Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

L2Mfix log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

L2Mfix log

Unread postby Jackson Baughman » July 14th, 2005, 5:38 pm

L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\lvasrv.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{BDE2F1F0-83DA-D85D-D6C5-262F5BC6D748}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{06AD1BF5-824C-4FE4-8BAB-DA8DD0723074}"=""
"{280F6434-F2E4-41F1-B206-0518007B293B}"=""
"{2F817450-C385-4303-8235-D11DC85C15BE}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{06AD1BF5-824C-4FE4-8BAB-DA8DD0723074}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{06AD1BF5-824C-4FE4-8BAB-DA8DD0723074}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{06AD1BF5-824C-4FE4-8BAB-DA8DD0723074}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{06AD1BF5-824C-4FE4-8BAB-DA8DD0723074}\InprocServer32]
@="C:\\WINDOWS\\system32\\lrtif10N.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{280F6434-F2E4-41F1-B206-0518007B293B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{280F6434-F2E4-41F1-B206-0518007B293B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{280F6434-F2E4-41F1-B206-0518007B293B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{280F6434-F2E4-41F1-B206-0518007B293B}\InprocServer32]
@="C:\\WINDOWS\\system32\\lvasrv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2F817450-C385-4303-8235-D11DC85C15BE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F817450-C385-4303-8235-D11DC85C15BE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F817450-C385-4303-8235-D11DC85C15BE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F817450-C385-4303-8235-D11DC85C15BE}\InprocServer32]
@="C:\\WINDOWS\\system32\\FC05F3D5.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is B8F8-638F

Directory of C:\WINDOWS\System32

07/14/2005 05:21 PM 417,792 FC05F3D5.dll
07/14/2005 04:40 PM 417,792 laefx10N.dll
07/14/2005 04:40 PM 417,792 lvasrv.dll
07/14/2005 03:10 PM 417,792 clbjmon.dll
07/14/2005 03:09 PM 417,792 cqutil.dll
07/14/2005 02:04 PM 417,792 ccmpobj.dll
07/14/2005 02:04 PM 417,792 cab.dll
07/14/2005 02:03 PM 417,792 wyp.dll
07/12/2005 04:40 PM 417,792 lrtif10N.dll
07/12/2005 04:29 PM 417,792 wzigest.dll
07/12/2005 04:22 PM 417,792 AONPS2.dll
07/12/2005 01:48 PM 417,792 urat.dll
07/12/2005 01:48 PM 417,792 tCpi3.dll
07/12/2005 12:29 PM 417,792 ccypt32.dll
07/12/2005 12:29 PM 417,792 cznsole.dll
07/12/2005 11:15 AM 417,792 SkmStore.dll
07/12/2005 11:15 AM 417,792 surstr.dll
07/12/2005 10:14 AM 417,792 mivbvm50.dll
07/12/2005 10:14 AM 417,792 mluni11.dll
07/12/2005 09:03 AM 417,792 rycrt4.dll
07/12/2005 09:03 AM 417,792 rVstapi.dll
07/12/2005 07:49 AM 417,792 rggapi.dll
07/12/2005 07:49 AM 417,792 rrpcfgex.dll
07/12/2005 06:30 AM 417,792 riutetab.dll
07/12/2005 06:30 AM 417,792 rysutils.dll
07/12/2005 05:03 AM 417,792 wgweb.dll
07/12/2005 05:03 AM 417,792 wbweb.dll
07/12/2005 03:33 AM 417,792 lsXpm12n.dll
07/12/2005 03:33 AM 417,792 lbras12n.dll
07/12/2005 02:30 AM 417,792 mywsock.dll
07/12/2005 02:30 AM 417,792 movcp60.dll
07/12/2005 01:01 AM 417,792 MUSTDFMT.DLL
07/12/2005 01:01 AM 417,792 myrd2x40.dll
07/11/2005 11:55 PM 417,792 kndpl1.dll
07/11/2005 11:55 PM 417,792 kqdir.dll
07/11/2005 10:39 PM 417,792 eient97.dll
07/11/2005 10:39 PM 417,792 elcapi.dll
07/11/2005 09:13 PM 417,792 cbtdll.dll
07/11/2005 09:13 PM 417,792 crmpobj.dll
07/11/2005 08:04 PM 417,792 wustream.dll
07/11/2005 08:04 PM 417,792 wfpshell.dll
07/11/2005 06:37 PM 417,792 oheaccrc.dll
07/11/2005 06:37 PM 417,792 oabccp32.dll
07/11/2005 06:31 PM 82,432 eetu.exe
07/11/2005 05:08 PM 417,792 oGkley.dll
07/11/2005 05:07 PM 417,792 njsdexts.dll
07/11/2005 12:01 PM 417,792 pgspl.dll
07/11/2005 12:01 PM 417,792 pRpgraph.dll
07/10/2005 03:30 PM 417,792 czmpstui.dll
07/08/2005 07:36 PM 417,792 wohcon.dll
07/06/2005 08:50 AM 417,792 donet.dll
07/05/2005 09:16 AM 417,792 guard.tmp
07/03/2005 08:35 PM 417,792 lrfax11n.dll
06/25/2005 08:27 PM <DIR> dllcache
07/30/2004 04:36 PM <DIR> Microsoft
53 File(s) 21,807,616 bytes
2 Dir(s) 31,305,842,688 bytes free
Jackson Baughman
Active Member
 
Posts: 8
Joined: July 8th, 2005, 7:52 pm
Advertisement
Register to Remove

Unread postby Bertha » July 15th, 2005, 1:48 pm

Hi,

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

Please reply to your original topic, dont start new ones or rpely back here

http://www.malwareremoval.com/forum/viewtop ... 6494#16494

Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands

Unread postby Jackson Baughman » July 15th, 2005, 3:26 pm

L2Mfix 1.03a

Running From:
C:\Documents and Settings\Jack\Desktop\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\Jack\Desktop\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Jack\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 644 'explorer.exe'
Killing PID 644 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1040 'rundll32.exe'
Killing PID 1660 'rundll32.exe'
Killing PID 1716 'rundll32.exe'
Killing PID 1728 'rundll32.exe'
Killing PID 1740 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\AONPS2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\AONPS2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cab.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cab.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cbtdll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cbtdll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ccmpobj.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ccmpobj.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ccypt32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ccypt32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\clbjmon.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\clbjmon.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cqutil.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cqutil.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\crmpobj.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\crmpobj.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\czmpstui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\czmpstui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cznsole.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cznsole.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dmraw.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dmraw.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\donet.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\donet.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\eient97.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\eient97.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\elcapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\elcapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\FC05F3D5.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\FC05F3D5.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kndpl1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kndpl1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kqdir.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kqdir.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\laefx10N.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\laefx10N.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lbras12n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lbras12n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lrfax11n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lrfax11n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lrtif10N.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lrtif10N.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lsXpm12n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lsXpm12n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvasrv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lvasrv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mivbvm50.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mivbvm50.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mluni11.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mluni11.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\movcp60.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\movcp60.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mpcshext.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mpcshext.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mtls2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mtls2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MUSTDFMT.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MUSTDFMT.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\myrd2x40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\myrd2x40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mywsock.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mywsock.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\njsdexts.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\njsdexts.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\oabccp32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\oabccp32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\oGkley.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\oGkley.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\oheaccrc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\oheaccrc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\pgspl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\pgspl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\pRpgraph.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\pRpgraph.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rggapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rggapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\riutetab.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\riutetab.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rrpcfgex.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rrpcfgex.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rVstapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rVstapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rycrt4.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rycrt4.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rysutils.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rysutils.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\SkmStore.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\SkmStore.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\surstr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\surstr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tCpi3.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tCpi3.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\urat.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\urat.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wbweb.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wbweb.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wfpshell.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wfpshell.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wgweb.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wgweb.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wohcon.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wohcon.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wustream.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wustream.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wyp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wyp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wzigest.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wzigest.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\AONPS2.dll
Successfully Deleted: C:\WINDOWS\system32\AONPS2.dll
deleting: C:\WINDOWS\system32\AONPS2.dll
Successfully Deleted: C:\WINDOWS\system32\AONPS2.dll
deleting: C:\WINDOWS\system32\cab.dll
Successfully Deleted: C:\WINDOWS\system32\cab.dll
deleting: C:\WINDOWS\system32\cab.dll
Successfully Deleted: C:\WINDOWS\system32\cab.dll
deleting: C:\WINDOWS\system32\cbtdll.dll
Successfully Deleted: C:\WINDOWS\system32\cbtdll.dll
deleting: C:\WINDOWS\system32\cbtdll.dll
Successfully Deleted: C:\WINDOWS\system32\cbtdll.dll
deleting: C:\WINDOWS\system32\ccmpobj.dll
Successfully Deleted: C:\WINDOWS\system32\ccmpobj.dll
deleting: C:\WINDOWS\system32\ccmpobj.dll
Successfully Deleted: C:\WINDOWS\system32\ccmpobj.dll
deleting: C:\WINDOWS\system32\ccypt32.dll
Successfully Deleted: C:\WINDOWS\system32\ccypt32.dll
deleting: C:\WINDOWS\system32\ccypt32.dll
Successfully Deleted: C:\WINDOWS\system32\ccypt32.dll
deleting: C:\WINDOWS\system32\clbjmon.dll
Successfully Deleted: C:\WINDOWS\system32\clbjmon.dll
deleting: C:\WINDOWS\system32\clbjmon.dll
Successfully Deleted: C:\WINDOWS\system32\clbjmon.dll
deleting: C:\WINDOWS\system32\cqutil.dll
Successfully Deleted: C:\WINDOWS\system32\cqutil.dll
deleting: C:\WINDOWS\system32\cqutil.dll
Successfully Deleted: C:\WINDOWS\system32\cqutil.dll
deleting: C:\WINDOWS\system32\crmpobj.dll
Successfully Deleted: C:\WINDOWS\system32\crmpobj.dll
deleting: C:\WINDOWS\system32\crmpobj.dll
Successfully Deleted: C:\WINDOWS\system32\crmpobj.dll
deleting: C:\WINDOWS\system32\czmpstui.dll
Successfully Deleted: C:\WINDOWS\system32\czmpstui.dll
deleting: C:\WINDOWS\system32\czmpstui.dll
Successfully Deleted: C:\WINDOWS\system32\czmpstui.dll
deleting: C:\WINDOWS\system32\cznsole.dll
Successfully Deleted: C:\WINDOWS\system32\cznsole.dll
deleting: C:\WINDOWS\system32\cznsole.dll
Successfully Deleted: C:\WINDOWS\system32\cznsole.dll
deleting: C:\WINDOWS\system32\dmraw.dll
Successfully Deleted: C:\WINDOWS\system32\dmraw.dll
deleting: C:\WINDOWS\system32\dmraw.dll
Successfully Deleted: C:\WINDOWS\system32\dmraw.dll
deleting: C:\WINDOWS\system32\donet.dll
Successfully Deleted: C:\WINDOWS\system32\donet.dll
deleting: C:\WINDOWS\system32\donet.dll
Successfully Deleted: C:\WINDOWS\system32\donet.dll
deleting: C:\WINDOWS\system32\eient97.dll
Successfully Deleted: C:\WINDOWS\system32\eient97.dll
deleting: C:\WINDOWS\system32\eient97.dll
Successfully Deleted: C:\WINDOWS\system32\eient97.dll
deleting: C:\WINDOWS\system32\elcapi.dll
Successfully Deleted: C:\WINDOWS\system32\elcapi.dll
deleting: C:\WINDOWS\system32\elcapi.dll
Successfully Deleted: C:\WINDOWS\system32\elcapi.dll
deleting: C:\WINDOWS\system32\FC05F3D5.dll
Successfully Deleted: C:\WINDOWS\system32\FC05F3D5.dll
deleting: C:\WINDOWS\system32\FC05F3D5.dll
Successfully Deleted: C:\WINDOWS\system32\FC05F3D5.dll
deleting: C:\WINDOWS\system32\kndpl1.dll
Successfully Deleted: C:\WINDOWS\system32\kndpl1.dll
deleting: C:\WINDOWS\system32\kndpl1.dll
Successfully Deleted: C:\WINDOWS\system32\kndpl1.dll
deleting: C:\WINDOWS\system32\kqdir.dll
Successfully Deleted: C:\WINDOWS\system32\kqdir.dll
deleting: C:\WINDOWS\system32\kqdir.dll
Successfully Deleted: C:\WINDOWS\system32\kqdir.dll
deleting: C:\WINDOWS\system32\laefx10N.dll
Successfully Deleted: C:\WINDOWS\system32\laefx10N.dll
deleting: C:\WINDOWS\system32\laefx10N.dll
Successfully Deleted: C:\WINDOWS\system32\laefx10N.dll
deleting: C:\WINDOWS\system32\lbras12n.dll
Successfully Deleted: C:\WINDOWS\system32\lbras12n.dll
deleting: C:\WINDOWS\system32\lbras12n.dll
Successfully Deleted: C:\WINDOWS\system32\lbras12n.dll
deleting: C:\WINDOWS\system32\lrfax11n.dll
Successfully Deleted: C:\WINDOWS\system32\lrfax11n.dll
deleting: C:\WINDOWS\system32\lrfax11n.dll
Successfully Deleted: C:\WINDOWS\system32\lrfax11n.dll
deleting: C:\WINDOWS\system32\lrtif10N.dll
Successfully Deleted: C:\WINDOWS\system32\lrtif10N.dll
deleting: C:\WINDOWS\system32\lrtif10N.dll
Successfully Deleted: C:\WINDOWS\system32\lrtif10N.dll
deleting: C:\WINDOWS\system32\lsXpm12n.dll
Successfully Deleted: C:\WINDOWS\system32\lsXpm12n.dll
deleting: C:\WINDOWS\system32\lsXpm12n.dll
Successfully Deleted: C:\WINDOWS\system32\lsXpm12n.dll
deleting: C:\WINDOWS\system32\lvasrv.dll
Successfully Deleted: C:\WINDOWS\system32\lvasrv.dll
deleting: C:\WINDOWS\system32\lvasrv.dll
Successfully Deleted: C:\WINDOWS\system32\lvasrv.dll
deleting: C:\WINDOWS\system32\mivbvm50.dll
Successfully Deleted: C:\WINDOWS\system32\mivbvm50.dll
deleting: C:\WINDOWS\system32\mivbvm50.dll
Successfully Deleted: C:\WINDOWS\system32\mivbvm50.dll
deleting: C:\WINDOWS\system32\mluni11.dll
Successfully Deleted: C:\WINDOWS\system32\mluni11.dll
deleting: C:\WINDOWS\system32\mluni11.dll
Successfully Deleted: C:\WINDOWS\system32\mluni11.dll
deleting: C:\WINDOWS\system32\movcp60.dll
Successfully Deleted: C:\WINDOWS\system32\movcp60.dll
deleting: C:\WINDOWS\system32\movcp60.dll
Successfully Deleted: C:\WINDOWS\system32\movcp60.dll
deleting: C:\WINDOWS\system32\mpcshext.dll
Successfully Deleted: C:\WINDOWS\system32\mpcshext.dll
deleting: C:\WINDOWS\system32\mpcshext.dll
Successfully Deleted: C:\WINDOWS\system32\mpcshext.dll
deleting: C:\WINDOWS\system32\mtls2.dll
Successfully Deleted: C:\WINDOWS\system32\mtls2.dll
deleting: C:\WINDOWS\system32\mtls2.dll
Successfully Deleted: C:\WINDOWS\system32\mtls2.dll
deleting: C:\WINDOWS\system32\MUSTDFMT.DLL
Successfully Deleted: C:\WINDOWS\system32\MUSTDFMT.DLL
deleting: C:\WINDOWS\system32\MUSTDFMT.DLL
Successfully Deleted: C:\WINDOWS\system32\MUSTDFMT.DLL
deleting: C:\WINDOWS\system32\myrd2x40.dll
Successfully Deleted: C:\WINDOWS\system32\myrd2x40.dll
deleting: C:\WINDOWS\system32\myrd2x40.dll
Successfully Deleted: C:\WINDOWS\system32\myrd2x40.dll
deleting: C:\WINDOWS\system32\mywsock.dll
Successfully Deleted: C:\WINDOWS\system32\mywsock.dll
deleting: C:\WINDOWS\system32\mywsock.dll
Successfully Deleted: C:\WINDOWS\system32\mywsock.dll
deleting: C:\WINDOWS\system32\njsdexts.dll
Successfully Deleted: C:\WINDOWS\system32\njsdexts.dll
deleting: C:\WINDOWS\system32\njsdexts.dll
Successfully Deleted: C:\WINDOWS\system32\njsdexts.dll
deleting: C:\WINDOWS\system32\oabccp32.dll
Successfully Deleted: C:\WINDOWS\system32\oabccp32.dll
deleting: C:\WINDOWS\system32\oabccp32.dll
Successfully Deleted: C:\WINDOWS\system32\oabccp32.dll
deleting: C:\WINDOWS\system32\oGkley.dll
Successfully Deleted: C:\WINDOWS\system32\oGkley.dll
deleting: C:\WINDOWS\system32\oGkley.dll
Successfully Deleted: C:\WINDOWS\system32\oGkley.dll
deleting: C:\WINDOWS\system32\oheaccrc.dll
Successfully Deleted: C:\WINDOWS\system32\oheaccrc.dll
deleting: C:\WINDOWS\system32\oheaccrc.dll
Successfully Deleted: C:\WINDOWS\system32\oheaccrc.dll
deleting: C:\WINDOWS\system32\pgspl.dll
Successfully Deleted: C:\WINDOWS\system32\pgspl.dll
deleting: C:\WINDOWS\system32\pgspl.dll
Successfully Deleted: C:\WINDOWS\system32\pgspl.dll
deleting: C:\WINDOWS\system32\pRpgraph.dll
Successfully Deleted: C:\WINDOWS\system32\pRpgraph.dll
deleting: C:\WINDOWS\system32\pRpgraph.dll
Successfully Deleted: C:\WINDOWS\system32\pRpgraph.dll
deleting: C:\WINDOWS\system32\rggapi.dll
Successfully Deleted: C:\WINDOWS\system32\rggapi.dll
deleting: C:\WINDOWS\system32\rggapi.dll
Successfully Deleted: C:\WINDOWS\system32\rggapi.dll
deleting: C:\WINDOWS\system32\riutetab.dll
Successfully Deleted: C:\WINDOWS\system32\riutetab.dll
deleting: C:\WINDOWS\system32\riutetab.dll
Successfully Deleted: C:\WINDOWS\system32\riutetab.dll
deleting: C:\WINDOWS\system32\rrpcfgex.dll
Successfully Deleted: C:\WINDOWS\system32\rrpcfgex.dll
deleting: C:\WINDOWS\system32\rrpcfgex.dll
Successfully Deleted: C:\WINDOWS\system32\rrpcfgex.dll
deleting: C:\WINDOWS\system32\rVstapi.dll
Successfully Deleted: C:\WINDOWS\system32\rVstapi.dll
deleting: C:\WINDOWS\system32\rVstapi.dll
Successfully Deleted: C:\WINDOWS\system32\rVstapi.dll
deleting: C:\WINDOWS\system32\rycrt4.dll
Successfully Deleted: C:\WINDOWS\system32\rycrt4.dll
deleting: C:\WINDOWS\system32\rycrt4.dll
Successfully Deleted: C:\WINDOWS\system32\rycrt4.dll
deleting: C:\WINDOWS\system32\rysutils.dll
Successfully Deleted: C:\WINDOWS\system32\rysutils.dll
deleting: C:\WINDOWS\system32\rysutils.dll
Successfully Deleted: C:\WINDOWS\system32\rysutils.dll
deleting: C:\WINDOWS\system32\SkmStore.dll
Successfully Deleted: C:\WINDOWS\system32\SkmStore.dll
deleting: C:\WINDOWS\system32\SkmStore.dll
Successfully Deleted: C:\WINDOWS\system32\SkmStore.dll
deleting: C:\WINDOWS\system32\surstr.dll
Successfully Deleted: C:\WINDOWS\system32\surstr.dll
deleting: C:\WINDOWS\system32\surstr.dll
Successfully Deleted: C:\WINDOWS\system32\surstr.dll
deleting: C:\WINDOWS\system32\tCpi3.dll
Successfully Deleted: C:\WINDOWS\system32\tCpi3.dll
deleting: C:\WINDOWS\system32\tCpi3.dll
Successfully Deleted: C:\WINDOWS\system32\tCpi3.dll
deleting: C:\WINDOWS\system32\urat.dll
Successfully Deleted: C:\WINDOWS\system32\urat.dll
deleting: C:\WINDOWS\system32\urat.dll
Successfully Deleted: C:\WINDOWS\system32\urat.dll
deleting: C:\WINDOWS\system32\wbweb.dll
Successfully Deleted: C:\WINDOWS\system32\wbweb.dll
deleting: C:\WINDOWS\system32\wbweb.dll
Successfully Deleted: C:\WINDOWS\system32\wbweb.dll
deleting: C:\WINDOWS\system32\wfpshell.dll
Successfully Deleted: C:\WINDOWS\system32\wfpshell.dll
deleting: C:\WINDOWS\system32\wfpshell.dll
Successfully Deleted: C:\WINDOWS\system32\wfpshell.dll
deleting: C:\WINDOWS\system32\wgweb.dll
Successfully Deleted: C:\WINDOWS\system32\wgweb.dll
deleting: C:\WINDOWS\system32\wgweb.dll
Successfully Deleted: C:\WINDOWS\system32\wgweb.dll
deleting: C:\WINDOWS\system32\wohcon.dll
Successfully Deleted: C:\WINDOWS\system32\wohcon.dll
deleting: C:\WINDOWS\system32\wohcon.dll
Successfully Deleted: C:\WINDOWS\system32\wohcon.dll
deleting: C:\WINDOWS\system32\wustream.dll
Successfully Deleted: C:\WINDOWS\system32\wustream.dll
deleting: C:\WINDOWS\system32\wustream.dll
Successfully Deleted: C:\WINDOWS\system32\wustream.dll
deleting: C:\WINDOWS\system32\wyp.dll
Successfully Deleted: C:\WINDOWS\system32\wyp.dll
deleting: C:\WINDOWS\system32\wyp.dll
Successfully Deleted: C:\WINDOWS\system32\wyp.dll
deleting: C:\WINDOWS\system32\wzigest.dll
Successfully Deleted: C:\WINDOWS\system32\wzigest.dll
deleting: C:\WINDOWS\system32\wzigest.dll
Successfully Deleted: C:\WINDOWS\system32\wzigest.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp


Zipping up files for submission:
adding: AONPS2.dll (164 bytes security) (deflated 48%)
adding: cab.dll (164 bytes security) (deflated 48%)
adding: cbtdll.dll (164 bytes security) (deflated 48%)
adding: ccmpobj.dll (164 bytes security) (deflated 48%)
adding: ccypt32.dll (164 bytes security) (deflated 48%)
adding: clbjmon.dll (164 bytes security) (deflated 48%)
adding: cqutil.dll (164 bytes security) (deflated 48%)
adding: crmpobj.dll (164 bytes security) (deflated 48%)
adding: czmpstui.dll (164 bytes security) (deflated 48%)
adding: cznsole.dll (164 bytes security) (deflated 48%)
adding: dmraw.dll (164 bytes security) (deflated 48%)
adding: donet.dll (164 bytes security) (deflated 48%)
adding: eient97.dll (164 bytes security) (deflated 48%)
adding: elcapi.dll (164 bytes security) (deflated 48%)
adding: FC05F3D5.dll (164 bytes security) (deflated 48%)
adding: kndpl1.dll (164 bytes security) (deflated 48%)
adding: kqdir.dll (164 bytes security) (deflated 48%)
adding: laefx10N.dll (164 bytes security) (deflated 48%)
adding: lbras12n.dll (164 bytes security) (deflated 48%)
adding: lrfax11n.dll (164 bytes security) (deflated 48%)
adding: lrtif10N.dll (164 bytes security) (deflated 48%)
adding: lsXpm12n.dll (164 bytes security) (deflated 48%)
adding: lvasrv.dll (164 bytes security) (deflated 48%)
adding: mivbvm50.dll (164 bytes security) (deflated 48%)
adding: mluni11.dll (164 bytes security) (deflated 48%)
adding: movcp60.dll (164 bytes security) (deflated 48%)
adding: mpcshext.dll (164 bytes security) (deflated 48%)
adding: mtls2.dll (164 bytes security) (deflated 48%)
adding: MUSTDFMT.DLL (164 bytes security) (deflated 48%)
adding: myrd2x40.dll (164 bytes security) (deflated 48%)
adding: mywsock.dll (164 bytes security) (deflated 48%)
adding: njsdexts.dll (164 bytes security) (deflated 48%)
adding: oabccp32.dll (164 bytes security) (deflated 48%)
adding: oGkley.dll (164 bytes security) (deflated 48%)
adding: oheaccrc.dll (164 bytes security) (deflated 48%)
adding: pgspl.dll (164 bytes security) (deflated 48%)
adding: pRpgraph.dll (164 bytes security) (deflated 48%)
adding: rggapi.dll (164 bytes security) (deflated 48%)
adding: riutetab.dll (164 bytes security) (deflated 48%)
adding: rrpcfgex.dll (164 bytes security) (deflated 48%)
adding: rVstapi.dll (164 bytes security) (deflated 48%)
adding: rycrt4.dll (164 bytes security) (deflated 48%)
adding: rysutils.dll (164 bytes security) (deflated 48%)
adding: SkmStore.dll (164 bytes security) (deflated 48%)
adding: surstr.dll (164 bytes security) (deflated 48%)
adding: tCpi3.dll (164 bytes security) (deflated 48%)
adding: urat.dll (164 bytes security) (deflated 48%)
adding: wbweb.dll (164 bytes security) (deflated 48%)
adding: wfpshell.dll (164 bytes security) (deflated 48%)
adding: wgweb.dll (164 bytes security) (deflated 48%)
adding: wohcon.dll (164 bytes security) (deflated 48%)
adding: wustream.dll (164 bytes security) (deflated 48%)
adding: wyp.dll (164 bytes security) (deflated 48%)
adding: wzigest.dll (164 bytes security) (deflated 48%)
adding: guard.tmp (164 bytes security) (deflated 48%)
adding: clear.reg (164 bytes security) (deflated 51%)
adding: echo.reg (164 bytes security) (deflated 8%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 91%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 64%)
adding: test.txt (164 bytes security) (deflated 91%)
adding: test2.txt (164 bytes security) (deflated 33%)
adding: test3.txt (164 bytes security) (deflated 33%)
adding: test5.txt (164 bytes security) (deflated 33%)
adding: xfind.txt (164 bytes security) (deflated 88%)
adding: backregs/06AD1BF5-824C-4FE4-8BAB-DA8DD0723074.reg (164 bytes security) (deflated 70%)
adding: backregs/14CB83F5-7C4A-4F99-A829-2FDEBE3FA372.reg (164 bytes security) (deflated 70%)
adding: backregs/280F6434-F2E4-41F1-B206-0518007B293B.reg (164 bytes security) (deflated 70%)
adding: backregs/2F817450-C385-4303-8235-D11DC85C15BE.reg (164 bytes security) (deflated 70%)
adding: backregs/5ADE9430-D904-4995-B350-F4899E80D7C7.reg (164 bytes security) (deflated 70%)
adding: backregs/C97DB245-BE3E-4285-AA74-2A6239A69BB7.reg (164 bytes security) (deflated 70%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

deleting local copy: AONPS2.dll
deleting local copy: AONPS2.dll
deleting local copy: cab.dll
deleting local copy: cab.dll
deleting local copy: cbtdll.dll
deleting local copy: cbtdll.dll
deleting local copy: ccmpobj.dll
deleting local copy: ccmpobj.dll
deleting local copy: ccypt32.dll
deleting local copy: ccypt32.dll
deleting local copy: clbjmon.dll
deleting local copy: clbjmon.dll
deleting local copy: cqutil.dll
deleting local copy: cqutil.dll
deleting local copy: crmpobj.dll
deleting local copy: crmpobj.dll
deleting local copy: czmpstui.dll
deleting local copy: czmpstui.dll
deleting local copy: cznsole.dll
deleting local copy: cznsole.dll
deleting local copy: dmraw.dll
deleting local copy: dmraw.dll
deleting local copy: donet.dll
deleting local copy: donet.dll
deleting local copy: eient97.dll
deleting local copy: eient97.dll
deleting local copy: elcapi.dll
deleting local copy: elcapi.dll
deleting local copy: FC05F3D5.dll
deleting local copy: FC05F3D5.dll
deleting local copy: kndpl1.dll
deleting local copy: kndpl1.dll
deleting local copy: kqdir.dll
deleting local copy: kqdir.dll
deleting local copy: laefx10N.dll
deleting local copy: laefx10N.dll
deleting local copy: lbras12n.dll
deleting local copy: lbras12n.dll
deleting local copy: lrfax11n.dll
deleting local copy: lrfax11n.dll
deleting local copy: lrtif10N.dll
deleting local copy: lrtif10N.dll
deleting local copy: lsXpm12n.dll
deleting local copy: lsXpm12n.dll
deleting local copy: lvasrv.dll
deleting local copy: lvasrv.dll
deleting local copy: mivbvm50.dll
deleting local copy: mivbvm50.dll
deleting local copy: mluni11.dll
deleting local copy: mluni11.dll
deleting local copy: movcp60.dll
deleting local copy: movcp60.dll
deleting local copy: mpcshext.dll
deleting local copy: mpcshext.dll
deleting local copy: mtls2.dll
deleting local copy: mtls2.dll
deleting local copy: MUSTDFMT.DLL
deleting local copy: MUSTDFMT.DLL
deleting local copy: myrd2x40.dll
deleting local copy: myrd2x40.dll
deleting local copy: mywsock.dll
deleting local copy: mywsock.dll
deleting local copy: njsdexts.dll
deleting local copy: njsdexts.dll
deleting local copy: oabccp32.dll
deleting local copy: oabccp32.dll
deleting local copy: oGkley.dll
deleting local copy: oGkley.dll
deleting local copy: oheaccrc.dll
deleting local copy: oheaccrc.dll
deleting local copy: pgspl.dll
deleting local copy: pgspl.dll
deleting local copy: pRpgraph.dll
deleting local copy: pRpgraph.dll
deleting local copy: rggapi.dll
deleting local copy: rggapi.dll
deleting local copy: riutetab.dll
deleting local copy: riutetab.dll
deleting local copy: rrpcfgex.dll
deleting local copy: rrpcfgex.dll
deleting local copy: rVstapi.dll
deleting local copy: rVstapi.dll
deleting local copy: rycrt4.dll
deleting local copy: rycrt4.dll
deleting local copy: rysutils.dll
deleting local copy: rysutils.dll
deleting local copy: SkmStore.dll
deleting local copy: SkmStore.dll
deleting local copy: surstr.dll
deleting local copy: surstr.dll
deleting local copy: tCpi3.dll
deleting local copy: tCpi3.dll
deleting local copy: urat.dll
deleting local copy: urat.dll
deleting local copy: wbweb.dll
deleting local copy: wbweb.dll
deleting local copy: wfpshell.dll
deleting local copy: wfpshell.dll
deleting local copy: wgweb.dll
deleting local copy: wgweb.dll
deleting local copy: wohcon.dll
deleting local copy: wohcon.dll
deleting local copy: wustream.dll
deleting local copy: wustream.dll
deleting local copy: wyp.dll
deleting local copy: wyp.dll
deleting local copy: wzigest.dll
deleting local copy: wzigest.dll
deleting local copy: guard.tmp
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\AONPS2.dll
C:\WINDOWS\system32\AONPS2.dll
C:\WINDOWS\system32\cab.dll
C:\WINDOWS\system32\cab.dll
C:\WINDOWS\system32\cbtdll.dll
C:\WINDOWS\system32\cbtdll.dll
C:\WINDOWS\system32\ccmpobj.dll
C:\WINDOWS\system32\ccmpobj.dll
C:\WINDOWS\system32\ccypt32.dll
C:\WINDOWS\system32\ccypt32.dll
C:\WINDOWS\system32\clbjmon.dll
C:\WINDOWS\system32\clbjmon.dll
C:\WINDOWS\system32\cqutil.dll
C:\WINDOWS\system32\cqutil.dll
C:\WINDOWS\system32\crmpobj.dll
C:\WINDOWS\system32\crmpobj.dll
C:\WINDOWS\system32\czmpstui.dll
C:\WINDOWS\system32\czmpstui.dll
C:\WINDOWS\system32\cznsole.dll
C:\WINDOWS\system32\cznsole.dll
C:\WINDOWS\system32\dmraw.dll
C:\WINDOWS\system32\dmraw.dll
C:\WINDOWS\system32\donet.dll
C:\WINDOWS\system32\donet.dll
C:\WINDOWS\system32\eient97.dll
C:\WINDOWS\system32\eient97.dll
C:\WINDOWS\system32\elcapi.dll
C:\WINDOWS\system32\elcapi.dll
C:\WINDOWS\system32\FC05F3D5.dll
C:\WINDOWS\system32\FC05F3D5.dll
C:\WINDOWS\system32\kndpl1.dll
C:\WINDOWS\system32\kndpl1.dll
C:\WINDOWS\system32\kqdir.dll
C:\WINDOWS\system32\kqdir.dll
C:\WINDOWS\system32\laefx10N.dll
C:\WINDOWS\system32\laefx10N.dll
C:\WINDOWS\system32\lbras12n.dll
C:\WINDOWS\system32\lbras12n.dll
C:\WINDOWS\system32\lrfax11n.dll
C:\WINDOWS\system32\lrfax11n.dll
C:\WINDOWS\system32\lrtif10N.dll
C:\WINDOWS\system32\lrtif10N.dll
C:\WINDOWS\system32\lsXpm12n.dll
C:\WINDOWS\system32\lsXpm12n.dll
C:\WINDOWS\system32\lvasrv.dll
C:\WINDOWS\system32\lvasrv.dll
C:\WINDOWS\system32\mivbvm50.dll
C:\WINDOWS\system32\mivbvm50.dll
C:\WINDOWS\system32\mluni11.dll
C:\WINDOWS\system32\mluni11.dll
C:\WINDOWS\system32\movcp60.dll
C:\WINDOWS\system32\movcp60.dll
C:\WINDOWS\system32\mpcshext.dll
C:\WINDOWS\system32\mpcshext.dll
C:\WINDOWS\system32\mtls2.dll
C:\WINDOWS\system32\mtls2.dll
C:\WINDOWS\system32\MUSTDFMT.DLL
C:\WINDOWS\system32\MUSTDFMT.DLL
C:\WINDOWS\system32\myrd2x40.dll
C:\WINDOWS\system32\myrd2x40.dll
C:\WINDOWS\system32\mywsock.dll
C:\WINDOWS\system32\mywsock.dll
C:\WINDOWS\system32\njsdexts.dll
C:\WINDOWS\system32\njsdexts.dll
C:\WINDOWS\system32\oabccp32.dll
C:\WINDOWS\system32\oabccp32.dll
C:\WINDOWS\system32\oGkley.dll
C:\WINDOWS\system32\oGkley.dll
C:\WINDOWS\system32\oheaccrc.dll
C:\WINDOWS\system32\oheaccrc.dll
C:\WINDOWS\system32\pgspl.dll
C:\WINDOWS\system32\pgspl.dll
C:\WINDOWS\system32\pRpgraph.dll
C:\WINDOWS\system32\pRpgraph.dll
C:\WINDOWS\system32\rggapi.dll
C:\WINDOWS\system32\rggapi.dll
C:\WINDOWS\system32\riutetab.dll
C:\WINDOWS\system32\riutetab.dll
C:\WINDOWS\system32\rrpcfgex.dll
C:\WINDOWS\system32\rrpcfgex.dll
C:\WINDOWS\system32\rVstapi.dll
C:\WINDOWS\system32\rVstapi.dll
C:\WINDOWS\system32\rycrt4.dll
C:\WINDOWS\system32\rycrt4.dll
C:\WINDOWS\system32\rysutils.dll
C:\WINDOWS\system32\rysutils.dll
C:\WINDOWS\system32\SkmStore.dll
C:\WINDOWS\system32\SkmStore.dll
C:\WINDOWS\system32\surstr.dll
C:\WINDOWS\system32\surstr.dll
C:\WINDOWS\system32\tCpi3.dll
C:\WINDOWS\system32\tCpi3.dll
C:\WINDOWS\system32\urat.dll
C:\WINDOWS\system32\urat.dll
C:\WINDOWS\system32\wbweb.dll
C:\WINDOWS\system32\wbweb.dll
C:\WINDOWS\system32\wfpshell.dll
C:\WINDOWS\system32\wfpshell.dll
C:\WINDOWS\system32\wgweb.dll
C:\WINDOWS\system32\wgweb.dll
C:\WINDOWS\system32\wohcon.dll
C:\WINDOWS\system32\wohcon.dll
C:\WINDOWS\system32\wustream.dll
C:\WINDOWS\system32\wustream.dll
C:\WINDOWS\system32\wyp.dll
C:\WINDOWS\system32\wyp.dll
C:\WINDOWS\system32\wzigest.dll
C:\WINDOWS\system32\wzigest.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{06AD1BF5-824C-4FE4-8BAB-DA8DD0723074}"=-
"{280F6434-F2E4-41F1-B206-0518007B293B}"=-
"{2F817450-C385-4303-8235-D11DC85C15BE}"=-
"{5ADE9430-D904-4995-B350-F4899E80D7C7}"=-
[-HKEY_CLASSES_ROOT\CLSID\{06AD1BF5-824C-4FE4-8BAB-DA8DD0723074}]
[-HKEY_CLASSES_ROOT\CLSID\{280F6434-F2E4-41F1-B206-0518007B293B}]
[-HKEY_CLASSES_ROOT\CLSID\{2F817450-C385-4303-8235-D11DC85C15BE}]
[-HKEY_CLASSES_ROOT\CLSID\{5ADE9430-D904-4995-B350-F4899E80D7C7}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************

Jackson Baughman
Active Member
 
Posts: 8
Joined: July 8th, 2005, 7:52 pm

Unread postby Bertha » July 15th, 2005, 4:52 pm

Ok then, lets carry on in this topic,

Can I see a new HJT log please?

Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands

Unread postby Jackson Baughman » July 16th, 2005, 7:50 pm

Logfile of HijackThis v1.99.1
Scan saved at 7:49:08 PM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\system32\exp.exe
C:\WINDOWS\system32\wintask.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\exp.exe
C:\WINDOWS\system32\pjnpal.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Cas\Client\casclient.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\system32\stlb2.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\system32\stlb2.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_______.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\WINDOWS\system32\cxtpls_loader.EXE" /HideUninstall /HideDir /PC= CP.AOP /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\pjnpal.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk148YYUS
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug ... porter.cab?
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_4us.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Jackson Baughman
Active Member
 
Posts: 8
Joined: July 8th, 2005, 7:52 pm

Unread postby Bertha » July 17th, 2005, 11:16 am

Jackson,

Hello! and welcome to the MWR forums.

-Print this off so you can follow it

Be sure to look this solution over before you begin.

===============

Go to www.trendmicro.com, and then:

1. Click "Free Online Scan".
2. Click "Scan now, it's free".

It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down:

1. Select all available drives.
2. Check(tick) "Auto Clean".
3. Click "Scan".

When it completes, post back the full filename of any files that cannot be cleaned or deleted.

===============

Download, unzip to your desktop CWShredder and run it, then:

1. Click "Check For Update"

(If an update isn't available, skip to step #4.)

2. Click "Click here to Download the upate".
3. When the new version has been downloaded, click "Save".
4. Click "Fix ->"


===============

Go to Add/Remove programs and remove(uninstall) the following, if present:

Bullseye Networks
MyWebSearch
TSA
Virtual Bouncer
P2P Networking
Viewpoint Manager
Optional if removed here remove throughout fix

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Run HiJackThis then:

1. Click "Config..."
2. Click "Misc Tools"
3. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\WINDOWS\system32\exp.exe
C:\WINDOWS\system32\wintask.exe
C:\WINDOWS\system32\pjnpal.exe
C:\Program Files\Cas\Client\casclient.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

Please click "Start" and "Run" type this in:

services.msc

Now look for this service

SvcProc (System Startup Service) - If there right click it and select disable


===============


Run HiJackThis and click "Scan", then check(tick) the following, if present:


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\system32\stlb2.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll (file missing)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll (file missing)

O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\system32\stlb2.dll

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_______.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\WINDOWS\system32\cxtpls_loader.EXE" /HideUninstall /HideDir /PC= CP.AOP /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\pjnpal.exe reg_run
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk148YYUS

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug ... porter.cab?
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx

O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...

C:\WINDOWS\System32\P2P Networking
C:\PROGRA~1\MYWEBS~1
C:\Program Files\Cas
C:\Program Files\MyWebSearch
C:\Program Files\Viewpoint
C:\Program Files\VBouncer
C:\Program Files\BullsEye Network
C:\PROGRA~1\COMMON~1\tsa

files...

C:\WINDOWS\system32\exp.exe
C:\WINDOWS\system32\wintask.exe
C:\WINDOWS\system32\pjnpal.exe
C:\WINDOWS\system32\stlb2.dll
C:\WINDOWS\cfgmgr52.dll
C:\WINDOWS\system32\cxtpls_loader.EXE

Search for...

AUNPS2.DLL
stlb2.dll
E6F1873B.DLL

...using "Start | Search...".

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin


Its likely we may need to run a Regedit, but I will wait to do this on the next reply

===============

Post back a new log, and let me know how everything goes.

-

Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands

Unread postby Jackson Baughman » July 17th, 2005, 7:13 pm

Hi Bertha! I think everything went fairly well. It took a little time though. Here is the new HJT log.


Logfile of HijackThis v1.99.1
Scan saved at 7:09:54 PM, on 7/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
C:\WINDOWS\system32\pjnpal.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\pjnpal.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_4us.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Jackson Baughman
Active Member
 
Posts: 8
Joined: July 8th, 2005, 7:52 pm

Unread postby Bertha » July 18th, 2005, 2:03 pm

Hi,

Ok, just a small bit left now :)

Let's continue on with the fix...

-Print this off so you can follow it

Be sure to look this solution over before you begin.

-----------

Run HiJackThis then:

1. Click "Config..."
2. Click "Misc Tools"
3. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\WINDOWS\system32\pjnpal.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\pjnpal.exe reg_run


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

files...

C:\WINDOWS\system32\pjnpal.exe

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

===============

Post back a new log, and let me know how everything goes.

-
Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands

Unread postby Jackson Baughman » July 18th, 2005, 10:04 pm

O.K. I can tell a difference already! :lol:

Logfile of HijackThis v1.99.1
Scan saved at 9:59:47 PM, on 7/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: rnar.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_4us.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Jackson Baughman
Active Member
 
Posts: 8
Joined: July 8th, 2005, 7:52 pm

Unread postby Bertha » July 19th, 2005, 1:19 pm

This is my normal post for when you are clear - which you now are - or seem to be. Please advise of any problems you still have :-

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

  1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    You can find instructions on how to enable and re enable system restore here:
    Managing Windows Millennium System Restore
    or
    Windows XP System Restore Guide
    re-enable system restore with instructions from tutorial above
  2. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.

      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialise and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
    Computer Safety On line - Anti-Virus
  4. Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls
  6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  8. Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  9. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

(ChrisRLG)

Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands

Unread postby Jackson Baughman » July 19th, 2005, 6:14 pm

Thank you for your time, patience and sharing your knowledge. It is greatly appreciated. :lol:
Jackson Baughman
Active Member
 
Posts: 8
Joined: July 8th, 2005, 7:52 pm

Unread postby Bertha » July 20th, 2005, 12:09 pm

Your Welcome

Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands

Unread postby 'KotaGuy » July 27th, 2005, 12:55 pm

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 306 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware