llass.exe virus

Computing.Net > Forums > Security and Virus > llass.exe virus

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

llass.exe virus

Name: motoresto
Date: January 8, 2004 at 20:24:45 Pacific
OS: Win 98 2nd edition
CPU/Ram: Athlon 850/ 128meg

Comment:

Help! I have contracted the llass virus. It keeps changing my homepage to coolsearch.com . Can anyone help? Norton doesn't see the virus, and AVG 6.0 identifies it as llass.exe, but says that it can't heal it because it is being used by Windows.
Here is my Hijack This log. I hope it can shed some light on the problem.
Thanks
Logfile of HijackThis v1.97.7
Scan saved at 10:41:23 AM, on 1/8/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.exe
C:\LLASS.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.exe
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.exe
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.exe
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.exe
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.exe
C:\PROGRAM FILES\INTERNET EXPLORER\MMX.exe
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\EBAYTBAR.exe
C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.exe
C:\PROGRAM FILES\DATE MANAGER\DATEMANAGER.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\DOWNLOADS\HIJACK THIS\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://find4u.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://t.rack.cc/s.php?aid=35
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://t.rack.cc/s.php?aid=35
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://t.rack.cc/h.php?aid=35
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://findloss.com/home.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://t.rack.cc/s.php?aid=35
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/w/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://t.rack.cc/h.php?aid=35
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://t.rack.cc/s.php?aid=35
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://t.rack.cc/s.php?aid=35
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://t.rack.cc/s.php?aid=35
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://t.rack.cc/h.php?aid=35
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://findloss.com/srchasst.html
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\EBAYBAND.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\SYSTEM\BHO001.DLL
O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\IPINSIGT.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\TD1.DLL
O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\WINDOWS\WINSHOW.DLL (file missing)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\EBAYBAND.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.exe"
O4 - HKLM\..\Run: [WINSTART001.EXE] C:\WINDOWS\System\WINSTART001.exe -b
O4 - HKLM\..\Run: [RVP] "c:\Program Files\RVP\bpc.exe"
O4 - HKLM\..\Run: [SENTRY] C:\WINDOWS\SENTRY.exe
O4 - HKLM\..\Run: [NewtonKnowsUpd] "C:\Program Files\Newton Knows\NewtKnow.exe" Main,C:\Program Files\Newton Knows\NewtnUpd.dll,runkey
O4 - HKLM\..\Run: [NoPops] C:\PROGRAM FILES\NOPOPS\NOPOPS.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.exe"
O4 - HKLM\..\Run: [CoffeeCup Spam Blocker] "C:\PROGRAM FILES\COFFEECUP SOFTWARE\SPAM BLOCKER\SPAMBLOCKER.exe" -min
O4 - HKLM\..\Run: [lar] C:\LLASS.exe
O4 - HKLM\..\Run: [SUSP] C:\WINDOWS\SUSP.exe
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
O4 - HKLM\..\RunServices: [lar] C:\LLASS.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\SYSTEM\winservn.exe
O4 - HKCU\..\Run: [XiD] "C:\PROGRAM FILES\INTERNET EXPLORER\mmx.exe"
O4 - Startup: eBay Toolbar.LNK = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\EBAYTBAR.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: eBay Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: eBay Toolbar (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37622.3059837963
O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://207.246.124.105/cabs/ROOSTER3001/TPS108.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://stream1000.babenet.com/cabs/videox.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {001F2570-5DF5-11D3-B991-00A0C9BB0874} (eBay Helper Object) - http://download.ebay.com/toolbar/eBayTBar.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab

Sponsored Link

Ads by Google

Response Number 1

Name: JackG
Date: January 8, 2004 at 20:46:28 Pacific

Reply:

Yep. OPEN CWshredder.exe and close all windows including this one and click the "FIX" button to run. Reboot when done and do it again.
Then update your AD-Aware_v6 with the latest reference update (1-6-2004) and select the Custom Scan, and enable all scan options. Do a full scan and check for removal all items it finds. After rebooting, it might be a good idea to update and run a SpyBot_S&D scan also.
Then reboot and do a full virus scan again.
Then reboot and make a clean Hijack This log and post it back to the thread and see if there are still problems. Sometimes there are new or missed items that someone can help you with.

Response Number 2

Name: motoresto
Date: January 8, 2004 at 22:31:18 Pacific

Reply:

Thank You Jack G.
I did everything you said, and the problem appears to be fixed.
Here is my new Hijack log, let me know if anything else seems out of place.
Thanks again for all your help.
Logfile of HijackThis v1.97.7
Scan saved at 12:26:54 AM, on 1/9/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.exe
C:\LLASS.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.exe
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.exe
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.exe
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.exe
C:\PROGRAM FILES\INTERNET EXPLORER\MMX.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\DOWNLOADS\HIJACK THIS\HIJACKTHIS.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?MyEbayItemsBiddingOn&userid=motoresto&pass=kgA9XnwuTXm5ivCi5x6fl/2&first=N&sellerSort=3&bidderSort=3&watchSort=3&dayssince=2&p1=0&p2=0&p3=0&p4=0&p5=0&ssPageName=MerchMax
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = ,
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NoPops] C:\PROGRAM FILES\NOPOPS\NOPOPS.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.exe"
O4 - HKLM\..\Run: [CoffeeCup Spam Blocker] "C:\PROGRAM FILES\COFFEECUP SOFTWARE\SPAM BLOCKER\SPAMBLOCKER.exe" -min
O4 - HKLM\..\Run: [lar] C:\LLASS.exe
O4 - HKLM\..\Run: [SUSP] C:\WINDOWS\SUSP.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
O4 - HKLM\..\RunServices: [lar] C:\LLASS.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\Run: [XiD] "C:\PROGRAM FILES\INTERNET EXPLORER\mmx.exe"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37622.3059837963
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://stream1000.babenet.com/cabs/videox.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab

Response Number 3

Name: Abnormal
Date: January 8, 2004 at 22:59:38 Pacific

Reply:

Fix the leftovers and reboot.
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O4 - HKLM\..\Run: [lar] C:\LLASS.exe
O4 - HKLM\..\Run: [SUSP] C:\WINDOWS\SUSP.exe
O4 - HKLM\..\RunServices: [lar] C:\LLASS.exe
O4 - HKCU\..\Run: [XiD] "C:\PROGRAM FILES\INTERNET EXPLORER\mmx.exe"
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://stream1000.babenet.com/cabs/videox.cab
Hope this don't show up wide screen.

Response Number 4

Name: motoresto
Date: January 10, 2004 at 01:16:04 Pacific

Reply:

Hi Abnormal
I used AVG to remove what you told me to. I hope that was the correct way to do it. Here is my updated Hijack log. Let me know if there is anything else.
Thanks for the help.
Logfile of HijackThis v1.97.7
Scan saved at 3:12:07 AM, on 1/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.exe
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.exe
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.exe
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\DOWNLOADS\HIJACK THIS\HIJACKTHIS.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?MyEbayItemsBiddingOn&userid=motoresto&pass=kgA9XnwuTXm5ivCi5x6fl/2&first=N&sellerSort=3&bidderSort=3&watchSort=3&dayssince=2&p1=0&p2=0&p3=0&p4=0&p5=0&ssPageName=MerchMax
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = ,
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NoPops] C:\PROGRAM FILES\NOPOPS\NOPOPS.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.exe"
O4 - HKLM\..\Run: [CoffeeCup Spam Blocker] "C:\PROGRAM FILES\COFFEECUP SOFTWARE\SPAM BLOCKER\SPAMBLOCKER.exe" -min
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37622.3059837963
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab

Response Number 5

Name: motoresto
Date: January 10, 2004 at 08:03:13 Pacific

Reply:

Sorry, I used Hijack This, not AVG to fix the issues that were pointed out to me. My mistake, it was kind of late when I posted. Let me know if that was the correct way to do it.
Thanks

eBayISAPI llass.exe llass	bho virus explorer.exe virus explorer.exe virus
See More

Response Number 6

Name: Abnormal
Date: January 10, 2004 at 13:37:50 Pacific

Reply:

motoresto, looks like you did good.
Only thing left, to my knolwedge is;
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)

Good luck and stay safe.

abnormal

Response Number 7

Name: valli
Date: February 23, 2004 at 04:56:43 Pacific

Reply:

help please! i have the same virus on my computer but when i clicked on the link above to fix it (CWshredder.exe), the page was not be available. i need some help as i had this virus for a while without even being aware that i had it.

Sponsored Link

Ads by Google

Nortan makes computer RE...

HijackThis Log - Please H...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: llass.exe virus

ADW Ruledor.c\loader.exe virus help

Summary

www.computing.net/answers/security/adw-ruledorcloaderexe-virus-help/7698.html

b.exe virus..buddypictures

Summary

www.computing.net/answers/security/bexe-virusbuddypictures/18485.html

win.exe.virus!

Summary

www.computing.net/answers/security/winexevirus/1019.html

From the Geek Dictionary
Atari - Gaming Console from back in the era when the picture in the box artwork wou...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 7 Days.
Discuss in The Lounge
Poll History

Recent Posts
My computer shuts down by itself

Version Soluting

Sims Double Deluxe?!

can not reformat because Flash10C.OCX

automatic shut down

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE