Welcome Guest ( Log In | Register )

      
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
 
 Closed TopicStart new topic
Spam from www.loadingwebsite.com, IE opens randomly with spam pages
rogerwithnell
post May 13 2005, 05:50 PM
Post #1


New Member
*
Posts: 5
OS: xp
Done all the procedures on your great "Start here" page. Thank you.

I've removed a lot of problems except one. IE randomly opens with the page www.loadingwebsite.com/normal.yyy17.html and then switches to other spam pages - cell phone tunes, emoticons etc etc.

A couple of other things I've noticed which may or may not be relevant.

When I restart, invariably "Windows updates the files" when I haven't changed anything.

In "Close program", only three things are running: avgcc, systray and rundll32. Is that odd?

The HJT log is below. Very much appreciate your help.

Logfile of HijackThis v1.99.1
Scan saved at 00:37:10, on 14/05/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .WAV: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ba.exe
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/uk/dbgames/dbaccess.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
Go to the top of the page
 
+Quote Post
Guest_thatman_*
post May 17 2005, 03:23 AM
Post #2








Hi rogerwithnell

Please download, install and run this disk cleanup utility called Cleanup version 4.0!
http://downloads.stevengould.org/cleanup/CleanUp40.exe
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage:
http://www.bleepingcomputer.com/forums/tutorial93.html
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.
Reboot when prompted to let it clean out the remaining files.

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Use windows add remove program file's uninstall the following:
C:\Program Files\Internet Explorer\ba.exe
C:\Program Files\VBOUNCER\VirtualBouncer.exe

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ba.exe
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/uk/dbgames/dbaccess.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\PROGRA~1\VBOUNCER<--Delete the whole folder
C:\Program Files\Internet Explorer\ba.exe<--Delete this file
Exit Explorer.

Reboot as normal

Please run the following free, online virus scans.
http://www.pandasoftware.com/activescan/co...n_principal.htm
http://housecall.trendmicro.com/housecall/start_corp.asp
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc thumbsup.gif
Go to the top of the page
 
+Quote Post
rogerwithnell
post May 17 2005, 05:22 PM
Post #3


New Member
*
Posts: 5
OS: xp
Thanks for the procedure. Completed although the folder program files\vbouncer was not there. loadingwebsite.com opening spam pages throughout this procedure.

Files from panda scan and HJT below:

Incident Status Location

Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CZLENG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MMPI32.DLL
Adware:Adware/SaveNow No disinfected C:\WINDOWS\All Users\Application Data\wsxs
Spyware:Spyware/Aveo-Attune No disinfected C:\Program Files\Aveo
Spyware:Spyware/AdClicker No disinfected Windows Registry
Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\Start Menu\Programs\AdDestroyer
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UpdInstall.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\dlmax.inf
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\TKPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MSSLGN32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WLAVUSD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SZDPAPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AHDENC32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NYARCH16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UYLMON.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JFPL400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WBOCK32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OZFOX32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ISGSHL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WNNNET16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\hlztbi08.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mWpi32x.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM\akcore.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IHM32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wxsdmoe.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MITCP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OEBCCP32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QVVD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PSPD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EKABLE3.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SXLWAPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NYDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ALMUI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DQ3J.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PLSPL.DLL
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM\nsvsvc\nsvs.dll
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM\nsvsvc\nsv.ocx
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\smnscfg.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MVCUIW32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DA7VB.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WDAUPD98.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DQCNDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DNNMPNTW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DNDRM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MWVCRT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NGDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MKRLE32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DO3J.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\II41_QCX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CZOL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Syace.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CzlEng.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SVORAGE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mjisip.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\huinv.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WJI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mpvidctl.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mMpi32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MHJAVA.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WPPLENC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MTWEBDVD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CQMDLG32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MGDVDOPT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QDDWIPES.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\TDPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IB1XCG9X.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UpdInstall.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AHHOOK.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IKDKCS32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EDIFLN62.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MDUTILSE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RGR20.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OWTWA400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mtnetobj.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MJCD30.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\FO20.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IQS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OEE32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DZSKCP16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SLORAGE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WHBVW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AAYCFILT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OEGFS400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mbndex.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LQRT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RQRC32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EJIFLN62.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IVIRCL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JCMD400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IQ41_QCX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\hginv.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CQBINET.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MCEXCL40.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EYH4E0M2.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Opbcint.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DOCNDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QMVD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MKMFCNT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WRWIZDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DTTACLEN.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\avferror.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AKV01W9X.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RYOCURS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IN1XGDEV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\lwflt09.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\hhzcon08.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\hyzstsin.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wzvdmod.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OOE32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MOSYSTEM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\eecapi.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MERECR40.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WPAUPD98.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DZDIM700.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MDSIGN32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wgstream.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\HYINK.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IO1XGDEV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\HTINK.DLL
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\INF\CERES.INF
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\PYNIX.INF
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\DLMAX.INF
Adware:Adware/StartPage.EL No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\dbaccess.exe
Virus:Trj/Qhost.Y Disinfected C:\WINDOWS\hosts
Adware:Adware/IESearchBar No disinfected C:\WINDOWS\isrvs\mfiltis.dll
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\isearch.xpi
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\isearch.xpi[isearch.jar][isearch.js]
Adware:Adware/ISearch No disinfected C:\WINDOWS\deskbar.ini
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Buddy.exe
Adware:Adware/VirtualBouncer No disinfected C:\Program Files\Common Files\SYSTEM\Mapi\1033\95\WrapperOuter.exe
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
Adware:Adware/ISearch No disinfected C:\Program Files\Mozilla Firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de}\chrome\isearch.jar[isearch.js]
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/VirtualBouncer No disinfected C:\WrapperOuter.exe


Logfile of HijackThis v1.99.1
Scan saved at 00:21:16, on 18/05/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .WAV: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
Go to the top of the page
 
+Quote Post
Guest_thatman_*
post May 18 2005, 12:29 AM
Post #4








Hi rogerwithnell

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.


When you have completed stage one run stage two below

Stage 2
Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

Credit: Shadowwar, OSC

Kc thumbsup.gif
Go to the top of the page
 
+Quote Post
rogerwithnell
post May 18 2005, 03:50 AM
Post #5


New Member
*
Posts: 5
OS: xp
Thanks for your reply.

When I click on l2mfix.bat I get an error saying: "not compatible with 9x or windows nt" and the dos prompt window says: "Directory already exists - syntax error"

Please advise
Go to the top of the page
 
+Quote Post
Guest_thatman_*
post May 18 2005, 04:17 AM
Post #6








Hi rogerwithnell

Please read through the instructions before you start (you may want to print this out).

Download Pocket Killbox and unzip it; save it to your Desktop.
Run killbox and click the radio button that says Delete a file on reboot.
Copy and Paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in where upon you should answer Yes.
Let the system reboot.
C:\WINDOWS\SYSTEM\CZLENG.DLL
C:\WINDOWS\SYSTEM\MMPI32.DLL
C:\WINDOWS\All Users\Application Data\wsxs
C:\Program Files\Aveo
C:\WINDOWS\Start Menu\Programs\AdDestroyer
C:\keys.ini
C:\WINDOWS\isrvs
C:\WINDOWS\SYSTEM\UpdInstall.exe
C:\WINDOWS\inf\dlmax.inf
C:\WINDOWS\SYSTEM\TKPI.DLL
C:\WINDOWS\SYSTEM\MSSLGN32.DLL
C:\WINDOWS\SYSTEM\WLAVUSD.DLL
C:\WINDOWS\SYSTEM\SZDPAPI.DLL
C:\WINDOWS\SYSTEM\AHDENC32.DLL
C:\WINDOWS\SYSTEM\NYARCH16.DLL
C:\WINDOWS\SYSTEM\UYLMON.DLL
C:\WINDOWS\SYSTEM\JFPL400.DLL
C:\WINDOWS\SYSTEM\WBOCK32.DLL
C:\WINDOWS\SYSTEM\OZFOX32.DLL
C:\WINDOWS\SYSTEM\ISGSHL.DLL
C:\WINDOWS\SYSTEM\WNNNET16.DLL
C:\WINDOWS\SYSTEM\hlztbi08.dll
C:\WINDOWS\SYSTEM\mWpi32x.dll
C:\WINDOWS\SYSTEM\akcore.dll
C:\WINDOWS\SYSTEM\IHM32.DLL
C:\WINDOWS\SYSTEM\wxsdmoe.dll
C:\WINDOWS\SYSTEM\MITCP.DLL
C:\WINDOWS\SYSTEM\OEBCCP32.DLL
C:\WINDOWS\SYSTEM\QVVD.DLL
C:\WINDOWS\SYSTEM\PSPD.DLL
C:\WINDOWS\SYSTEM\EKABLE3.DLL
C:\WINDOWS\SYSTEM\SXLWAPI.DLL
C:\WINDOWS\SYSTEM\NYDLL.DLL
C:\WINDOWS\SYSTEM\ALMUI.DLL
C:\WINDOWS\SYSTEM\DQ3J.DLL
C:\WINDOWS\SYSTEM\PLSPL.DLL
C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe
C:\WINDOWS\SYSTEM\nsvsvc\nsvs.dll
C:\WINDOWS\SYSTEM\nsvsvc\nsv.ocx
C:\WINDOWS\SYSTEM\smnscfg.dll
C:\WINDOWS\SYSTEM\MVCUIW32.DLL
C:\WINDOWS\SYSTEM\DA7VB.DLL
C:\WINDOWS\SYSTEM\WDAUPD98.DLL
C:\WINDOWS\SYSTEM\DQCNDI.DLL
C:\WINDOWS\SYSTEM\DNNMPNTW.DLL
C:\WINDOWS\SYSTEM\DNDRM.DLL
C:\WINDOWS\SYSTEM\MWVCRT.DLL
C:\WINDOWS\SYSTEM\NGDLL.DLL
C:\WINDOWS\SYSTEM\MKRLE32.DLL
C:\WINDOWS\SYSTEM\DO3J.DLL
C:\WINDOWS\SYSTEM\II41_QCX.DLL
C:\WINDOWS\SYSTEM\CZOL.DLL
C:\WINDOWS\SYSTEM\Syace.dll
C:\WINDOWS\SYSTEM\CzlEng.dll
C:\WINDOWS\SYSTEM\SVORAGE.DLL
C:\WINDOWS\SYSTEM\mjisip.dll
C:\WINDOWS\SYSTEM\huinv.dll
C:\WINDOWS\SYSTEM\WJI.DLL
C:\WINDOWS\SYSTEM\mpvidctl.dll
C:\WINDOWS\SYSTEM\mMpi32.dll
C:\WINDOWS\SYSTEM\MHJAVA.DLL
C:\WINDOWS\SYSTEM\WPPLENC.DLL
C:\WINDOWS\SYSTEM\MTWEBDVD.DLL
C:\WINDOWS\SYSTEM\CQMDLG32.DLL
C:\WINDOWS\SYSTEM\MGDVDOPT.DLL
C:\WINDOWS\SYSTEM\QDDWIPES.DLL
C:\WINDOWS\SYSTEM\TDPI.DLL
C:\WINDOWS\SYSTEM\IB1XCG9X.DLL
C:\WINDOWS\SYSTEM\UpdInstall.exe
C:\WINDOWS\SYSTEM\AHHOOK.DLL
C:\WINDOWS\SYSTEM\IKDKCS32.DLL
C:\WINDOWS\SYSTEM\EDIFLN62.DLL
C:\WINDOWS\SYSTEM\MDUTILSE.DLL
C:\WINDOWS\SYSTEM\RGR20.DLL
C:\WINDOWS\SYSTEM\OWTWA400.DLL
C:\WINDOWS\SYSTEM\mtnetobj.dll
C:\WINDOWS\SYSTEM\MJCD30.DLL
C:\WINDOWS\SYSTEM\FO20.DLL
C:\WINDOWS\SYSTEM\IQS.DLL
C:\WINDOWS\SYSTEM\OEE32.DLL
C:\WINDOWS\SYSTEM\DZSKCP16.DLL
C:\WINDOWS\SYSTEM\SLORAGE.DLL
C:\WINDOWS\SYSTEM\WHBVW.DLL
C:\WINDOWS\SYSTEM\AAYCFILT.DLL
C:\WINDOWS\SYSTEM\OEGFS400.DLL
C:\WINDOWS\SYSTEM\mbndex.dll
C:\WINDOWS\SYSTEM\LQRT.DLL
C:\WINDOWS\SYSTEM\RQRC32.DLL
C:\WINDOWS\SYSTEM\EJIFLN62.DLL
C:\WINDOWS\SYSTEM\IVIRCL.DLL
C:\WINDOWS\SYSTEM\JCMD400.DLL
C:\WINDOWS\SYSTEM\IQ41_QCX.DLL
C:\WINDOWS\SYSTEM\hginv.dll
C:\WINDOWS\SYSTEM\CQBINET.DLL
C:\WINDOWS\SYSTEM\MCEXCL40.DLL
C:\WINDOWS\SYSTEM\EYH4E0M2.DLL
C:\WINDOWS\SYSTEM\Opbcint.dll
C:\WINDOWS\SYSTEM\DOCNDI.DLL
C:\WINDOWS\SYSTEM\QMVD.DLL
C:\WINDOWS\SYSTEM\MKMFCNT.DLL
C:\WINDOWS\SYSTEM\WRWIZDLL.DLL
C:\WINDOWS\SYSTEM\DTTACLEN.DLL
C:\WINDOWS\SYSTEM\avferror.dll
C:\WINDOWS\SYSTEM\AKV01W9X.DLL
C:\WINDOWS\SYSTEM\RYOCURS.DLL
C:\WINDOWS\SYSTEM\IN1XGDEV.DLL
C:\WINDOWS\SYSTEM\lwflt09.dll
C:\WINDOWS\SYSTEM\hhzcon08.dll
C:\WINDOWS\SYSTEM\hyzstsin.dll
C:\WINDOWS\SYSTEM\wzvdmod.dll
C:\WINDOWS\SYSTEM\OOE32.DLL
C:\WINDOWS\SYSTEM\MOSYSTEM.DLL
C:\WINDOWS\SYSTEM\eecapi.dll
C:\WINDOWS\SYSTEM\MERECR40.DLL
C:\WINDOWS\SYSTEM\WPAUPD98.DLL
C:\WINDOWS\SYSTEM\DZDIM700.DLL
C:\WINDOWS\SYSTEM\MDSIGN32.DLL
C:\WINDOWS\SYSTEM\wgstream.dll
C:\WINDOWS\SYSTEM\HYINK.DLL
C:\WINDOWS\SYSTEM\IO1XGDEV.DLL
C:\WINDOWS\SYSTEM\HTINK.DLL
C:\WINDOWS\INF\CERES.INF
C:\WINDOWS\INF\PYNIX.INF
C:\WINDOWS\INF\DLMAX.INF
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\dbaccess.exe
C:\WINDOWS\hosts
C:\WINDOWS\isrvs\mfiltis.dll
C:\WINDOWS\isrvs\isearch.xpi
C:\WINDOWS\isrvs\isearch.xpi[isearch.jar][isearch.js]
C:\WINDOWS\deskbar.ini
C:\WINDOWS\delprot.ini
C:\WINDOWS\Buddy.exe
C:\Program Files\Common Files\SYSTEM\Mapi\1033\95\WrapperOuter.exe
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
C:\Program Files\Mozilla Firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de}\chrome\isearch.jar[isearch.js]
C:\WrapperOuter.exe

Reboot into normal mode.

Download the Hoster from here Press "Restore Original Hosts. and press "OK". Exit Program.

Please run the following free, online virus scans.
http://www.pandasoftware.com/activescan/co...n_principal.htm
http://housecall.trendmicro.com/housecall/start_corp.asp
Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.

Kc thumbsup.gif
Go to the top of the page
 
+Quote Post
rogerwithnell
post May 18 2005, 07:37 AM
Post #7


New Member
*
Posts: 5
OS: xp
Process completed

Panda log:


Incident Status Location

Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CZLENG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DWWAVE.DLL
Adware:Adware/SaveNow No disinfected C:\WINDOWS\All Users\Application Data\wsxs
Spyware:Spyware/Aveo-Attune No disinfected C:\Program Files\Aveo
Spyware:Spyware/AdClicker No disinfected Windows Registry
Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\Start Menu\Programs\AdDestroyer
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UpdInstall.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\dlmax.inf
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\TKPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MSSLGN32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WLAVUSD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SZDPAPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AHDENC32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NYARCH16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UYLMON.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JFPL400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WBOCK32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OZFOX32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ISGSHL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WNNNET16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\hlztbi08.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mWpi32x.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM\akcore.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IHM32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wxsdmoe.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MITCP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OEBCCP32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QVVD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PSPD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EKABLE3.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SXLWAPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NYDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ALMUI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DQ3J.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PLSPL.DLL
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM\nsvsvc\nsvs.dll
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM\nsvsvc\nsv.ocx
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\smnscfg.dll