Tech Support banner

Status
Not open for further replies.
1 - 6 of 6 Posts

·
Banned
Joined
·
4 Posts
Discussion Starter #1
Help!, my computer has been hacked into, they got onto my msn from which they showed me my IP, I downloaded an anti-hack and it keeps saying that 'Lovesan' attack has been made on my computer, there is spyware working somewhere. Help! Please! Thanks!
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Please follow MicroBell's 5 Step process outlined here

After running through all the steps, please download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\

Double click on HijackThis.exe to run the program.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.
 

·
Banned
Joined
·
4 Posts
Discussion Starter #3
the log u asked for

Logfile of HijackThis v1.99.1
Scan saved at 20:16:51, on 10/30/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\WINNT\System32\UAService7.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = www.blueyonder.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {C3D636FE-33E2-B504-3D02-1C2FAC337475} - (no file)
O2 - BHO: (no name) - {DA082AAF-CD50-B3F6-1B83-B01390B4220A} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: HrryFlash.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.ask.com
O15 - Trusted Zone: www.bbc.co.uk
O15 - Trusted Zone: www.hotmail.com
O15 - Trusted Zone: http://www.techsupportforum.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123587368624
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37390.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: svcuost - Unknown owner - c:\winnt\system32\svcuost.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINNT\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe
 

·
Banned
Joined
·
4 Posts
Discussion Starter #4
i also scanned my c: with panda and was shockd. look

Incident Status Location

Adware:Adware/Popupdefence No disinfected C:\WINNT\system32\PDF77db.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\undmxfrm.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\ikfxres.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\mjutb.dll
Dialer:Dialer.AVB No disinfected C:\WINNT\system32\qwinnta.exe
Adware:Adware/PurityScan No disinfected C:\WINNT\system32\ufz.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\tjd32.dll
Adware:Adware/PurityScan No disinfected C:\WINNT\system32\l?***.exe
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\enrul1991.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\dnps0177e.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\suncui.dll
Spyware:Spyware/Dluca No disinfected C:\WINNT\system32\zylvognl.exe
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\kxdfr.dll
Hacktool:Hacktool/NTRootKit.T No disinfected C:\WINNT\system32\mptsgsvc.exe
Spyware:Spyware/WareOut No disinfected C:\WINNT\system32\minidrv.exe
Adware:Adware/MagicControl No disinfected C:\WINNT\system32\msklive.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\hr8005lme.dll
Adware:Adware/2Search No disinfected C:\WINNT\system32\msnnames.exe
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\l0l6la3s1d.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\gplol3331.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\loasrv.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\lvjo0913e.dll
Adware:Adware/IST.ISTBar No disinfected C:\WINNT\system32\spectreysb.exe
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\n4l8le3u1h.dll
Adware:Adware/Tubby No disinfected C:\WINNT\system32\MTC.dll
Adware:Adware/Startpage.ABS No disinfected C:\WINNT\system32\mqspbkup.exe
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\j4j60e1seh.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\jt4607hse.dll
Possible Virus. No disinfected C:\WINNT\system32\m2syadll.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\gp20l3fm1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\aza8le3u1h.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\e220lcfm1f2a.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\j46mlej11ho.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\i6lolg3316.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\kt8sl7l71.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\jtpm0771e.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\ktlql7351.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\kt46l7hs1.dll
Adware:Adware/SBSoft No disinfected C:\WINNT\system32\dumpsprep.exe
Spyware:Spyware/AdClicker No disinfected C:\WINNT\system32\dmsadmins.exe
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\n28olcl31fq.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\kt4ml7h11.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\m2nq0c55ef.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\g8jo0i13e8.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\m4rmle911h.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\k8440ihqe84e0.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\h2n0lc5m1f.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\g6220gfoe62c0.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\f6l0lg3m16.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\fp8003lme.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\gpn0l35m1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\kt82l7lo1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\i006lads1d06.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\r06u0aj9edo.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\azaq0c55ef.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\k8lqli3518.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\azao0i13e8.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\aza4l19q1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\dnl6013se.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\ir2sl5f71.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\j80slid7180.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\g422lefo1h2c.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\enr4l19q1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\l42s0ef7eh2.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\h64mlgh1164.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\m6820gloe6qc0.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\m6460ghse6460.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\n08o0al3edq.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\azam0a31ed.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\l66olgj316o.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\hrpu0579e.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\aza6l7hs1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\o6ns0g57e6.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\aza6lads1d06.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\p44uleh91h4.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\ktr8l79u1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\gpnql3551.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\mv02l9do1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\o6nslg5716.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\j26mlcj11fo.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\irp4l57q1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\azasl5f71.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\en40l1hm1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\lv4809hue.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\mvj8l91u1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\j26m0cj1efo.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\en8ol1l31.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\azaolgj316o.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\azaml1311.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\ktrol7931.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\mv6ql9j51.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\enlml1311.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\j6j6lg1s16.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\dnru0199e.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\aza2l9do1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\azauleh91h4.dll
Adware:Adware/Comedy-Planet No disinfected C:\WINNT\system32\GoGo9CP.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\h2j4lc1q1f.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\q2ps0c77ef.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\i824lifq182e.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\i0060adsed060.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\d00mlad11d0.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\aza4lifq182e.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\dn4s01h7e.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\i4lo0e33eh.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\en4sl1h71.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\fpnq0355e.dll
Spyware:Spyware/BetterInet No disinfected C:\WINNT\inf\satmat.inf
Spyware:Spyware/Bridge No disinfected C:\WINNT\tmpdata.reg
Adware:Adware/SBSoft No disinfected C:\WINNT\rdt.ini
Dialer:dialer.bny No disinfected C:\WINNT\pcconfig.dat
Adware:adware/elitebar No disinfected C:\WINNT\Downloaded Program Files\OSD149F.OSD
Dialer:Dialer.OK No disinfected C:\WINNT\Downloaded Program Files\internazionale_ver3.INF
Dialer:Dialer.RV No disinfected C:\WINNT\Downloaded Program Files\emsat_ver3.ocx
Dialer:Dialer.RV No disinfected C:\WINNT\Downloaded Program Files\emsat_ver3.INF
Dialer:Dialer.NO No disinfected C:\WINNT\Downloaded Program Files\rdgGB10.exe
Dialer:Dialer.NO No disinfected C:\WINNT\Downloaded Program Files\CONFLICT.1\rdgGB10.exe
Adware:Adware/WUpd No disinfected C:\WINNT\Downloaded Program Files\DeskAdX.dll
Adware:Adware/NetPals No disinfected C:\WINNT\Downloaded Program Files\ATPartners.inf
Adware:Adware/WUpd No disinfected C:\WINNT\Downloaded Program Files\MediaGatewayX.dll
Adware:Adware/WUpd No disinfected C:\WINNT\l.htm
Adware:Adware/EliteBar No disinfected C:\WINNT\m.htm
Adware:Adware/IPInsight No disinfected C:\WINNT\satmat.ini
Possible Virus. No disinfected C:\WINNT\mobile1.exe
Adware:Adware/SAHAgent No disinfected C:\WINNT\unstall.exe
Spyware:spyware/adclicker No disinfected C:\WINNT\usta32.ini
Adware:adware/dealhelper No disinfected C:\WINNT\dhkw1.bin
Dialer:dialer.b No disinfected C:\WINNT\tmlpcert2005
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Administrator\Application Data\dtac.exe
Adware:Adware/Look2Me No disinfected C:\FOUND.022\FILE0000.CHK
Adware:Adware/ToolbarSimbar No disinfected C:\Recycled\Q375359.exe
Dialer:Dialer.NO No disinfected C:\FOUND.024\FILE0017.CHK
Adware:adware/delfinmedia No disinfected C:\keys.ini
 

·
Banned
Joined
·
4 Posts
Discussion Starter #5
i also scanned my c: with panda and was shockd. look

Incident Status Location

Adware:Adware/Popupdefence No disinfected C:\WINNT\system32\PDF77db.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\undmxfrm.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\ikfxres.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\mjutb.dll
Dialer:Dialer.AVB No disinfected C:\WINNT\system32\qwinnta.exe
Adware:Adware/PurityScan No disinfected C:\WINNT\system32\ufz.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\tjd32.dll
Adware:Adware/PurityScan No disinfected C:\WINNT\system32\l?***.exe
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\enrul1991.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\dnps0177e.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\suncui.dll
Spyware:Spyware/Dluca No disinfected C:\WINNT\system32\zylvognl.exe
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\kxdfr.dll
Hacktool:Hacktool/NTRootKit.T No disinfected C:\WINNT\system32\mptsgsvc.exe
Spyware:Spyware/WareOut No disinfected C:\WINNT\system32\minidrv.exe
Adware:Adware/MagicControl No disinfected C:\WINNT\system32\msklive.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\hr8005lme.dll
Adware:Adware/2Search No disinfected C:\WINNT\system32\msnnames.exe
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\l0l6la3s1d.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\gplol3331.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\loasrv.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\lvjo0913e.dll
Adware:Adware/IST.ISTBar No disinfected C:\WINNT\system32\spectreysb.exe
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\n4l8le3u1h.dll
Adware:Adware/Tubby No disinfected C:\WINNT\system32\MTC.dll
Adware:Adware/Startpage.ABS No disinfected C:\WINNT\system32\mqspbkup.exe
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\j4j60e1seh.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\jt4607hse.dll
Possible Virus. No disinfected C:\WINNT\system32\m2syadll.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\gp20l3fm1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\aza8le3u1h.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\e220lcfm1f2a.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\j46mlej11ho.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\i6lolg3316.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\kt8sl7l71.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\jtpm0771e.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\ktlql7351.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\kt46l7hs1.dll
Adware:Adware/SBSoft No disinfected C:\WINNT\system32\dumpsprep.exe
Spyware:Spyware/AdClicker No disinfected C:\WINNT\system32\dmsadmins.exe
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\n28olcl31fq.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\kt4ml7h11.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\m2nq0c55ef.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\g8jo0i13e8.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\m4rmle911h.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\k8440ihqe84e0.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\h2n0lc5m1f.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\g6220gfoe62c0.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\f6l0lg3m16.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\fp8003lme.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\gpn0l35m1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\kt82l7lo1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\i006lads1d06.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\r06u0aj9edo.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\azaq0c55ef.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\k8lqli3518.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\azao0i13e8.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\aza4l19q1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\dnl6013se.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\ir2sl5f71.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\j80slid7180.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\g422lefo1h2c.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\enr4l19q1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\l42s0ef7eh2.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\h64mlgh1164.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\m6820gloe6qc0.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\m6460ghse6460.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\n08o0al3edq.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\azam0a31ed.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\l66olgj316o.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\hrpu0579e.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\aza6l7hs1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\o6ns0g57e6.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\aza6lads1d06.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\p44uleh91h4.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\ktr8l79u1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\gpnql3551.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\mv02l9do1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\o6nslg5716.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\j26mlcj11fo.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\irp4l57q1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\azasl5f71.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\en40l1hm1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\lv4809hue.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\mvj8l91u1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\j26m0cj1efo.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\en8ol1l31.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\azaolgj316o.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\azaml1311.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\ktrol7931.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\mv6ql9j51.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\enlml1311.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\j6j6lg1s16.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\dnru0199e.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\aza2l9do1.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\azauleh91h4.dll
Adware:Adware/Comedy-Planet No disinfected C:\WINNT\system32\GoGo9CP.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\h2j4lc1q1f.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\q2ps0c77ef.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\i824lifq182e.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\i0060adsed060.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\d00mlad11d0.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\aza4lifq182e.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\dn4s01h7e.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\i4lo0e33eh.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\en4sl1h71.dll
Adware:Adware/Look2Me No disinfected C:\WINNT\system32\fpnq0355e.dll
Spyware:Spyware/BetterInet No disinfected C:\WINNT\inf\satmat.inf
Spyware:Spyware/Bridge No disinfected C:\WINNT\tmpdata.reg
Adware:Adware/SBSoft No disinfected C:\WINNT\rdt.ini
Dialer:dialer.bny No disinfected C:\WINNT\pcconfig.dat
Adware:adware/elitebar No disinfected C:\WINNT\Downloaded Program Files\OSD149F.OSD
Dialer:Dialer.OK No disinfected C:\WINNT\Downloaded Program Files\internazionale_ver3.INF
Dialer:Dialer.RV No disinfected C:\WINNT\Downloaded Program Files\emsat_ver3.ocx
Dialer:Dialer.RV No disinfected C:\WINNT\Downloaded Program Files\emsat_ver3.INF
Dialer:Dialer.NO No disinfected C:\WINNT\Downloaded Program Files\rdgGB10.exe
Dialer:Dialer.NO No disinfected C:\WINNT\Downloaded Program Files\CONFLICT.1\rdgGB10.exe
Adware:Adware/WUpd No disinfected C:\WINNT\Downloaded Program Files\DeskAdX.dll
Adware:Adware/NetPals No disinfected C:\WINNT\Downloaded Program Files\ATPartners.inf
Adware:Adware/WUpd No disinfected C:\WINNT\Downloaded Program Files\MediaGatewayX.dll
Adware:Adware/WUpd No disinfected C:\WINNT\l.htm
Adware:Adware/EliteBar No disinfected C:\WINNT\m.htm
Adware:Adware/IPInsight No disinfected C:\WINNT\satmat.ini
Possible Virus. No disinfected C:\WINNT\mobile1.exe
Adware:Adware/SAHAgent No disinfected C:\WINNT\unstall.exe
Spyware:spyware/adclicker No disinfected C:\WINNT\usta32.ini
Adware:adware/dealhelper No disinfected C:\WINNT\dhkw1.bin
Dialer:dialer.b No disinfected C:\WINNT\tmlpcert2005
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Administrator\Application Data\dtac.exe
Adware:Adware/Look2Me No disinfected C:\FOUND.022\FILE0000.CHK
Adware:Adware/ToolbarSimbar No disinfected C:\Recycled\Q375359.exe
Dialer:Dialer.NO No disinfected C:\FOUND.024\FILE0017.CHK
Adware:adware/delfinmedia No disinfected C:\keys.ini
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
You have no Service Pack updates on this system. Did you attempt to do so as requested in the 5 step process I linked you to? This MUST be addressed, or you continue to be infected.

Download, install & launch - Webroot SpySweeper (Trial) (8.3 MB)

When SpySweeper starts, please accept any prompts to update definitions. Exit the program after you have updated.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link doesn't work) and install it.

*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility.


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
    [*]Delete Newsgroup Subscriptions
    [*]Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!

Reboot your computer into Safe Mode.
Restart your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight Safe Mode then hit enter.

Launch & use the diagnostic version of SpySweeper & configure it as followed:
  • Click on the Start button
  • After it has finished scanning, click the Next button
  • Allow Spysweeper to reboot your machine to remove the infected files.
# Reboot back to Normal Mode

Launch SpySweeper & select Results from the left pane
Click the 'Session Log' tab & choose Save to File to create a log.

Post that in your next reply along with a new HJT log.

## IMPORTANT - do not use your computer as you scan.


IMPORTANT!:


Before we can proceed any further, please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system (except service pack 2) (SP2). SP2 should only be installed on a fully disinfected system. At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online.

Please apply those updates BEFORE posting your next log. It is this forum's policy to stop the disinfection process until these basic updates are done. If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunately it’s also this forums policy that we only address users with a legal copy of Windows XP.... therefore if you can not update Windows XP to SP1 we must stop the cleansing process here.

**Note** If your having trouble locating the service pack SP1a here is a direct link to download it from..

http://download.microsoft.com/download/5/4/f/54f8bcf8-bb4d-4613-8ee7-db69d01735ed/xpsp1a_en_x86.exe



Thank you for your cooperation.
 
1 - 6 of 6 Posts
Status
Not open for further replies.
Top