cachecachekit trojan won't go away - Page 2

tetonbob · 03-02-2006, 09:26 AM

No problem TJ, sorry if that came off rough, it wasn't intended that way -

There's also a Post Reply button at the bottom left of the thread, in case you ever need more features in a reply.

Clear your IE cookies. Start>Settings>Control Panel>Internet Options>General tab>under Temporary files, click on Delete Cookies

Other than that your logs appear clean.

Well done. Any more issues? If not you should be good to go. We still have a few items to address.

Reset hidden/system files and folders

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Enable Windows Auto Update

Go to Start>Run - type wuaucpl.cpl
tick on the checkbox - "Keep my computer up to date"
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
SpywareGuard to catch and block spyware before it can execute.
SPYBOT - SEARCH & DESTROY
Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
AD-AWARE
Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
IE-SPYAD
IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. It can be downloaded here - MVPS Hosts file
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online antivirus scanners:

Anti-Spyware Tutorial

Here are two very good free Antivirus products which are available:
Avast!
AVG

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Winpatrol - Download and install the free version of Winpatrol.
A tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software

If you do not have a firewall, here are 4 free ones available for personal use:

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

Please respond to this thread one more time so we can mark this thread as resolved.

tjtoor · 03-02-2006, 09:42 AM

how do know you all this technical stuff? You sure are good at it.

TJ

tetonbob · 03-02-2006, 09:53 AM

Study, my friend, and practice.

Thanks for the vote of confidence.

I assume this means you're ok now? Is the video still playing up?

tjtoor · 03-02-2006, 05:53 PM

Hi there, I did a Spybot, AVG and AD Aware scan today and it was clean. WOW.

I have a problem when I click Start-Windows Update. The system is checking if I have the latest updates. Then I am asked if I want to do a CUSTOM or EXPRESS check. I have tried both and I get an error message "Files required to use Windows Update are no longer registered or installed on your computer"-to continue ... This was happening while I was posting to you earlier also. I thought it was part of the virus.

My computer sys is 4 yrs old with the old type of Ram with 384MB. I am going to replace the system soon but I can't afford it right now. So I have been slowly replacing things when they breakdown. I have made sure with the computer store that they will work well with the new system. I put a new dvd writer/rom and hardrive(only 30 gigs) in. I only use my computer for internet and minimal Word documents. No games.

Should I replace the Video card and what would you recommend? The blurriness happens if I try to scroll real fast down a post or page only.

A happy TJ

tetonbob · 03-02-2006, 07:05 PM

For the Windows Update issue, see if this helps:

1. Click Start, click Run, and then type the following commands in sequence. Press ENTER after you type each command.
regsvr32 c:\winnt\vbscript.dll
regsvr32 c:\winnt\mshtml.dll
regsvr32 c:\winnt\msjava.dll
regsvr32 c:\winnt\jscript.dll
regsvr32 c:\winnt\msxml.dll
regsvr32 c:\winnt\actxprxy.dll
regsvr32 c:\winnt\shdocvw.dll
2. After you type each command, click OK to dismiss the RegSvr32 message window.

Let me know if that helps.

Do you have the Windows 2000 install disk? If so, you may want to try to invoke the Windows File Protection by going to Start>Run and typing or copy/paste

sfc /scannow

If any system files are found missing or corrupt, SFC will ask you for the install disk from which to replace them.

For the video card questions, you're really in better hands asking in our Video Cards subforum. They will be glad to assist, and be better qualified to help.

tjtoor · 03-04-2006, 01:12 AM

I have run avg and adaware every time I use the computer. Tonight I used Panda's active scan and it found spyware and potential threats. Look 2 Me is on my system.

Here is my HJT

Logfile of HijackThis v1.99.1
Scan saved at 12:08:59 AM, on 04/03/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\Documents and Settings\tj toor\My Documents\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\sistray.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\tj toor\Desktop\HijackThis.exe
C:\Program Files\Windows Media Player\mplayer2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Shaw High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1140481177228
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1140853135422
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37610.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\tj toor\My Documents\ewido anti-malware\ewidoctrl.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe

Here is my Panda log

Incident Status Location

Spyware:Cookie/go Not disinfected C:\WINDOWS\Cookies\anyuser@go[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\tj toor\My Documents\l2mfix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix\Process.exe
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix\backup.zip[djvenum.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix\backup.zip[hr8805lue.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix\backup.zip[hrr8059ue.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix\backup.zip[jjbexec.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix\backup.zip[k080lalm1dqa.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix\backup.zip[o4ro0e93eh.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix\backup.zip[q686lgls16q6.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix\backup.zip[tJpi3.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix\backup.zip[wvhext.dll]

tetonbob · 03-04-2006, 08:29 AM

You had me worried there for a minute TJ -

Those are the backups created when L2Mfix removed them from the system. They are safe there, but let's remove the backups folder, now that it appears that your system is running well.

Delete this folder:

C:\Documents and Settings\tj toor\Desktop\l2mfix\ backup.zip

Delete this file:

C:\WINDOWS\Cookies\ anyuser@go[2].txt

If everything else is ok, I'd like to move this to resolved now. Everything else looks fine.

Please be cautious in your use of Limewire...P2P programs are gateways to infection. That's something new on your system.

03-02-2006, 09:26 AM	#21 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,208 OS: 2000 Pro; XP Pro; XP Home	No problem TJ, sorry if that came off rough, it wasn't intended that way - There's also a Post Reply button at the bottom left of the thread, in case you ever need more features in a reply. Clear your IE cookies. Start>Settings>Control Panel>Internet Options>General tab>under Temporary files, click on Delete Cookies Other than that your logs appear clean. Well done. Any more issues? If not you should be good to go. We still have a few items to address. Reset hidden/system files and folders Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Deselect the Show hidden files and folders option. Select the Hide file extensions for known types option. Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Enable Windows Auto Update Go to Start>Run - type wuaucpl.cpl tick on the checkbox - "Keep my computer up to date" Under settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard to catch and block spyware before it can execute. SPYBOT - SEARCH & DESTROY Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here AD-AWARE Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here IE-SPYAD IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. It can be downloaded here - MVPS Hosts file ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online antivirus scanners: Anti-Spyware Tutorial Here are two very good free Antivirus products which are available: Avast! AVG It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software If you do not have a firewall, here are 4 free ones available for personal use: ZoneAlarm Avast Antivirus/Firewall Tiny Personal Firewall OutPost Firewall In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

03-02-2006, 09:42 AM	#22 (permalink)
tjtoor Registered User Join Date: Feb 2006 Posts: 26 OS: 2000	Thanks for all the patience and help how do know you all this technical stuff? You sure are good at it. TJ Last edited by tjtoor; 03-02-2006 at 09:50 AM.

03-02-2006, 09:53 AM	#23 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,208 OS: 2000 Pro; XP Pro; XP Home	Study, my friend, and practice. Thanks for the vote of confidence. I assume this means you're ok now? Is the video still playing up? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

03-02-2006, 05:53 PM	#24 (permalink)
tjtoor Registered User Join Date: Feb 2006 Posts: 26 OS: 2000	vidcard still acting up sometimes Hi there, I did a Spybot, AVG and AD Aware scan today and it was clean. WOW. I have a problem when I click Start-Windows Update. The system is checking if I have the latest updates. Then I am asked if I want to do a CUSTOM or EXPRESS check. I have tried both and I get an error message "Files required to use Windows Update are no longer registered or installed on your computer"-to continue ... This was happening while I was posting to you earlier also. I thought it was part of the virus. My computer sys is 4 yrs old with the old type of Ram with 384MB. I am going to replace the system soon but I can't afford it right now. So I have been slowly replacing things when they breakdown. I have made sure with the computer store that they will work well with the new system. I put a new dvd writer/rom and hardrive(only 30 gigs) in. I only use my computer for internet and minimal Word documents. No games. Should I replace the Video card and what would you recommend? The blurriness happens if I try to scroll real fast down a post or page only. A happy TJ

03-02-2006, 07:05 PM	#25 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,208 OS: 2000 Pro; XP Pro; XP Home	For the Windows Update issue, see if this helps: 1. Click Start, click Run, and then type the following commands in sequence. Press ENTER after you type each command. regsvr32 c:\winnt\vbscript.dll regsvr32 c:\winnt\mshtml.dll regsvr32 c:\winnt\msjava.dll regsvr32 c:\winnt\jscript.dll regsvr32 c:\winnt\msxml.dll regsvr32 c:\winnt\actxprxy.dll regsvr32 c:\winnt\shdocvw.dll 2. After you type each command, click OK to dismiss the RegSvr32 message window. Let me know if that helps. Do you have the Windows 2000 install disk? If so, you may want to try to invoke the Windows File Protection by going to Start>Run and typing or copy/paste sfc /scannow If any system files are found missing or corrupt, SFC will ask you for the install disk from which to replace them. For the video card questions, you're really in better hands asking in our Video Cards subforum. They will be glad to assist, and be better qualified to help. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

03-04-2006, 01:12 AM	#26 (permalink)
tjtoor Registered User Join Date: Feb 2006 Posts: 26 OS: 2000	panda active scan found spyware I have run avg and adaware every time I use the computer. Tonight I used Panda's active scan and it found spyware and potential threats. Look 2 Me is on my system. Here is my HJT Logfile of HijackThis v1.99.1 Scan saved at 12:08:59 AM, on 04/03/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINNT\System32\svchost.exe C:\Documents and Settings\tj toor\My Documents\ewido anti-malware\ewidoctrl.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\ZONELABS\vsmon.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\sistray.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINNT\system32\internat.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\LimeWire\LimeWire.exe C:\WINNT\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\tj toor\Desktop\HijackThis.exe C:\Program Files\Windows Media Player\mplayer2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Shaw High Speed Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1140481177228 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1140853135422 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37610.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\tj toor\My Documents\ewido anti-malware\ewidoctrl.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe Here is my Panda log Incident Status Location Spyware:Cookie/go Not disinfected C:\WINDOWS\Cookies\anyuser@go[2].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\tj toor\My Documents\l2mfix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix.exe[Process.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix\Process.exe Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix\backup.zip[djvenum.dll] Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix\backup.zip[hr8805lue.dll] Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix\backup.zip[hrr8059ue.dll] Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix\backup.zip[jjbexec.dll] Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix\backup.zip[k080lalm1dqa.dll] Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix\backup.zip[o4ro0e93eh.dll] Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix\backup.zip[q686lgls16q6.dll] Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix\backup.zip[tJpi3.dll] Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\tj toor\Desktop\l2mfix\backup.zip[wvhext.dll]

03-04-2006, 08:29 AM	#27 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,208 OS: 2000 Pro; XP Pro; XP Home	You had me worried there for a minute TJ - Those are the backups created when L2Mfix removed them from the system. They are safe there, but let's remove the backups folder, now that it appears that your system is running well. Delete this folder: C:\Documents and Settings\tj toor\Desktop\l2mfix\ backup.zip Delete this file: C:\WINDOWS\Cookies\ anyuser@go[2].txt If everything else is ok, I'd like to move this to resolved now. Everything else looks fine. Please be cautious in your use of Limewire...P2P programs are gateways to infection. That's something new on your system. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009