1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

corrupted registry files, spyware, and i dont even know. HJT included, help?

Discussion in 'Malware and Virus Removal Archive' started by asgsmile, 2005/02/06.

Thread Status:
Not open for further replies.
  1. 2005/02/06
    asgsmile

    asgsmile Inactive Thread Starter

    Joined:
    2005/02/06
    Messages:
    1
    Likes Received:
    0
    okay, so i am new and i have been propmted to join by the fact that my computer is under attack. i have downloaded hijack this and will post my logfile. please tell me how to continue after that. any help is greatly appreciated. i am pretty sure that i have dmvlite, this desktop search thing that wont delete, and it seems alot more. i kepp getting message about missing or corrupted registry files.

    Logfile of HijackThis v1.99.0
    Scan saved at 3:49:00 PM, on 2/6/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\GW\GBUSSNet Client 2.0\cvpnd.exe
    C:\WINDOWS\System32\msupd4.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
    C:\Program Files\Dell\AccessDirect\DadTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\RUNDLL32.exe
    C:\Program Files\yftmk4i2\yftmk4i2.exe
    C:\WINDOWS\System32\Mfpxqe.exe
    C:\WINDOWS\System32\Kewglr.exe
    c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
    C:\Program Files\hpdll\hpdll.exe
    C:\WINDOWS\system32\kdaa.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\isrvs\desktop.exe
    C:\WINDOWS\System32\vmss\vmss.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\AIM\aim.exe
    C:\WINDOWS\System32\sysmonnt.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\ialmdev5.exe
    C:\Documents and Settings\allison\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gweb.gwu.edu/?ref=www
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    O2 - BHO: (no name) - {0B67D34E-5EC3-4A8B-ABE3-C437D16826D4} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {0D2FB733-2475-48A1-AB99-31BD89F196F1} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {0FF15230-1D1E-411A-8CD3-B3B4286CD904} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\System32\stlb2.dll
    O2 - BHO: (no name) - {2847F65F-4352-4557-8E38-B12BCFACC0EC} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {3EB40509-3746-4226-9040-B53D5037D081} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {51D02731-53B2-4462-9BD3-CF5C5B13F57A} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {5AE50551-D2B4-528A-E9CB-29AFFDECD85E} - C:\WINDOWS\System32\jzzcaghe.dll
    O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
    O2 - BHO: (no name) - {673326E0-31DA-4E27-A30D-F28C5EA0959E} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {68EA1512-FE39-46BE-B82B-F9789905D810} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {6F378900-9823-4D8A-B9DA-06704FF32F1E} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {88AACBD0-4D4B-4514-B31E-DBBE6FEB2967} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {8D288260-1FD2-49D0-A54A-4FD40493B3F3} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {A2E65F11-491A-4DE1-B14B-9035328DF182} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {B195EBAC-825F-78EB-3780-8AB99A6F03E7} - (no file)
    O2 - BHO: (no name) - {CEA2D430-D9F6-4AAF-8099-835FF86FD279} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {D3F44594-FDD8-494D-B571-5DB257EEB6CB} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
    O2 - BHO: (no name) - {F006A8D1-4707-4A51-B3BE-0A889025B076} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {F80FB504-5290-4E1D-B13A-EDF60BFD28E6} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\System32\stlb2.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe "
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll ",cdaEngineMain
    O4 - HKLM\..\Run: [yftmk4i2] C:\Program Files\yftmk4i2\yftmk4i2.exe
    O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Mfpxqe.exe
    O4 - HKLM\..\Run: [xnmuxc] C:\WINDOWS\System32\xnmuxc.exe
    O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Kewglr.exe
    O4 - HKLM\..\Run: [jdbfgc] C:\WINDOWS\System32\jdbfgc.exe
    O4 - HKLM\..\Run: [HPNT] C:\Program Files\hpdll\hpdll.exe
    O4 - HKLM\..\Run: [kdaa] C:\WINDOWS\system32\kdaa.exe
    O4 - HKLM\..\Run: [vzlpjj] c:\windows\system32\vzlpjj.exe
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
    O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
    O4 - HKCU\..\Run: [ialmdev5] C:\WINDOWS\System32\ialmdev5.exe
    O4 - HKCU\..\RunOnce: [Web Offer] Command /c del C:\WINDOWS\System32\EZPOPS~1.EXE
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: GW GBUSSNet Client 2.0.lnk = C:\Program Files\GW\GBUSSNet Client 2.0\vpngui.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O15 - Trusted Zone: http://www.neededware.com
    O16 - DPF: NDWCab - http://www.neededware.com/NDWCab.CAB
    O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,32
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
    O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
    O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy - Unknown - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Program Files\GW\GBUSSNet Client 2.0\cvpnd.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Miscrosoft Updates Service 4 - Unknown - C:\WINDOWS\System32\msupd4.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Unknown - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
    O23 - Service: SAVScan - Unknown - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
    O23 - Service: ScriptBlocking Service - Unknown - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: WLTRYSVC - Unknown - C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe (file missing)
     
    Last edited: 2005/02/06
    asgsmile,
    #1
  2. 2005/02/08
    markp62

    markp62 Geek Member Alumni

    Joined:
    2002/05/01
    Messages:
    4,012
    Likes Received:
    16
    Disable System Restore, and reboot. This is important to do this as deleted files will reappear otherwise.

    Remove these items in HJT with all internet browsers, and Windows Explorer windows closed.

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
    O2 - BHO: (no name) - {0B67D34E-5EC3-4A8B-ABE3-C437D16826D4} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {0D2FB733-2475-48A1-AB99-31BD89F196F1} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {0FF15230-1D1E-411A-8CD3-B3B4286CD904} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\System32\stlb2.dll
    O2 - BHO: (no name) - {2847F65F-4352-4557-8E38-B12BCFACC0EC} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {3EB40509-3746-4226-9040-B53D5037D081} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {51D02731-53B2-4462-9BD3-CF5C5B13F57A} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {5AE50551-D2B4-528A-E9CB-29AFFDECD85E} - C:\WINDOWS\System32\jzzcaghe.dll
    O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
    O2 - BHO: (no name) - {673326E0-31DA-4E27-A30D-F28C5EA0959E} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {68EA1512-FE39-46BE-B82B-F9789905D810} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {6F378900-9823-4D8A-B9DA-06704FF32F1E} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {88AACBD0-4D4B-4514-B31E-DBBE6FEB2967} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {8D288260-1FD2-49D0-A54A-4FD40493B3F3} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {A2E65F11-491A-4DE1-B14B-9035328DF182} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {B195EBAC-825F-78EB-3780-8AB99A6F03E7} - (no file)
    O2 - BHO: (no name) - {CEA2D430-D9F6-4AAF-8099-835FF86FD279} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {D3F44594-FDD8-494D-B571-5DB257EEB6CB} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
    O2 - BHO: (no name) - {F006A8D1-4707-4A51-B3BE-0A889025B076} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O2 - BHO: (no name) - {F80FB504-5290-4E1D-B13A-EDF60BFD28E6} - C:\Program Files\yftmk4i2\yftmk4i2.dll
    O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\System32\stlb2.dll
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll ",cdaEngineMain
    O4 - HKLM\..\Run: [yftmk4i2] C:\Program Files\yftmk4i2\yftmk4i2.exe
    O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Mfpxqe.exe
    O4 - HKLM\..\Run: [xnmuxc] C:\WINDOWS\System32\xnmuxc.exe
    O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Kewglr.exe
    O4 - HKLM\..\Run: [jdbfgc] C:\WINDOWS\System32\jdbfgc.exe
    O4 - HKLM\..\Run: [HPNT] C:\Program Files\hpdll\hpdll.exe
    O4 - HKLM\..\Run: [kdaa] C:\WINDOWS\system32\kdaa.exe
    O4 - HKLM\..\Run: [vzlpjj] c:\windows\system32\vzlpjj.exe
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
    O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
    O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
    O4 - HKCU\..\Run: [ialmdev5] C:\WINDOWS\System32\ialmdev5.exe
    O15 - Trusted Zone: http://www.neededware.com
    O16 - DPF: NDWCab - http://www.neededware.com/NDWCab.CAB
    O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
    O23 - Service: Miscrosoft Updates Service 4 - Unknown - C:\WINDOWS\System32\msupd4.exe

    Reboot into Safe Mode and set Windows Explorer Folder Options to Show All Files.
    Delete these folders.
    C:\Program Files\yftmk4i2
    C:\Program Files\VBouncer
    C:\WINDOWS\isrvs
    C:\WINDOWS\System32\vmss

    Delete these files.
    C:\WINDOWS\System32\stlb2.dll
    C:\WINDOWS\System32\Mfpxqe.exe
    C:\WINDOWS\System32\xnmuxc.exe
    C:\WINDOWS\System32\Kewglr.exe
    C:\WINDOWS\System32\jdbfgc.exe
    C:\WINDOWS\system32\kdaa.exe
    c:\windows\system32\vzlpjj.exe
    C:\WINDOWS\System32\sysmonnt
    C:\WINDOWS\System32\ialmdev5.exe
    C:\WINDOWS\System32\msupd4.exe
    C:\WINDOWS\System32\jzzcaghe.dll
    E6F1873B.DLL
    D0CE0C16B1
    D9EBC318C

    Post a new log after surfing for a bit.
     
    markp62,
    #2


  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...