plzzz somebody check my log!! pop ups....pop ups ...pop ups

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

djsod

Thread Starter
Joined
Dec 14, 2005
Messages
35
:mad: Logfile of HijackThis v1.99.1
Scan saved at 6:59:39 μμ, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis_v1.99.1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\byvvv.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maps.flash.gr/inc/activex/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134526082054
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{47B15401-6EF9-498D-A61C-44F592C68782}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{66AE789E-8A29-49B1-9D74-86B328B578B0}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{86E8E39A-191D-47DD-BB54-F00DAA87EFBF}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CCCDEB6-9492-47E0-99F3-9D425EC41B9C}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{A11D1B84-AA96-48C2-837A-08EC4A71355E}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD02AFB7-18AA-4F6F-B6A2-47B09F784A34}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC9F3D43-0855-49BA-9965-2F957EB52D73}: NameServer = 85.255.113.146,85.255.112.13
O20 - Winlogon Notify: byvvv - C:\WINDOWS\system32\byvvv.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\q668lgju16o8.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\fprm0391e.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program Files\Spyware Cleaner\SCService.exe
 
Joined
May 13, 2005
Messages
4,699
Wow! What a mess! No worries though, let's get down to business:

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://forums.subratam.org/index.php?act=Attach&type=post&id=43811
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

O17 - HKLM\System\CCS\Services\Tcpip\..\{47B15401-6EF9-498D-A61C-44F592C68782}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{66AE789E-8A29-49B1-9D74-86B328B578B0}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{86E8E39A-191D-47DD-BB54-F00DAA87EFBF}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CCCDEB6-9492-47E0-99F3-9D425EC41B9C}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{A11D1B84-AA96-48C2-837A-08EC4A71355E}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD02AFB7-18AA-4F6F-B6A2-47B09F784A34}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC9F3D43-0855-49BA-9965-2F957EB52D73}: NameServer = 85.255.113.146,85.255.112.13


Click Fix Checked. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link for "SpySweeper" to download the program. NOTE: DO NOT click the Free Spyware Scan link.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.

David
 

djsod

Thread Starter
Joined
Dec 14, 2005
Messages
35
Hello David!!
Thank you very much for replying to my thread and trying to solve my pc's problem..!
I was on vacation so today i came back to Athens and read your reply.During these days i ve scanned the pc with programs such as xoft , ad-ware and microsoft antispyware.Ive fixed the problem only for some days.Yesterday the pc started again...with pop ups such as winfixer.. the backround changed to white...the explorer shuts down ...many spyware everyday...I think i have a file infected in my pc witch creates new spyware day by day...i dont know...

I ve read your reply.
Well i have to tell you that i have programs such as ewido peperfix killbox do i need to download the new ones you tell me?
I will send you again the new logfile of hijack this.
Looking forward to your reply!
Thank you again for your co-operation.
Bye
ilias Greece
 

djsod

Thread Starter
Joined
Dec 14, 2005
Messages
35
Logfile of HijackThis v1.99.1
Scan saved at 11:44:32 μμ, on 7/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis_v1.99.1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\byvvv.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maps.flash.gr/inc/activex/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134526082054
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{47B15401-6EF9-498D-A61C-44F592C68782}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{66AE789E-8A29-49B1-9D74-86B328B578B0}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{86E8E39A-191D-47DD-BB54-F00DAA87EFBF}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CCCDEB6-9492-47E0-99F3-9D425EC41B9C}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{A11D1B84-AA96-48C2-837A-08EC4A71355E}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD02AFB7-18AA-4F6F-B6A2-47B09F784A34}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC9F3D43-0855-49BA-9965-2F957EB52D73}: NameServer = 85.255.113.146,85.255.112.13
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: byvvv - C:\WINDOWS\system32\byvvv.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\q668lgju16o8.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\fprm0391e.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program Files\Spyware Cleaner\SCService.exe
 
Joined
Sep 7, 2004
Messages
49,014
Do as David said you have one unique infection that need the warout tool

You've asked for help now follow the instructions (Or fix it yourself)
 
Joined
May 13, 2005
Messages
4,699
Yep, please carry on with my instructions as they are the only way you will get rid of wareout easily! :)
David (y)
 

djsod

Thread Starter
Joined
Dec 14, 2005
Messages
35
Hello again david.
Thank you again for your inportant help!

when i deleted these items
O17 - HKLM\System\CCS\Services\Tcpip\..\{47B15401-6EF9-498D-A61C-44F592C68782}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{66AE789E-8A29-49B1-9D74-86B328B578B0}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{86E8E39A-191D-47DD-BB54-F00DAA87EFBF}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CCCDEB6-9492-47E0-99F3-9D425EC41B9C}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{A11D1B84-AA96-48C2-837A-08EC4A71355E}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD02AFB7-18AA-4F6F-B6A2-47B09F784A34}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC9F3D43-0855-49BA-9965-2F957EB52D73}: NameServer = 85.255.113.146,85.255.112.13

suddenly i had no internet connection....so i had to recover windows to the previous state.

I ve scanned with webroot spysweeper and removed all these items.

The white backround although is in my desktop....i minimized.. it its like a white box...how can i remove it?

this is the fixwareout log
O17 - HKLM\System\CCS\Services\Tcpip\..\{47B15401-6EF9-498D-A61C-44F592C68782}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{66AE789E-8A29-49B1-9D74-86B328B578B0}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{86E8E39A-191D-47DD-BB54-F00DAA87EFBF}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CCCDEB6-9492-47E0-99F3-9D425EC41B9C}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{A11D1B84-AA96-48C2-837A-08EC4A71355E}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD02AFB7-18AA-4F6F-B6A2-47B09F784A34}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC9F3D43-0855-49BA-9965-2F957EB52D73}: NameServer = 85.255.113.146,85.255.112.13

and this is the hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 2:32:51 πμ, on 10/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
C:\PROGRA~1\SONYER~1\Mobile\AUFILE~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\Ecfmserv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis_v1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Phone Connection monitor.lnk = ?
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maps.flash.gr/inc/activex/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134526082054
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{47B15401-6EF9-498D-A61C-44F592C68782}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{66AE789E-8A29-49B1-9D74-86B328B578B0}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{86E8E39A-191D-47DD-BB54-F00DAA87EFBF}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CCCDEB6-9492-47E0-99F3-9D425EC41B9C}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{A11D1B84-AA96-48C2-837A-08EC4A71355E}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD02AFB7-18AA-4F6F-B6A2-47B09F784A34}: NameServer = 85.255.113.146,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC9F3D43-0855-49BA-9965-2F957EB52D73}: NameServer = 85.255.113.146,85.255.112.13
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: byvvv - C:\WINDOWS\system32\byvvv.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\q668lgju16o8.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\fprm0391e.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program Files\Spyware Cleaner\SCService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Thank you for the time you spend trying to fix my pc (sorry for my bad english) im doing the best i can)
waiting for your reply.
bye from greece
ilias (djsod)
 
Joined
Sep 7, 2004
Messages
49,014
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout

http://downloads.subratam.org/Fixwareout.exe


Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, Hijack This will launch


Remove those O17’s

* Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .
· Double-click the Network Connections icon
· Right-click the Local Area Connection icon and select Properties.
· Hilight Internet Protocol (TCP/IP) and click the Properties button.
· Be sure Obtain DNS server address automatically is selected.
· OK your way out.


* Go to Start > Run and type in cmd
· Click OK.
· This will open a commad prompt.
· Type or copy and paste the following line in the command window:

ipconfig /flushdns
· Hit Enter
· Exit the command window

Do that before you restart.

=============
At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new Hijack This log.

If you get an Autoexec nt error do the following

XP Fix - http://www.visualtour.com/downloads/

Scroll down to get XP Fix

And run FixWareout again.
 

djsod

Thread Starter
Joined
Dec 14, 2005
Messages
35
Hello again!:)
i ve done what you said and here is the logs.
ive noticed that these 017's havent been removed.is this true?maybe i should repeat the steps?

Logfile of HijackThis v1.99.1
Scan saved at 4:12:02 μμ, on 10/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis_v1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\byvvv.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Phone Connection monitor.lnk = ?
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maps.flash.gr/inc/activex/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134526082054
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: byvvv - C:\WINDOWS\system32\byvvv.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\q668lgju16o8.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\fprm0391e.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program Files\Spyware Cleaner\SCService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


Fixwareout ver 1.003
Last edited 12/5/2005
Post this report in the forums please

Reg Entries that were deleted

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool


secondly i have a white anooying thing on my desktop and i dont know how to remove it i ve tryed everything..this is the source.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!----
***** This file is automatically generated by Microsoft Windows *****
--------><HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1253"></HEAD>
<BODY bgColor=#000000>
<DIV
style="BACKGROUND: url(file:///C:/Documents%20and%20Settings/&#919;&#923;&#921;&#913;&#931;/Local%20Settings/Application%20Data/Microsoft/Wallpaper1.bmp) no-repeat 50% 50%; LEFT: 0px; WIDTH: 1280px; POSITION: absolute; TOP: 0px; HEIGHT: 800px"></DIV><IFRAME
id=1
style="Z-INDEX: 1002; BACKGROUND: none transparent scroll repeat 0% 0%; LEFT: 0px; WIDTH: 284px; POSITION: absolute; TOP: 1px; HEIGHT: 220px"
name=DeskMovrW marginWidth=0 marginHeight=0 src="file:///C:/WINDOWS/warnhp.html"
frameBorder=0 subscribed_url="" resizeable="&#62519;&#31927;&#64168;&#23;&#53093;"> </IFRAME>
<OBJECT id=ActiveDesktopMover
style="LEFT: 0px; VISIBILITY: hidden; WIDTH: 0px; POSITION: absolute; TOP: 0px; HEIGHT: 0px; container: positioned; zIndex: 5"
classid=clsid:72267F6A-A6F9-11D0-BC94-00C04FB67863></OBJECT>
<OBJECT id=ActiveDesktopMoverW
style="Z-INDEX: 1001; LEFT: -1px; VISIBILITY: hidden; WIDTH: 286px; POSITION: absolute; TOP: 0px; HEIGHT: 222px; container: positioned"
classid=clsid:72267F6A-A6F9-11D0-BC94-00C04FB67863></OBJECT>&nbsp;
</BODY></HTML>

do you know what is wrong?:confused:
Thank you for your help (y)
ilias (djsod)
Greece
 
Joined
Sep 7, 2004
Messages
49,014
Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning and a list of forums to seek help at.
    it should look like this
    VundoFix V2.15 by Atri
    By pressing enter you agree that you are using this at your own risk
  • At this point press enter one time.
  • Next you will see:
    Type in the filepath as instructed by the forum staff
    Then Press Enter
  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\byvvv.dll
  • Press Enter,
  • Next you will see:
    Please type in the second filepath as instructed by the forum staff
    Then Press Enter,
  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\vvvyb.*
    If you have a script blocker running, you may get a warning about a malicious script. Allow the script to run. It is not malicious.

  • The fix will run then HijackThis will open.
  • In HijackThis, please place a check next to the following items and click FIX CHECKED:

    • O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\byvvv.dll

      O20 - Winlogon Notify: byvvv - C:\WINDOWS\system32\byvvv.dll
  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  • Once your machine reboots please continue with the instructions below.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HijackThis log and the vundofix.txt file from the vundofix folder into this topic.

=========================

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

* Note: If you receive an error while running option #1 like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications, choose close to terminate the application.."...then do one of the following:

1: Click on the l2mfix.bat again and choose option # 5 for Fix Autoexec.nt/cmd.exe error.
2: Alternatively, you can click the fixautont.html link in the l2mfix folder and follow the directions there to fix it manually.
Do not run the fix portion without fixing the error first.
After you have performed the procedures to fix the error, repeat the steps above to run option #1 for Run Find Log.
 

djsod

Thread Starter
Joined
Dec 14, 2005
Messages
35
hello again MFDnSC:)

Here are the logs.....

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byvvv]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\system32\\byvvv.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\q668lgju16o8.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\fprm0391e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{E5A9948F-195B-84CB-42E5-A1B15BFCB344}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="”&#951;&#902;&#902;¦ › ¦«&#947;«&#944;¤ ˜¨®œ&#949;&#944;¤ §¦&#902;¬£&#946;©&#944;¤"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ƒ ˜®œ&#949;¨ ©ž ©˜¨&#944;«&#947; ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="‘œ&#902;&#949;›˜ ˜©*˜&#902;œ&#949;˜&#63737; NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="‘œ&#902;&#949;›˜ › ¦«&#947;«&#944;¤ «¦¬ OLE Docfile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="„§œ&#901;«&#945;©œ &#63737; «¦¬ &#901;œ&#902;&#951;*¦¬&#63737; š ˜ &#901;¦ ¤&#947; ®¨&#947;©ž"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="¨¦™¦&#902;&#947; œ§&#946;&#901;«˜©ž&#63737; §¨¦©˜¨£¦š&#946;˜ CPL"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="¨¦™¦&#902;&#947; œ§&#946;&#901;«˜©ž&#63737; ¦Ÿ&#950;¤ž&#63737; CPL"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="¨¦™¦&#902;&#947; œ§&#946;&#901;«˜©ž&#63737; &#901;&#949;¤ž©ž&#63737; CPL"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="‘œ&#902;&#949;›˜ ˜©*˜&#902;œ&#949;˜&#63737; DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="‘œ&#902;&#949;›˜ ©¬£™˜«&#950;«ž«˜&#63737;"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="‘¬¤&#945;¨«ž©ž ®œ ¨ ©£¦&#951; ›œ›¦£&#946;¤&#944;¤ §¨¦©&#944;¨ ¤&#953;¤ ˜¤« &#901;œ £&#946;¤&#944;¤ «¦¬ &#901;œ&#902;&#951;*¦¬&#63737;"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="¨¦&#946;&#901;«˜©ž ˜¤« š¨˜*&#947;&#63737; ›&#949;©&#901;¦¬"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="„§œ&#901;«&#945;©œ &#63737; &#901;œ&#902;&#951;*¦¬&#63737; š ˜ ˜¤« &#901;œ&#949;£œ¤˜ › &#901;«&#951;&#944;¤ Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ƒ ˜®œ&#949;¨ ©ž ¦Ÿ&#950;¤ž&#63737; ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ƒ ˜®œ&#949;¨ ©ž œ&#901;«¬§&#944;«&#947; ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="„§œ&#901;«&#945;©œ &#63737; &#901;œ&#902;&#951;*¦¬&#63737; š ˜ ©¬£§&#949;œ©ž ˜¨®œ&#949;&#944;¤"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="„§&#946;&#901;«˜©ž &#901;œ&#902;&#951;*¦¬&#63737; œ&#901;«¬§&#944;«&#947; «¦¬ Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="‹œ¤¦&#951; &#901;¨¬§«¦š¨˜*ž£&#946;¤¦¬ §œ¨ œ®¦£&#946;¤¦¬"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="•˜¨«¦*&#951;&#902;˜&#901;˜&#63737;"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="¨¦&#946;&#901;«˜©ž œ &#901;¦¤ ›&#949;¦¬ HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="¨¦*&#949;&#902; ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="‘œ&#902;&#949;›˜ ˜©*˜&#902;œ&#949;˜&#63737; œ&#901;«¬§&#944;«&#953;¤"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="„§œ&#901;«&#945;©œ &#63737; «¦¬ &#901;œ&#902;&#951;*¦¬&#63737; š ˜ &#901;¦ ¤&#947; ®¨&#947;©ž"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="„§&#946;&#901;«˜©ž Crypto PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="„§&#946;&#901;«˜©ž Crypto Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="‘¬¤›&#946;©œ &#63737; › &#901;«&#951;¦¬"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="‘¬¤›&#946;©œ &#63737; › &#901;«&#951;¦¬"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="‘˜¨&#944;«&#946;&#63737; & *&#944;«¦š¨˜* &#901;&#946;&#63737; £ž®˜¤&#946;&#63737;"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="‘˜¨&#944;«&#946;&#63737; & *&#944;«¦š¨˜* &#901;&#946;&#63737; £ž®˜¤&#946;&#63737;"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="‘˜¨&#944;«&#946;&#63737; & *&#944;«¦š¨˜* &#901;&#946;&#63737; £ž®˜¤&#946;&#63737;"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="‘˜¨&#944;«&#946;&#63737; & *&#944;«¦š¨˜* &#901;&#946;&#63737; £ž®˜¤&#946;&#63737;"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="‘˜¨&#944;«&#946;&#63737; & *&#944;«¦š¨˜* &#901;&#946;&#63737; £ž®˜¤&#946;&#63737;"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="¨¦š¨˜££˜« ©£&#946;¤œ&#63737; œ¨š˜©&#949;œ&#63737;"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="‚¨˜££&#947; œ¨š˜© &#953;¤ &#901;˜ £œ¤¦&#951; &#955;¤˜¨¥ž"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="€¤˜&#947;«ž©ž"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="¦&#947;Ÿœ ˜ &#901;˜ ¬§¦©«&#947;¨ ¥ž"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="¦&#947;Ÿœ ˜ &#901;˜ ¬§¦©«&#947;¨ ¥ž"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="„&#901;«&#946;&#902;œ©ž..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="ˆnternet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="†&#902;. «˜®¬›¨¦£œ&#949;¦"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="‚¨˜££˜«¦©œ ¨&#946;&#63737;"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="„¨š˜&#902;œ&#949;˜ › ˜®œ&#949;¨ ©ž&#63737;"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="‚¨˜££&#947; œ¨š˜&#902;œ&#949;&#944;¤ Internet «ž&#63737; Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="‰˜«&#945;©«˜©ž &#902;&#947;&#8213;ž&#63737;"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="”&#945;&#901;œ&#902;¦&#63737; ˜¬¥ž£&#946;¤¦¬ &#901;œ&#902;&#951;*¦¬&#63737;"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="”&#945;&#901;œ&#902;¦&#63737; ˜¬¥ž£&#946;¤¦¬ &#901;œ&#902;&#951;*¦¬&#63737; 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="…&#953;¤ž ˜¤˜&#947;«ž©ž&#63737;"
"{32683183-48a0-441b-a342-7c2a440a9478}"="…&#953;¤ž £&#946;©&#944;¤"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="€¤˜&#947;«ž©ž £&#946;©˜ ©«¦ §˜¨&#945;Ÿ¬¨¦"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="€¤˜&#947;«ž©ž Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="¦žŸž« &#901;&#950; §¨&#950;š¨˜££˜ œ§ &#902;¦š&#953;¤ ›&#946;¤«¨¦¬ £ž«¨&#953;¦¬"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="ƒ œ&#951;&Ÿ¬¤©ž"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="€¬«&#950;£˜«ž &#901;˜«˜®&#953;¨ž©ž «ž&#63737; Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Š&#949;©«˜ ˜¬«&#950;£˜«ž&#63737; &#901;˜«˜®&#953;¨ž©ž&#63737; MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="¨¦©˜¨£¦©£&#946;¤ž &#902;&#949;©«˜ ˜¬«&#950;£˜«ž&#63737; &#901;˜«˜®&#953;¨ž©ž&#63737; MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="¨¦©™&#945;© £¦&#63737;"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="€¤˜›¬£&#950;£œ¤ž š¨˜££&#947; §˜¨˜&#901;¦&#902;¦&#951;Ÿž©ž&#63737;"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="‹¦¤&#945;›˜ ˜¤&#945;&#902;¬©ž&#63737; š¨˜££&#947;&#63737; › œ¬Ÿ&#951;¤©œ&#944;¤"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Š&#949;©«˜ ˜¬«&#950;£˜«ž&#63737; &#901;˜«˜®&#953;¨ž©ž&#63737; ©«¦¨ &#901;¦&#951; «ž&#63737; Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Š&#948;©«˜ ˜¬«&#950;£˜«ž&#63737; &#901;˜«˜®&#953;¨ž©ž&#63737; *˜&#901;&#946;&#902;&#944;¤ &#901;œ&#902;&#951;*¦¬&#63737; «ž&#63737; Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="‰¦¤«&#946; ¤œ¨ §¦&#902;&#902;˜§&#902;&#953;¤ &#902; ©«&#953;¤ ˜¬«&#950;£˜«ž&#63737; &#901;˜«˜®&#953;¨ž©ž&#63737;"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="‹œ¤¦&#951; «¦§¦Ÿœ©&#949;˜&#63737; &#953;¤ž&#63737; &#901;œ&#902;&#951;*¦¬&#63737;"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="¦&#947;Ÿœ ˜ ®¨&#947;©«ž"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="‰˜Ÿ¦&#902; &#901;&#946;&#63737; ¨¬Ÿ£&#949;©œ &#63737; *˜&#901;&#946;&#902;&#944;¤"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="“§ž¨œ©&#949;˜ ©«¦¨ &#901;¦&#951; Url «ž&#63737; Microsoft"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="¨¦©&#944;¨ ¤&#945; ˜¨®œ&#949;˜ Internet"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="¨¦©&#944;¨ ¤&#945; ˜¨®œ&#949;˜ Internet"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="&#954;š&#901; ©«¨¦ ˜¤˜&#947;«ž©ž&#63737; Url «ž&#63737; Microsoft"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="ŽŸ&#950;¤ž œ&#901;&#901;&#949;¤ž©ž&#63737; «ž&#63737; ¦ &#901;¦š&#946;¤œ ˜&#63737; §¨¦š¨˜££&#945;«&#944;¤ «¦¬ Interrnet Explorer 4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="’¦ Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="…&#953;¤ž «¦¬ Explorer"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="¨¦©&#944;¨ ¤&#950;&#63737; *&#945;&#901;œ&#902;¦&#63737; ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="”&#945;&#901;œ&#902;¦&#63737; œšš¨˜*&#953;¤"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="ƒ ˜®œ&#949;¨ ©ž „*˜¨£¦š&#953;¤ ‰œ&#902;&#951;*¦¬&#63737;"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="€§˜¨ Ÿ£ž«&#947;&#63737; œš&#901;˜«œ©«ž£&#946;¤&#944;¤ œ*˜¨£¦š&#953;¤"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="¨&#950;š¨˜££˜ œ¥˜š&#944;š&#947;&#63737; ˜¨®œ&#949;&#944;¤ £ &#901;¨¦š¨˜* &#953;¤ GDI+"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="¨&#950;š¨˜££˜ ®œ ¨ ©£¦&#951; §&#902;ž¨¦*¦¨ &#953;¤ š ˜ £ &#901;¨¦š¨˜*&#949;œ&#63737; (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="¨&#950;š¨˜££˜ œ¥˜š&#944;š&#947;&#63737; £ &#901;¨¦š¨˜* &#953;¤ HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ž›žš&#950;&#63737; ›ž£¦©&#949;œ¬©ž&#63737; ©«¦ Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="˜¨˜ššœ&#902;&#949;˜ œ&#901;«&#951;§&#944;©ž&#63737; £&#946;©&#944; «¦¬ Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="€¤« &#901;œ&#949;£œ¤¦ Ž›žš¦&#951; ›ž£¦©&#949;œ¬©ž&#63737; &#901;œ&#902;&#951;*¦¬&#63737;"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ž›žš&#950;&#63737; &#902;&#947;&#8213;ž&#63737; Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Š¦š˜¨ ˜©£¦&#949; ®¨ž©«&#953;¤"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="€¨®œ&#949;¦ &#901;˜¤˜&#902; ¦&#951;"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="‘¬¤«&#950;£œ¬©ž &#901;˜¤˜&#902; ¦&#951;"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="€¤« &#901;œ&#949;£œ¤¦ ®œ ¨ ©£¦&#951; &#901;˜¤˜&#902; &#953;¤"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="”&#945;&#901;œ&#902;¦&#63737; ˜¨®œ&#949;&#944;¤ ®&#944;¨&#949;&#63737; ©&#951;¤›œ©ž"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="‚ ˜ &#945;&«¦£˜..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{84D991C3-AF81-4C5F-92B9-ACEC5E74791D}"=""
"{ACAC3339-E9CA-4BDE-8F51-58636D415C38}"=""
"{FE394394-8667-4C2E-A018-A95399C712BE}"=""
"{2A6987E1-561C-48E5-8E06-D2DE8E8337D2}"=""
"{A3029C42-0399-4559-99B5-EF0F3E9FB4B7}"=""
"{947053A3-ED0D-48AE-8D38-CA51F6E07855}"=""
"{fc181130-05a0-11d6-8140-000102e745a6}"="’¦ › &#901;&#950; £¦¬ P900"
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
browseui.dll Thu 24 Nov 2005 2:01:48a A.... 1.022.464 998,50 K
byvvv.dll Mon 26 Dec 2005 8:53:58a ..... 557.108 544,05 K
cdfview.dll Fri 21 Oct 2005 5:40:16a A.... 152.064 148,50 K
danim.dll Sat 5 Nov 2005 5:16:54a A.... 1.057.280 1,01 M
dxtrans.dll Fri 21 Oct 2005 5:40:18a A.... 205.312 200,50 K
esent.dll Fri 21 Oct 2005 12:24:46a A.... 1.082.368 1,03 M
extmgr.dll Fri 21 Oct 2005 5:40:18a ..... 55.808 54,50 K
gccoll~1.dll Tue 15 Nov 2005 12:12:08p A.... 126.680 123,71 K
gcunco~1.dll Tue 15 Nov 2005 12:12:06p A.... 95.448 93,21 K
gdi32.dll Thu 29 Dec 2005 4:54:38a A.... 280.064 273,50 K
hashlib.dll Tue 15 Nov 2005 12:12:08p A.... 117.976 115,21 K
iepeers.dll Fri 21 Oct 2005 5:40:18a A.... 251.392 245,50 K
inseng.dll Fri 21 Oct 2005 5:40:18a A.... 96.768 94,50 K
legitc~1.dll Fri 4 Nov 2005 4:27:24p A.... 534.280 521,76 K
msgplu~1.dll Sat 31 Dec 2005 12:31:56p A.... 58.952 57,57 K
mshtml.dll Thu 24 Nov 2005 2:01:48a A.... 3.013.632 2,87 M
mshtmled.dll Fri 21 Oct 2005 5:40:20a A.... 448.512 438,00 K
msrating.dll Fri 21 Oct 2005 5:40:20a A.... 146.432 143,00 K
mstime.dll Fri 21 Oct 2005 5:40:20a A.... 531.456 519,00 K
oleext.dll Fri 21 Oct 2005 5:40:22a A.... 18.432 18,00 K
oleext32.dll Fri 6 Jan 2006 5:37:46p A.... 664.064 648,50 K
pncrt.dll Sun 4 Dec 2005 6:25:42a A.... 278.528 272,00 K
pndx5016.dll Sun 4 Dec 2005 6:25:44a A.... 6.656 6,50 K
pndx5032.dll Sun 4 Dec 2005 6:25:44a A.... 5.632 5,50 K
pngfilt.dll Fri 21 Oct 2005 5:40:20a A.... 39.424 38,50 K
rmoc3260.dll Sun 4 Dec 2005 6:26:04a A.... 176.167 172,04 K
rtlcpapi.dll Wed 7 Dec 2005 1:54:00p A.... 135.168 132,00 K
shdocvw.dll Thu 1 Dec 2005 6:01:16a A.... 1.492.992 1,42 M
shlwapi.dll Fri 21 Oct 2005 5:40:20a A.... 474.112 463,00 K
sirenacm.dll Wed 14 Dec 2005 10:24:42a A.... 118.784 116,00 K
spmsg.dll Thu 13 Oct 2005 1:11:42a ..... 15.584 15,22 K
urlmon.dll Sat 5 Nov 2005 5:16:58a A.... 606.720 592,50 K
wininet.dll Fri 21 Oct 2005 5:40:22a A.... 664.064 648,50 K
wrlogo~1.dll Wed 14 Dec 2005 7:32:18p A.... 492.544 481,00 K
wrlzma.dll Wed 14 Dec 2005 7:32:14p A.... 17.920 17,50 K

35 items found: 35 files, 0 directories.
Total of file sizes: 15.040.787 bytes 14,34 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
mcrh.tmp Tue 10 Jan 2006 6:47:46p A.... 143 0,14 K

1 item found: 1 file, 0 directories.
Total of file sizes: 143 bytes 0,14 K
**********************************************************************************
Directory Listing of system files:
Ž «&#950;£¦&#63737; ©«ž £¦¤&#945;›˜ ›&#949;©&#901;¦¬ C œ&#949;¤˜ SYSTEM
Ž ˜¨ Ÿ£&#950;&#63737; ©œ ¨&#945;&#63737; «¦¬ «&#950;£¦¬ œ&#949;¤˜ E896-7582

‰˜«&#945;&#902;¦š¦&#63737; «¦¬ C:\WINDOWS\System32

10/01/2006 07:10 ££ 323.328 vvvyb.ini
10/01/2006 06:30 ££ 321.442 vvvyb.bak1
07/01/2006 05:46 ££ <DIR> dllcache
10/12/2002 03:40 ££ <DIR> Microsoft
2 €¨®œ&#949;˜ 644.770 byte
2 ‰˜«&#945;&#902;¦š¦ 1.106.018.304 › ˜Ÿ&#946;© £˜ byte
 

djsod

Thread Starter
Joined
Dec 14, 2005
Messages
35
here is the active scan report



Incident Status Location

Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#917;&#921;&#929;&#919;&#925;&#919;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-7b9ed5f6.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#917;&#921;&#929;&#919;&#925;&#919;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-7b9ed5f6.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#917;&#921;&#929;&#919;&#925;&#919;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-7b9ed5f6.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#917;&#921;&#929;&#919;&#925;&#919;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-7b9ed5f6.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#917;&#921;&#929;&#919;&#925;&#919;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.zip-18765e8a-2509bbf8.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#917;&#921;&#929;&#919;&#925;&#919;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.zip-18765e8a-2509bbf8.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#917;&#921;&#929;&#919;&#925;&#919;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.zip-18765e8a-2509bbf8.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#917;&#921;&#929;&#919;&#925;&#919;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.zip-18765e8a-2509bbf8.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#917;&#921;&#929;&#919;&#925;&#919;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.zip-18765e8a-2509bbf8.zip[Worker.class]
Virus:Trj/Dropper.BA Disinfected C:\Documents and Settings\&#917;&#921;&#929;&#919;&#925;&#919;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.zip-18765e8a-2509bbf8.zip[web.exe]
Adware:Adware/Gator.Trickler Not disinfected C:\Documents and Settings\&#917;&#921;&#929;&#919;&#925;&#919;\&#932;&#945; &#941;&#947;&#947;&#961;&#945;&#966;&#940; &#956;&#959;&#965;\&#927;&#953; &#949;&#953;&#954;&#972;&#957;&#949;&#962; &#956;&#959;&#965;\BeachIslands_s_Inst-38.exe
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Mozilla\Firefox\Profiles\yp22o1wd.default\cookies.txt[]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-185f2a16-2fc6631f.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-185f2a16-2fc6631f.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-185f2a16-2fc6631f.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-185f2a16-2fc6631f.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-185f2a16-5bd97d39.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-185f2a16-5bd97d39.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-185f2a16-5bd97d39.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-185f2a16-5bd97d39.zip[Installer.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba448-29ac8fd4.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba448-29ac8fd4.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba448-29ac8fd4.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba448-29ac8fd4.zip[NewURLClassLoader.class]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-2cb7cc7d-4c326f56.zip[InstallerApplet.class]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-2cb7cc7f-153b36a5.zip[InstallerApplet.class]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-31f06070-746efd1d.zip[InstallerApplet.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv431.jar-1bf0bbf3-5ee8d2e4.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv431.jar-1bf0bbf3-5ee8d2e4.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv431.jar-1bf0bbf3-5ee8d2e4.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv431.jar-1bf0bbf3-5ee8d2e4.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-1dbf9af3-21677ada.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-1dbf9af3-21677ada.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-1dbf9af3-21677ada.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-1dbf9af3-21677ada.zip[Parser.class]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Cookies\&#951;&#955;&#953;&#945;&#963;@com[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Cookies\&#951;&#955;&#953;&#945;&#963;@doubleclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Cookies\&#951;&#955;&#953;&#945;&#963;@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Cookies\&#951;&#955;&#953;&#945;&#963;@mediaplex[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Cookies\&#951;&#955;&#953;&#945;&#963;@tucows[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\Cookies\&#951;&#955;&#953;&#945;&#963;@winfixer[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\&#917;&#960;&#953;&#966;&#940;&#957;&#949;&#953;&#945; &#949;&#961;&#947;&#945;&#963;&#943;&#945;&#962;\l2mfix.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\&#919;&#923;&#921;&#913;&#931;\&#917;&#960;&#953;&#966;&#940;&#957;&#949;&#953;&#945; &#949;&#961;&#947;&#945;&#963;&#943;&#945;&#962;\VundoFix\VundoFix\process.exe
 

djsod

Thread Starter
Joined
Dec 14, 2005
Messages
35
here is the hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 6:22:28 &#956;&#956;, on 10/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\cmd.exe
C:\hijackthis_v1.99.1\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = &#931;&#965;&#957;&#948;&#941;&#963;&#949;&#953;&#962;
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\byvvv.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Phone Connection monitor.lnk = ?
O8 - Extra context menu item: &#917;&&#958;&#945;&#947;&#969;&#947;&#942; &#963;&#964;&#959; Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maps.flash.gr/inc/activex/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134526082054
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: byvvv - C:\WINDOWS\system32\byvvv.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\q668lgju16o8.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\fprm0391e.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program Files\Spyware Cleaner\SCService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
 

djsod

Thread Starter
Joined
Dec 14, 2005
Messages
35
here is the vundofix report

VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------

Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------

killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt

--------------------------------------------------------------------------------------

Filepaths entered
--------------------------------------------------------------------------------------

The filepath entered was C:\WINDOWS\system32\byvvv.dll

The second filepath entered was C:\WINDOWS\system32\vvvyb.*

--------------------------------------------------------------------------------------

Log from Process
--------------------------------------------------------------------------------------


Killing PID 124 'smss.exe'
Error 0x6 : &#927; &#948;&#949;&#943;&#954;&#964;&#951;&#962; &#967;&#949;&#953;&#961;&#953;&#963;&#956;&#959;&#973; &#948;&#949;&#957; &#949;&#943;&#957;&#945;&#953; &#941;&#947;&#954;&#965;&#961;&#959;&#962;.


Killing PID 800 'explorer.exe'
Killing PID 800 'explorer.exe'
Killing PID 800 'explorer.exe'
Killing PID 800 'explorer.exe'
Killing PID 800 'explorer.exe'


Killing PID 196 'winlogon.exe'
Error 0x6 : &#927; &#948;&#949;&#943;&#954;&#964;&#951;&#962; &#967;&#949;&#953;&#961;&#953;&#963;&#956;&#959;&#973; &#948;&#949;&#957; &#949;&#943;&#957;&#945;&#953; &#941;&#947;&#954;&#965;&#961;&#959;&#962;.

--------------------------------------------------------------------------------------

Could not delete C:\WINDOWS\system32\byvvv.dll.
C:\WINDOWS\system32\vvvyb.* Deleted sucessfully.

Fixing Registry
--------------------------------------------------------------------------------------
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top