 |  |  |  |  |  |  |  |
Pops Ups ect on laptop
 |
Hi,
Download L2mfix from one of these links:
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
Save the file to your desktop. Double click l2mfix.exe. Click the Install button to extract the files and follow the prompts.
Close any other programs you have open since this step requires a reboot.
From the L2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter.If it asks for a password type bye (in lowercase) then press Enter key. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new HijackThis log.
IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
If after the reboot the log does not open double click on it in the l2mfix folder.
Download L2mfix from one of these links:
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
Save the file to your desktop. Double click l2mfix.exe. Click the Install button to extract the files and follow the prompts.
Close any other programs you have open since this step requires a reboot.
From the L2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter.If it asks for a password type bye (in lowercase) then press Enter key. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new HijackThis log.
IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
If after the reboot the log does not open double click on it in the l2mfix folder.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
-Albert Einstein.
•
•
Join Date: Jul 2005
Posts: 82
Reputation: 
Solved Threads: 0
Junior Poster in Training
Hi swatkat,
Here you go....thanks...JD
1) L2MFIX log
L2mfix 051206
Creating Account.
The command completed successfully.
Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*
zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (152 bytes security) (deflated 72%)
2) HJT scan
Logfile of HijackThis v1.99.1
Scan saved at 5:19:26 PM, on 6/7/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE
C:\WINNT\System32\NMSSvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\WINNT\system32\Promon.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Documents and Settings\jdumas\My Documents\Security Downloads\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,hpsckhm.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [NGClient] C:\Program Files\SYMANTEC\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [fcylaa] C:\WINNT\system32\glutac.exe reg_run
O4 - HKLM\..\Run: [ftexc] C:\WINNT\system32\mptft.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINNT\system32\ssn6tuu.exe"
O4 - HKCU\..\Run: [cygnb] C:\WINNT\system32\glutac.exe reg_run
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) - http://verizon.webattend.com/components/wt0809.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://www.officeupdate.com/productu...ntent/opuc.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O20 - Winlogon Notify: Run - C:\WINNT\system32\ktjol7131.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec Corporation - C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
Here you go....thanks...JD
1) L2MFIX log
L2mfix 051206
Creating Account.
The command completed successfully.
Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*
zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (152 bytes security) (deflated 72%)
2) HJT scan
Logfile of HijackThis v1.99.1
Scan saved at 5:19:26 PM, on 6/7/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE
C:\WINNT\System32\NMSSvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\WINNT\system32\Promon.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Documents and Settings\jdumas\My Documents\Security Downloads\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,hpsckhm.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [NGClient] C:\Program Files\SYMANTEC\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [fcylaa] C:\WINNT\system32\glutac.exe reg_run
O4 - HKLM\..\Run: [ftexc] C:\WINNT\system32\mptft.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINNT\system32\ssn6tuu.exe"
O4 - HKCU\..\Run: [cygnb] C:\WINNT\system32\glutac.exe reg_run
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) - http://verizon.webattend.com/components/wt0809.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://www.officeupdate.com/productu...ntent/opuc.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O20 - Winlogon Notify: Run - C:\WINNT\system32\ktjol7131.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec Corporation - C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
Hi,
F-Secure's advanced scan system is still in Beta stages. So, that may be reason for the problems associated with it!
Please download CCleaner and install it. Do not run it now!
Copy the below quoted text (which is a script for Avenger) into your clipboard by highlighting it and pressing CTRL C keys:-
The Avenger will automatically do the following:-
After this, reboot to Safe Mode:-
Restart (or switch ON) the PC. Then, keep tapping the F8 Key. From the menu that will be displayed, out of which choose Safe Mode and press Enter.
Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,hpsckhm.exe
O4 - HKLM\..\Run: [fcylaa] C:\WINNT\system32\glutac.exe reg_run
O4 - HKLM\..\Run: [ftexc] C:\WINNT\system32\mptft.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINNT\system32\ssn6tuu.exe"
O4 - HKCU\..\Run: [cygnb] C:\WINNT\system32\glutac.exe reg_run
O20 - Winlogon Notify: ModuleUsage - C:\WINNT\system32\f4l00e3meh.dll
Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.
Now run CCleaner, click the "Options" button in the left pane of CCleaner. Here, click "Settings" and then click "Advanced" button. Here, Uncheck the options "Only delete files in Windows Temp folder older than 48 hours" and "Show prompt to backup registry issues".After unchecking them, click the "Issues" button in the left pane. Here, click "Scan for issues". It takes some time to scan. Once it finishes the scan, click "Fix selected issues". This opens up a new window, here click "Fix all selected issues" button to remove all the detected issues.After this, click the "Cleaner" button in the left pane and click "Run Cleaner" to clean the temp files.
Run Ewido, click on the "Scanner" button in the left menu, then click on the "Settings", here select the option "Scan every file" and click "OK". Next, click "Complete System Scan" button to start scan. If ewido finds anything, it will pop up a notification. You can select "Clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
Reboot to Normal Mode. Perform an online virus scan at Kaspersky Online Scanner (Click the "Kaspersky Online Scanner" button). Save the log it gives after the scan.
Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Kaspersky log and Avenger log.
F-Secure's advanced scan system is still in Beta stages. So, that may be reason for the problems associated with it!
Please download CCleaner and install it. Do not run it now!
Copy the below quoted text (which is a script for Avenger) into your clipboard by highlighting it and pressing CTRL C keys:-
•
•
•
•
Files to delete:
C:\WINNT\SYSTEM32\F4L00E3MEH.DLL
C:\WINNT\SYSTEM32\I806LIDS1806.DLL
C:\WINNT\SYSTEM32\NOLSAPI.DLL
C:\WINNT\system32\ddvenum.dll
C:\WINNT\system32\dSdim700.dll
C:\WINNT\system32\f4l00e3meh.dll
C:\WINNT\system32\jtns0757e.dll
C:\WINNT\system32\jtrs0797e.dll
C:\WINNT\system32\kddsw.dll
C:\WINNT\system32\kt8ml7l11.dll
C:\WINNT\system32\ktjol7131.dll
C:\WINNT\system32\mcxml3a.dll
C:\WINNT\system32\mmiseq.dll
C:\WINNT\system32\mmnetobj.dll
C:\WINNT\system32\myvcrt20.dll
C:\WINNT\system32\nktcfgx.dll
C:\WINNT\system32\nmtmsg.dll
C:\WINNT\system32\osdbse32.dll
C:\WINNT\system32\q2pslc771f.dll
C:\WINNT\system32\ruaenh.dll
C:\WINNT\system32\rUsgtwy.dll
C:\WINNT\SYSTEM32\__delete_on_reboot__guard.tmp
C:\WINNT\NDNuninstall7_22.exe
C:\Documents and Settings\jdumas\Application Data\Sskuknwrd.dll
C:\WINNT\system32\dmonwv.dll
C:\WINNT\system32\glutac.exe
C:\WINNT\system32\mptft.exe
C:\WINNT\system32\ssn6tuu.exe
C:\WINNT\system32\hpsckhm.exe
C:\WINNT\hpsckhm.exe
- Now, run The Avenger program by double clicking its icon on your Desktop.
- Under "Script file to execute" choose "Input Script Manually".
- Now click on the Magnifying Glass icon which will open a new window titled "View/edit script".
- Paste the text copied to clipboard into this window by pressing Ctrl V keys.
- Click Done.
- Now click on the Green Light to begin execution of the script.
- Answer "Yes" twice when prompted.
The Avenger will automatically do the following:-
- It will Restart your computer.
- On reboot, it will briefly open a black command window on your desktop, this is normal.
- After the reboot, it creates a log file that should open with the results of Avenger's actions. This log file will be located at C:\avenger.txt
After this, reboot to Safe Mode:-
Restart (or switch ON) the PC. Then, keep tapping the F8 Key. From the menu that will be displayed, out of which choose Safe Mode and press Enter.
Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,hpsckhm.exe
O4 - HKLM\..\Run: [fcylaa] C:\WINNT\system32\glutac.exe reg_run
O4 - HKLM\..\Run: [ftexc] C:\WINNT\system32\mptft.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINNT\system32\ssn6tuu.exe"
O4 - HKCU\..\Run: [cygnb] C:\WINNT\system32\glutac.exe reg_run
O20 - Winlogon Notify: ModuleUsage - C:\WINNT\system32\f4l00e3meh.dll
Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.
Now run CCleaner, click the "Options" button in the left pane of CCleaner. Here, click "Settings" and then click "Advanced" button. Here, Uncheck the options "Only delete files in Windows Temp folder older than 48 hours" and "Show prompt to backup registry issues".After unchecking them, click the "Issues" button in the left pane. Here, click "Scan for issues". It takes some time to scan. Once it finishes the scan, click "Fix selected issues". This opens up a new window, here click "Fix all selected issues" button to remove all the detected issues.After this, click the "Cleaner" button in the left pane and click "Run Cleaner" to clean the temp files.
Run Ewido, click on the "Scanner" button in the left menu, then click on the "Settings", here select the option "Scan every file" and click "OK". Next, click "Complete System Scan" button to start scan. If ewido finds anything, it will pop up a notification. You can select "Clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
Reboot to Normal Mode. Perform an online virus scan at Kaspersky Online Scanner (Click the "Kaspersky Online Scanner" button). Save the log it gives after the scan.
Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Kaspersky log and Avenger log.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
-Albert Einstein.
•
•
Join Date: Jul 2005
Posts: 82
Reputation:
Solved Threads: 0
Junior Poster in Training
swatkat ....I did everything successfully except for the Kaspersky On-Line Scan .....as soon as I connected to the Internet the pop-ups took over....IE aborted before I even finished downloading the scan.....is there an alternative as this method seems a bit counter productive....I've inlcuded the Avenger log and HJT log....thanks for the help....JD
1) Avenger log
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tgmlqnou
*******************
Script file located at: \??\C:\WINNT\xmehsuin.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:WINNTSYSTEM32F4L00E3MEH.DLL not found!
Deletion of file C:WINNTSYSTEM32F4L00E3MEH.DLL failed!
Could not process line:
C:WINNTSYSTEM32F4L00E3MEH.DLL
Status: 0xc0000034
File C:WINNTSYSTEM32I806LIDS1806.DLL not found!
Deletion of file C:WINNTSYSTEM32I806LIDS1806.DLL failed!
Could not process line:
C:WINNTSYSTEM32I806LIDS1806.DLL
Status: 0xc0000034
File C:WINNTSYSTEM32NOLSAPI.DLL not found!
Deletion of file C:WINNTSYSTEM32NOLSAPI.DLL failed!
Could not process line:
C:WINNTSYSTEM32NOLSAPI.DLL
Status: 0xc0000034
File C:WINNTsystem32ddvenum.dll not found!
Deletion of file C:WINNTsystem32ddvenum.dll failed!
Could not process line:
C:WINNTsystem32ddvenum.dll
Status: 0xc0000034
File C:WINNTsystem32dSdim700.dll not found!
Deletion of file C:WINNTsystem32dSdim700.dll failed!
Could not process line:
C:WINNTsystem32dSdim700.dll
Status: 0xc0000034
File C:WINNTsystem32f4l00e3meh.dll not found!
Deletion of file C:WINNTsystem32f4l00e3meh.dll failed!
Could not process line:
C:WINNTsystem32f4l00e3meh.dll
Status: 0xc0000034
File C:WINNTsystem32jtns0757e.dll not found!
Deletion of file C:WINNTsystem32jtns0757e.dll failed!
Could not process line:
C:WINNTsystem32jtns0757e.dll
Status: 0xc0000034
File C:WINNTsystem32jtrs0797e.dll not found!
Deletion of file C:WINNTsystem32jtrs0797e.dll failed!
Could not process line:
C:WINNTsystem32jtrs0797e.dll
Status: 0xc0000034
File C:WINNTsystem32kddsw.dll not found!
Deletion of file C:WINNTsystem32kddsw.dll failed!
Could not process line:
C:WINNTsystem32kddsw.dll
Status: 0xc0000034
File C:WINNTsystem32kt8ml7l11.dll not found!
Deletion of file C:WINNTsystem32kt8ml7l11.dll failed!
Could not process line:
C:WINNTsystem32kt8ml7l11.dll
Status: 0xc0000034
File C:WINNTsystem32ktjol7131.dll not found!
Deletion of file C:WINNTsystem32ktjol7131.dll failed!
Could not process line:
C:WINNTsystem32ktjol7131.dll
Status: 0xc0000034
File C:WINNTsystem32mcxml3a.dll not found!
Deletion of file C:WINNTsystem32mcxml3a.dll failed!
Could not process line:
C:WINNTsystem32mcxml3a.dll
Status: 0xc0000034
File C:WINNTsystem32mmiseq.dll not found!
Deletion of file C:WINNTsystem32mmiseq.dll failed!
Could not process line:
C:WINNTsystem32mmiseq.dll
Status: 0xc0000034
File C:WINNTsystem32mmnetobj.dll not found!
Deletion of file C:WINNTsystem32mmnetobj.dll failed!
Could not process line:
C:WINNTsystem32mmnetobj.dll
Status: 0xc0000034
File C:WINNTsystem32myvcrt20.dll not found!
Deletion of file C:WINNTsystem32myvcrt20.dll failed!
Could not process line:
C:WINNTsystem32myvcrt20.dll
Status: 0xc0000034
File C:WINNTsystem32nktcfgx.dll not found!
Deletion of file C:WINNTsystem32nktcfgx.dll failed!
Could not process line:
C:WINNTsystem32nktcfgx.dll
Status: 0xc0000034
File C:WINNTsystem32nmtmsg.dll not found!
Deletion of file C:WINNTsystem32nmtmsg.dll failed!
Could not process line:
C:WINNTsystem32nmtmsg.dll
Status: 0xc0000034
File C:WINNTsystem32osdbse32.dll not found!
Deletion of file C:WINNTsystem32osdbse32.dll failed!
Could not process line:
C:WINNTsystem32osdbse32.dll
Status: 0xc0000034
File C:WINNTsystem32q2pslc771f.dll not found!
Deletion of file C:WINNTsystem32q2pslc771f.dll failed!
Could not process line:
C:WINNTsystem32q2pslc771f.dll
Status: 0xc0000034
File C:WINNTsystem32ruaenh.dll not found!
Deletion of file C:WINNTsystem32ruaenh.dll failed!
Could not process line:
C:WINNTsystem32ruaenh.dll
Status: 0xc0000034
File C:WINNTsystem32rUsgtwy.dll not found!
Deletion of file C:WINNTsystem32rUsgtwy.dll failed!
Could not process line:
C:WINNTsystem32rUsgtwy.dll
Status: 0xc0000034
File C:WINNTSYSTEM32__delete_on_reboot__guard.tmp not found!
Deletion of file C:WINNTSYSTEM32__delete_on_reboot__guard.tmp failed!
Could not process line:
C:WINNTSYSTEM32__delete_on_reboot__guard.tmp
Status: 0xc0000034
File C:WINNTNDNuninstall7_22.exe not found!
Deletion of file C:WINNTNDNuninstall7_22.exe failed!
Could not process line:
C:WINNTNDNuninstall7_22.exe
Status: 0xc0000034
File C
ocuments and SettingsjdumasApplication DataSskuknwrd.dll not found!
Deletion of file Cocuments and SettingsjdumasApplication DataSskuknwrd.dll failed!
Could not process line:
Cocuments and SettingsjdumasApplication DataSskuknwrd.dll
Status: 0xc0000034
File C:WINNTsystem32dmonwv.dll not found!
Deletion of file C:WINNTsystem32dmonwv.dll failed!
Could not process line:
C:WINNTsystem32dmonwv.dll
Status: 0xc0000034
File C:WINNTsystem32glutac.exe not found!
Deletion of file C:WINNTsystem32glutac.exe failed!
Could not process line:
C:WINNTsystem32glutac.exe
Status: 0xc0000034
File C:WINNTsystem32mptft.exe not found!
Deletion of file C:WINNTsystem32mptft.exe failed!
Could not process line:
C:WINNTsystem32mptft.exe
Status: 0xc0000034
File C:WINNTsystem32ssn6tuu.exe not found!
Deletion of file C:WINNTsystem32ssn6tuu.exe failed!
Could not process line:
C:WINNTsystem32ssn6tuu.exe
Status: 0xc0000034
File C:WINNTsystem32hpsckhm.exe not found!
Deletion of file C:WINNTsystem32hpsckhm.exe failed!
Could not process line:
C:WINNTsystem32hpsckhm.exe
Status: 0xc0000034
File C:WINNThpsckhm.exe not found!
Deletion of file C:WINNThpsckhm.exe failed!
Could not process line:
C:WINNThpsckhm.exe
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
2) HJT log
Logfile of HijackThis v1.99.1
Scan saved at 10:58:55 PM, on 6/7/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE
C:\WINNT\System32\NMSSvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\WINNT\system32\Promon.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Documents and Settings\jdumas\My Documents\Security Downloads\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [NGClient] C:\Program Files\SYMANTEC\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [cygnb] C:\WINNT\system32\glutac.exe reg_run
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) - http://verizon.webattend.com/components/wt0809.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://www.officeupdate.com/productu...ntent/opuc.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O20 - Winlogon Notify: AdminDebug - C:\WINNT\system32\nmtmsg.dll
O20 - Winlogon Notify: Control Panel - C:\WINNT\system32\hrn4055qe.dll (file missing)
O20 - Winlogon Notify: URL - C:\WINNT\system32\guard.tmp (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec Corporation - C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
1) Avenger log
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tgmlqnou
*******************
Script file located at: \??\C:\WINNT\xmehsuin.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:WINNTSYSTEM32F4L00E3MEH.DLL not found!
Deletion of file C:WINNTSYSTEM32F4L00E3MEH.DLL failed!
Could not process line:
C:WINNTSYSTEM32F4L00E3MEH.DLL
Status: 0xc0000034
File C:WINNTSYSTEM32I806LIDS1806.DLL not found!
Deletion of file C:WINNTSYSTEM32I806LIDS1806.DLL failed!
Could not process line:
C:WINNTSYSTEM32I806LIDS1806.DLL
Status: 0xc0000034
File C:WINNTSYSTEM32NOLSAPI.DLL not found!
Deletion of file C:WINNTSYSTEM32NOLSAPI.DLL failed!
Could not process line:
C:WINNTSYSTEM32NOLSAPI.DLL
Status: 0xc0000034
File C:WINNTsystem32ddvenum.dll not found!
Deletion of file C:WINNTsystem32ddvenum.dll failed!
Could not process line:
C:WINNTsystem32ddvenum.dll
Status: 0xc0000034
File C:WINNTsystem32dSdim700.dll not found!
Deletion of file C:WINNTsystem32dSdim700.dll failed!
Could not process line:
C:WINNTsystem32dSdim700.dll
Status: 0xc0000034
File C:WINNTsystem32f4l00e3meh.dll not found!
Deletion of file C:WINNTsystem32f4l00e3meh.dll failed!
Could not process line:
C:WINNTsystem32f4l00e3meh.dll
Status: 0xc0000034
File C:WINNTsystem32jtns0757e.dll not found!
Deletion of file C:WINNTsystem32jtns0757e.dll failed!
Could not process line:
C:WINNTsystem32jtns0757e.dll
Status: 0xc0000034
File C:WINNTsystem32jtrs0797e.dll not found!
Deletion of file C:WINNTsystem32jtrs0797e.dll failed!
Could not process line:
C:WINNTsystem32jtrs0797e.dll
Status: 0xc0000034
File C:WINNTsystem32kddsw.dll not found!
Deletion of file C:WINNTsystem32kddsw.dll failed!
Could not process line:
C:WINNTsystem32kddsw.dll
Status: 0xc0000034
File C:WINNTsystem32kt8ml7l11.dll not found!
Deletion of file C:WINNTsystem32kt8ml7l11.dll failed!
Could not process line:
C:WINNTsystem32kt8ml7l11.dll
Status: 0xc0000034
File C:WINNTsystem32ktjol7131.dll not found!
Deletion of file C:WINNTsystem32ktjol7131.dll failed!
Could not process line:
C:WINNTsystem32ktjol7131.dll
Status: 0xc0000034
File C:WINNTsystem32mcxml3a.dll not found!
Deletion of file C:WINNTsystem32mcxml3a.dll failed!
Could not process line:
C:WINNTsystem32mcxml3a.dll
Status: 0xc0000034
File C:WINNTsystem32mmiseq.dll not found!
Deletion of file C:WINNTsystem32mmiseq.dll failed!
Could not process line:
C:WINNTsystem32mmiseq.dll
Status: 0xc0000034
File C:WINNTsystem32mmnetobj.dll not found!
Deletion of file C:WINNTsystem32mmnetobj.dll failed!
Could not process line:
C:WINNTsystem32mmnetobj.dll
Status: 0xc0000034
File C:WINNTsystem32myvcrt20.dll not found!
Deletion of file C:WINNTsystem32myvcrt20.dll failed!
Could not process line:
C:WINNTsystem32myvcrt20.dll
Status: 0xc0000034
File C:WINNTsystem32nktcfgx.dll not found!
Deletion of file C:WINNTsystem32nktcfgx.dll failed!
Could not process line:
C:WINNTsystem32nktcfgx.dll
Status: 0xc0000034
File C:WINNTsystem32nmtmsg.dll not found!
Deletion of file C:WINNTsystem32nmtmsg.dll failed!
Could not process line:
C:WINNTsystem32nmtmsg.dll
Status: 0xc0000034
File C:WINNTsystem32osdbse32.dll not found!
Deletion of file C:WINNTsystem32osdbse32.dll failed!
Could not process line:
C:WINNTsystem32osdbse32.dll
Status: 0xc0000034
File C:WINNTsystem32q2pslc771f.dll not found!
Deletion of file C:WINNTsystem32q2pslc771f.dll failed!
Could not process line:
C:WINNTsystem32q2pslc771f.dll
Status: 0xc0000034
File C:WINNTsystem32ruaenh.dll not found!
Deletion of file C:WINNTsystem32ruaenh.dll failed!
Could not process line:
C:WINNTsystem32ruaenh.dll
Status: 0xc0000034
File C:WINNTsystem32rUsgtwy.dll not found!
Deletion of file C:WINNTsystem32rUsgtwy.dll failed!
Could not process line:
C:WINNTsystem32rUsgtwy.dll
Status: 0xc0000034
File C:WINNTSYSTEM32__delete_on_reboot__guard.tmp not found!
Deletion of file C:WINNTSYSTEM32__delete_on_reboot__guard.tmp failed!
Could not process line:
C:WINNTSYSTEM32__delete_on_reboot__guard.tmp
Status: 0xc0000034
File C:WINNTNDNuninstall7_22.exe not found!
Deletion of file C:WINNTNDNuninstall7_22.exe failed!
Could not process line:
C:WINNTNDNuninstall7_22.exe
Status: 0xc0000034
File C
ocuments and SettingsjdumasApplication DataSskuknwrd.dll not found!Deletion of file C
ocuments and SettingsjdumasApplication DataSskuknwrd.dll failed!Could not process line:
C
ocuments and SettingsjdumasApplication DataSskuknwrd.dllStatus: 0xc0000034
File C:WINNTsystem32dmonwv.dll not found!
Deletion of file C:WINNTsystem32dmonwv.dll failed!
Could not process line:
C:WINNTsystem32dmonwv.dll
Status: 0xc0000034
File C:WINNTsystem32glutac.exe not found!
Deletion of file C:WINNTsystem32glutac.exe failed!
Could not process line:
C:WINNTsystem32glutac.exe
Status: 0xc0000034
File C:WINNTsystem32mptft.exe not found!
Deletion of file C:WINNTsystem32mptft.exe failed!
Could not process line:
C:WINNTsystem32mptft.exe
Status: 0xc0000034
File C:WINNTsystem32ssn6tuu.exe not found!
Deletion of file C:WINNTsystem32ssn6tuu.exe failed!
Could not process line:
C:WINNTsystem32ssn6tuu.exe
Status: 0xc0000034
File C:WINNTsystem32hpsckhm.exe not found!
Deletion of file C:WINNTsystem32hpsckhm.exe failed!
Could not process line:
C:WINNTsystem32hpsckhm.exe
Status: 0xc0000034
File C:WINNThpsckhm.exe not found!
Deletion of file C:WINNThpsckhm.exe failed!
Could not process line:
C:WINNThpsckhm.exe
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
2) HJT log
Logfile of HijackThis v1.99.1
Scan saved at 10:58:55 PM, on 6/7/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE
C:\WINNT\System32\NMSSvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\WINNT\system32\Promon.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Documents and Settings\jdumas\My Documents\Security Downloads\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [NGClient] C:\Program Files\SYMANTEC\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [cygnb] C:\WINNT\system32\glutac.exe reg_run
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) - http://verizon.webattend.com/components/wt0809.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://www.officeupdate.com/productu...ntent/opuc.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O20 - Winlogon Notify: AdminDebug - C:\WINNT\system32\nmtmsg.dll
O20 - Winlogon Notify: Control Panel - C:\WINNT\system32\hrn4055qe.dll (file missing)
O20 - Winlogon Notify: URL - C:\WINNT\system32\guard.tmp (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec Corporation - C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
Hi,
No problem! Those popups are due to the Look2Me spyware. It's a nasty one! We will remove it now!
Please download F-Look2Me, a removal tool from F-Secure, and save it in a convinient location. Next, run it and allow it to scan and remove infections.
Reboot the PC.
Next, download
Brute Force Uninstaller to your desktop. (rightclick
on this link and choose save as, if using IE save target as)
If you already have BFU, then no need to download it again. But, run the below mentioned fix again
No problem! Those popups are due to the Look2Me spyware. It's a nasty one! We will remove it now!
Please download F-Look2Me, a removal tool from F-Secure, and save it in a convinient location. Next, run it and allow it to scan and remove infections.
Reboot the PC.
Next, download
Brute Force Uninstaller to your desktop. (rightclick
on this link and choose save as, if using IE save target as)
- Right click the BFU folder on your desktop, and choose Extract
All - Click "Next"
- In the box to choose where to extract the files to,
- Click "Browse"
- Click on the + sign next to "My Computer"
- Click on "Local Disk (C
or whatever your primary drive is - Click "Make New Folder"
- Type in BFU
- Click "Next", and Uncheck the "Show Extracted Files" box and
then click "Finish".
If you already have BFU, then no need to download it again. But, run the below mentioned fix again
- Download
qoofix.bat (rightclick on this link and choose save
as, if using IE save target as) - Place qoofix.bat in your C:\BFU - folder.
(Important!) - Doubleclick qooFix.bat, Close all browsers and explorer folders.
- Choose option 1 (Qoolfix autofix) and follow the prompts.
- Please be patient, it will take about five minutes.
- After the PC has restarted please post another hijackthis log.
Last edited by swatkat; Jun 8th, 2006 at 6:06 am.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
-Albert Einstein.
•
•
Join Date: Jul 2005
Posts: 82
Reputation:
Solved Threads: 0
Junior Poster in Training
Hi swatkat,
I'm not sure it worked since ewid pops up with a screen that it found a problem with iHshlpr.dll in C:\WINNT\system32 ....says it's Adware: Look2.ME..
.....here's the HJT scan.....thanks...JD
Logfile of HijackThis v1.99.1
Scan saved at 9:26:24 AM, on 6/8/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE
C:\WINNT\System32\NMSSvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\WINNT\system32\Promon.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Documents and Settings\jdumas\My Documents\Security Downloads\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [NGClient] C:\Program Files\SYMANTEC\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [cygnb] C:\WINNT\system32\glutac.exe reg_run
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) - http://verizon.webattend.com/components/wt0809.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://www.officeupdate.com/productu...ntent/opuc.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O20 - Winlogon Notify: Control Panel - C:\WINNT\system32\hrn4055qe.dll (file missing)
O20 - Winlogon Notify: RunOnceEx - C:\WINNT\system32\i6jq0g15e6.dll
O20 - Winlogon Notify: SharedDLLs - C:\WINNT\system32\dn8q01l5e.dll (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec Corporation - C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
I'm not sure it worked since ewid pops up with a screen that it found a problem with iHshlpr.dll in C:\WINNT\system32 ....says it's Adware: Look2.ME..
.....here's the HJT scan.....thanks...JDLogfile of HijackThis v1.99.1
Scan saved at 9:26:24 AM, on 6/8/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE
C:\WINNT\System32\NMSSvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\WINNT\system32\Promon.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Documents and Settings\jdumas\My Documents\Security Downloads\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [NGClient] C:\Program Files\SYMANTEC\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [cygnb] C:\WINNT\system32\glutac.exe reg_run
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) - http://verizon.webattend.com/components/wt0809.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://www.officeupdate.com/productu...ntent/opuc.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O20 - Winlogon Notify: Control Panel - C:\WINNT\system32\hrn4055qe.dll (file missing)
O20 - Winlogon Notify: RunOnceEx - C:\WINNT\system32\i6jq0g15e6.dll
O20 - Winlogon Notify: SharedDLLs - C:\WINNT\system32\dn8q01l5e.dll (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec Corporation - C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
Hi,
Yes! Look2Me is still there. Please download Look2Me-Destroyer.exe to your desktop.
If you receive a message from your firewall about this program accessing the internet please allow it.
================================
Also, Please download the 2-week trial version of WebRoot SpySweeper from HERE.
Alternate download site.
Alternate download site.
Alternate download site.
==================================
After running above two tools, please post a new HijackThis log.
Yes! Look2Me is still there. Please download Look2Me-Destroyer.exe to your desktop.
- Close all windows before continuing.
- Double-click "Look2Me-Destroyer.exe" to run it.
- Put a check next to "Run this program as a task."
- You will receive a message saying "Look2Me-Destroyer will close and re-open in approximately 1 minute". Click "OK"
- When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
- Once it's done scanning, click the "Remove L2M" button.
- You will receive a "Done Scanning" message, click "OK".
- When completed, you will receive this message: "Done removing infected files! Look2Me-Destroyer will now shutdown your computer", click "OK".
- Your computer will then shutdown.
- Turn your computer back on.
- Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log. The log can be found wherever the fix is located - if Look2Me-Destroyer is on the desktop thats where the log will be.
If you receive a message from your firewall about this program accessing the internet please allow it.
================================
Also, Please download the 2-week trial version of WebRoot SpySweeper from HERE.
Alternate download site.
Alternate download site.
Alternate download site.
- Click on Free Spy Scan.
- On the next page, click on Start Scan Now
- Save the Setup file to your Desktop>click OK.
- Double-click on the file that you saved. (If you receive alerts from your firewall, allow all activities for Spy Sweeper)
- You will be prompted to check for updated definitions, please do so.
- Click on "Options" > "Sweep Options" and check "Sweep all Folders on Selected drives".
- Check "Local Disc C" and under "What to Sweep", check every box.
- Click on "Sweep" and allow it to fully scan your system.
- When the sweep has finished, click "Remove" to remove any items found.
- Exit SpySweeper and reboot your computer.
==================================
After running above two tools, please post a new HijackThis log.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
-Albert Einstein.
•
•
Join Date: Jul 2005
Posts: 82
Reputation:
Solved Threads: 0
Junior Poster in Training
Hi swatkat....seems like we may have got it? ...ewido did not display the look2me warning.....keeping my fingers crossed....let me know...thanks....JD
Logfile of HijackThis v1.99.1
Scan saved at 7:24:03 PM, on 6/8/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE
C:\WINNT\System32\NMSSvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\WINNT\system32\Promon.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Documents and Settings\jdumas\My Documents\Security Downloads\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [NGClient] C:\Program Files\SYMANTEC\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [cygnb] C:\WINNT\system32\glutac.exe reg_run
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) - http://verizon.webattend.com/components/wt0809.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://www.officeupdate.com/productu...ntent/opuc.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec Corporation - C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Logfile of HijackThis v1.99.1
Scan saved at 7:24:03 PM, on 6/8/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE
C:\WINNT\System32\NMSSvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\WINNT\system32\Promon.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Documents and Settings\jdumas\My Documents\Security Downloads\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [NGClient] C:\Program Files\SYMANTEC\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [cygnb] C:\WINNT\system32\glutac.exe reg_run
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) - http://verizon.webattend.com/components/wt0809.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://www.officeupdate.com/productu...ntent/opuc.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec Corporation - C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Hi,
Yes, Look2Me's gone! Now, there's one last thing to remove from, it's the Qoologic spyware. Actually, we should again use the BFU and Qoofix.bat tool that was previously. This tool should remove the Qoologic, but it failed to remove, when it was used last time, because Look2Me spyware deletes some Registry keys which are used by BFU and Qoolfix.bat combo.
So, here's the steps to remove Qoologic. You may have these files already, but I will post this for your reference:-
Yes, Look2Me's gone! Now, there's one last thing to remove from, it's the Qoologic spyware. Actually, we should again use the BFU and Qoofix.bat tool that was previously. This tool should remove the Qoologic, but it failed to remove, when it was used last time, because Look2Me spyware deletes some Registry keys which are used by BFU and Qoolfix.bat combo.
So, here's the steps to remove Qoologic. You may have these files already, but I will post this for your reference:-
•
•
•
•
Please download
Brute Force Uninstaller to your desktop. (rightclick
on this link and choose save as, if using IE save target as)
- Right click the BFU folder on your desktop, and choose Extract
All- Click "Next"
- In the box to choose where to extract the files to,
- Click "Browse"
- Click on the + sign next to "My Computer"
- Click on "Local Disk (C:\) or whatever your primary drive is
- Click "Make New Folder"
- Type in BFU
- Click "Next", and Uncheck the "Show Extracted Files" box and
then click "Finish".- Download
qoofix.bat (rightclick on this link and choose save
as, if using IE save target as)- Place qoofix.bat in your C:\BFU - folder.
(Important!)- Doubleclick qooFix.bat, Close all browsers and explorer folders.
- Choose option 1 (Qoolfix autofix) and follow the prompts.
- Please be patient, it will take about five minutes.
- After the PC has restarted please post another HijackThis log.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
-Albert Einstein.
•
•
Join Date: Jul 2005
Posts: 82
Reputation:
Solved Threads: 0
Junior Poster in Training
swatkat.....I think it worked ......in previous tries the BFU/Qoolfix.bat combo did not take the "5 minutes" stated in the instructions....I guess I should have mentioned that.....here's the latest HJT....is the laptop clean? thanks...JD
1) HJT log
Logfile of HijackThis v1.99.1
Scan saved at 7:10:05 PM, on 6/9/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE
C:\WINNT\System32\NMSSvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\WINNT\system32\Promon.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Documents and Settings\jdumas\My Documents\Security Downloads\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [NGClient] C:\Program Files\SYMANTEC\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) - http://verizon.webattend.com/components/wt0809.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://www.officeupdate.com/productu...ntent/opuc.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec Corporation - C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
1) HJT log
Logfile of HijackThis v1.99.1
Scan saved at 7:10:05 PM, on 6/9/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE
C:\WINNT\System32\NMSSvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\WINNT\system32\Promon.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Documents and Settings\jdumas\My Documents\Security Downloads\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [NGClient] C:\Program Files\SYMANTEC\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} (WebTrain.ctlWebTrain) - http://verizon.webattend.com/components/wt0809.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://www.officeupdate.com/productu...ntent/opuc.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.aimnetsolutions.net
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec Corporation - C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
|
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Virus Alert! Notification in Bottom right - SpywareQuake I think?
- Next Thread: hijackthis log
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware anti-malware anti-virussitesaccessissue antivirus apple attack audio backtoschoolspeech bar blackhat botnet china commercials conficker connect control crosssitescripting cyber cyberwarfare ddos domains e-mafia email europe facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn news obama onlinethreats paedophile panel parents pdf phishing police president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen threat translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses volume vulnerability war warning windows worm zero-day zeroday
