Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Log Looks Clean But I Still Get Popups Everywhere Including Winantivirus


  • This topic is locked This topic is locked
9 replies to this topic

#1 brute force

brute force

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 27 October 2006 - 11:15 PM

here is my hijackthis log and my vundofix log. thanks in advance for your help.

Logfile of HijackThis v1.99.1
Scan saved at 12:02:17 AM, on 10/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160932439514
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\g6lm0g31e6.dll
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\m8po0i73e8.dll (file missing)
O20 - Winlogon Notify: yvdrgb - yvdrgb.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



VundoFix V6.2.6

Checking Java version...

Java version is 1.5.0.7

Scan started at 11:50:41 PM 10/27/2006

Listing files found while scanning....

C:\WINDOWS\system32\bglqrkvx.dll
C:\WINDOWS\system32\ghjdcquw.dll
C:\WINDOWS\system32\gvmluabh.dll
C:\WINDOWS\system32\iohctbxn.dll
C:\WINDOWS\system32\jbwhijxh.dll
C:\WINDOWS\system32\jfidblcu.dll
C:\WINDOWS\system32\jjuojoun.dll
C:\WINDOWS\system32\kgaantsf.dll
C:\WINDOWS\system32\ltlabebm.dll
C:\WINDOWS\system32\osoyicjv.dll
C:\WINDOWS\system32\pkltqxvw.dll
C:\WINDOWS\system32\qhmkmqqf.dll
C:\WINDOWS\system32\qlogywup.dll
C:\WINDOWS\system32\ukaunqys.dll
C:\WINDOWS\system32\upyvlqte.dll
C:\WINDOWS\system32\yxjcjten.dll
C:\WINDOWS\system32\namxrqjq.exe
C:\WINDOWS\System32\ssqrp.dll
C:\WINDOWS\System32\prqss.ini
C:\WINDOWS\System32\prqss.bak1
C:\WINDOWS\System32\prqss.bak2
C:\WINDOWS\System32\prqss.ini2
C:\WINDOWS\System32\prqss.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bglqrkvx.dll
C:\WINDOWS\system32\bglqrkvx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ghjdcquw.dll
C:\WINDOWS\system32\ghjdcquw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gvmluabh.dll
C:\WINDOWS\system32\gvmluabh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iohctbxn.dll
C:\WINDOWS\system32\iohctbxn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jbwhijxh.dll
C:\WINDOWS\system32\jbwhijxh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jfidblcu.dll
C:\WINDOWS\system32\jfidblcu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjuojoun.dll
C:\WINDOWS\system32\jjuojoun.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kgaantsf.dll
C:\WINDOWS\system32\kgaantsf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ltlabebm.dll
C:\WINDOWS\system32\ltlabebm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\osoyicjv.dll
C:\WINDOWS\system32\osoyicjv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pkltqxvw.dll
C:\WINDOWS\system32\pkltqxvw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qhmkmqqf.dll
C:\WINDOWS\system32\qhmkmqqf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qlogywup.dll
C:\WINDOWS\system32\qlogywup.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ukaunqys.dll
C:\WINDOWS\system32\ukaunqys.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\upyvlqte.dll
C:\WINDOWS\system32\upyvlqte.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yxjcjten.dll
C:\WINDOWS\system32\yxjcjten.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\namxrqjq.exe
C:\WINDOWS\system32\namxrqjq.exe Has been deleted!

Attempting to delete C:\WINDOWS\System32\ssqrp.dll
C:\WINDOWS\System32\ssqrp.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\prqss.ini
C:\WINDOWS\System32\prqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\prqss.bak1
C:\WINDOWS\System32\prqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\prqss.bak2
C:\WINDOWS\System32\prqss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\prqss.ini2
C:\WINDOWS\System32\prqss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\prqss.tmp
C:\WINDOWS\System32\prqss.tmp Has been deleted!

Performing Repairs to the registry.
Done!

BC AdBot (Login to Remove)

 


#2 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:04:39 AM

Posted 28 October 2006 - 03:56 AM

Welcome to Bleeping Computer, brute force.

* Please rename your HijackThis.exe into WhatYouWant.exe.

* Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
* Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
Posted ImagePosted Image

Olivier

#3 brute force

brute force
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 28 October 2006 - 12:13 PM

here you go.

thanks


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 10/28/2006 12:38:14 PM

Infected! C:\WINDOWS\system32\hr8u05l9e.dll
Infected! C:\WINDOWS\system32\m8po0i73e8.dll
Infected! C:\RECYCLER\NPROTECT\00037956.dll
Infected! C:\RECYCLER\NPROTECT\00037972.dll
Infected! C:\RECYCLER\NPROTECT\00037976.dll
Infected! C:\RECYCLER\NPROTECT\00038601.dll
Infected! C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067914.dll
Infected! C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067938.dll
Infected! C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067942.dll
Infected! C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067969.dll
Infected! C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067980.dll
Infected! C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067985.dll
Infected! C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067995.dll
Infected! C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0069486.dll
Infected! C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0070475.dll
Infected! C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0070476.dll
Infected! C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0075523.dll
Infected! C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0075527.dll
Infected! C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0075529.dll
Infected! C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0075533.dll
Infected! C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0075847.dll
Infected! C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0076687.dll
Infected! C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0076693.dll
Infected! C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP182\A0077274.dll
Infected! C:\WINDOWS\system32\anptif.dll
Infected! C:\WINDOWS\system32\bvhserv.dll
Infected! C:\WINDOWS\system32\dn0001dme.dll
Infected! C:\WINDOWS\system32\dn6o01j3e.dll
Infected! C:\WINDOWS\system32\dw0001dme.dll
Infected! C:\WINDOWS\system32\g4lm0e31eh.dll
Infected! C:\WINDOWS\system32\hr4o05h3e.dll
Infected! C:\WINDOWS\system32\hr8u05l9e.dll
Infected! C:\WINDOWS\system32\i460lejm1hoa.dll
Infected! C:\WINDOWS\system32\ir4sl5h71.dll
Infected! C:\WINDOWS\system32\iTlmrnt5.dll
Infected! C:\WINDOWS\system32\j8n20i5oe8.dll
Infected! C:\WINDOWS\system32\jtn4075qe.dll
Infected! C:\WINDOWS\system32\jtp6077se.dll
Infected! C:\WINDOWS\system32\k6lq0g35e6.dll
Infected! C:\WINDOWS\system32\k8260ifse8260.dll
Infected! C:\WINDOWS\system32\l88mlil118q.dll
Infected! C:\WINDOWS\system32\lv2609fse.dll
Infected! C:\WINDOWS\system32\mavidc32.dll
Infected! C:\WINDOWS\system32\mvnul9591.dll
Infected! C:\WINDOWS\system32\n62ulgf9162.dll
Infected! C:\WINDOWS\system32\o6480ghue6480.dll
Infected! C:\WINDOWS\system32\orethk32.dll
Infected! C:\WINDOWS\system32\q0680ajuedo80.dll
Infected! C:\WINDOWS\system32\q4860elsehq60.dll
Infected! C:\WINDOWS\system32\smlwid.dll
Infected! C:\WINDOWS\system32\t08ulal91dq.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\hr8u05l9e.dll
C:\WINDOWS\system32\hr8u05l9e.dll Deleted successfully!

Attempting to delete: C:\RECYCLER\NPROTECT\00037956.dll
C:\RECYCLER\NPROTECT\00037956.dll Deleted successfully!

Attempting to delete: C:\RECYCLER\NPROTECT\00037972.dll
C:\RECYCLER\NPROTECT\00037972.dll Deleted successfully!

Attempting to delete: C:\RECYCLER\NPROTECT\00037976.dll
C:\RECYCLER\NPROTECT\00037976.dll Deleted successfully!

Attempting to delete: C:\RECYCLER\NPROTECT\00038601.dll
C:\RECYCLER\NPROTECT\00038601.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067914.dll
C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067914.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067938.dll
C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067938.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067942.dll
C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067942.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067969.dll
C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067969.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067980.dll
C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067980.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067985.dll
C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067985.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067995.dll
C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0067995.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0069486.dll
C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0069486.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0070475.dll
C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0070475.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0070476.dll
C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP180\A0070476.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0075523.dll
C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0075523.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0075527.dll
C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0075527.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0075529.dll
C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0075529.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0075533.dll
C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0075533.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0075847.dll
C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0075847.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0076687.dll
C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0076687.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0076693.dll
C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP181\A0076693.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP182\A0077274.dll
C:\System Volume Information\_restore{972DA8C6-BECB-47EE-8633-B286FAB9788F}\RP182\A0077274.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\anptif.dll
C:\WINDOWS\system32\anptif.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\bvhserv.dll
C:\WINDOWS\system32\bvhserv.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dn0001dme.dll
C:\WINDOWS\system32\dn0001dme.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dn6o01j3e.dll
C:\WINDOWS\system32\dn6o01j3e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dw0001dme.dll
C:\WINDOWS\system32\dw0001dme.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\g4lm0e31eh.dll
C:\WINDOWS\system32\g4lm0e31eh.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hr4o05h3e.dll
C:\WINDOWS\system32\hr4o05h3e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hr8u05l9e.dll
C:\WINDOWS\system32\hr8u05l9e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i460lejm1hoa.dll
C:\WINDOWS\system32\i460lejm1hoa.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ir4sl5h71.dll
C:\WINDOWS\system32\ir4sl5h71.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\iTlmrnt5.dll
C:\WINDOWS\system32\iTlmrnt5.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\j8n20i5oe8.dll
C:\WINDOWS\system32\j8n20i5oe8.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\jtn4075qe.dll
C:\WINDOWS\system32\jtn4075qe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\jtp6077se.dll
C:\WINDOWS\system32\jtp6077se.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k6lq0g35e6.dll
C:\WINDOWS\system32\k6lq0g35e6.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k8260ifse8260.dll
C:\WINDOWS\system32\k8260ifse8260.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l88mlil118q.dll
C:\WINDOWS\system32\l88mlil118q.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lv2609fse.dll
C:\WINDOWS\system32\lv2609fse.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mavidc32.dll
C:\WINDOWS\system32\mavidc32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mvnul9591.dll
C:\WINDOWS\system32\mvnul9591.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\n62ulgf9162.dll
C:\WINDOWS\system32\n62ulgf9162.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\o6480ghue6480.dll
C:\WINDOWS\system32\o6480ghue6480.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\orethk32.dll
C:\WINDOWS\system32\orethk32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\q0680ajuedo80.dll
C:\WINDOWS\system32\q0680ajuedo80.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\q4860elsehq60.dll
C:\WINDOWS\system32\q4860elsehq60.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\smlwid.dll
C:\WINDOWS\system32\smlwid.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\t08ulal91dq.dll
C:\WINDOWS\system32\t08ulal91dq.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OptimalLayout
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reinstall

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0361FF3B-116E-438E-A324-B9C6B0A0D92E}"
HKCR\Clsid\{0361FF3B-116E-438E-A324-B9C6B0A0D92E}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C5FCD738-CE1B-4FD0-BF26-B52A85C14C15}"
HKCR\Clsid\{C5FCD738-CE1B-4FD0-BF26-B52A85C14C15}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4092F6A6-52DB-442F-BA07-7433CF299075}"
HKCR\Clsid\{4092F6A6-52DB-442F-BA07-7433CF299075}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{72070A2C-0E80-46E4-97AC-CB15CF57BE2D}"
HKCR\Clsid\{72070A2C-0E80-46E4-97AC-CB15CF57BE2D}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

#4 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:04:39 AM

Posted 28 October 2006 - 12:29 PM

Hi brute force,

* Post back a new hijackthis log, please.
Posted ImagePosted Image

Olivier

#5 brute force

brute force
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 28 October 2006 - 03:08 PM

sorry. thanks again

Logfile of HijackThis v1.99.1
Scan saved at 4:03:36 PM, on 10/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\hijackthis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160932439514
O20 - Winlogon Notify: yvdrgb - yvdrgb.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#6 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:04:39 AM

Posted 28 October 2006 - 03:46 PM

Hi brute force,

Just in HijackThis have a fix with the following entry:

O20 - Winlogon Notify: yvdrgb - yvdrgb.dll (file missing)

Reboot afterwards and tell us how the computer is running now, please.
Posted ImagePosted Image

Olivier

#7 brute force

brute force
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 28 October 2006 - 06:44 PM

ok, ill try, but i have been online all day and i havent received one popup.

#8 brute force

brute force
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 29 October 2006 - 01:43 AM

looks perfect. thanks so much. id love to know how you new i needed to use that look2me-destroyer and what my problem actually was. thanks again. that certainly was impressive

#9 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:04:39 AM

Posted 29 October 2006 - 04:05 AM

Your welcome :thumbsup:

* Please create a new restore point as explained here:
http://www.microsoft.com/windowsxp/using/h...temrestore.mspx

* Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1: Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!
Posted ImagePosted Image

Olivier

#10 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:04:39 AM

Posted 30 October 2006 - 06:07 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted ImagePosted Image

Olivier




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users