Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

infection problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

infection problem

Unread postby claver » May 10th, 2006, 11:01 am

Hi at all... and sorry for my english language... it's very bad! :(

I have a problem with a computer of my friend... it was full of virus, troyan, ecc.ecc.

I have used KAV Antivirus Personal, Spybot S&D, Ad-Aware SE Personal... and more virus & C. are destroid!!!!
....but some still remain!!!

I have used Ewido and Hijackthis and these are the logs.....

Thanks for your help!



---------------------------------------------------------
ewido anti-malware - Rapporto Scansione
---------------------------------------------------------

+ Creato il: 16.37.58, 10/05/2006
+ Report-Checksum: D0264F82

+ Risultati scansione:

[636] C:\WINDOWS\system32\jtmd400.dll -> Adware.Look2Me : Errore durante la pulizia
[764] C:\WINDOWS\system32\jtmd400.dll -> Adware.Look2Me : Errore durante la pulizia
C:\Documents and Settings\michele\Cookies\michele@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Pulito con Backup
C:\Documents and Settings\michele\Cookies\michele@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Pulito con Backup
C:\Documents and Settings\michele\Desktop\WinAntiVirusPro2006Installer.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0080757.exe -> Trojan.Fakealert : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0087421.exe -> Trojan.Fakealert : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094218.exe -> Downloader.Small : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094219.exe -> Downloader.Small : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094220.exe -> Downloader.Small : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094221.exe -> Downloader.Small : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094222.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094223.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094224.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094225.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094226.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094227.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094228.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094229.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094230.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094231.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094232.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094233.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094234.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094235.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094236.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094237.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094238.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094239.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094240.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094241.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094242.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094243.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094244.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094245.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094246.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094247.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094248.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094249.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094250.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094251.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094252.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094253.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094254.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094255.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094256.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094257.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094258.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094259.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094260.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094261.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094262.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094263.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094264.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094265.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094266.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094267.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094268.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094269.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094270.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094271.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094272.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094273.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094274.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094275.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094276.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094277.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094278.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094279.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094280.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094281.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094282.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094283.DLL -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094284.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094285.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094286.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094290.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0094310.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0095310.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0095637.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0095641.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0096320.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0096324.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0096331.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0096335.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0096364.exe -> Trojan.Fakealert : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0096471.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0096475.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0096560.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP33\A0096564.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP34\A0096790.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP34\A0097100.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP34\A0097102.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP34\A0098102.dll -> Adware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{F3481446-7D34-44F1-923C-7B0BABD06632}\RP34\A0098114.dll -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\JSLITSU3\drsmartload_js[1].htm -> Downloader.IstBar.j : Pulito con Backup
C:\WINDOWS\system32\en26l1fs1.dll -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\h60qlgd5160.dll -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\k4no0e53eh.dll -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\lvnm0951e.dll -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\o648lghu1648.dll -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\sgarddlg.dll -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\sjsbkup.dll -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\wwhip6.dll -> Adware.Look2Me : Pulito con Backup


::Fine Rapporto



Logfile of HijackThis v1.99.1
Scan saved at 16.45.01, on 10/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\LTSMMSG.exe
C:\Progra~1\Launch Manager\LaunchAp.exe
C:\Progra~1\Launch Manager\PowerKey.exe
C:\Progra~1\Launch Manager\HotkeyApp.exe
C:\Progra~1\Launch Manager\CtrlVol.exe
C:\Progra~1\Launch Manager\Wbutton.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis_199\HijackThis.exe
C:\WINDOWS\System32\dwwin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Progra~1\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Progra~1\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Progra~1\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Progra~1\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Progra~1\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\Run: [THGuard] "C:\Programmi\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunServices: [MS Windows System Alert] MSWSA32.exe
O4 - HKLM\..\RunServices: [Microsoft CSRSS Service] csrssX.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [Microsoft CSRSS Service] csrssX.exe
O4 - HKCU\..\RunServices: [Microsoft CSRSS Service] csrssX.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://serverprimario/officescan/consol ... nNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - http://serverprimario/officescan/consol ... tupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://serverprimario/officescan/consol ... /setup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - http://serverprimario/officescan/consol ... AtxEnc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://serverprimario/officescan/consol ... veCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6214574466
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {8990AFAD-D352-42AC-A72F-A660BBF6E209} (OfficeScan Management Console) - http://serverprimario/officescan/consol ... onsole.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9E30754B-29A9-41CE-8892-70E9E07D15DC} - http://activex.microsoft.com/objects/ocget.dll
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\j0n2la5o1d.dll
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)



END OF MESSAGE
claver
Active Member
 
Posts: 5
Joined: May 10th, 2006, 8:55 am
Location: Savona
Advertisement
Register to Remove

Unread postby titan9 » May 10th, 2006, 1:06 pm

Hi :wave:

I am currently looking over your log. As I am an Undergraduate, everything that I post to you must be checked by an expert. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long. I will post back shortly with a potential fix.

Thanks for your patience!
User avatar
titan9
Regular Member
 
Posts: 451
Joined: January 17th, 2006, 3:01 pm
Location: Michigan

Unread postby titan9 » May 10th, 2006, 8:44 pm

Hi there. :wave: It appears that you have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread. Also post a fresh HJT log.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
User avatar
titan9
Regular Member
 
Posts: 451
Joined: January 17th, 2006, 3:01 pm
Location: Michigan

Unread postby claver » May 11th, 2006, 2:45 am

Hi Titan9.... and thanks for your reply! :P

...I have done!!

Here there are the logs:

L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ModuleUsage]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\j0n2la5o1d.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{1DE033F2-EB86-7B03-0E5A-10567F5A28F6}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Propriet… dei file Multimedia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestore scanner ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Pagina di protezione NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Pagina di propriet… di Docfile OLE"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Estensioni shell per la condivisione"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Estensione scheda video del Pannello di controllo"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Estensione monitor del Pannello di controllo"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Estensione panoramica video del Pannello di controllo"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Pagina di protezione DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Pagina compatibilit…"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestore dati dei ritagli di shell"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Estensione copia dischi"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Estensioni shell per oggetti Rete Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestore monitor ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestore stampante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Estensioni shell per la compressione dei file"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Estensione shell per la stampante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu di scelta rapida di crittografia"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Sincronia file"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Estensione di icona di HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Tipi di carattere"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profilo ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Pagina di protezione della stampante"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Estensioni shell per la condivisione"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Estensione Crypto PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Estensione firma crittografata"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connessioni di rete"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connessioni di rete"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner e fotocamere digitali"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner e fotocamere digitali"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner e fotocamere digitali"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner e fotocamere digitali"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner e fotocamere digitali"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Estensione shell per Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Operazioni pianificate"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barra delle applicazioni e menu di avvio"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Cerca"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Guida in linea e supporto tecnico"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Guida in linea e supporto tecnico"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Esegui..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Posta elettronica"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Tipi di carattere"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Strumenti di amministrazione"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barra degli strumenti Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stato del download"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Shell Folder accresciuto"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Shell Folder 2 accresciuto"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="SearchBand"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Ricerca all'interno"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Ricerca Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilit… opzioni della struttura del Registro di sistema"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Indirizzo"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Completamento automatico Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Elenco di Completamento automatico MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Elenco di Completamento automatico MRU personalizzato"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessibile"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Indicatore di avanzamento popup"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Parser della barra degli indirizzi"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Elenco di Completamento automatico della Cronologia di Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Elenco di Completamento automatico di Shell Folder di Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Contenitore dell'elenco di Completamento automatico multiplo Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistenza utente"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Impostazioni cartella globale"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Servizio Cronologia Url Microsoft"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Cronologia"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="File temporanei Internet"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="File temporanei Internet"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Hook per la ricerca di URL Microsoft"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Schermata iniziale applicazioni Internet Explorer 4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Cartella cache ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Cartella Subscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestione applicazioni shell"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumeratore applicazioni installate"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI + programma di estrazione file in anteprima"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Programma di estrazione pagine HTML in anteprima"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Pubblicazione guidata sul Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Ordinazione di stampe tramite Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Oggetto Pubblicazione guidata sul Web"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Creazione guidata profilo Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Account utente"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="File del canale"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Collegamento al canale"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Cartella file non in linea"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Contatti..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{59850401-6664-101B-B21C-00AA004BA90B}"="Microsoft Office Binder Unbind"
"{9C656272-89C7-41D6-9ADF-6197DB0F01E0}"=""
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9C656272-89C7-41D6-9ADF-6197DB0F01E0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9C656272-89C7-41D6-9ADF-6197DB0F01E0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9C656272-89C7-41D6-9ADF-6197DB0F01E0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9C656272-89C7-41D6-9ADF-6197DB0F01E0}\InprocServer32]
@="C:\\WINDOWS\\system32\\dlwsockx.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
dlwsockx.dll Wed 10 May 2006 16.42.30 ..S.R 234.698 229,20 K
j0n2la~1.dll Wed 10 May 2006 14.41.44 ..S.R 234.698 229,20 K
l6l6lg~1.dll Wed 10 May 2006 16.42.30 ..S.R 236.334 230,79 K
stream~1.dll Wed 10 May 2006 10.24.40 ....R 59.392 58,00 K

4 items found: 4 files (3 H/S), 0 directories.
Total of file sizes: 765.122 bytes 747,19 K
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: D093-379A

Directory di C:\WINDOWS\System32

10/05/2006 16.42 234.698 dlwsockx.dll
10/05/2006 16.42 236.334 l6l6lg3s16.dll
10/05/2006 15.09 <DIR> dllcache
10/05/2006 14.41 234.698 j0n2la5o1d.dll
26/02/2006 18.20 323 dlrvn.htm
20/03/2002 22.24 <DIR> Microsoft
4 File 706.053 byte
2 Directory 31.815.787.520 byte disponibili






Logfile of HijackThis v1.99.1
Scan saved at 8.35.53, on 11/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\LTSMMSG.exe
C:\Progra~1\Launch Manager\LaunchAp.exe
C:\Progra~1\Launch Manager\PowerKey.exe
C:\Progra~1\Launch Manager\HotkeyApp.exe
C:\Progra~1\Launch Manager\CtrlVol.exe
C:\Progra~1\Launch Manager\Wbutton.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Progra~1\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Progra~1\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Progra~1\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Progra~1\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Progra~1\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\Run: [THGuard] "C:\Programmi\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunServices: [MS Windows System Alert] MSWSA32.exe
O4 - HKLM\..\RunServices: [Microsoft CSRSS Service] csrssX.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [Microsoft CSRSS Service] csrssX.exe
O4 - HKCU\..\RunServices: [Microsoft CSRSS Service] csrssX.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://serverprimario/officescan/consol ... nNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - http://serverprimario/officescan/consol ... tupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://serverprimario/officescan/consol ... /setup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - http://serverprimario/officescan/consol ... AtxEnc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://serverprimario/officescan/consol ... veCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6214574466
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {8990AFAD-D352-42AC-A72F-A660BBF6E209} (OfficeScan Management Console) - http://serverprimario/officescan/consol ... onsole.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9E30754B-29A9-41CE-8892-70E9E07D15DC} - http://activex.microsoft.com/objects/ocget.dll
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\j0n2la5o1d.dll
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)



END OF MESSAGE
Good work!!
claver
Active Member
 
Posts: 5
Joined: May 10th, 2006, 8:55 am
Location: Savona

Unread postby titan9 » May 11th, 2006, 12:16 pm

Hello again, Claver. :) It is now time to move on to step two:

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
If after the reboot the desktop icons dont dissappear or the log does not pop up then in the l2mfix folder double click the second.bat file to continue with the fix.
User avatar
titan9
Regular Member
 
Posts: 451
Joined: January 17th, 2006, 3:01 pm
Location: Michigan

Unread postby claver » May 12th, 2006, 2:27 am

Hello Titan2 :P

....I have followed yours istructions and there are the logs:




L2mfix 032106
Creating Account.
Esecuzione comando riuscita.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 500 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 584 'winlogon.exe'
Killing PID 584 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 340 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1780 'rundll32.exe'
Killing PID 204 'rundll32.exe'
Killing PID 1260 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 file copiati.
1 file copiati.
1 file copiati.
Deleting: C:\WINDOWS\system32\dlwsockx.dll
Successfully Deleted: C:\WINDOWS\system32\dlwsockx.dll
Deleting: C:\WINDOWS\system32\j0n2la5o1d.dll
Successfully Deleted: C:\WINDOWS\system32\j0n2la5o1d.dll
Deleting: C:\WINDOWS\system32\l6l6lg3s16.dll
Successfully Deleted: C:\WINDOWS\system32\l6l6lg3s16.dll

msg11?.dll
0 file copiati.
Desktop.ini sucessfully removed




Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ModuleUsage]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\j0n2la5o1d.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\dlwsockx.dll
C:\WINDOWS\system32\j0n2la5o1d.dll
C:\WINDOWS\system32\l6l6lg3s16.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9C656272-89C7-41D6-9ADF-6197DB0F01E0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9C656272-89C7-41D6-9ADF-6197DB0F01E0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9C656272-89C7-41D6-9ADF-6197DB0F01E0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9C656272-89C7-41D6-9ADF-6197DB0F01E0}\InprocServer32]
@="C:\\WINDOWS\\system32\\dlwsockx.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{9C656272-89C7-41D6-9ADF-6197DB0F01E0}"=-
[-HKEY_CLASSES_ROOT\CLSID\{9C656272-89C7-41D6-9ADF-6197DB0F01E0}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/dlwsockx.dll (104 bytes security) (deflated 5%)
adding: dlls/j0n2la5o1d.dll (104 bytes security) (deflated 5%)
adding: dlls/l6l6lg3s16.dll (104 bytes security) (deflated 5%)
adding: backregs/9C656272-89C7-41D6-9ADF-6197DB0F01E0.reg (104 bytes security) (deflated 70%)
adding: backregs/notibac.reg (104 bytes security) (deflated 87%)
adding: backregs/shell.reg (104 bytes security) (deflated 74%)




Logfile of HijackThis v1.99.1
Scan saved at 8.25.39, on 12/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\LTSMMSG.exe
C:\Progra~1\Launch Manager\LaunchAp.exe
C:\Progra~1\Launch Manager\PowerKey.exe
C:\Progra~1\Launch Manager\HotkeyApp.exe
C:\Progra~1\Launch Manager\CtrlVol.exe
C:\Progra~1\Launch Manager\Wbutton.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Progra~1\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Progra~1\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Progra~1\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Progra~1\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Progra~1\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunServices: [MS Windows System Alert] MSWSA32.exe
O4 - HKLM\..\RunServices: [Microsoft CSRSS Service] csrssX.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [Microsoft CSRSS Service] csrssX.exe
O4 - HKCU\..\RunServices: [Microsoft CSRSS Service] csrssX.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://serverprimario/officescan/consol ... nNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - http://serverprimario/officescan/consol ... tupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://serverprimario/officescan/consol ... /setup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - http://serverprimario/officescan/consol ... AtxEnc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://serverprimario/officescan/consol ... veCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6214574466
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {8990AFAD-D352-42AC-A72F-A660BBF6E209} (OfficeScan Management Console) - http://serverprimario/officescan/consol ... onsole.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9E30754B-29A9-41CE-8892-70E9E07D15DC} - http://activex.microsoft.com/objects/ocget.dll
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\j0n2la5o1d.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)


END OF MESSAGE
Bye!
claver
Active Member
 
Posts: 5
Joined: May 10th, 2006, 8:55 am
Location: Savona

Unread postby titan9 » May 13th, 2006, 9:50 am

Hi again. Please download the Killbox.
Unzip it to the desktop

Double-click Killbox.exe to run it.

Select "Delete on Reboot".
Place the following line (complete path) in bold in the "Full Path of File to Delete" box in Killbox:
C:\Windows\System32\MSWSA32.exe
C:\WINDOWS\System32\csrssX.exe
C:\WINDOWS\system32\j0n2la5o1d.dll

Put a mark next to "Delete on Reboot"
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.

--------------------------------

After restarting, please open HJT. With all browser windows closed, select the following lines:

O4 - HKLM\..\RunServices: [MS Windows System Alert] MSWSA32.exe
O4 - HKLM\..\RunServices: [Microsoft CSRSS Service] csrssX.exe
O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [Microsoft CSRSS Service] csrssX.exe
O4 - HKCU\..\RunServices: [Microsoft CSRSS Service] csrssX.exe

O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\j0n2la5o1d.dll (file missing)


Press "Fix".

--------------------------

Reboot your PC and post a fresh HJT log. :)
User avatar
titan9
Regular Member
 
Posts: 451
Joined: January 17th, 2006, 3:01 pm
Location: Michigan

Unread postby claver » May 15th, 2006, 3:17 am

Hi Titan9... and good week!

...I have done.... and this is the log:




Logfile of HijackThis v1.99.1
Scan saved at 9.13.13, on 15/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\LTSMMSG.exe
C:\Progra~1\Launch Manager\LaunchAp.exe
C:\Progra~1\Launch Manager\PowerKey.exe
C:\Progra~1\Launch Manager\HotkeyApp.exe
C:\Progra~1\Launch Manager\CtrlVol.exe
C:\Progra~1\Launch Manager\Wbutton.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Progra~1\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Progra~1\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Progra~1\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Progra~1\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Progra~1\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://serverprimario/officescan/consol ... nNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - http://serverprimario/officescan/consol ... tupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://serverprimario/officescan/consol ... /setup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - http://serverprimario/officescan/consol ... AtxEnc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://serverprimario/officescan/consol ... veCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6214574466
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {8990AFAD-D352-42AC-A72F-A660BBF6E209} (OfficeScan Management Console) - http://serverprimario/officescan/consol ... onsole.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9E30754B-29A9-41CE-8892-70E9E07D15DC} - http://activex.microsoft.com/objects/ocget.dll
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)

END OF MESSAGE
Bye
claver
Active Member
 
Posts: 5
Joined: May 10th, 2006, 8:55 am
Location: Savona

Unread postby titan9 » May 15th, 2006, 2:12 pm

Hi again, Claver. Your log looks a whole lot better but there is, of course, still a bit of work to be done. ;)

You are presently running on an unpatched and outdated version of Windows XP. It is critical that you update to SP2. Please go here to do so. Please note that if you have dial-up, you can order SP2 on CD from Microsoft. There is a link for that on the Microsoft site. If you have high speed internet, however, you should be able to update fairly quickly.

Also, your Java is out of date. It is critical that you update Java. Here's how you do this:

Go to Start>Settings>Control Panel>Java. Under the "Update" tab, select "Update Now". Java will then update.

Once you are done updating Windows XP and Java, post a fresh HJT log here.

-titan9
User avatar
titan9
Regular Member
 
Posts: 451
Joined: January 17th, 2006, 3:01 pm
Location: Michigan

Unread postby claver » May 18th, 2006, 12:07 pm

Hi Titan9!!

...update to SP2 => DONE!
...update JAVA => DONE!

...and there is the log....

Thanks for all!!!!!!


Logfile of HijackThis v1.99.1
Scan saved at 18.04.31, on 18/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\LTSMMSG.exe
C:\Progra~1\Launch Manager\LaunchAp.exe
C:\Progra~1\Launch Manager\PowerKey.exe
C:\Progra~1\Launch Manager\HotkeyApp.exe
C:\Progra~1\Launch Manager\CtrlVol.exe
C:\Progra~1\Launch Manager\Wbutton.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Progra~1\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Progra~1\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Progra~1\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Progra~1\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Progra~1\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://serverprimario/officescan/consol ... nNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - http://serverprimario/officescan/consol ... tupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://serverprimario/officescan/consol ... /setup.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - http://serverprimario/officescan/consol ... AtxEnc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://serverprimario/officescan/consol ... veCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6214574466
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7764752461
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {8990AFAD-D352-42AC-A72F-A660BBF6E209} (OfficeScan Management Console) - http://serverprimario/officescan/consol ... onsole.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9E30754B-29A9-41CE-8892-70E9E07D15DC} - http://activex.microsoft.com/objects/ocget.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)

END OF MESSAGE
claver
Active Member
 
Posts: 5
Joined: May 10th, 2006, 8:55 am
Location: Savona

Unread postby titan9 » May 18th, 2006, 12:38 pm

Congratulations! I have gone over your log and it appears that you are now free of malware. Before you celebrate too much, please be advised that it is easy to get re-infected without adequate protection. There is no indication of a firewall or anti-virus program present on your PC. It is CRITICAL that you have both a firewall and anti-virus program installed and updated on your PC. There are other programs that you can download to help your PC remain malware free. The programs below, when downloaded and updated regularly, will help you stay clean. First, though, we must disable and re-enable System Restore to flush your System of any malware remaining.

1. Disable system restore to get rid of any malware hiding out there.

To disable system restore do the following:
Click the Start button.
Right-click My Computer, and then click Properties.
On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
Click Apply.
This deletes all existing restore points. Click Yes to do this.
Click OK.
Restart the computer and follow the instructions in the next section to turn on System Restore.

Re-enable System Restore.

After rebooting, re-enable system restore by doing the following:
Click the Start button.
Right-click My Computer, and then click Properties.
On the System Restore tab, uncheck Turn off System Restore or Turn off System Restore on all drives.
Click Apply.
Click OK.

----------------------------------

2.Download some programs to help stay clean

Anti-Malware:(recommendation: download at least two of the following)

Spybot Search & Destroy - An excellent anti-spyware program that scans for spyware on your PC and removes it.
AdAware Personal - Also an excellent program for scanning and removal of malware on your PC.
SpywareBlaster - This neat program helps to prevent spyware from ever being installed on your PC.
SpywareGuard - Another neat program which helps to prevent spyware from being installed. This program is by the makers of SpywareBlaster and, combined with SpywareBlaster, these two are an excellent one-two combo for protection.

Anti-Virus: (recommendation: download one of the following)
AVG Anti-Virus - If you do not have a Anti-Virus program, this is a very good one to download. It will detect viruses in realtime and can typically fix a lot of them.
AVAST! Anti-Virus - If you are uninterested in AVG, this is another good anti-virus program to download. Like AVG, it detects viruses in realtime and fixes many which it finds.

Firewalls:(recommendation: download one of the following)

ZoneAlarm Firewall - This is an excellent free firewall. If you do not already have a firewall, it is critical that you pick up one as not having one opens you up to threats such as hackers. ZoneAlarm is one of several good free firewalls.
Kerio Personal Firewall - If you are uninterested in ZoneAlarm and still need a firewall, Kerio is a good alternative. It, like ZoneAlarm, is very easy to use and very effective.

Misc:
ATFCleaner - This is an excellent Temporary Files cleaner. Cleaning out Temp files every once in a while is a good thing to do. Instead of manually cleaning out Temp folders, you can run ATFCleaner and let it do the job for you.

--------------------------------------------

3.Update Windows and Java, if needed. Be sure to check regularly for updates!!!

You can go here to update Windows. Updating Java can either be done manually by going here or by going to Start>Settings>Control Panel>Java on your PC. Under the "Update" tab, select "Update Now". Java will then update.

---------------------------------------------

4.Check regularly for updates for anti-virus programs, firewalls and anti-spyware programs.

Downloading and installing essential anti-malware programs isn't enough. You need to do regular scans with anti-virus and anti-spyware programs as well as check often for updates in order to help prevent malware from invading your PC again.

---------------------------------------------

5.Read Tony Klein's excellent article entitled "So How Did I Get Infected In The First Place?".

You can read it by going here.

---------------------------------------------

6.Stand up and be counted! Post your malware complaints by going here!

-titan9
User avatar
titan9
Regular Member
 
Posts: 451
Joined: January 17th, 2006, 3:01 pm
Location: Michigan

Unread postby 'KotaGuy » May 22nd, 2006, 1:11 pm

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 330 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware