NON STOP ADDS! aaaaaaaaaaaaaaargh

[Burgon]

hey i cant figure out how to stop these advertisments from coming up all the time!they come up ever minute or so!

this is the adress from a few of them:

http://www.uniqueoffer-s.com/normal/yyy102.html
http://www.browserbuy-out.com/normal/yyy102.html
http://www.inter-netsuggestions.com/normal/yyy65.html

theres more but this is just a few of them.



i've already used few antiviruses.
AVG updated
SpyBot search a destroy updated
ad-ware updated

 

[The_Other_One]

Search google for HijackThis, run it, and post the log here.

 

[Burgon]

thanks i'll run it when i get home and send the results

 

[jancz3rt]

Yeah

I was at Burgon's house yesterday and we ran SPYBOT S&D, ADWARE, AVG...all scans found something but none of them got rid of these adds from popping up. I will leave it to the spymaster BUZZ to sort out

P.S.: Someone please move this thread to COMPUTER SECURITY.

JAN

 

[apj101]

what do you mean ads, what form do they take, is it a message box that keeps popping up? if so then it sounds like the old messenger service problem. Try this
1. Click Start->Settings ->Control Panel
2. Click Performance and Maintenance
3. Click Administrative Tools
4. Double click Services Scroll
5. down and highlight "Messenger"
6. Right-click the highlighted line and choose Properties.
7. Click the STOP button.
8. Select Disable or Manual in the Startup Type scroll bar
9. Click OK

 

[jancz3rt]

Heya

They are standard internet browser popups coming up in some 5 minute intervals which load up an HTML page (PS: I was at his house yesterday, so that's why I know).

JAN

 

[Burgon]

ok this is wat hijack found

Logfile of HijackThis v1.99.1
Scan saved at 16:51:13, on 9.2.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\VOJTAK~1\LOCALS~1\Temp\Rar$EX00.656\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: Shell=
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c3.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c356.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://l00kl23.com/default.cab?uid=21&id=61578&1s&ex&ppd=4&tag=43
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/ce_ver34.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0863BF5-DFCE-4110-B03B-28A97D0F4AC7}: NameServer = 160.218.10.200 160.218.43.200
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\dn2m01f1e.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

bye jack! lol

 

[Buzz1927]

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the bottom part of the log (should be a list of files) and paste it here.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.

 

[Burgon]

this?

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{9477873D-DA65-2F64-7FA4-AD3CB88505F5}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Str nka vlastnostˇ multimedi lnˇho souboru"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Spr va skeneru s korekcˇ ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Str nka zabezpeźenˇ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Str nka vlastnostˇ OLE Docfile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozçˇýenˇ prostýedˇ pro sdˇlenˇ"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozçˇýenˇ panelu Zobrazenˇ pro grafickě adapt‚r"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozçˇýenˇ panelu Zobrazenˇ pro monitor"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozçˇýenˇ panelu Zobrazenˇ pro panoramatick‚ zobrazenˇ"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Str nka zabezpeźenˇ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Str nka a kompatibilitŘ"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Popisovaź dat věstýi§ku prostýedˇ"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozçˇýenˇ programu Kopˇrov nˇ disku"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozçˇýenˇ prostýedˇ pro objekty sˇtŘ Microsoft Windows Network"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Spr va monitoru s korekcˇ ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Spr va tisk rny s korekcˇ ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozçˇýenˇ prostýedˇ pro kompresi soubor…"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozçˇýenˇ prostýedˇ o tisk rnu v sˇti WWW"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextov nabˇdka çifrov nˇ"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktovka"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozçˇýenˇ ikony programu HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Str nka zabezpeźenˇ tisk ren"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozçˇýenˇ prostýedˇ pro sdˇlenˇ"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozçˇýenˇ pro çifrov nˇ objektu PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozçˇýenˇ pro çifrov nˇ podpisu"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Sˇśov pýipojenˇ"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Sˇśov pýipojenˇ"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skenery a fotoapar ty"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skenery a fotoapar ty"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Skenery a fotoapar ty"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skenery a fotoapar ty"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skenery a fotoapar ty"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Rozçˇýenˇ prostýedˇ pro modul Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Napl novan‚ Łlohy"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Hlavnˇ panel a nabˇdka Start"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Hledat"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="N povŘda a odborn pomoc"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="N povŘda a odborn pomoc"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Spustit..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="N stroje pro spr vu"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Str nka vlastnostˇ pýedchozˇch verzˇ"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Pýedchozˇ verze"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Panel n stroj… Microsoft pro sˇś Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Stav stahov nˇ"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Rozçˇýen slo§ka prostýedˇ"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Vyhled vat v podoknŘ"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Hled nˇ na webu"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="N stroj mo§nostˇ registrov‚ho stromu"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresa"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Textov‚ pole adresy"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Automatick‚ dokonźov nˇ Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Automaticky dokonźovaně seznam MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Pýˇstupně"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Automaticky dokonźovaně seznam historie"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Automaticky se doplĺujˇcˇ seznam slo§ky prostýedˇ spoleźnosti Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Kontejner automatick‚ho dokonźov nˇ vˇce seznam…"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Nabˇdka serveru pruhu prostýedˇ"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Panel plochy aplikacˇ prostýedˇ"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Panel plochy prostýedˇ"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Asistence u§ivatele"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Glob lnˇ nastavenˇ slo§ek"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Slu§ba historie adres URL"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Modul pýiýazenˇ adres URL"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="évodnˇ okno ýady Internet Explorer 4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Pruh aplikace Explorer"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Slo§ka mezipamŘti pro k˘dy ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Slo§ka odbŘr…"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Věźet nainstalovaněch aplikacˇ"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extraktor miniatur soubor… GDI+"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Popisovaź miniatur souhrnněch informacˇ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extraktor miniatur HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Pr…vodce publikov nˇm na webu"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Objedn v nˇ tisku pýes web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objekt prostýedˇ Pr…vodce publikov nˇm"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Pr…vodce zˇsk nˇm Łźtu slu§by Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="U§ivatelsk‚ Łźty"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Soubor kan lu"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Z stupce kan lu"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Objekt popisovaźe kan lu"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Slo§ka soubor… offline"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Oso&by..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{A4DF5659-0801-4A60-9607-1C48695EFDA9}"="Slo§ka odesˇl nˇ Share-to-Web"
"{950FF917-7A57-46BC-8017-59D9BF474000}"="Shell Extension for CDRW"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{2F5AC606-70CF-461C-BFE1-734234536262}"="WindowBlinds CPL Extension"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{DCBAA8C3-7731-4EAF-8C14-544F55944826}"=""
"{D6CC0706-428F-475C-AD16-75BB64B4D14D}"=""
"{47DB8C45-4EDB-43E2-BE71-8771281FA896}"=""
"{50DB97B2-2B17-4FAE-BF49-372CD47AA6F3}"=""
"{85BB1516-AFDD-408A-880A-00B292376421}"=""
"{792BD97B-C085-40B8-B0D7-D2E3176EB3A2}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DCBAA8C3-7731-4EAF-8C14-544F55944826}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{DCBAA8C3-7731-4EAF-8C14-544F55944826}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DCBAA8C3-7731-4EAF-8C14-544F55944826}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DCBAA8C3-7731-4EAF-8C14-544F55944826}\InprocServer32]
@="C:\\WINDOWS\\system32\\MJVCP70.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D6CC0706-428F-475C-AD16-75BB64B4D14D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D6CC0706-428F-475C-AD16-75BB64B4D14D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D6CC0706-428F-475C-AD16-75BB64B4D14D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D6CC0706-428F-475C-AD16-75BB64B4D14D}\InprocServer32]
@="C:\\WINDOWS\\system32\\MAC71JPN.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{47DB8C45-4EDB-43E2-BE71-8771281FA896}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{47DB8C45-4EDB-43E2-BE71-8771281FA896}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{47DB8C45-4EDB-43E2-BE71-8771281FA896}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{47DB8C45-4EDB-43E2-BE71-8771281FA896}\InprocServer32]
@="C:\\WINDOWS\\system32\\cXmocx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{50DB97B2-2B17-4FAE-BF49-372CD47AA6F3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{50DB97B2-2B17-4FAE-BF49-372CD47AA6F3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{50DB97B2-2B17-4FAE-BF49-372CD47AA6F3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{50DB97B2-2B17-4FAE-BF49-372CD47AA6F3}\InprocServer32]
@="C:\\WINDOWS\\system32\\nodeapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{85BB1516-AFDD-408A-880A-00B292376421}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{85BB1516-AFDD-408A-880A-00B292376421}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{85BB1516-AFDD-408A-880A-00B292376421}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{85BB1516-AFDD-408A-880A-00B292376421}\InprocServer32]
@="C:\\WINDOWS\\system32\\lyeps11n.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{792BD97B-C085-40B8-B0D7-D2E3176EB3A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{792BD97B-C085-40B8-B0D7-D2E3176EB3A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{792BD97B-C085-40B8-B0D7-D2E3176EB3A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{792BD97B-C085-40B8-B0D7-D2E3176EB3A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjsap.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

 

[Buzz1927]

No, but it'll do.

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot post a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so! Do Not run in safe mode!!
If after the reboot the log does not open double click on it in the l2mfix folder.

 

[Burgon]

its wants a password!!!!

 

[Buzz1927]

You using an English version of Windows?

 

[mpisarcik]

You guys ever try using Mozilla Firefox as your browser??? I have NEVER got 1 pop up in 2 years of using it in combination of Norton.

 

[Jiffyman]

I use moziila, but I still get a pop up every once in a while. I also have less problems with spyware. IE SUCKS