I can't fixed this Trojan, Pls help.
My computer is infected by this LMir-BJ, and Win32:Agent AKM.
I have used both Avast to locked it into chest and Ewido to complete scan.
It keeps come back again after reboot. Every time I remove those files into chest, I will lose Internet connection.
I have been trying to kill them for the past 2 days. If you have same experience pls help me or give me some hints.
Many thanks.
The Hijack this Log file:
Logfile of HijackThis v1.99.1
Scan saved at 11:37:38 AM, on 12/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\WINDOWS.000\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS.000\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS.000\htpatch.exe
C:\WINDOWS.000\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS.000\system32\Server.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS.000\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS.000\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\irene\LOCALS~1\Temp\4.exe
C:\WINDOWS.000\system32\conime.exe
C:\WINDOWS.000\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows.000\googletoolbar2.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows.000\googletoolbar2.dll
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ScanRegistry] scanregw.exe/autorun
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS.000\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS.000\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS.000\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS.000\htpatch.exe
O4 - HKLM\..\Run: [FinePrint 分派器 v5] "C:\WINDOWS.000\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS.000\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Systems32] C:\WINDOWS.000\system32\Server.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.000\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://c:\windows.000\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\windows.000\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\windows.000\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows.000\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Documents and Settings\irene\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html
O8 - Extra context menu item: Similar Pages - res://c:\windows.000\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\windows.000\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: °N|O﹐eRA - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: i-Nav A°§U - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav A°§U - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav ?i?μ - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: KB75976M.LOG
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
I have used both Avast to locked it into chest and Ewido to complete scan.
It keeps come back again after reboot. Every time I remove those files into chest, I will lose Internet connection.
I have been trying to kill them for the past 2 days. If you have same experience pls help me or give me some hints.
Many thanks.
The Hijack this Log file:
Logfile of HijackThis v1.99.1
Scan saved at 11:37:38 AM, on 12/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\WINDOWS.000\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS.000\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS.000\htpatch.exe
C:\WINDOWS.000\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS.000\system32\Server.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS.000\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS.000\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\irene\LOCALS~1\Temp\4.exe
C:\WINDOWS.000\system32\conime.exe
C:\WINDOWS.000\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows.000\googletoolbar2.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows.000\googletoolbar2.dll
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ScanRegistry] scanregw.exe/autorun
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS.000\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS.000\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS.000\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS.000\htpatch.exe
O4 - HKLM\..\Run: [FinePrint 分派器 v5] "C:\WINDOWS.000\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS.000\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Systems32] C:\WINDOWS.000\system32\Server.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.000\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://c:\windows.000\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\windows.000\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\windows.000\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows.000\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Documents and Settings\irene\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html
O8 - Extra context menu item: Similar Pages - res://c:\windows.000\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\windows.000\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: °N|O﹐eRA - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: i-Nav A°§U - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav A°§U - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav ?i?μ - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\cn_spi32.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: KB75976M.LOG
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
0
This discussion has been closed.
Comments
Run Hijack This again and place a checkmark next to all of the O10 entries and then click Fix Checked.
Now run the setup file for LSPFix and then run LSPFix.
Check the I know what I'm doing box.
Now check all instances of cn_spi32.dll that are present.
Now click the arrow pointing to the removal box.
Do not remove any other files than the one above!
Now click finish.
Reboot your system and post a new Hijack this log.
I have downloaded the LSPFix.exe, when I opened it, it shows a message "Params is not a valid integer value". I could not open the LSPfix.exe file.
What should I do next? Is the registry already been changed so Icould not open the LSPfix.exe file?
Many thanks.
My coputer was infested by Trojan Win32: Agent AKM & Lmir BI, it is a downloader and it will jam your com port for internet connection. Once I use Ewido and Avast to kill it, it will also kill my Winsock XP LSP files.
Finally, I use Karpersky 6.0 to kill them all. Once you install your Kaspersky, you have to unplug your internet cable and stop the Dialer to call its server again. Run Kaspersky twice and then use the LSPfix to resume your connextivity. That is!~~
Thank you guys.
Hope this helps.
:canflag: