www.pandasoftware.com/activescan/co...n_principal.htm
b. http://www.windowsecurity.com/trojanscan/
c. http://housecall.trendmicro.com/
d. http://www.bitdefender.com/scan/licence.php

11. Alternative Browsers - Using an alternative browser other than IE will IMMENSELY reduce the risk of infection:
a. Firefox<==my #1 choice
b. Avant
c. Opera

12. Alternative Java Technologies - I recommend you use Sun Java:
a. Sun Java

Note: (Microsoft will continue to provide support for the MSJVM until December 31, 2007. However, users are encouraged to migrate to an alternative solution before December 31, 2007. )

13. Temporary Internet File Cleaner
a. ATF Cleaner by Atribune.


Good luck, and thanks for coming to our forums for help with your security and malware issues.
Have I helped you? Please consider donating to help me continue my fight against malware Posted Image

#14 helpme!!

helpme!!
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 15 July 2006 - 06:52 AM

thank you so much njustice :thumbsup: my computer is free to play now lol you saved my skin thanks :flowers:

for anyone out there with computer troubles messagge njustice hes ur man!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users