1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijack and Ewido Log files

Discussion in 'Virus & Other Malware Removal' started by Dave001, Jul 6, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. Dave001

    Dave001 Thread Starter

    Joined:
    Feb 8, 2005
    Messages:
    39
    Cleaning up another machine. I did alot of previous steps to rid myself of Nail.exe and the like. Regardless I am not anywhere near fixing this machine in its entirety So below is the ewido and hijack log files. Please read over so I can clean up this machine RIGHT!!!


    Ewido Log File:
    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 2:42:48 AM, 7/6/2005
    + Report-Checksum: D78F40FB

    + Scan result:

    :mozilla.14:C:\Documents and Settings\Donna Maisto\Application Data\Mozilla\Firefox\Profiles\uux27s3a.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.18:C:\Documents and Settings\Donna Maisto\Application Data\Mozilla\Firefox\Profiles\uux27s3a.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\Donna Maisto\Application Data\Mozilla\Firefox\Profiles\uux27s3a.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\Donna Maisto\Application Data\Mozilla\Firefox\Profiles\uux27s3a.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Donna Maisto\Local Settings\Temp\asfjkk32.tmp -> Spyware.SafeSurfing : Cleaned with backup
    C:\Documents and Settings\Donna Maisto\Local Settings\Temp\Cookies\donna [email protected][1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Donna Maisto\Local Settings\Temp\Del181.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
    C:\Documents and Settings\Donna Maisto\Local Settings\Temp\Del184.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071329.exe/fastengine.cab\data\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071329.exe/fastengine.cab\data\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071330.exe/data\player\aolnysev.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071331.dll -> Spyware.Altnet : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071332.dll -> Spyware.WinAD : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071333.dll -> Spyware.SurfSide : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071334.dll -> Spyware.SurfSide : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071335.exe -> Spyware.WeirWeb : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071336.exe -> Adware.SaveNow : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071337.dll -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071338.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071339.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071340.dll -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071341.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071342.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071343.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071344.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071345.dLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071346.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071347.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071348.exe -> Spyware.Hijacker.Generic : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071349.exe -> Spyware.Hijacker.Generic : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071350.exe -> Spyware.Hijacker.Generic : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071351.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071352.dll -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071353.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071354.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071355.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071356.dll -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071357.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071358.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071359.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071360.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071361.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071362.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071363.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071364.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071365.dll -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071366.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071367.dll -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071368.dll -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071369.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071370.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071371.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071372.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071373.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071374.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071375.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071376.exe -> Spyware.Pacer : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071377.dll -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071378.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071379.dll -> Spyware.SafeSurfing : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071380.exe -> Spyware.SafeSurfing : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071381.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071382.dll -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071383.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071384.exe -> TrojanDropper.Agent.hl : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071385.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071386.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071387.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071388.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071389.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071390.exe -> TrojanDropper.Agent.hl : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071391.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071392.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071393.exe -> TrojanDropper.Agent.hl : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071394.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071395.exe -> TrojanDownloader.Small.abd : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071396.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071397.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071398.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071399.dll -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071400.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071401.exe -> Adware.BetterInternet : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071572.dll -> Spyware.Hijacker.Generic : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071573.dll -> Adware.BetterInternet : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071574.exe -> TrojanDownloader.Small.abd : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071575.dll -> TrojanDownloader.Qoologic.t : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071576.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071577.DLL -> Spyware.Hijacker.Generic : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071578.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071579.DLL -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071586.exe -> Adware.BetterInternet : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0071603.exe -> Adware.BetterInternet : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0072569.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0072590.dll -> Spyware.Look2Me : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0072594.exe -> TrojanDownloader.Intexp.c : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0072630.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0072633.exe -> Adware.BetterInternet : Cleaned with backup
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0072634.dll -> Adware.BetterInternet : Cleaned with backup
    C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
    C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
    C:\WINDOWS\hxasztlrq.exe -> Adware.BetterInternet : Cleaned with backup
    C:\WINDOWS\qthmjrv.exe -> Adware.BetterInternet : Cleaned with backup
    C:\WINDOWS\SYSTEM32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\SYSTEM32\iniqs.dll -> TrojanDownloader.Qoologic.t : Cleaned with backup
    C:\WINDOWS\SYSTEM32\mbdmo.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\donna [email protected][1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup


    ::Report End

    Hijack Logg File:

    Logfile of HijackThis v1.99.1
    Scan saved at 2:49:08 AM, on 7/6/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\PROGRA~1\COMMON~1\AOL\111383~1\EE\AOLHOS~1.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\COMMON~1\AOL\111383~1\EE\AOLServiceHost.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\wanmpsvc.exe
    C:\hijack\HijackThis.exe
    C:\WINDOWS\System32\imapi.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1113834680\EE\AOLHostManager.exe
    O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
    O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitenuk32.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
    O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.1.4.29/holdem/holdem-ob-assets.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.telugutoranam.com/tdserver.cab
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.dorneypark.com/CFIDE/classes/CFJava.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1114648777796
    O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\SBSVC.DLL
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  2. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    you'll need to run the LSPfix to repair winsock.

    download and run.

    http://cexx.org/lspfix.htm


    Launch the application, and click the "I know what I'm doing" checkbox. click
    finish



    Download the pocket killbox

    http://www.bleepingcomputer.com/files/killbox.php


    Also download the EliteBar (searchmiracle) Removal Tool (must be run in safe
    mode)

    http://www.simplytech.it/ETRemover/
    http://www.softpedia.com/get/Intern...r-Remover.shtml


    download ccleaner

    http://www.ccleaner.com/


    * Install CCleaner
    * Launch CCleaner and look in the upper right corner and click on the "Options" button.
    * Click "Advanced" and remove the check by "Only delete files in Windows temp folders older than 48 hours".
    * Click OK
    * Do not run CCleaner yet. You will run it later in safe mode.


    Click on the Issues tab, uncheck both boxes Registry Integrity and File
    Integrity
    Click the Applications tab, scroll down to the Multimedia section and uncheck
    Macromedia Flash Player.



    go to this site and download these tools and once you get both
    adaware and spybot, update both of them.

    Set adaware to do a full system scan and deselect, "search for neglible risk
    entries". Click next to start the scan. Delete everything adaware finds.

    reboot and now run spybot

    Spybot: Search and destroy.

    Delete what spybot finds marked in red. After updating spybot hit the
    immunize button.

    reboot again


    With CWshredder close all browsers and programmes and select the FIX button.



    Go here and download Microsoft Antispyware Beta. First in the top menu click
    File then Check for updates to download the definitons updates.

    After updating look in the right side of the main window under "Run Quick
    Scan Now" and click Spyware scan options. In that window put a tick by Run a
    full system scan and then put a check by all three options below that then
    click Run Scan now.

    When the scan is finished, let it fix anything that it finds (have it
    quarantine the items that have that option rather than delete just in case.
    It is a beta program and there may be false positives)

    Restart your computer.


    All tools can be downloaded at the link below and found on that page!


    . Microsoft® Windows AntiSpyware
    . SpyBot search and destroy
    . AdAware SE



    http://www.majorgeeks.com/downloads31.html



    have hijack this fix these entries. close all browsers and programmes before
    clicking FIX.




    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
    O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
    O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
    O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitenuk32.exe
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.telugutoranam.com/tdserver.cab
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.dorneypark.com/CFIDE/classes/CFJava.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab





    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill.
    In the Full Path of File to Delete box, copy and paste each of the following
    lines one at a time then click on the button that has the red circle with the
    X in the middle after you enter each file. It will ask for confirmation to
    delete the file. Click Yes. Continue with that same procedure until you have
    copied and pasted all of these in the Paste Full Path of File to Delete box.



    Note: It is possible that Killbox will tell you that one or more files do not
    exist. If that happens, just continue on with all the files. Be sure you
    don't miss any.


    C:\WINDOWS\cfgmgr52.dll
    C:\WINDOWS\System32\wintask.exe
    C:\windows\system32\elitenuk32.exe
    C:\WINDOWS\wupdt.exe
    c:\counter.cab


    Now run ccleaner.



    Run ActiveScan online virus scan here

    http://www.pandasoftware.com/activescan/

    When the scan is finished, anything that it cannot clean have it delete it.
    Make a note of the file location of anything that cannot be deleted so you
    can delete it yourself.
    - Save the results from the scan!


    post another log and the active scan log
     
  3. Dave001

    Dave001 Thread Starter

    Joined:
    Feb 8, 2005
    Messages:
    39
    OK this is what i got thus far... after days of running everything
    1) I am still getting pop ups no matter how many times i run these utlities over and over.

    2) System has dramtically slowed down almost to a hlat.

    3) Adawre; spybot; MS Antispyware; Ewido and Activescan virus scanner keeps finding entries.

    4) Looks like the Looktome file is constently comming back

    5) All files are found on regualr system or regestry ntohing in archives or retore araeas.

    6) Turned off system restore.

    7) Nail.exe keeps returning.

    8) Alot of shortcuts keep comming back for free poker site and win a free ps2 and energybar links and one shorcut to win a free bose stero. I delete the shortcuts and they still reappear either in safe or regualr modes.

    9) this machine as also previous machines have this Privacy Champion Privacy Scanner on it and no uninstall..

    10) Internet Explorer had alot of problems after running the LSPFix and I had to run a Winsock fix.

    BELOW are my log files that you requested in the previous post
    HIJACK LOGG FILE!!

    Logfile of HijackThis v1.99.1
    Scan saved at 6:05:56 PM, on 7/8/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\COMMON~1\AOL\111383~1\EE\AOLHOS~1.EXE
    C:\PROGRA~1\COMMON~1\AOL\111383~1\EE\AOLServiceHost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
    O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.1.4.29/holdem/holdem-ob-assets.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.telugutoranam.com/tdserver.cab
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.dorneypark.com/CFIDE/classes/CFJava.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\SBSVC.DLL
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Active Scan Antivirus Scanner Log

    Incident Status Location

    Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\system32\cd_clint.dll
    Adware:Adware/SaveNow No disinfected Windows Registry
    Adware:Adware/MyWay No disinfected C:\Program Files\MyWay
    Adware:Adware/nCase No disinfected C:\WINDOWS\msbb*
    Spyware:Spyware/BetterInet No disinfected Windows Registry
    Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\adlinstallwin32.exe
    Adware:Adware/PowerScan No disinfected Windows Registry
    Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\nsvsvc
    Adware:Adware/SideSearch No disinfected C:\Documents and Settings\Donna Maisto\Application Data\Lycos
    Adware:Adware/IEDriver No disinfected Windows Registry
    Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\guard.tmp
    Spyware:Spyware/Media-motor No disinfected Windows Registry
    Adware:Adware/Pacimedia No disinfected C:\Documents and Settings\Donna Maisto\Favorites\1111
    Adware:Adware/TopSpyware No disinfected C:\Program Files\Windows Media Player\wmplayer.exe.tmp
    Adware:Adware/Novo No disinfected Windows Registry
    Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\AppWrap[1].exe
    Adware:Adware/VirtualBouncer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\541DF2A0-2C16-4ABB-8D55-86FF87\1D70D3C5-D72A-46AD-B94A-45A2D9
    Adware:Adware/AdDestroyer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\541DF2A0-2C16-4ABB-8D55-86FF87\939D2466-DE49-4DED-B99E-156016
    Adware:Adware/ConsumerAlertSystemNo disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\638E665D-5A9F-40E5-92F4-22D126\205510A9-E5D0-4442-981C-7DD843
    Adware:Adware/ConsumerAlertSystemNo disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\638E665D-5A9F-40E5-92F4-22D126\74F1F4D3-42A6-4CFD-A73E-CA8E73
    Adware:Adware/ConsumerAlertSystemNo disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\638E665D-5A9F-40E5-92F4-22D126\DED938AA-C64E-4205-BC5B-1088C5
    Adware:Adware/TopSpyware No disinfected C:\Program Files\Windows Media Player\wmplayer.exe.tmp
    Adware:Adware/nCase No disinfected C:\WINDOWS\msbbau.dat
    Adware:Adware/nCase No disinfected C:\WINDOWS\msbb_gdf.dat
    Adware:Adware/nCase No disinfected C:\WINDOWS\salm_gdf.dat
    Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\adlinstallwin32.exe
    Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\SYSTEM32\cd_clint.dll
    Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\guard.tmp
    Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\wavcore.dll
    Adware:Adware/AdBehavior No disinfected C:\WINDOWS\SYSTEM32\web2_212.exe
    Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\__delete_on_reboot__IAETWH32.dll
     
  4. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    Download the Nail/aurora fix


    http://www.noidea.us/easyfile/index.php?folder=2




    * Download the trial version of Ewido Security Suite here


    http://www.ewido.net/en/

    * Install ewido.
    * During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    * Launch ewido
    * It will prompt you to update click the OK button and it will go to the main screen
    * On the left side of the main screen click update
    * Click on Start and let it update.
    * DO NOT run a scan yet. You will do that later in safe mode.



    * Click here for info on how to boot to safe mode if you don't already know
    how.


    How to boot to safe mode

    http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam


    * Now copy these instructions to notepad and save them to your desktop. You
    will need them to refer to in safe mode.


    * Restart your computer into safe mode now. Perform the following steps in
    safe mode:


    * Once in Safe Mode, double-click on Nailfix.cmd. Your desktop and icons will
    disappear and reappear, and a window should open and close very quickly ---
    this is normal.



    * Run Ewido:

    * Click on scanner
    * Click Complete System Scan and the scan will begin.
    * During the scan it will prompt you to clean files, click OK
    * When the scan is finished, look at the bottom of the screen and click the Save report button.
    * Save the report to your desktop

    run ccleaner


    run another panda scan



    Download L2mfix from one of these two locations:


    http://www.atribune.org/downloads/l2mfix.exe
    http://www.downloads.subratam.org/l2mfix.exe


    Save the file to your desktop and double click l2mfix.exe. Read and
    Accept the agreement. Click the Install button to extract the files
    and follow the prompts, then open the newly added l2mfix folder on your
    desktop. Double click l2mfix.bat and select option #1 for Run Find Log
    by typing 1 and then pressing enter. This will scan your computer and
    it may appear nothing is happening, then, after a minute or 2, notepad
    will open with a log. Copy the contents of that log and paste it into
    this thread.


    IMPORTANT: Do NOT run any other files in the l2mfix folder until you are
    asked to do so!



    post all the logs and then post the l2me log!
     
  5. Dave001

    Dave001 Thread Starter

    Joined:
    Feb 8, 2005
    Messages:
    39
    Ok here are the new logg files that you requested from your previous posts. All software ran I updated then rebooted and ran in a strick safe mode prompt.

    Hijack This Logg File:
    Logfile of HijackThis v1.99.1
    Scan saved at 2:18:58 AM, on 7/9/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\COMMON~1\AOL\111383~1\EE\AOLHOS~1.EXE
    C:\PROGRA~1\COMMON~1\AOL\111383~1\EE\AOLServiceHost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
    O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.1.4.29/holdem/holdem-ob-assets.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.telugutoranam.com/tdserver.cab
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.dorneypark.com/CFIDE/classes/CFJava.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\SBSVC.DLL
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Ewido Log File:
    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 1:29:23 AM, 7/9/2005
    + Report-Checksum: A63F87CC

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{12EE7A5E-0674-42f9-A76A-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{E004800A-73C6-4587-B855-98D0CE0C16B1} -> Spyware.BrowserAid : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{12EE7A5E-0674-42F9-A76C-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
    HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarBHO -> Spyware.BrowserAid : Cleaned with backup
    HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarBHO\CLSID -> Spyware.BrowserAid : Cleaned with backup
    HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarBHO\CurVer -> Spyware.BrowserAid : Cleaned with backup
    HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName -> Spyware.BrowserAid : Cleaned with backup
    HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName\CLSID -> Spyware.BrowserAid : Cleaned with backup
    HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName\CurVer -> Spyware.BrowserAid : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12EE7A5E-0674-42f9-A76A-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate -> Spyware.BrowserAid : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate\Active -> Spyware.BrowserAid : Cleaned with backup
    HKU\S-1-5-21-1577911974-189496217-8615747-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12EE7A5E-0674-42F9-A76A-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
    HKU\S-1-5-21-1577911974-189496217-8615747-1007\Software\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
    C:\Documents and Settings\Donna Maisto\Local Settings\Temp\Cookies\donna [email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Donna Maisto\Local Settings\Temp\Cookies\donna [email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Donna Maisto\Local Settings\Temp\Cookies\donna [email protected][1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
    C:\Documents and Settings\Donna Maisto\Local Settings\Temp\Cookies\donna [email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Donna Maisto\Local Settings\Temp\Cookies\donna [email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Donna Maisto\Local Settings\Temp\Cookies\donna [email protected][1].txt -> Spyware.Cookie.Excite : Cleaned with backup
    C:\Documents and Settings\Donna Maisto\Local Settings\Temp\Cookies\donna [email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Donna Maisto\Local Settings\Temp\Cookies\donna [email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Donna Maisto\Local Settings\Temp\Cookies\donna [email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Donna Maisto\Local Settings\Temp\Cookies\donna [email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Donna Maisto\Local Settings\Temp\Cookies\donna [email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Donna Maisto\Local Settings\Temp\Cookies\donna [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\WINDOWS\SYSTEM32\guard.tmp -> Spyware.Look2Me : Cleaned with backup


    ::Report End

    L2MFIX find log

    L2MFIX find log 1.03
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SideBySide]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\SBSVC.DLL"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{A2E9F1DA-4C81-9F43-5DCE-058EEB6D5A20}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
    "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
    "{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
    "{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension"
    "{42CF09B6-9393-4D52-B23C-E0CD904B6564}"=""
    "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
    "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
    "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
    "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
    "{CBE59FB9-A872-478F-A97A-1BF9939D59DA}"=""
    "{2A60C508-F1D7-42A2-BE13-A3D534A1D4A6}"=""
    "{965E8C00-5E26-4A31-AFC5-46DE0F90B9D3}"=""

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{965E8C00-5E26-4A31-AFC5-46DE0F90B9D3}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{965E8C00-5E26-4A31-AFC5-46DE0F90B9D3}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{965E8C00-5E26-4A31-AFC5-46DE0F90B9D3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{965E8C00-5E26-4A31-AFC5-46DE0F90B9D3}\InprocServer32]
    @="C:\\WINDOWS\\system32\\CLMCAT.DLL"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:
    Locate .tmp files:
    **********************************************************************************
    Directory Listing of system files:
    Volume in drive C has no label.
    Volume Serial Number is CCC8-C919

    Directory of C:\WINDOWS\System32

    07/08/2005 05:00 PM <DIR> DLLCACHE
    07/04/2005 06:55 PM 417,792 wkv8dmoe.dll
    11/21/2003 12:08 AM 1,353 HotElc.006
    08/19/2003 10:00 PM <DIR> Microsoft
    2 File(s) 419,145 bytes
    2 Dir(s) 72,858,542,080 bytes free
     
  6. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    Close any programs you have open since this step requires a reboot.

    From the l2mfix folder on your desktop, double click l2mfix.bat and
    select option #2 for Run Fix by typing 2 and then pressing enter, then
    press any key to reboot your computer. After a reboot, your desktop and
    icons will appear, then disappear (this is normal). L2mfix will
    continue to scan your computer and when it's finished, notepad will
    open with a log. Copy the contents of that log and paste it back into
    this thread, along with a new hijack this log.



    IMPORTANT: Do NOT run any other files in the l2mfix folder until you are
    asked to do so!



    run ccleaner again


    Run ActiveScan online virus scan here

    http://www.pandasoftware.com/activescan/

    When the scan is finished, anything that it cannot clean have it delete it.
    Make a note of the file location of anything that cannot be deleted so you
    can delete it yourself.
    - Save the results from the scan!


    post another hijack this log, the active scan log and the l2me
     
  7. Dave001

    Dave001 Thread Starter

    Joined:
    Feb 8, 2005
    Messages:
    39
    I ran the fixes you mentioned in the previous post. The L2mFix and panda scan as well as the hijack file. Machine still buggy and running slow here are the most current updates.

    I think we are making progress... However the Panda Scan ran for over 5 hours and could not self delete any items.

    Hijack File:
    Logfile of HijackThis v1.99.1
    Scan saved at 4:43:39 AM, on 7/10/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\COMMON~1\AOL\111383~1\EE\AOLHOS~1.EXE
    C:\PROGRA~1\COMMON~1\AOL\111383~1\EE\AOLServiceHost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\explorer.exe
    C:\hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
    O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.1.4.29/holdem/holdem-ob-assets.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.telugutoranam.com/tdserver.cab
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.dorneypark.com/CFIDE/classes/CFJava.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


    L2M File:
    L2Mfix 1.03

    Running From:
    C:\Documents and Settings\Donna Maisto\Desktop\l2mfix



    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-NI) ALLOW Read BUILTIN\Users
    (ID-IO) ALLOW Read BUILTIN\Users
    (ID-NI) ALLOW Full access BUILTIN\Administrators
    (ID-IO) ALLOW Full access BUILTIN\Administrators
    (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-IO) ALLOW Full access CREATOR OWNER



    Setting registry permissions:


    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!


    Denying C(CI) access for predefined group "Administrators"
    - adding new ACCESS DENY entry


    Registry Permissions set too:

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (CI) DENY --C------- BUILTIN\Administrators
    (NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-NI) ALLOW Read BUILTIN\Users
    (ID-IO) ALLOW Read BUILTIN\Users
    (ID-NI) ALLOW Full access BUILTIN\Administrators
    (ID-IO) ALLOW Full access BUILTIN\Administrators
    (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-IO) ALLOW Full access CREATOR OWNER



    Setting up for Reboot


    Starting Reboot!

    C:\Documents and Settings\Donna Maisto\Desktop\l2mfix
    System Rebooted!

    Running From:
    C:\Documents and Settings\Donna Maisto\Desktop\l2mfix

    killing explorer and rundll32.exe

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 [email protected]
    Killing PID 1120 'explorer.exe'

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 [email protected]
    Killing PID 1248 'rundll32.exe'

    Scanning First Pass. Please Wait!

    First Pass Completed

    Second Pass Scanning

    Second pass Completed!
    Backing Up: C:\WINDOWS\system32\KLDLV1.DLL
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\KLDLV1.DLL
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\mwdadiag.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\mwdadiag.dll
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\SBSVC.DLL
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\SBSVC.DLL
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\guard.tmp
    1 file(s) copied.
    Backing Up: C:\WINDOWS\system32\guard.tmp
    1 file(s) copied.
    deleting: C:\WINDOWS\system32\KLDLV1.DLL
    Successfully Deleted: C:\WINDOWS\system32\KLDLV1.DLL
    deleting: C:\WINDOWS\system32\KLDLV1.DLL
    Successfully Deleted: C:\WINDOWS\system32\KLDLV1.DLL
    deleting: C:\WINDOWS\system32\mwdadiag.dll
    Successfully Deleted: C:\WINDOWS\system32\mwdadiag.dll
    deleting: C:\WINDOWS\system32\mwdadiag.dll
    Successfully Deleted: C:\WINDOWS\system32\mwdadiag.dll
    deleting: C:\WINDOWS\system32\SBSVC.DLL
    Successfully Deleted: C:\WINDOWS\system32\SBSVC.DLL
    deleting: C:\WINDOWS\system32\SBSVC.DLL
    Successfully Deleted: C:\WINDOWS\system32\SBSVC.DLL
    deleting: C:\WINDOWS\system32\guard.tmp
    Successfully Deleted: C:\WINDOWS\system32\guard.tmp
    deleting: C:\WINDOWS\system32\guard.tmp
    Successfully Deleted: C:\WINDOWS\system32\guard.tmp


    Zipping up files for submission:
    adding: KLDLV1.DLL (164 bytes security) (deflated 48%)
    adding: mwdadiag.dll (164 bytes security) (deflated 48%)
    adding: SBSVC.DLL (164 bytes security) (deflated 48%)
    adding: guard.tmp (164 bytes security) (deflated 48%)
    adding: clear.reg (164 bytes security) (deflated 52%)
    adding: echo.reg (164 bytes security) (deflated 11%)
    adding: direct.txt (164 bytes security) (stored 0%)
    adding: lo2.txt (164 bytes security) (deflated 79%)
    adding: readme.txt (164 bytes security) (deflated 49%)
    adding: report.txt (164 bytes security) (deflated 59%)
    adding: test.txt (164 bytes security) (deflated 76%)
    adding: test2.txt (164 bytes security) (deflated 33%)
    adding: test3.txt (164 bytes security) (deflated 33%)
    adding: test5.txt (164 bytes security) (deflated 33%)
    adding: xfind.txt (164 bytes security) (deflated 72%)
    adding: backregs/965E8C00-5E26-4A31-AFC5-46DE0F90B9D3.reg (164 bytes security) (deflated 70%)
    adding: backregs/shell.reg (164 bytes security) (deflated 73%)

    Restoring Registry Permissions:


    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!


    Revoking access for predefined group "Administrators"
    Inherited ACE can not be revoked here!
    Inherited ACE can not be revoked here!


    Registry permissions set too:

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-NI) ALLOW Read BUILTIN\Users
    (ID-IO) ALLOW Read BUILTIN\Users
    (ID-NI) ALLOW Full access BUILTIN\Administrators
    (ID-IO) ALLOW Full access BUILTIN\Administrators
    (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-IO) ALLOW Full access CREATOR OWNER


    Restoring Sedebugprivilege:

    Granting SeDebugPrivilege to Administrators ... successful

    deleting local copy: KLDLV1.DLL
    deleting local copy: KLDLV1.DLL
    deleting local copy: mwdadiag.dll
    deleting local copy: mwdadiag.dll
    deleting local copy: SBSVC.DLL
    deleting local copy: SBSVC.DLL
    deleting local copy: guard.tmp
    deleting local copy: guard.tmp

    The following Is the Current Export of the Winlogon notify key:
    ****************************************************************************
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]


    The following are the files found:
    ****************************************************************************
    C:\WINDOWS\system32\KLDLV1.DLL
    C:\WINDOWS\system32\KLDLV1.DLL
    C:\WINDOWS\system32\mwdadiag.dll
    C:\WINDOWS\system32\mwdadiag.dll
    C:\WINDOWS\system32\SBSVC.DLL
    C:\WINDOWS\system32\SBSVC.DLL
    C:\WINDOWS\system32\guard.tmp
    C:\WINDOWS\system32\guard.tmp

    Registry Entries that were Deleted:
    Please verify that the listing looks ok.
    If there was something deleted wrongly there are backups in the backreg folder.
    ****************************************************************************
    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{42CF09B6-9393-4D52-B23C-E0CD904B6564}"=-
    "{CBE59FB9-A872-478F-A97A-1BF9939D59DA}"=-
    "{2A60C508-F1D7-42A2-BE13-A3D534A1D4A6}"=-
    "{965E8C00-5E26-4A31-AFC5-46DE0F90B9D3}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{42CF09B6-9393-4D52-B23C-E0CD904B6564}]
    [-HKEY_CLASSES_ROOT\CLSID\{CBE59FB9-A872-478F-A97A-1BF9939D59DA}]
    [-HKEY_CLASSES_ROOT\CLSID\{2A60C508-F1D7-42A2-BE13-A3D534A1D4A6}]
    [-HKEY_CLASSES_ROOT\CLSID\{965E8C00-5E26-4A31-AFC5-46DE0F90B9D3}]
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "SV1"=""
    ****************************************************************************
    Desktop.ini Contents:
    ****************************************************************************
    ****************************************************************************

    Panda File

    Incident Status Location

    Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\system32\cd_clint.dll
    Adware:Adware/SaveNow No disinfected Windows Registry
    Adware:Adware/MyWay No disinfected C:\Program Files\MyWay
    Adware:Adware/nCase No disinfected C:\WINDOWS\msbb*
    Spyware:Spyware/BetterInet No disinfected Windows Registry
    Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\adlinstallwin32.exe
    Adware:Adware/PowerScan No disinfected Windows Registry
    Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\nsvsvc
    Adware:Adware/SideSearch No disinfected C:\Documents and Settings\Donna Maisto\Application Data\Lycos
    Adware:Adware/IEDriver No disinfected Windows Registry
    Adware:Adware/PowerSearch No disinfected C:\WINDOWS\system32\stlb2.xml
    Adware:Adware/Pacimedia No disinfected C:\Documents and Settings\Donna Maisto\Favorites\1111
    Adware:Adware/TopSpyware No disinfected C:\Program Files\Windows Media Player\wmplayer.exe.tmp
    Adware:Adware/Novo No disinfected Windows Registry
    Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\AppWrap[1].exe
    Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Donna Maisto\Desktop\l2mfix\backup.zip[KLDLV1.DLL]
    Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Donna Maisto\Desktop\l2mfix\backup.zip[mwdadiag.dll]
    Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Donna Maisto\Desktop\l2mfix\backup.zip[SBSVC.DLL]
    Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Donna Maisto\Desktop\l2mfix\backup.zip[guard.tmp]
    Adware:Adware/VirtualBouncer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\541DF2A0-2C16-4ABB-8D55-86FF87\1D70D3C5-D72A-46AD-B94A-45A2D9
    Adware:Adware/AdDestroyer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\541DF2A0-2C16-4ABB-8D55-86FF87\939D2466-DE49-4DED-B99E-156016
    Adware:Adware/ConsumerAlertSystemNo disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\638E665D-5A9F-40E5-92F4-22D126\205510A9-E5D0-4442-981C-7DD843
    Adware:Adware/ConsumerAlertSystemNo disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\638E665D-5A9F-40E5-92F4-22D126\74F1F4D3-42A6-4CFD-A73E-CA8E73
    Adware:Adware/ConsumerAlertSystemNo disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\638E665D-5A9F-40E5-92F4-22D126\DED938AA-C64E-4205-BC5B-1088C5
    Adware:Adware/TopSpyware No disinfected C:\Program Files\Windows Media Player\wmplayer.exe.tmp
     
  8. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    go to add/remove and uninstall myway and lycos, delete their folders from C:\program files and C:\Documents and Settings\Donna Maisto\Application Data\ lycos



    Download the pocket killbox

    http://www.bleepingcomputer.com/files/killbox.php



    download ccleaner

    http://www.ccleaner.com/


    * Install CCleaner
    * Launch CCleaner and look in the upper right corner and click on the "Options" button.
    * Click "Advanced" and remove the check by "Only delete files in Windows temp folders older than 48 hours".
    * Click OK
    * Do not run CCleaner yet. You will run it later in safe mode.



    Go to this site and download these tools and once you get both
    adaware Se 1.6 and spybot, update both of them.

    Set adaware to do a full system scan and deselect, "search for neglible risk
    entries". Click next to start the scan. Delete everything adaware finds.

    reboot and now run spybot

    Spybot: Search and destroy.

    Delete what spybot finds marked in red. After updating spybot hit the
    immunize button.

    reboot again


    With CWshredder close all browsers and programmes and select the FIX button.



    Restart your computer.


    All tools can be downloaded at the link below and found on that page!


    . SpyBot search and destroy
    . AdAware SE



    http://www.majorgeeks.com/downloads31.html




    have hijack this fix these entries. close all browsers and programmes before
    clicking FIX.


    O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u


    Double-click on Killbox.exe to run it. Now put a tick by Delete on
    Reboot. In the "Full Path of File to Delete" box, copy and paste each
    of the following lines one at a time then click on the button that has
    the red circle with the X in the middle after you enter each file.
    It will ask for confimation to delete the file on next reboot. Click
    Yes. It will then ask if you want to reboot now. Click No. Continue
    with that same procedure until you have copied and pasted all of
    these in the "Paste Full Path of File to Delete" box.Then click yes
    to reboot after you entered the last one.


    Note: It is possible that Killbox will tell you that one or more files do not
    exist. If that happens, just continue on with all the files. Be sure you
    don't miss any.


    C:\WINDOWS\system32\cd_clint.dll
    C:\WINDOWS\msbb*
    C:\WINDOWS\system32\adlinstallwin32.exe
    C:\WINDOWS\system32\nsvsvc
    C:\Documents and Settings\Donna Maisto\Application Data\Lycos
    C:\WINDOWS\system32\stlb2.xml
    C:\Documents and Settings\Donna Maisto\Favorites\1111
    C:\Program Files\Windows Media Player\wmplayer.exe.tmp





    find and delete this folder.


    How to boot to safe mode

    http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam


    How to show hidden files in Windows

    http://service1.symantec.com/SUPPOR...Virus Corporate Edition&ver=8.x&osv=&osv_lvl=


    C:\WINDOWS\system32\nsvsvc



    Now run ccleaner.


    post another log
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/378340

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice