Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

GENERALLY SCREWED UP


  • Please log in to reply

#31
DR04

DR04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Efwis,

Will do, but I am now not sure I'm doing what you want the right way. When you say "Close" an application, do you mean to exit out of it, OR do you mean to exit out of it and the go to the CLOSE PROGRAM window after press CTRL-ALT-DEL to unload it from the background, too? :tazz: I have only been doing the former, not the latter. Let me know which is the correct way as I now fear that my lack of understanding of your intent may have prolonged the problem.

Thanks. Hope that your head doesn't explode if it's the CTRL-ALT-DEL method.
DR04
  • 0

Advertisements


#32
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,678 posts

Efwis,

Will do, but I am now not sure I'm doing what you want the right way.  When you say "Close" an application, do you mean to exit out of it, OR do you mean to exit out of it and the go to the CLOSE PROGRAM window after press CTRL-ALT-DEL to unload it from the background, too?  :tazz:  I have only been doing the former, not the latter.  Let me know which is the correct way as I now fear that my lack of understanding of your intent may have prolonged the problem.

Thanks.  Hope that your head doesn't explode if it's the CTRL-ALT-DEL method.
DR04

View Post


Closing the application is just that, exit out of it.
You don't need to worry about using CTRL-ALT-DEL unless I instruct you to do it that way. i won't rest until I have beaten this issue so don't give up on me yet ;)

Edited by Efwis, 07 April 2005 - 12:59 PM.

  • 0

#33
DR04

DR04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Efwis,

No worries. I hadn't planned on giving up on you. ;) Just wanted to make sure that I was doing things the correct way so that you didn't find out about a me missing a potentially crucial step in the process. I'm neither a novice nor and expert, but I try to make sure that I don't do more than I know how to do - and do what I know well. ;) Besides, it's too late to back down now. Will let you know how things turn out after I get home sometime tonight.

I the meantime, have a cold, malted beverage of you choice and pretend it's from me :tazz:

DR04
  • 0

#34
DR04

DR04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Efwis,

Life just got much more complicated. ;) Couldn't do the stuff you suggested last night. When I tried to boot up this morning, I got a "Windows Mouse Support" pop-up during the process. The error msg said that there was no mouse detected. To make matters worse, my keyboard wasn't working, either. I manually shut down, checked the connections, then tried again. After scandisk ran, I was able to get to my desktop, but the keyboard still wasn't working and the mouse's movement was jerky rather than smooth. I noticed the "Search the Web" taskbar that we'd managed to get rid of before. Also, the Win98se folder opened again of its own accord. Prior to closing, I saw the "N20050308.exe" file I'd deleted before. Saw another file I didn't recognize, "ZFicons.exe". When I tried to restart, got the 'program not responding' error. Rather than selecting cancel, I selected 'end program'. The machine re-booted. After two more attempts at re-booting, the machine tried to get into SAFE MODE even though I had not done that (keyboard still not working - no lights flashing on when restarting, nothing). I am now getting the Windows Mouse Support window every time I start up. Oh, and my HDD is VERY loud (that's a new issue as of today, too).

I guess it could be software (I didn't try to boot up using my rescue disk - didn't think of it before I had to leave for work), but sure sounds like a HDD may be going bad. What do you think? :tazz:

DR04
  • 0

#35
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,678 posts
hi Dr04,

sounds like this computer is out to prove me wrong in fixing it lol.

after some serious contemplation. I am coming to the conclusion that we may be best off doinga reformat. I hate that word. besides it isn't much fun.

I will leave that decision to you. If you feel that you want to tackle that I understand. From the sounds of it, it does sound like maybe the HDD is starting to go. I have had a HDD go bad from trying to do a fix before. tis not a pretty site., you lose a lot of information when that happens.

if you want to continue working on your computer we will, I won't quit until we have beaten this thing. But, I"m afraid that i may have found the computer that will fight to the end to defeat me. :tazz:

if you decide to continue on I will need a new hijack this log for review.

Edited by Efwis, 08 April 2005 - 07:41 AM.

  • 0

#36
DR04

DR04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Efwis,

Not ready to give up on you :tazz: , but may be forced to give up if I can't get my HDD up and running. ;) Fortunately, I backed up all of my data a couple of weeks ago (right before we started attacking my MALWARE problem). :) Really need to see if I can recover and back-up the changes since then. If my HDD is kaput, then continuing to fight my 'infection' becomes a moot point. ;) When I figure out which path I have to follow, I'll let you know.

Have a good weekend :)
DR04
  • 0

#37
DR04

DR04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Efwis,

Good news :tazz: . Got my PC up and running again. Was very happy to see all the usual suspects, i.e., pop-ups and 'Search the Web' toolbar. I didn't have time to run HJT last night. However, I did run Spybot and AdAware.

Spybot - downloaded available updates and ran the program. Saw a ton of Vx2 entries. Deleted what I could, but won't know how that works until I run it again.

AdAware - downloaded latest update and ran it (I think I have the Vx2 plug-in from an earlier recommendation by you). I locked up during the delete phase again.

Here's my plan (hopefully I'll get a chance to do this tonight):

Run Spybot again. Record ALL malicious entries.

Run AdAware again. Record ALL malicious entries.

Run FindIt and save the log.

Run HJT and save the log.

Post logs to this topic. Provide info on Spybot and AdAware runs in the same topic msg.

If you want me to do something else, let me know. I'll look through the old instructions, but intend to remain connected to the internet during each of the steps, but with all windows closed except for the active application.

Just like a poltergiest, I'm ba-a-a-a-a-a-a-ck ;) !

DR04
  • 0

#38
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,678 posts
Hi DR04,
Glad to hear your machine is still alive :tazz:

I was starting to get a little concerned. anyway I need you to do the following. You will have to have the computer in safe mode

I know you don't want to remove yourself from being online as stated above, but if you don't it will screw up your computer worse thenit already is.

Please follow this link http://castlecops.com/post106277.html You must do exactly as it says


Next try your vx2 tool with adaware.

then, please post a fresh Hijack this log and we will clean up whatever is left. Let me know if adaware still locked up.
  • 0

#39
DR04

DR04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Efwis,

Me, too.

Thanks for the info. I've read through the instructions and only have one question. After running the KAV scan, the instructions say:

"*when it has finished then on the Taskmanager press file/newtask and type explorer to regain the desktop etc."

The instructions appear to be written for a user running XP. I have Win98se on my PC and get a totally different 'taskmanager' window (believe it acutally says "Close Program" on the ID tab). Before running the scan in SAFE MODE, if I click on Explorer and select "end" to stop it from running, how do I get it running again AFTER the scan? I don't have the option of starting a process in the "Close Programs"/taskmanager window in the Win98se version?

I won't do anything until you let me know. May take a couple of days as the various downloads, configurations, and potential length of the scan (2-3 hours) aren't something I can accomplish in one evening.

Thanks again,
DR04
  • 0

#40
DR04

DR04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Efwis,

Went home last night to run a couple of tests for my upcoming attack on the malware on my PC. Here’s what I did and the results of each action:

Ran SpyBot in SAFE MODE. Following items were identified:

Callinghome.biz following 7 items
1. C:\windows\ceres.dll
2. HKEY_CLASSES_ROOT\CLSID\{00000049-8F91-4D9C-9573-F016E7626484}
3. HKEY_CLASSES_ROOT\CeresDLL.CeresdllObj.1
4. HKEY_CLASSES_ROOT\CeresDLL.CeresdllObj
5. HKEY_USERS\DEFAULT\software\Ceres\CSI4kOfSInst
6. HKEY_USERS\DEFAULT\software\Ceres\CSI4kOfSDist
7. HKEY_USERS\DEFAULT\software\Ceres\C4n3trMsgSDisp

#’s 1, 5, 6, and 7 were removed when “Fix Problems” was run. #’s 2, 3, and 4 were to be removed on next boot-up

iSearch with following item (removed when “Fix Problems” run)
1. HKEY_CLASSES_ROOT\CLSID\{950238FB-C706-4791-8674-4D429F85897E}

VX2/f with following item (removed when “Fix Problems” run)
1. C:\WINDOWS\TEMP\dummy.htm

I then ran AdAware in SAFE MODE. Noted the following results:
1. Media motor. Had a RegKey, RegValue and the file c:\windows\system\lehveaye.exe listed
2. C:\WINDOWS\TEMP\THI12B2.TMP\CERES.CAB
3. C:\WINDOWS\TEMP\THI12B2.TMP\CERES.DLL
4. C:\WINDOWS\TEMP\THI2ASE.TMP\CERES.CAB
5. C:\WINDOWS\TEMP\THI2ASE.TMP\CERES.DLL
6. C:\WINDOWS\TEMP\THI3180.TMP\FARMMEXT.CAB
7. C:\WINDOWS\TEMP\THI3C19.TMP\FARMMEXT.CAB
All were deleted successfully

Rebooted and ran Spybot in normal mode – no hits. Still getting pop-ups and have that stupid 'Search the Web' taskbar, but thought that was interesting. Also confirmed that my only options in the "Close Program" window (after pressing CRTL-ALT-DEL) is to End, Shutdown, or Cancel.

One last thing. When I pressed CRTL-ALT-DEL in SAFE MODE, the only program/process that was displayed in the 'Close Program' window was Rundll (could have been Rundll32 - I can't remember now :tazz: and forgot to write it down).

Thanks,
DR04
  • 0

Advertisements


#41
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,678 posts
ok thanks for the update DR04.

I am looking into that situation dealing with the search bar you have. hopefully i will have an answer today.
AS soon as I do, I will make a new post, in that mean time could you please post a fresh hijack this log.
  • 0

#42
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,678 posts
hi DR04, got a fix for you on that searchbar :tazz:

download this program and run it in safe mode, I will have another program after I have a new findit log.

download Delprot.zip

Unzip and run it and post a fresh hijack this log for me, with your findit log.

Edited by Efwis, 14 April 2005 - 12:35 PM.

  • 0

#43
DR04

DR04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Efwis,

Roger. I'll see what I can do.

Thanks,
DR04
  • 0

#44
DR04

DR04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Efwis,

The hits just keep on coming. Downloaded the file you gave me. Re-booted in SAFE MODE and ran it. Here's the msg that came up in the DOS window:

Error 2185: The service name is invalid. Make sure you are specifying a valid service name, and then try again.

Invalid switch - /Q
Invalid path, not directory,
or directory not empty.

Re-booted in regular mode. My 'Search the Web' pop-up taskbar still present.

Anyway, here are the latest HJT and FINDIT logs:


Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C is WIN98SE
Volume Serial Number is 2029-12F4
Directory of C:\WINDOWS\SYSTEM

VW4EN16 DLL 227,104 03-16-05 7:06a VW4EN16.DLL
OSETHK32 DLL 227,104 03-16-05 7:06a OSETHK32.DLL
IDM32 DLL 227,104 03-16-05 7:06a IDM32.DLL
OUECNV32 DLL 227,104 03-16-05 7:06a OUECNV32.DLL
MUMP3WAV DLL 227,104 03-16-05 7:06a mump3wav.dll
UHP10 DLL 227,104 03-16-05 7:06a uhp10.dll
VBHELPER DLL 227,104 03-16-05 7:06a VBHELPER.DLL
WOICORE DLL 227,104 03-16-05 7:06a WOICORE.DLL
CPTDLL DLL 227,104 03-16-05 7:06a CPTDLL.DLL
PSBDLG DLL 227,104 03-16-05 7:06a PSBDLG.DLL
FISRCH DLL 227,104 03-16-05 7:06a FISRCH.DLL
ID50_QC DLL 227,104 03-16-05 7:06a Id50_qc.dll
TND32 DLL 227,104 03-16-05 7:06a TND32.DLL
SDLWOA DLL 227,104 03-16-05 7:06a SDLWOA.DLL
MXCPXL32 DLL 227,104 03-16-05 7:06a MXCPXL32.DLL
MZACM DLL 227,104 03-16-05 7:06a MZACM.DLL
MQC42ENU DLL 227,104 03-16-05 7:06a MQC42ENU.DLL
RVAUI DLL 227,104 03-16-05 7:06a RVAUI.DLL
MWAFD DLL 227,104 03-16-05 7:06a MWAFD.DLL
MZCRLREV DLL 227,104 03-16-05 7:06a mzcrlrev.dll
VGR DLL 227,104 03-16-05 7:06a VGR.DLL
NIS DLL 227,104 03-16-05 7:06a NIS.DLL
SKSCRAP DLL 227,104 03-16-05 7:06a SKSCRAP.DLL
SCLSTR DLL 227,104 03-16-05 7:06a SCLSTR.DLL
TED32 DLL 227,104 03-16-05 7:06a TED32.DLL
SREM0409 DLL 227,104 03-16-05 7:06a SREM0409.DLL
NOS DLL 227,104 03-16-05 7:06a NOS.DLL
MHSTDFMT DLL 227,104 03-16-05 7:06a MHSTDFMT.DLL
SHSTHUNK DLL 227,104 03-16-05 7:06a SHSTHUNK.DLL
MFYUV DLL 227,104 03-16-05 7:06a mfyuv.dll
BGMFUSB DLL 227,104 03-16-05 7:06a BgmfUSB.dll
MDAFD DLL 227,104 03-16-05 7:06a MDAFD.DLL
JOMP500 DLL 227,104 03-16-05 7:06a JOMP500.DLL
BANDFILE DLL 227,104 03-16-05 7:06a BANDFILE.DLL
AASTREAM DLL 227,104 03-16-05 7:06a AASTREAM.DLL
DXIMAN32 DLL 227,104 03-16-05 7:06a DXIMAN32.DLL
JFVALE DLL 227,104 03-16-05 7:06a JFVALE.DLL
IDDKCS32 DLL 227,104 03-16-05 7:06a IDDKCS32.DLL
POUSTAB DLL 227,104 03-16-05 7:06a POUSTAB.DLL
SXLWOA DLL 227,104 03-16-05 7:06a SXLWOA.DLL
CQRESRC DLL 227,104 03-16-05 7:06a CQRESRC.DLL
MRBRKR12 DLL 227,104 03-16-05 7:06a MRBRKR12.DLL
OJE2NLS DLL 227,104 03-16-05 7:06a OJE2NLS.DLL
VXODCTL DLL 227,104 03-16-05 7:06a VXODCTL.DLL
DXNDI DLL 227,104 03-16-05 7:06a DXNDI.DLL
IK509CLS DLL 227,104 03-16-05 7:06a IK509CLS.DLL
BXWEBINS DLL 227,104 03-16-05 7:06a BxWebIns.dll
AVDENC32 DLL 227,104 03-16-05 7:06a AVDENC32.DLL
ONECNV32 DLL 227,104 03-16-05 7:06a ONECNV32.DLL
TZBINF32 DLL 227,104 03-16-05 7:06a TZBINF32.DLL
WFLSOF32 DLL 227,104 03-16-05 7:06a Wflsof32.dll
MZAFD DLL 227,104 03-16-05 7:06a MZAFD.DLL
DYDXOF DLL 227,104 03-16-05 7:06a DYDXOF.DLL
ACFERROR DLL 227,104 03-16-05 7:06a acferror.dll
IDCTL DLL 227,104 03-16-05 7:06a idctl.dll
MCPCIC DLL 227,104 03-16-05 7:06a MCPCIC.DLL
MLAFD DLL 227,104 03-16-05 7:06a MLAFD.DLL
OQBC32GT DLL 227,104 03-16-05 7:06a OQBC32GT.DLL
CWRESRC DLL 227,104 03-16-05 7:06a CWRESRC.DLL
MPCMS DLL 227,104 03-16-05 7:06a MPCMS.DLL
RYR20 DLL 227,104 03-16-05 7:06a RYR20.DLL
NMDLL DLL 227,104 03-16-05 7:06a NMDLL.DLL
PBS DLL 227,104 03-16-05 7:06a pbs.dll
SCORAGE DLL 227,104 03-16-05 7:06a SCORAGE.DLL
RZCHED DLL 227,104 03-16-05 7:06a RZCHED.DLL
DINADDR DLL 227,104 03-16-05 7:06a dinaddr.dll
ITONLIB DLL 227,104 03-16-05 7:06a ITONLIB.DLL
IP1CM DLL 227,104 03-16-05 7:06a IP1cm.dll
PEUSTAB DLL 227,104 03-16-05 7:06a PEUSTAB.DLL
OHFOX32 DLL 227,104 03-16-05 7:06a OHFOX32.DLL
JDT DLL 227,104 03-16-05 7:06a JDT.DLL
AEPISHIM DLL 227,104 03-16-05 7:06a AEPIshim.dll
RUAUI DLL 227,104 03-15-05 3:33p RUAUI.DLL
LEME_ENC DLL 227,104 03-15-05 3:33p lEme_enc.dll
MMGSYS DLL 227,104 03-15-05 3:33p MMGSYS.DLL
MMMIXMGR DLL 227,104 03-15-05 3:33p MMMIXMGR.DLL
MKIMRT16 DLL 227,104 03-08-05 5:32p MKIMRT16.DLL
MFOSS DLL 227,104 03-08-05 5:32p MFOSS.DLL
QSSNAME DLL 227,104 03-08-05 5:32p QSSNAME.DLL
PIGFILT DLL 227,104 03-08-05 5:32p pigfilt.dll
REAUI DLL 227,104 03-08-05 5:32p REAUI.DLL
MZVCIRT DLL 227,104 03-08-05 5:32p mzvcirt.dll
NERSNL DLL 227,104 03-08-05 5:32p NERSNL.DLL
IPSENG DLL 227,104 03-08-05 2:31p IPSENG.DLL
AXRIP DLL 227,104 03-08-05 2:31p axrip.dll
IJDKCS32 DLL 222,568 02-01-05 2:54p IJDKCS32.DLL
VKRSION DLL 222,568 02-01-05 2:54p VKRSION.DLL
DLMCLIEN DLL 222,568 02-01-05 2:54p dlmclien.dll
JET DLL 222,568 02-01-05 2:54p JET.DLL
VYW4 EXE 254,038 12-06-04 5:34p Vyw4.exe
SND2C EXE 254,038 12-06-04 5:34p Snd2C.exe
91 file(s) 20,702,188 bytes
0 dir(s) 9,673.88 MB free

------- Hidden Files in System Directory -------


Volume in drive C is WIN98SE
Volume Serial Number is 2029-12F4
Directory of C:\WINDOWS\SYSTEM

FOLDER HTT 13,122 03-26-05 11:58a folder.htt
DESKTOP INI 266 03-26-05 11:58a desktop.ini
PROSETP GID 24,200 03-26-05 9:15a PROSETP.GID
PICSVR <DIR> 03-25-05 8:51p picsvr
VMSS <DIR> 03-06-05 6:30p vmss
VYW4 EXE 254,038 12-06-04 5:34p Vyw4.exe
SND2C EXE 254,038 12-06-04 5:34p Snd2C.exe
VX0 NLS 8,192 11-01-04 7:47p VX0.NLS
6 file(s) 553,856 bytes
2 dir(s) 9,673.86 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{305938A1-9132-56EB-379D-BFFE055C0FC5}"=""

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
vw4en16.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
osethk32.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
folder.htt Sat Mar 26 2005 11:58:40a ...H. 13,122 12.81 K
idm32.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
desktop.ini Sat Mar 26 2005 11:58:40a ...H. 266 0.26 K
ouecnv32.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
mump3wav.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
uhp10.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
prosetp.gid Sat Mar 26 2005 9:15:36a A..H. 24,200 23.63 K
vbhelper.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
woicore.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
ijdkcs32.dll Tue Feb 1 2005 2:54:52p ..S.R 222,568 217.35 K
vkrsion.dll Tue Feb 1 2005 2:54:52p ..S.R 222,568 217.35 K
dlmclien.dll Tue Feb 1 2005 2:54:52p ..S.R 222,568 217.35 K
cptdll.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
psbdlg.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
fisrch.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
jet.dll Tue Feb 1 2005 2:54:52p ..S.R 222,568 217.35 K
id50_qc.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
tnd32.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
sdlwoa.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
ipseng.dll Tue Mar 8 2005 2:31:12p ..S.R 227,104 221.78 K
mkimrt16.dll Tue Mar 8 2005 5:32:36p ..S.R 227,104 221.78 K
mfoss.dll Tue Mar 8 2005 5:32:36p ..S.R 227,104 221.78 K
qssname.dll Tue Mar 8 2005 5:32:36p ..S.R 227,104 221.78 K
pigfilt.dll Tue Mar 8 2005 5:32:36p ..S.R 227,104 221.78 K
reaui.dll Tue Mar 8 2005 5:32:36p ..S.R 227,104 221.78 K
axrip.dll Tue Mar 8 2005 2:31:12p ..S.R 227,104 221.78 K
ruaui.dll Tue Mar 15 2005 3:33:46p ..S.R 227,104 221.78 K
mzvcirt.dll Tue Mar 8 2005 5:32:36p ..S.R 227,104 221.78 K
leme_enc.dll Tue Mar 15 2005 3:33:46p ..S.R 227,104 221.78 K
mmgsys.dll Tue Mar 15 2005 3:33:46p ..S.R 227,104 221.78 K
mmmixmgr.dll Tue Mar 15 2005 3:33:46p ..S.R 227,104 221.78 K
mxcpxl32.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
mzacm.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
nersnl.dll Tue Mar 8 2005 5:32:36p ..S.R 227,104 221.78 K
mqc42enu.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
rvaui.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
mwafd.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
mzcrlrev.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
vgr.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
nis.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
skscrap.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
sclstr.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
ted32.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
srem0409.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
nos.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
mhstdfmt.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
shsthunk.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
mfyuv.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
bgmfusb.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
mdafd.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
jomp500.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
bandfile.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
aastream.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
dximan32.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
jfvale.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
iddkcs32.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
poustab.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
sxlwoa.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
cqresrc.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
mrbrkr12.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
oje2nls.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
vxodctl.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
dxndi.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
ik509cls.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
bxwebins.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
avdenc32.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
onecnv32.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
tzbinf32.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
wflsof32.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
mzafd.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
dydxof.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
acferror.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
idctl.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
mcpcic.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
mlafd.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
oqbc32gt.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
cwresrc.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
mpcms.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
ryr20.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
nmdll.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
pbs.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
scorage.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
rzched.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
dinaddr.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
itonlib.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
ip1cm.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
peustab.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
ohfox32.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
jdt.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K
aepishim.dll Wed Mar 16 2005 7:06:30a ..S.R 227,104 221.78 K

92 items found: 92 files, 0 directories.
Total of file sizes: 20,231,700 bytes 19.29 M

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\VPTNFILE.518: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.518: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.518: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.518: TROJ_QOOLOGIC.A
C:\WINDOWS\lpt$vpn.518: TROJ_QOOLOGIC.G
C:\WINDOWS\lpt$vpn.518: TROJ_QOOLOGIC.C
C:\WINDOWS\lpt$vpn.518: TROJ_QOOLOGIC.B
C:\WINDOWS\lpt$vpn.518: TROJ_QOOLOGIC.A
C:\WINDOWS\unadbeh.exe: c:\Projects\Gozo\Qoologic\PopupClient\FancyUninstall\Release\FancyUninstall.pdb
C:\WINDOWS\hmrho.dll: excl_urls=photobucket.com,c1.zedo.com,media.deskwizz.com,stats.eblocs.com,passportimages.com,banners.searchingbooth.com,ads234.com,click2.containsitall.com,media.fastclick.net,sandboxer.com,a.websponsors.com,ads.clickagents.com,trk.bestmagsdirect.com,toprebates.com,ad.doubleclick.net,as.casalemedia.com,m3.doubleclick.net,dw.dailywinner.net,img2.mailpostdirect.com,bv.channel.aol.com,adlog2.lzio.com,host239.ipowerweb.com,popups.ad-logics.com,clickserve.cc-dt.com,hits.clickandtrack.net,ads.mydailyhoroscope.net,c5.zedo.com,affiliates.4lowrates.com,couponage.com,ekmas.com,creativeby.viewpoint.com,mydailyhoroscope.net,images.trafficmp.com,actualdeals.com,download.websearch.com,aim-charts.pf.aol.com,aol.com,target.com,yahoo.com,microsoft.com,anrdoezrs.net,isg05.casalemedia.com,jbigpops.cjt1.net,whenusearch.com,trk.pcsecurityshield.com,license.hotbar.com,web.icq.com,sc.musicmatch.com,comcast.net,filter.belkin.com,clickit.go2net.com,adverts.lzio.com,windowsupdate.microsoft.com,v4.windowsupdate.microsoft.com,odysseusmarketing.com,join1.winhundred.com,advert.runescape.com,top-banners.com,sr.websearch.com,messenger.msn.com,download.abetterinternet.com,adserv.internetfuel.com,pops.browseraid.com,banners.pennyweb.com,tv.180solutions.com,s.clkoptimizer.com,adserv1.gruvmedia.com,cdn.icq.com,messenger.zango.com,smileycentral.com,wwp.icq.com,web.tickle.com,isapi60.weatherbug.com,websearch.com,hop.clickbank.net,media76.fastclick.net,mmm.media-motor.net,rightmedia.net,bannerserver.gator.com,www4.yesadvertising.com,ww2.weatherbug.com,servedby.advertising.com,adsrv.qoologic.com,games.yahoo.com,weatherbug.com,jicmedia.cjt1.net,ad.trafficmp.com,updates.qoologic.com,ads1.revenue.net,ar.atwola.com,ads.addynamix.com,wisapidata.weatherbug.com,popuppers.com,as.adwave.com,look2me.com,jbns2.cydoor.com,bannerfarm.ace.advertising.com,delfinproject.com,view.atdmt.com,mm.delfinproject.com,download.smileycentral.com,xadso.offeroptimizer.com,webpdp.gator.com,ayb.lop.com,stopzilla.com,pgq.yahoo.com,jmnad1.com,topicks.com,e.rn11.com,focusin.ads.targetnet.com,insider.msg.yahoo.com,m2.doubleclick.net,mail.yahoo.com,jcontent.bns1.net,ctl.twain-tech.com,master.mx-targeting.com,hotmail.com,searcheffect.com,ads.delfinproject.com,cfg.mywebsearch.com,akapp.whenu.com,newupdates.lzio.com,allaboutsearching.com,amch.questionmarket.com,adfarm.mediaplex.com,hotmail.msn.com,by.optimost.com,cdn-cf.aol.com,paypopup.com,popuptraffic.com,xadsq.offeroptimizer.com,jnictech.cjt1.net,xanga.com,count.exitexchange.com,servedby.adscpm.com,search200.com,cdn-aimtoday.aol.com,kill-pop-ups.com,us.update.companion.yahoo.com,qksrv.net,clickspring.net,xlime.offeroptimizer.com,sr.adwave.com,zone.msn.com,radio.launch.yahoo.com,ads.bidclix.com,counters.honesty.com,oz.valueclick.com,i.emarketresearchgroup.com,ads2.revenue.net,popup.msn.com,adsv2.delfinproject.com,u.clkoptimizer.com,ezula.com,server.iad.liveperson.net,loadingwebsite.com,pan-advert.com,t.trafficmp.com,clicktrk.com,aaabesthomepage.com,ads.exitexchange.com,us.a1.yimg.com,trafficmp.com,yimg.com,a.as-us.falkag.net,a1.yimg.com,z1.adserver.com,falkag.net,as-us.falkag.net,loginnet.passport.com,ads.inet1.com,pagead2.googlesyndication.com,login.passport.net,v8.alwaysupdatednews.com,adv.eblocs.com,alwaysupdatednews.com,fxfeeds.mozilla.org,cdn.aim.com,ar.atwola.com,c4.maxserving.com,maxserving.com,mediaplex.com,altfarm.mediaplex.com,topmoxie.com,global.msads.net,msads.net,banner.goldenpalace.com,goldenpalace.com,us.i1.yimg.com,cdn.comcast.net,us.yimg.com,us.js1.yimg.com,js1.yimg.com,switch.atdmt.com,atdmt.com,update32.searchmiracle.com,onemoresearch.net,
C:\WINDOWS\SYSTEM\pav.sig: Qoologic
C:\WINDOWS\SYSTEM\pav.sig: Qoologic

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00
C:\WINDOWS\SYSTEM\pav.sig: AsPack

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\RWSAPI16.DLL: UMonitor
C:\WINDOWS\SYSTEM\CNHTMGR.DLL: UMonitor
C:\WINDOWS\SYSTEM\WCNNET16.DLL: UMonitor
C:\WINDOWS\SYSTEM\MRCO30.DLL: UMonitor
C:\WINDOWS\SYSTEM\ILMUI.DLL: UMonitor
C:\WINDOWS\SYSTEM\NSMODE.DLL: UMonitor
C:\WINDOWS\SYSTEM\KDRNEL32.DLL: UMonitor
C:\WINDOWS\SYSTEM\SOELL.DLL: UMonitor
C:\WINDOWS\SYSTEM\OOBCINT.DLL: UMonitor
C:\WINDOWS\SYSTEM\PKUSTAB.DLL: UMonitor
C:\WINDOWS\SYSTEM\FHNTEXT.DLL: UMonitor
C:\WINDOWS\SYSTEM\OZECNV32.DLL: UMonitor
C:\WINDOWS\SYSTEM\demigr.dll: UMonitor
C:\WINDOWS\SYSTEM\VFAR2232.DLL: UMonitor
C:\WINDOWS\SYSTEM\WBLP32T.DLL: UMonitor
C:\WINDOWS\SYSTEM\IJDKCS32.DLL: UMonitor
C:\WINDOWS\SYSTEM\IDSENG.DLL: UMonitor
C:\WINDOWS\SYSTEM\sgnsapi.dll: UMonitor
C:\WINDOWS\SYSTEM\BHNDFILE.DLL: UMonitor
C:\WINDOWS\SYSTEM\IU509CLS.DLL: UMonitor
C:\WINDOWS\SYSTEM\RWVPSP.DLL: UMonitor
C:\WINDOWS\SYSTEM\TCPI.DLL: UMonitor
C:\WINDOWS\SYSTEM\VKRSION.DLL: UMonitor
C:\WINDOWS\SYSTEM\FFPWPP.DLL: UMonitor
C:\WINDOWS\SYSTEM\xhlparse.dll: UMonitor
C:\WINDOWS\SYSTEM\NSQTWK.DLL: UMonitor
C:\WINDOWS\SYSTEM\MJSTDFMT.DLL: UMonitor
C:\WINDOWS\SYSTEM\mfjint35.dll: UMonitor
C:\WINDOWS\SYSTEM\CSMMDLG.DLL: UMonitor
C:\WINDOWS\SYSTEM\PUTORERC.DLL: UMonitor
C:\WINDOWS\SYSTEM\smbapi.dll: UMonitor
C:\WINDOWS\SYSTEM\essmtp.dll: UMonitor
C:\WINDOWS\SYSTEM\izwdial.dll: UMonitor
C:\WINDOWS\SYSTEM\MFLTUS40.DLL: UMonitor
C:\WINDOWS\SYSTEM\GUU32.DLL: UMonitor
C:\WINDOWS\SYSTEM\NBRSES.DLL: UMonitor
C:\WINDOWS\SYSTEM\MVPP32.DLL: UMonitor
C:\WINDOWS\SYSTEM\dovoiced.dll: UMonitor
C:\WINDOWS\SYSTEM\MQCPXL32.DLL: UMonitor
C:\WINDOWS\SYSTEM\dlmclien.dll: UMonitor
C:\WINDOWS\SYSTEM\TKPELIB.DLL: UMonitor
C:\WINDOWS\SYSTEM\RDCLTS3.DLL: UMonitor
C:\WINDOWS\SYSTEM\JET.DLL: UMonitor
C:\WINDOWS\SYSTEM\MEC40.DLL: UMonitor
C:\WINDOWS\SYSTEM\MWC40.DLL: UMonitor
C:\WINDOWS\SYSTEM\jpsd400.dll: UMonitor
C:\WINDOWS\SYSTEM\JXDW500.DLL: UMonitor
C:\WINDOWS\SYSTEM\WX5INF16.DLL: UMonitor
C:\WINDOWS\SYSTEM\NMRSIT.DLL: UMonitor
C:\WINDOWS\SYSTEM\dkwaved.dll: UMonitor
C:\WINDOWS\SYSTEM\RLCLTSCM.DLL: UMonitor
C:\WINDOWS\SYSTEM\tRembed.dll: UMonitor
C:\WINDOWS\SYSTEM\COHTMGRX.DLL: UMonitor
C:\WINDOWS\SYSTEM\COAXFR.DLL: UMonitor
C:\WINDOWS\SYSTEM\DVVENUM.DLL: UMonitor
C:\WINDOWS\SYSTEM\MALTUS40.DLL: UMonitor
C:\WINDOWS\SYSTEM\BZOWSEUI.DLL: UMonitor
C:\WINDOWS\SYSTEM\ANMCMPRS.DLL: UMonitor
C:\WINDOWS\SYSTEM\CLIMGX.DLL: UMonitor
C:\WINDOWS\SYSTEM\ulp10.dll: UMonitor

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"EnsoniqMixer"="C:\\WINDOWS\\starter.exe"
"Adaptec DirectCD"="C:\\PROGRA~1\\ADAPTEC\\DIRECTCD\\DIRECTCD.EXE"
"IndexSearch"="C:\\Program Files\\Scansoft\\PaperPort\\IndexSearch.exe"
"SetDefPrt"="C:\\Program Files\\Brother\\Brmfl03a\\BrStDvPt.exe"
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"MMTray"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe"
"vptray"="C:\\PROGRA~1\\NORTON~1\\vptray.exe"
"autoupdate"="rundll32 C:\\WINDOWS\\SYSTEM\\WINUP2DATE.DLL,SHStart"
"KavSvc"="C:\\WINDOWS\\miampr.exe"
"Desktop Search"="C:\\WINDOWS\\isrvs\\desktop.exe"
"ffis"="C:\\WINDOWS\\isrvs\\ffisearch.exe"
"CreateCD"="C:\\PROGRA~1\\ADAPTEC\\EASYCD~1\\CREATECD\\CREATECD.EXE -r"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"



HJT

Logfile of HijackThis v1.99.1
Scan saved at 9:18:34 PM, on 4/14/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\BCMDMMSG.EXE
C:\WINDOWS\SYSTEM\NMSSVC.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\BROTHER\BRMFL03A\BRSTDVPT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\MIAMPR.EXE
C:\WINDOWS\ISRVS\DESKTOP.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\DOWNLOAD\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\starter.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\vptray.exe
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\WINUP2DATE.DLL,SHStart
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\miampr.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [NMSSvc] C:\WINDOWS\SYSTEM\NMSSVC.EXE
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\defwatch.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Brother SmartUI PopUp.lnk = C:\WINDOWS\SYSTEM\SYSAGENT.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: prup.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll

Let me know what to try next.

Thanks,
DR04
  • 0

#45
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,678 posts
hi DR04,

I'm hoping you have not rebooted the machine since the last log was posting. If so this may not work, but we will find out shorltly.

this will require a couple of steps so hang on for a ride :tazz:

First download these programs/files and save to your dsesktop.

http://downloads.sub...nder9x(126).exe
rem.bat unzip and save to your desktop
refix.zip unzip and save to your desktop.


================================
The Fix

1. open your task manager and end these processes:

C:\WINDOWS\MIAMPR.EXE
C:\WINDOWS\ISRVS\DESKTOP.EXE


2. run rem.bat, if it comes up with any errors let me know before you do the other steps, and do not reboot your system.

3. run refix, when it comes up with "are you sure you want to merge this to the registry" choose yes.

4. Disconnect from the Internet close all program that show in the task-bar
Run VX2Finder9x.exe
click find "VX2sbetterinternet"
If any files are found, click make log and post it, if not continue on >
then Hit "user agent" dont be alarmed it will restore the proper one.

Click"restore desktop", (If its not dimmed out) don't be alarmed the desktop will disappear then reappear again

Next hit "import reg" then exit the tool

Then its best to restart your PC, you might have to re-arrange your
task-bar and quick-launch toolbar.

Post a new Hijackthis log adn findit log.

Edited by Efwis, 15 April 2005 - 08:22 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP