Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected with Malware and I followed instructions

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected with Malware and I followed instructions

Unread postby bootyhuntah » July 30th, 2006, 1:38 am

Here is a copy of the log file compiled by Hijack this! Please help and thank you in advance :D I am being bombarded with pop-ups :( for the last three days. I heard this site is the place to go when you need help :shock:


Logfile of HijackThis v1.99.1
Scan saved at 12:32:03 AM, on 7/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Booster\pcbooster.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PC Tools\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.com/
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Digital Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Digital Picture Package\Picture Package Applications\Residence.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3650568348
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\dnr6019se.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
bootyhuntah
Active Member
 
Posts: 8
Joined: July 30th, 2006, 12:47 am
Location: New Orleans, Louisiana
Advertisement
Register to Remove

Unread postby Mr_JAk3 » July 30th, 2006, 3:23 am

Hi bootyhuntah and welcome to MalwareRemoval, you've found the right place.

I'll check your log and post you back as soon as I can ;)
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland

Unread postby Mr_JAk3 » July 31st, 2006, 12:25 am

Hi again bootyhuntah, you got some infections.

You may have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland

LX2 Fix Log

Unread postby bootyhuntah » July 31st, 2006, 5:21 pm

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\guard.tmp"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{176BE472-9585-C9A4-93CC-7AEC3EA99603}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{B8323370-FF27-11D2-97B6-204C4F4F5020}"="SmartFTP Shell Extension DLL"
"{B95713CD-06FF-4D35-A9DA-4DBDFE5FD7F4}"="Hex Editor Shell Extension"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{23170F69-40C1-278A-1000-000100020000}"="7-Zip Shell Extension"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References"
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
"{A02DEEEB-DD87-4a4f-8F2E-B633A59BA18A}"="Private Folder Copyhook Extention"
"{3B153CB3-A551-4fe6-A68B-F5C96650FF39}"="Private Folder Copyhook Extention"
"{78237F62-8EC8-438C-83B0-1DECB4303076}"="Private Folder FSFolder Extention"
"{B0FAF2DA-13EA-41CA-A62F-850DC01D1C01}"="Private Folder Shortcut Extention"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{5116D193-8024-4125-986D-A49DEFCFA101}"=""
"{B4A36284-96DD-4962-AD28-A12B06C9BE65}"=""
"{D69FA2F5-EBF3-4629-97ED-136A244D07BF}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5116D193-8024-4125-986D-A49DEFCFA101}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5116D193-8024-4125-986D-A49DEFCFA101}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5116D193-8024-4125-986D-A49DEFCFA101}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5116D193-8024-4125-986D-A49DEFCFA101}\InprocServer32]
@="C:\\WINDOWS\\system32\\kldaze.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B4A36284-96DD-4962-AD28-A12B06C9BE65}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B4A36284-96DD-4962-AD28-A12B06C9BE65}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B4A36284-96DD-4962-AD28-A12B06C9BE65}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B4A36284-96DD-4962-AD28-A12B06C9BE65}\InprocServer32]
@="C:\\WINDOWS\\system32\\ljpcd11n.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D69FA2F5-EBF3-4629-97ED-136A244D07BF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D69FA2F5-EBF3-4629-97ED-136A244D07BF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D69FA2F5-EBF3-4629-97ED-136A244D07BF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D69FA2F5-EBF3-4629-97ED-136A244D07BF}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
asferror.dll Tue May 9 2006 10:26:32p A.... 7,168 7.00 K
audiodev.dll Tue May 9 2006 10:26:34p A.... 267,776 261.50 K
blackbox.dll Tue May 9 2006 8:59:14p A.... 585,216 571.50 K
browseui.dll Wed May 10 2006 12:23:00a A.... 1,022,976 999.00 K
cdfview.dll Wed May 10 2006 12:23:00a A.... 151,040 147.50 K
cewmdm.dll Tue May 9 2006 10:26:34p A.... 219,648 214.50 K
danim.dll Wed May 10 2006 12:23:00a A.... 1,054,208 1.00 M
dhcpcsvc.dll Fri May 19 2006 7:59:42a A.... 111,616 109.00 K
dnsapi.dll Fri May 19 2006 7:59:42a A.... 148,480 145.00 K
drmv2clt.dll Tue May 9 2006 9:00:02p A.... 1,350,656 1.29 M
dxtmsft.dll Wed May 10 2006 12:23:00a A.... 357,888 349.50 K
dxtrans.dll Wed May 10 2006 12:23:00a A.... 205,312 200.50 K
ehetw.dll Tue May 9 2006 8:57:06p ..... 11,264 11.00 K
extmgr.dll Wed May 10 2006 12:23:00a ..... 55,808 54.50 K
iepeers.dll Wed May 10 2006 12:23:00a A.... 251,392 245.50 K
inseng.dll Wed May 10 2006 12:23:00a A.... 96,256 94.00 K
iphlpapi.dll Fri May 19 2006 7:59:42a A.... 94,720 92.50 K
jgdw400.dll Thu Jun 1 2006 1:47:08p A.... 163,840 160.00 K
jgpl400.dll Thu Jun 1 2006 1:47:08p A.... 27,648 27.00 K
jscript.dll Thu May 18 2006 12:24:26a A.... 450,560 440.00 K
jsproxy.dll Wed May 10 2006 12:23:00a A.... 16,384 16.00 K
laprxy.dll Tue May 9 2006 10:26:32p A.... 9,728 9.50 K
legitc~1.dll Mon Jun 19 2006 4:19:42p A.... 571,184 557.80 K
mfplat.dll Tue May 9 2006 9:00:08p ..... 382,976 374.00 K
mp43decd.dll Tue May 9 2006 9:00:56p ..... 241,152 235.50 K
mp43dmod.dll Tue May 9 2006 10:26:34p A.... 4,096 4.00 K
mp4sdecd.dll Tue May 9 2006 9:00:58p ..... 299,520 292.50 K
mp4sdmod.dll Tue May 9 2006 10:26:34p A.... 4,096 4.00 K
mpg4decd.dll Tue May 9 2006 9:00:58p ..... 241,152 235.50 K
mpg4dmod.dll Tue May 9 2006 10:26:34p A.... 4,096 4.00 K
msdelta.dll Tue May 9 2006 8:45:20p ..... 304,640 297.50 K
mshtml.dll Fri May 19 2006 10:08:32a A.... 3,052,544 2.91 M
mshtmled.dll Wed May 10 2006 12:23:02a A.... 448,512 438.00 K
msnetobj.dll Tue May 9 2006 10:26:34p A.... 212,480 207.50 K
mspmsnsv.dll Tue May 9 2006 10:26:34p A.... 26,112 25.50 K
mspmsp.dll Tue May 9 2006 10:26:34p A.... 165,376 161.50 K
msrating.dll Wed May 10 2006 12:23:02a A.... 146,432 143.00 K
msscp.dll Tue May 9 2006 8:59:20p A.... 417,280 407.50 K
mstime.dll Wed May 10 2006 12:23:02a A.... 532,480 520.00 K
mswmdm.dll Tue May 9 2006 10:26:34p A.... 306,688 299.50 K
pngfilt.dll Wed May 10 2006 12:23:02a A.... 39,424 38.50 K
po1676~1.dll Tue May 9 2006 8:58:48p ..... 188,928 184.50 K
portab~1.dll Tue May 9 2006 8:58:48p ..... 345,600 337.50 K
portab~2.dll Tue May 9 2006 8:58:48p ..... 101,376 99.00 K
portab~3.dll Tue May 9 2006 8:58:38p ..... 168,960 165.00 K
portab~4.dll Tue May 9 2006 8:58:50p ..... 103,424 101.00 K
qasf.dll Tue May 9 2006 10:26:34p A.... 201,728 197.00 K
rasmans.dll Sun May 14 2006 3:44:08a A.... 181,248 177.00 K
shdocvw.dll Mon May 29 2006 10:30:34a A.... 1,494,016 1.42 M
shlwapi.dll Wed May 10 2006 12:23:02a A.... 474,112 463.00 K
sirenacm.dll Fri Jun 16 2006 2:34:44p A.... 48,936 47.79 K
urlmon.dll Wed May 10 2006 12:23:02a A.... 613,888 599.50 K
wdfapi.dll Tue May 9 2006 10:26:34p A.... 4,096 4.00 K
wgalogon.dll Mon Jun 19 2006 4:20:42p A.... 702,768 686.30 K
wininet.dll Wed May 10 2006 12:23:04a A.S.. 658,432 643.00 K
wmadmod.dll Tue May 9 2006 10:26:34p A.... 705,024 688.50 K
wmadmoe.dll Tue May 9 2006 10:26:34p A.... 1,063,424 1.01 M
wmasf.dll Tue May 9 2006 10:26:34p A.... 221,696 216.50 K
wmdmlog.dll Tue May 9 2006 10:26:34p A.... 31,744 31.00 K
wmdmps.dll Tue May 9 2006 10:26:34p A.... 36,864 36.00 K
wmdrmdev.dll Tue May 9 2006 10:26:34p A.... 417,280 407.50 K
wmdrmnet.dll Tue May 9 2006 10:26:34p A.... 337,408 329.50 K
wmdrmsdk.dll Tue May 9 2006 8:59:34p ..... 513,536 501.50 K
wmerror.dll Tue May 9 2006 10:26:32p A.... 218,112 213.00 K
wmidx.dll Tue May 9 2006 10:26:34p A.... 155,136 151.50 K
wmnetmgr.dll Tue May 9 2006 10:26:34p A.... 992,256 969.00 K
wmp.dll Tue May 9 2006 10:26:34p A.... 10,394,624 9.91 M
wmpasf.dll Tue May 9 2006 10:26:34p A.... 237,056 231.50 K
wmpdxm.dll Tue May 9 2006 10:26:34p A.... 301,056 294.00 K
wmpeff~1.dll Tue May 9 2006 10:26:34p ..... 433,152 423.00 K
wmpencen.dll Tue May 9 2006 10:26:34p A.... 1,641,472 1.56 M
wmploc.dll Tue May 9 2006 10:26:34p A.... 7,706,112 7.35 M
wmpmde.dll Tue May 9 2006 9:00:22p ..... 546,816 534.00 K
wmpps.dll Tue May 9 2006 10:26:34p ..... 135,680 132.50 K
wmpshell.dll Tue May 9 2006 10:26:34p A.... 97,792 95.50 K
wmpsrcwp.dll Tue May 9 2006 10:26:34p A.... 203,776 199.00 K
wmsdmod.dll Tue May 9 2006 10:26:34p A.... 4,096 4.00 K
wmsdmoe2.dll Tue May 9 2006 10:26:34p A.... 4,096 4.00 K
wmspdmod.dll Tue May 9 2006 10:26:34p A.... 564,736 551.50 K
wmspdmoe.dll Tue May 9 2006 10:26:34p A.... 1,280,000 1.22 M
wmvadvd.dll Tue May 9 2006 10:26:34p A.... 4,096 4.00 K
wmvadve.dll Tue May 9 2006 10:26:34p A.... 4,096 4.00 K
wmvcore.dll Tue May 9 2006 10:22:32p A.... 2,463,744 2.35 M
wmvdecod.dll Tue May 9 2006 9:01:06p ..... 1,463,808 1.39 M
wmvdmod.dll Tue May 9 2006 10:26:34p A.... 4,096 4.00 K
wmvdmoe2.dll Tue May 9 2006 10:26:34p A.... 4,096 4.00 K
wmvencod.dll Tue May 9 2006 9:00:58p ..... 1,455,616 1.39 M
wmvsdecd.dll Tue May 9 2006 9:01:06p ..... 1,359,360 1.29 M
wmvsencd.dll Tue May 9 2006 9:00:58p ..... 770,560 752.50 K
wmvxencd.dll Tue May 9 2006 9:00:56p ..... 636,928 622.00 K
wpdconns.dll Tue May 9 2006 8:58:40p A.... 35,840 35.00 K
wpdmtp.dll Tue May 9 2006 8:58:40p A.... 144,896 141.50 K
wpdmtpus.dll Tue May 9 2006 8:58:40p A.... 55,808 54.50 K
wpdshext.dll Tue May 9 2006 8:58:54p ..... 3,745,280 3.57 M
wpdshs~1.dll Tue May 9 2006 8:58:54p ..... 52,224 51.00 K
wpdsp.dll Tue May 9 2006 8:58:46p A.... 343,552 335.50 K
wpdtrace.dll Tue May 9 2006 8:58:38p A.... 13,312 13.00 K
wpd_ci.dll Tue May 9 2006 8:58:50p A.... 670,208 654.50 K
xpsp3res.dll Thu May 11 2006 3:23:24a A.... 24,576 24.00 K

99 items found: 99 files (1 H/S), 0 directories.
Total of file sizes: 60,842,376 bytes 58.02 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is B8BE-39A5

Directory of C:\WINDOWS\System32

07/31/2006 04:30 AM <DIR> dllcache
07/28/2006 12:00 AM 5,120 Thumbs.db
05/10/2006 12:23 AM 658,432 wininet.dll
04/28/2006 04:19 PM <DIR> Microsoft
2 File(s) 663,552 bytes
2 Dir(s) 22,786,650,112 bytes free
bootyhuntah
Active Member
 
Posts: 8
Joined: July 30th, 2006, 12:47 am
Location: New Orleans, Louisiana

Unread postby Mr_JAk3 » August 1st, 2006, 4:51 am

Hi again, good work :)

Now we'll continue...

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new Hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

Note : Once the PC has restarted if a log does not appear or the icons didn't disappear, run the "second.bat" located inside the L2mfix folder.
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland

Log you asked for, thank you for help

Unread postby bootyhuntah » August 1st, 2006, 9:35 am

L2mfix 051206
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (668)
Killing 'winlogon.exe'
winlogon.exe (740)
Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (404)
Killing 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\guard.tmp"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000000
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,a9,af,6f,f2,90,19,47,4f,8b,e8,09,a3,06,7a,95,84,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,3d,48,6a,d6,47,c9,d2,ed,\
36,6f,e5,db,2c,36,1c,a9,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,2f,\
de,96,52,14,0a,fd,be,53,3f,c0,bc,b1,9e,01,e1,80,01,00,00,29,80,a2,97,68,a2,\
6c,99,a3,d5,eb,22,3b,c8,2a,f5,fa,d7,cb,d2,f3,60,45,73,fd,65,4c,fd,7b,4a,e2,\
c9,52,dd,56,a1,78,82,c4,41,7b,72,10,c3,3e,bd,2d,17,57,bb,04,c7,be,86,1e,63,\
0b,ff,c7,02,e9,f5,c4,84,2c,1e,65,d4,a8,eb,68,e0,b3,79,92,7f,33,be,1c,db,e0,\
48,7b,dd,51,72,1f,93,d1,29,1f,09,31,aa,41,e0,76,0f,d1,db,01,a8,ed,4e,bb,7a,\
70,27,58,a0,f2,05,80,3e,08,07,29,12,83,5e,b9,dc,50,1c,72,1e,84,9f,4e,4d,54,\
72,2a,40,b1,d8,87,30,d8,85,1f,4b,3e,aa,fa,7d,8d,97,3c,75,bc,33,9a,80,b0,f6,\
8b,67,e3,5f,4a,dc,e9,81,67,55,fd,6b,5c,5c,2f,02,0a,5f,6a,45,b9,a3,23,bb,61,\
58,e1,92,5c,ce,71,3f,70,bd,5f,c2,5a,1d,f2,d9,10,5d,ee,21,3d,79,0d,4e,29,ba,\
ad,44,5d,19,94,2a,45,82,cd,75,0a,6d,2d,16,af,45,0e,71,fa,39,2c,2c,a8,6a,1f,\
06,02,16,3a,b8,ea,a9,f5,56,38,0c,33,89,da,a2,32,66,66,fe,89,e6,f6,ea,c1,d7,\
58,f8,5c,80,be,4c,d2,a4,bf,df,95,dd,a5,ec,75,68,81,02,f5,9c,d5,83,30,7a,53,\
98,d6,b0,d7,54,5e,30,7a,60,9d,42,73,4d,98,00,70,73,56,cf,1e,ac,26,f0,37,09,\
5d,40,74,29,ca,52,3b,d5,57,07,f5,08,78,87,ba,af,73,c5,59,d8,2d,a7,e8,c5,7c,\
b0,ef,54,dd,ee,be,f4,81,a7,45,3b,0a,07,a4,56,e5,46,1a,4b,fc,b6,71,c0,2b,44,\
5f,f1,a1,82,65,da,78,8f,da,96,3f,8d,f4,31,70,18,4c,9a,c5,86,d4,96,52,43,f6,\
28,d1,34,14,00,00,00,af,03,74,dd,3a,fe,a7,31,f6,57,67,1e,32,fb,03,ac,e7,c3,\
06,1d

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5116D193-8024-4125-986D-A49DEFCFA101}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5116D193-8024-4125-986D-A49DEFCFA101}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5116D193-8024-4125-986D-A49DEFCFA101}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5116D193-8024-4125-986D-A49DEFCFA101}\InprocServer32]
@="C:\\WINDOWS\\system32\\kldaze.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B4A36284-96DD-4962-AD28-A12B06C9BE65}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B4A36284-96DD-4962-AD28-A12B06C9BE65}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B4A36284-96DD-4962-AD28-A12B06C9BE65}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B4A36284-96DD-4962-AD28-A12B06C9BE65}\InprocServer32]
@="C:\\WINDOWS\\system32\\ljpcd11n.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D69FA2F5-EBF3-4629-97ED-136A244D07BF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D69FA2F5-EBF3-4629-97ED-136A244D07BF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D69FA2F5-EBF3-4629-97ED-136A244D07BF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D69FA2F5-EBF3-4629-97ED-136A244D07BF}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{5116D193-8024-4125-986D-A49DEFCFA101}"=-
"{B4A36284-96DD-4962-AD28-A12B06C9BE65}"=-
"{D69FA2F5-EBF3-4629-97ED-136A244D07BF}"=-
[-HKEY_CLASSES_ROOT\CLSID\{5116D193-8024-4125-986D-A49DEFCFA101}]
[-HKEY_CLASSES_ROOT\CLSID\{B4A36284-96DD-4962-AD28-A12B06C9BE65}]
[-HKEY_CLASSES_ROOT\CLSID\{D69FA2F5-EBF3-4629-97ED-136A244D07BF}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/5116D193-8024-4125-986D-A49DEFCFA101.reg (212 bytes security) (deflated 70%)
adding: backregs/B4A36284-96DD-4962-AD28-A12B06C9BE65.reg (212 bytes security) (deflated 70%)
adding: backregs/D69FA2F5-EBF3-4629-97ED-136A244D07BF.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 74%)
adding: backregs/shell.reg (164 bytes security) (deflated 68%)
bootyhuntah
Active Member
 
Posts: 8
Joined: July 30th, 2006, 12:47 am
Location: New Orleans, Louisiana

Unread postby Mr_JAk3 » August 1st, 2006, 11:27 am

Hi again bootyhuntah.

Please post a fresh HijackThis log to here too, then we'll continue ;)
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland

New HiJack This Log

Unread postby bootyhuntah » August 1st, 2006, 5:31 pm

Logfile of HijackThis v1.99.1
Scan saved at 4:31:22 PM, on 8/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Booster\pcbooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Digital Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Digital Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PC Tools\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.com/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\PC Booster\pcbooster.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Digital Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Digital Picture Package\Picture Package Applications\Residence.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3650568348
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
bootyhuntah
Active Member
 
Posts: 8
Joined: July 30th, 2006, 12:47 am
Location: New Orleans, Louisiana

Unread postby Mr_JAk3 » August 2nd, 2006, 2:48 am

Hi again, now we'll continue...

You should print these instructions or save these to a text file. Follow these instructions carefully.

Download and install ewido anti-spyware 4.0
  • Open ewido anti-spyware
  • Click on the Update icon at the top of the window
    • Click on the Start update button
    • Wait for the update to download and install
  • Quit the program, well use this later.
Download ATF Cleaner by Atribune to your desktop.
Do NOT run yet.

Disable Windows Defender's realtime protection. (it may hinder the cleaning process)
  • Open Windows Defender
  • Click on "Tools"
  • Click on "General Settings"
  • Scroll down to "Real-time protection options"
  • Uncheck "Turn on Real-time protection (recommended)"
  • Click "Save"
  • Exit the program.
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list. If an Administrator has not set a policy restricting access to Internet Explorer settings and you have not configured any software such as Spybot S & D or a similar program to prevent changing Internet Explorer settings, then you can also fix these 06 entries with HijackThis:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\guard.tmp (file missing)


Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.
Run ATF Cleaner
  • Click Main, Select all, Empty selected.
  • If you use Firefox as your browser, click Firefox, Select all, Empty selected
  • If you use Opera as your browser, click Opera, Select all, Empty selected
Now scan your computer with Ewido.
  • Open Ewido
  • Click on the Scanner icon at the top of the window
    • Click on the Settings tab then select Recommended Options and choose Quarantine
    • Click on the Scan tab
      • Select Complete System Scan. Ewido will now begin to scan your system
  • When the scan has completed, if infections were found, press Apply all actions .
  • Then click on the Save Scan Report button and save the scan to your Desktop where it can be easily found
  • Copy and paste the scan results into your next post.
Restart your computer normally.

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


When you're ready, post the following logs to here:
- Ewido's report
- a fresh HijackThis log
- Kaspersky log
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland

New HiJack This Log

Unread postby bootyhuntah » August 2nd, 2006, 2:25 pm

Logfile of HijackThis v1.99.1
Scan saved at 1:24:09 PM, on 8/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Booster\pcbooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Digital Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Digital Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\PC Tools\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\PC Booster\pcbooster.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Digital Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Digital Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3650568348
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
bootyhuntah
Active Member
 
Posts: 8
Joined: July 30th, 2006, 12:47 am
Location: New Orleans, Louisiana

Kapersky report

Unread postby bootyhuntah » August 2nd, 2006, 6:04 pm

KASPERSKY ON-LINE SCANNER REPORT
Wednesday, August 02, 2006 5:03:08 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 2/08/2006
Kaspersky Anti-Virus database records: 211673


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 38370
Number of viruses found 10
Number of infected objects 21
Number of suspicious objects 0
Duration of the scan process 02:23:42

Infected Object Name Virus Name Last Action
C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP729\A0124497.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP729\A0124498.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP729\A0124499.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP729\A0124500.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP730\A0125493.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP733\A0125703.exe Infected: Trojan-Downloader.Win32.Adload.db skipped

C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP733\A0125705.exe Infected: Trojan-Downloader.Win32.Adload.db skipped

C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP733\A0125707.exe Infected: Trojan-Downloader.Win32.Small.cyh skipped

C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP733\A0128713.exe Infected: Trojan-Downloader.Win32.Adload.db skipped

C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP733\A0128715.exe Infected: Trojan-Downloader.Win32.VB.aiv skipped

C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP733\A0128716.exe Infected: Trojan-Downloader.Win32.Adload.db skipped

C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP733\A0128717.exe Infected: Trojan-Downloader.Win32.Adload.db skipped

C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP733\A0128719.exe Infected: Trojan-Clicker.Win32.VB.ly skipped

C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP733\A0128721.exe Infected: Trojan-Downloader.Win32.VB.aiy skipped

C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP733\A0128724.exe Infected: Trojan-Downloader.Win32.Adload.db skipped

C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP733\A0128730.exe Infected: Trojan-Downloader.Win32.VB.aiv skipped

C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP733\A0128737.exe/data.rar/wga.exe Infected: Trojan-Downloader.Win32.VB.afo skipped

C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP733\A0128737.exe/data.rar Infected: Trojan-Downloader.Win32.VB.afo skipped

C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP733\A0128737.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP736\A0131857.exe Infected: not-a-virus:AdWare.Win32.AdURL.c skipped

C:\System Volume Information\_restore{3277F68E-F338-4AB5-89EF-1931ACF6D092}\RP751\A0139240.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

Scan process completed.
bootyhuntah
Active Member
 
Posts: 8
Joined: July 30th, 2006, 12:47 am
Location: New Orleans, Louisiana

Ewido Report

Unread postby bootyhuntah » August 2nd, 2006, 6:35 pm

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:34:52 PM, 8/2/2006
+ Report-Checksum: CD23B149

+ Scan result:

C:\Documents and Settings\james munoz\Cookies\james_munoz@coxhsi.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\james munoz\Cookies\james_munoz@e-2dj6wfkiqidzohp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\james munoz\Cookies\james_munoz@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\james munoz\Cookies\james_munoz@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup


::Report End
bootyhuntah
Active Member
 
Posts: 8
Joined: July 30th, 2006, 12:47 am
Location: New Orleans, Louisiana

Unread postby Mr_JAk3 » August 3rd, 2006, 1:07 am

Hi again, looks much better now :)

You don't seem to a firewall running, I suggest that you install one firewall
(If you're using Windows XP Firewall, I recommend that you install one firewall from my list and disable Windows Firewall after the installation.)

These are good (free) firewalls:
- Kerio
- Sygate
- Outpost

You don't have an antivirus on your computer. Accessing the internet without an antivirus installed quarantees that your system will become infected. Install one antivirus:
These are good (free) antiviruses:
- Antivir
- Avast
- AVG

Then we have some leftovers to clean...

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)

Then we'll need to clear your system restore from the malware that was left to there.
  • Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore.
  • Click to add a check mark beside Turn off System Restore on all Drives, and click Apply.
  • When you are warned that all existing Restore Points will be deleted, click Yes to continue.
Restart your computer normally.
Then we'll enable system restore again.
  • Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore.
  • Uncheck beside Turn off System Restore on all Drives, and click Apply.
  • Close the window

When you're ready, post a one more HijackThis log to here.
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland

New HiJack This! Log

Unread postby bootyhuntah » August 3rd, 2006, 11:47 am

Logfile of HijackThis v1.99.1
Scan saved at 10:46:50 AM, on 8/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\PC Booster\pcbooster.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PC Tools\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.maxconsole.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Digital Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Digital Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3650568348
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
bootyhuntah
Active Member
 
Posts: 8
Joined: July 30th, 2006, 12:47 am
Location: New Orleans, Louisiana

Unread postby Mr_JAk3 » August 4th, 2006, 12:03 am

Hi again, you're looking clean now :)

Now you can enable Windows Defender's realtime protection.
  • Open Windows Defender
  • Click on "Tools"
  • Click on "General Settings"
  • Scroll down to "Real-time protection options"
  • Check "Turn on Real-time protection (recommended)"
  • Click "Save"
  • Exit the program.
You can delete L2MFix too, we don't need it anymore.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 469 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware