Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spam from www.loadingwebsite.com

Started by rogerwithnell , May 13 2005 05:50 PM

  • This topic is locked This topic is locked

#1
rogerwithnell
Posted 13 May 2005 - 05:50 PM

rogerwithnell

    New Member

  • Member
  • Pip
  • 5 posts
Done all the procedures on your great "Start here" page. Thank you.

I've removed a lot of problems except one. IE randomly opens with the page www.loadingwebsite.com/normal.yyy17.html and then switches to other spam pages - cell phone tunes, emoticons etc etc.

A couple of other things I've noticed which may or may not be relevant.

When I restart, invariably "Windows updates the files" when I haven't changed anything.

In "Close program", only three things are running: avgcc, systray and rundll32. Is that odd?

The HJT log is below. Very much appreciate your help.

Logfile of HijackThis v1.99.1
Scan saved at 00:37:10, on 14/05/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .WAV: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btin...bcontrol023.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ba.exe
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49...es/dbaccess.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbro...kes/FlashAX.cab
  • 0

Advertisements

#2
Guest_thatman_*
Posted 17 May 2005 - 03:23 AM

Guest_thatman_*
  • Guest
Hi rogerwithnell

Please download, install and run this disk cleanup utility called Cleanup version 4.0!
http://downloads.ste...p/CleanUp40.exe
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage:
http://www.bleepingc...tutorial93.html
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.
Reboot when prompted to let it clean out the remaining files.

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Use windows add remove program file's uninstall the following:
C:\Program Files\Internet Explorer\ba.exe
C:\Program Files\VBOUNCER\VirtualBouncer.exe

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ba.exe
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49...es/dbaccess.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbro...kes/FlashAX.cab
Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\PROGRA~1\VBOUNCER<--Delete the whole folder
C:\Program Files\Internet Explorer\ba.exe<--Delete this file
Exit Explorer.

Reboot as normal

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#3
rogerwithnell
Posted 17 May 2005 - 05:22 PM

rogerwithnell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks for the procedure. Completed although the folder program files\vbouncer was not there. loadingwebsite.com opening spam pages throughout this procedure.

Files from panda scan and HJT below:

Incident Status Location

Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CZLENG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MMPI32.DLL
Adware:Adware/SaveNow No disinfected C:\WINDOWS\All Users\Application Data\wsxs
Spyware:Spyware/Aveo-Attune No disinfected C:\Program Files\Aveo
Spyware:Spyware/AdClicker No disinfected Windows Registry
Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\Start Menu\Programs\AdDestroyer
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UpdInstall.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\dlmax.inf
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\TKPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MSSLGN32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WLAVUSD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SZDPAPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AHDENC32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NYARCH16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UYLMON.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JFPL400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WBOCK32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OZFOX32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ISGSHL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WNNNET16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\hlztbi08.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mWpi32x.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM\akcore.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IHM32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wxsdmoe.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MITCP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OEBCCP32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QVVD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PSPD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EKABLE3.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SXLWAPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NYDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ALMUI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DQ3J.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PLSPL.DLL
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM\nsvsvc\nsvs.dll
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM\nsvsvc\nsv.ocx
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\smnscfg.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MVCUIW32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DA7VB.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WDAUPD98.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DQCNDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DNNMPNTW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DNDRM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MWVCRT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NGDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MKRLE32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DO3J.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\II41_QCX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CZOL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Syace.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CzlEng.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SVORAGE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mjisip.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\huinv.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WJI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mpvidctl.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mMpi32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MHJAVA.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WPPLENC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MTWEBDVD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CQMDLG32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MGDVDOPT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QDDWIPES.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\TDPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IB1XCG9X.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UpdInstall.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AHHOOK.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IKDKCS32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EDIFLN62.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MDUTILSE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RGR20.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OWTWA400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mtnetobj.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MJCD30.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\FO20.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IQS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OEE32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DZSKCP16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SLORAGE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WHBVW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AAYCFILT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OEGFS400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mbndex.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LQRT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RQRC32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EJIFLN62.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IVIRCL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JCMD400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IQ41_QCX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\hginv.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CQBINET.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MCEXCL40.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EYH4E0M2.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Opbcint.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DOCNDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QMVD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MKMFCNT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WRWIZDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DTTACLEN.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\avferror.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AKV01W9X.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RYOCURS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IN1XGDEV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\lwflt09.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\hhzcon08.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\hyzstsin.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wzvdmod.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OOE32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MOSYSTEM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\eecapi.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MERECR40.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WPAUPD98.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DZDIM700.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MDSIGN32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wgstream.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\HYINK.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IO1XGDEV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\HTINK.DLL
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\INF\CERES.INF
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\PYNIX.INF
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\DLMAX.INF
Adware:Adware/StartPage.EL No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\dbaccess.exe
Virus:Trj/Qhost.Y Disinfected C:\WINDOWS\hosts
Adware:Adware/IESearchBar No disinfected C:\WINDOWS\isrvs\mfiltis.dll
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\isearch.xpi
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\isearch.xpi[isearch.jar][isearch.js]
Adware:Adware/ISearch No disinfected C:\WINDOWS\deskbar.ini
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Buddy.exe
Adware:Adware/VirtualBouncer No disinfected C:\Program Files\Common Files\SYSTEM\Mapi\1033\95\WrapperOuter.exe
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
Adware:Adware/ISearch No disinfected C:\Program Files\Mozilla Firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de}\chrome\isearch.jar[isearch.js]
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/VirtualBouncer No disinfected C:\WrapperOuter.exe


Logfile of HijackThis v1.99.1
Scan saved at 00:21:16, on 18/05/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .WAV: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btin...bcontrol023.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
  • 0

#4
Guest_thatman_*
Posted 18 May 2005 - 12:29 AM

Guest_thatman_*
  • Guest
Hi rogerwithnell

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.


When you have completed stage one run stage two below

Stage 2
Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

Credit: Shadowwar, OSC

Kc :tazz:
  • 0

#5
rogerwithnell
Posted 18 May 2005 - 03:50 AM

rogerwithnell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks for your reply.

When I click on l2mfix.bat I get an error saying: "not compatible with 9x or windows nt" and the dos prompt window says: "Directory already exists - syntax error"

Please advise
  • 0

#6
Guest_thatman_*
Posted 18 May 2005 - 04:17 AM

Guest_thatman_*
  • Guest
Hi rogerwithnell

Please read through the instructions before you start (you may want to print this out).

Download Pocket Killbox and unzip it; save it to your Desktop.
Run killbox and click the radio button that says Delete a file on reboot.
Copy and Paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in where upon you should answer Yes.
Let the system reboot.
C:\WINDOWS\SYSTEM\CZLENG.DLL
C:\WINDOWS\SYSTEM\MMPI32.DLL
C:\WINDOWS\All Users\Application Data\wsxs
C:\Program Files\Aveo
C:\WINDOWS\Start Menu\Programs\AdDestroyer
C:\keys.ini
C:\WINDOWS\isrvs
C:\WINDOWS\SYSTEM\UpdInstall.exe
C:\WINDOWS\inf\dlmax.inf
C:\WINDOWS\SYSTEM\TKPI.DLL
C:\WINDOWS\SYSTEM\MSSLGN32.DLL
C:\WINDOWS\SYSTEM\WLAVUSD.DLL
C:\WINDOWS\SYSTEM\SZDPAPI.DLL
C:\WINDOWS\SYSTEM\AHDENC32.DLL
C:\WINDOWS\SYSTEM\NYARCH16.DLL
C:\WINDOWS\SYSTEM\UYLMON.DLL
C:\WINDOWS\SYSTEM\JFPL400.DLL
C:\WINDOWS\SYSTEM\WBOCK32.DLL
C:\WINDOWS\SYSTEM\OZFOX32.DLL
C:\WINDOWS\SYSTEM\ISGSHL.DLL
C:\WINDOWS\SYSTEM\WNNNET16.DLL
C:\WINDOWS\SYSTEM\hlztbi08.dll
C:\WINDOWS\SYSTEM\mWpi32x.dll
C:\WINDOWS\SYSTEM\akcore.dll
C:\WINDOWS\SYSTEM\IHM32.DLL
C:\WINDOWS\SYSTEM\wxsdmoe.dll
C:\WINDOWS\SYSTEM\MITCP.DLL
C:\WINDOWS\SYSTEM\OEBCCP32.DLL
C:\WINDOWS\SYSTEM\QVVD.DLL
C:\WINDOWS\SYSTEM\PSPD.DLL
C:\WINDOWS\SYSTEM\EKABLE3.DLL
C:\WINDOWS\SYSTEM\SXLWAPI.DLL
C:\WINDOWS\SYSTEM\NYDLL.DLL
C:\WINDOWS\SYSTEM\ALMUI.DLL
C:\WINDOWS\SYSTEM\DQ3J.DLL
C:\WINDOWS\SYSTEM\PLSPL.DLL
C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe
C:\WINDOWS\SYSTEM\nsvsvc\nsvs.dll
C:\WINDOWS\SYSTEM\nsvsvc\nsv.ocx
C:\WINDOWS\SYSTEM\smnscfg.dll
C:\WINDOWS\SYSTEM\MVCUIW32.DLL
C:\WINDOWS\SYSTEM\DA7VB.DLL
C:\WINDOWS\SYSTEM\WDAUPD98.DLL
C:\WINDOWS\SYSTEM\DQCNDI.DLL
C:\WINDOWS\SYSTEM\DNNMPNTW.DLL
C:\WINDOWS\SYSTEM\DNDRM.DLL
C:\WINDOWS\SYSTEM\MWVCRT.DLL
C:\WINDOWS\SYSTEM\NGDLL.DLL
C:\WINDOWS\SYSTEM\MKRLE32.DLL
C:\WINDOWS\SYSTEM\DO3J.DLL
C:\WINDOWS\SYSTEM\II41_QCX.DLL
C:\WINDOWS\SYSTEM\CZOL.DLL
C:\WINDOWS\SYSTEM\Syace.dll
C:\WINDOWS\SYSTEM\CzlEng.dll
C:\WINDOWS\SYSTEM\SVORAGE.DLL
C:\WINDOWS\SYSTEM\mjisip.dll
C:\WINDOWS\SYSTEM\huinv.dll
C:\WINDOWS\SYSTEM\WJI.DLL
C:\WINDOWS\SYSTEM\mpvidctl.dll
C:\WINDOWS\SYSTEM\mMpi32.dll
C:\WINDOWS\SYSTEM\MHJAVA.DLL
C:\WINDOWS\SYSTEM\WPPLENC.DLL
C:\WINDOWS\SYSTEM\MTWEBDVD.DLL
C:\WINDOWS\SYSTEM\CQMDLG32.DLL
C:\WINDOWS\SYSTEM\MGDVDOPT.DLL
C:\WINDOWS\SYSTEM\QDDWIPES.DLL
C:\WINDOWS\SYSTEM\TDPI.DLL
C:\WINDOWS\SYSTEM\IB1XCG9X.DLL
C:\WINDOWS\SYSTEM\UpdInstall.exe
C:\WINDOWS\SYSTEM\AHHOOK.DLL
C:\WINDOWS\SYSTEM\IKDKCS32.DLL
C:\WINDOWS\SYSTEM\EDIFLN62.DLL
C:\WINDOWS\SYSTEM\MDUTILSE.DLL
C:\WINDOWS\SYSTEM\RGR20.DLL
C:\WINDOWS\SYSTEM\OWTWA400.DLL
C:\WINDOWS\SYSTEM\mtnetobj.dll
C:\WINDOWS\SYSTEM\MJCD30.DLL
C:\WINDOWS\SYSTEM\FO20.DLL
C:\WINDOWS\SYSTEM\IQS.DLL
C:\WINDOWS\SYSTEM\OEE32.DLL
C:\WINDOWS\SYSTEM\DZSKCP16.DLL
C:\WINDOWS\SYSTEM\SLORAGE.DLL
C:\WINDOWS\SYSTEM\WHBVW.DLL
C:\WINDOWS\SYSTEM\AAYCFILT.DLL
C:\WINDOWS\SYSTEM\OEGFS400.DLL
C:\WINDOWS\SYSTEM\mbndex.dll
C:\WINDOWS\SYSTEM\LQRT.DLL
C:\WINDOWS\SYSTEM\RQRC32.DLL
C:\WINDOWS\SYSTEM\EJIFLN62.DLL
C:\WINDOWS\SYSTEM\IVIRCL.DLL
C:\WINDOWS\SYSTEM\JCMD400.DLL
C:\WINDOWS\SYSTEM\IQ41_QCX.DLL
C:\WINDOWS\SYSTEM\hginv.dll
C:\WINDOWS\SYSTEM\CQBINET.DLL
C:\WINDOWS\SYSTEM\MCEXCL40.DLL
C:\WINDOWS\SYSTEM\EYH4E0M2.DLL
C:\WINDOWS\SYSTEM\Opbcint.dll
C:\WINDOWS\SYSTEM\DOCNDI.DLL
C:\WINDOWS\SYSTEM\QMVD.DLL
C:\WINDOWS\SYSTEM\MKMFCNT.DLL
C:\WINDOWS\SYSTEM\WRWIZDLL.DLL
C:\WINDOWS\SYSTEM\DTTACLEN.DLL
C:\WINDOWS\SYSTEM\avferror.dll
C:\WINDOWS\SYSTEM\AKV01W9X.DLL
C:\WINDOWS\SYSTEM\RYOCURS.DLL
C:\WINDOWS\SYSTEM\IN1XGDEV.DLL
C:\WINDOWS\SYSTEM\lwflt09.dll
C:\WINDOWS\SYSTEM\hhzcon08.dll
C:\WINDOWS\SYSTEM\hyzstsin.dll
C:\WINDOWS\SYSTEM\wzvdmod.dll
C:\WINDOWS\SYSTEM\OOE32.DLL
C:\WINDOWS\SYSTEM\MOSYSTEM.DLL
C:\WINDOWS\SYSTEM\eecapi.dll
C:\WINDOWS\SYSTEM\MERECR40.DLL
C:\WINDOWS\SYSTEM\WPAUPD98.DLL
C:\WINDOWS\SYSTEM\DZDIM700.DLL
C:\WINDOWS\SYSTEM\MDSIGN32.DLL
C:\WINDOWS\SYSTEM\wgstream.dll
C:\WINDOWS\SYSTEM\HYINK.DLL
C:\WINDOWS\SYSTEM\IO1XGDEV.DLL
C:\WINDOWS\SYSTEM\HTINK.DLL
C:\WINDOWS\INF\CERES.INF
C:\WINDOWS\INF\PYNIX.INF
C:\WINDOWS\INF\DLMAX.INF
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\dbaccess.exe
C:\WINDOWS\hosts
C:\WINDOWS\isrvs\mfiltis.dll
C:\WINDOWS\isrvs\isearch.xpi
C:\WINDOWS\isrvs\isearch.xpi[isearch.jar][isearch.js]
C:\WINDOWS\deskbar.ini
C:\WINDOWS\delprot.ini
C:\WINDOWS\Buddy.exe
C:\Program Files\Common Files\SYSTEM\Mapi\1033\95\WrapperOuter.exe
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
C:\Program Files\Mozilla Firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de}\chrome\isearch.jar[isearch.js]
C:\WrapperOuter.exe

Reboot into normal mode.

Download the Hoster from here Press "Restore Original Hosts. and press "OK". Exit Program.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#7
rogerwithnell
Posted 18 May 2005 - 07:37 AM

rogerwithnell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Process completed

Panda log:


Incident Status Location

Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CZLENG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DWWAVE.DLL
Adware:Adware/SaveNow No disinfected C:\WINDOWS\All Users\Application Data\wsxs
Spyware:Spyware/Aveo-Attune No disinfected C:\Program Files\Aveo
Spyware:Spyware/AdClicker No disinfected Windows Registry
Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\Start Menu\Programs\AdDestroyer
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UpdInstall.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\dlmax.inf
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\TKPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MSSLGN32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WLAVUSD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SZDPAPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AHDENC32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NYARCH16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UYLMON.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JFPL400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WBOCK32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OZFOX32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ISGSHL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WNNNET16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\hlztbi08.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mWpi32x.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM\akcore.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IHM32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wxsdmoe.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MITCP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OEBCCP32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QVVD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PSPD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EKABLE3.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SXLWAPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NYDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ALMUI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DQ3J.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PLSPL.DLL
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM\nsvsvc\nsvs.dll
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM\nsvsvc\nsv.ocx
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\smnscfg.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MVCUIW32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DA7VB.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WDAUPD98.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DQCNDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DNNMPNTW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DNDRM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MWVCRT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NGDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MKRLE32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DO3J.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\II41_QCX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CZOL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Syace.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CzlEng.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SVORAGE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mjisip.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\huinv.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ASRESX32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WJI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mpvidctl.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mMpi32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\dwwave.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MHJAVA.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WPPLENC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MTWEBDVD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CQMDLG32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MGDVDOPT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QDDWIPES.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\TDPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IB1XCG9X.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UpdInstall.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AHHOOK.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IKDKCS32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EDIFLN62.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MDUTILSE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RGR20.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OWTWA400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mtnetobj.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MJCD30.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\FO20.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IQS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OEE32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DZSKCP16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SLORAGE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WHBVW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AAYCFILT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OEGFS400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mbndex.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LQRT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RQRC32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EJIFLN62.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IVIRCL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JCMD400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IQ41_QCX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\hginv.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CQBINET.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MCEXCL40.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EYH4E0M2.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Opbcint.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DOCNDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QMVD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MKMFCNT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WRWIZDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DTTACLEN.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\avferror.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AKV01W9X.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RYOCURS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IN1XGDEV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\lwflt09.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\hhzcon08.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\hyzstsin.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wzvdmod.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OOE32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MOSYSTEM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\eecapi.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MERECR40.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WPAUPD98.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DZDIM700.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MDSIGN32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wgstream.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\HYINK.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IO1XGDEV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\HTINK.DLL
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\INF\CERES.INF
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\PYNIX.INF
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\DLMAX.INF
Adware:Adware/StartPage.EL No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\dbaccess.exe
Adware:Adware/IESearchBar No disinfected C:\WINDOWS\isrvs\mfiltis.dll
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\isearch.xpi
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\isearch.xpi[isearch.jar][isearch.js]
Adware:Adware/ISearch No disinfected C:\WINDOWS\deskbar.ini
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Buddy.exe
Adware:Adware/VirtualBouncer No disinfected C:\Program Files\Common Files\SYSTEM\Mapi\1033\95\WrapperOuter.exe
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
Adware:Adware/ISearch No disinfected C:\Program Files\Mozilla Firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de}\chrome\isearch.jar[isearch.js]
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/VirtualBouncer No disinfected C:\WrapperOuter.exe HJT file:

Logfile of HijackThis v1.99.1
Scan saved at 14:47:48, on 18/05/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .WAV: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btin...bcontrol023.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
  • 0

#8
Guest_thatman_*
Posted 18 May 2005 - 09:03 AM

Guest_thatman_*
  • Guest
Hi rogerwithnell

This will take some more scans with Panda as you can see none of the file's show in HijackThis

Using windows explorer find a delete the following files/folders
C:\keys.ini<--Delete the whole folder
C:\Program Files\Aveo<--Delete the whole folder
C:\WINDOWS\isrvs<--Delete the whole folder
C:\WINDOWS\All Users\Application Data\wsxs<--Delete the whole folder
C:\WINDOWS\Start Menu\Programs\AdDestroyer<--Delete the whole folder

Delete the following with killbox
C:\WINDOWS\SYSTEM\CZLENG.DLL
C:\WINDOWS\SYSTEM\DWWAVE.DLL
C:\WINDOWS\SYSTEM\UpdInstall.exe
C:\WINDOWS\inf\dlmax.inf
C:\WINDOWS\SYSTEM\TKPI.DLL
C:\WINDOWS\SYSTEM\MSSLGN32.DLL
C:\WINDOWS\SYSTEM\WLAVUSD.DLL
C:\WINDOWS\SYSTEM\SZDPAPI.DLL
C:\WINDOWS\SYSTEM\AHDENC32.DLL
C:\WINDOWS\SYSTEM\NYARCH16.DLL
C:\WINDOWS\SYSTEM\UYLMON.DLL
C:\WINDOWS\SYSTEM\JFPL400.DLL
C:\WINDOWS\SYSTEM\WBOCK32.DLL
C:\WINDOWS\SYSTEM\OZFOX32.DLL
C:\WINDOWS\SYSTEM\ISGSHL.DLL
C:\WINDOWS\SYSTEM\WNNNET16.DLL
C:\WINDOWS\SYSTEM\hlztbi08.dll
C:\WINDOWS\SYSTEM\mWpi32x.dll
C:\WINDOWS\SYSTEM\akcore.dll
C:\WINDOWS\SYSTEM\IHM32.DLL
C:\WINDOWS\SYSTEM\wxsdmoe.dll
C:\WINDOWS\SYSTEM\MITCP.DLL
C:\WINDOWS\SYSTEM\OEBCCP32.DLL
C:\WINDOWS\SYSTEM\QVVD.DLL
C:\WINDOWS\SYSTEM\PSPD.DLL
C:\WINDOWS\SYSTEM\EKABLE3.DLL
C:\WINDOWS\SYSTEM\SXLWAPI.DLL
C:\WINDOWS\SYSTEM\NYDLL.DLL
C:\WINDOWS\SYSTEM\ALMUI.DLL
C:\WINDOWS\SYSTEM\DQ3J.DLL
C:\WINDOWS\SYSTEM\PLSPL.DLL
C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe
C:\WINDOWS\SYSTEM\nsvsvc\nsvs.dll
C:\WINDOWS\SYSTEM\nsvsvc\nsv.ocx
C:\WINDOWS\SYSTEM\smnscfg.dll
C:\WINDOWS\SYSTEM\MVCUIW32.DLL
C:\WINDOWS\SYSTEM\DA7VB.DLL
C:\WINDOWS\SYSTEM\WDAUPD98.DLL
C:\WINDOWS\SYSTEM\DQCNDI.DLL
C:\WINDOWS\SYSTEM\DNNMPNTW.DLL
C:\WINDOWS\SYSTEM\DNDRM.DLL
C:\WINDOWS\SYSTEM\MWVCRT.DLL
C:\WINDOWS\SYSTEM\NGDLL.DLL
C:\WINDOWS\SYSTEM\MKRLE32.DLL
C:\WINDOWS\SYSTEM\DO3J.DLL
C:\WINDOWS\SYSTEM\II41_QCX.DLL
C:\WINDOWS\SYSTEM\CZOL.DLL
C:\WINDOWS\SYSTEM\Syace.dll
C:\WINDOWS\SYSTEM\CzlEng.dll
C:\WINDOWS\SYSTEM\SVORAGE.DLL
C:\WINDOWS\SYSTEM\mjisip.dll
C:\WINDOWS\SYSTEM\huinv.dll
C:\WINDOWS\SYSTEM\ASRESX32.DLL
C:\WINDOWS\SYSTEM\WJI.DLL
C:\WINDOWS\SYSTEM\mpvidctl.dll
C:\WINDOWS\SYSTEM\mMpi32.dll
C:\WINDOWS\SYSTEM\dwwave.dll
C:\WINDOWS\SYSTEM\MHJAVA.DLL
C:\WINDOWS\SYSTEM\WPPLENC.DLL
C:\WINDOWS\SYSTEM\MTWEBDVD.DLL
C:\WINDOWS\SYSTEM\CQMDLG32.DLL
C:\WINDOWS\SYSTEM\MGDVDOPT.DLL
C:\WINDOWS\SYSTEM\QDDWIPES.DLL
C:\WINDOWS\SYSTEM\TDPI.DLL
C:\WINDOWS\SYSTEM\IB1XCG9X.DLL
C:\WINDOWS\SYSTEM\UpdInstall.exe
C:\WINDOWS\SYSTEM\AHHOOK.DLL
C:\WINDOWS\SYSTEM\IKDKCS32.DLL
C:\WINDOWS\SYSTEM\EDIFLN62.DLL
C:\WINDOWS\SYSTEM\MDUTILSE.DLL
C:\WINDOWS\SYSTEM\RGR20.DLL
C:\WINDOWS\SYSTEM\OWTWA400.DLL
C:\WINDOWS\SYSTEM\mtnetobj.dll
C:\WINDOWS\SYSTEM\MJCD30.DLL
C:\WINDOWS\SYSTEM\FO20.DLL
C:\WINDOWS\SYSTEM\IQS.DLL
C:\WINDOWS\SYSTEM\OEE32.DLL
C:\WINDOWS\SYSTEM\DZSKCP16.DLL
C:\WINDOWS\SYSTEM\SLORAGE.DLL
C:\WINDOWS\SYSTEM\WHBVW.DLL
C:\WINDOWS\SYSTEM\AAYCFILT.DLL
C:\WINDOWS\SYSTEM\OEGFS400.DLL
C:\WINDOWS\SYSTEM\mbndex.dll
C:\WINDOWS\SYSTEM\LQRT.DLL
C:\WINDOWS\SYSTEM\RQRC32.DLL
C:\WINDOWS\SYSTEM\EJIFLN62.DLL
C:\WINDOWS\SYSTEM\IVIRCL.DLL
C:\WINDOWS\SYSTEM\JCMD400.DLL
C:\WINDOWS\SYSTEM\IQ41_QCX.DLL
C:\WINDOWS\SYSTEM\hginv.dll
C:\WINDOWS\SYSTEM\CQBINET.DLL
C:\WINDOWS\SYSTEM\MCEXCL40.DLL
C:\WINDOWS\SYSTEM\EYH4E0M2.DLL
C:\WINDOWS\SYSTEM\Opbcint.dll
C:\WINDOWS\SYSTEM\DOCNDI.DLL
C:\WINDOWS\SYSTEM\QMVD.DLL
C:\WINDOWS\SYSTEM\MKMFCNT.DLL
C:\WINDOWS\SYSTEM\WRWIZDLL.DLL
C:\WINDOWS\SYSTEM\DTTACLEN.DLL
C:\WINDOWS\SYSTEM\avferror.dll
C:\WINDOWS\SYSTEM\AKV01W9X.DLL
C:\WINDOWS\SYSTEM\RYOCURS.DLL
C:\WINDOWS\SYSTEM\IN1XGDEV.DLL
C:\WINDOWS\SYSTEM\lwflt09.dll
C:\WINDOWS\SYSTEM\hhzcon08.dll
C:\WINDOWS\SYSTEM\hyzstsin.dll
C:\WINDOWS\SYSTEM\wzvdmod.dll
C:\WINDOWS\SYSTEM\OOE32.DLL
C:\WINDOWS\SYSTEM\MOSYSTEM.DLL
C:\WINDOWS\SYSTEM\eecapi.dll
C:\WINDOWS\SYSTEM\MERECR40.DLL
C:\WINDOWS\SYSTEM\WPAUPD98.DLL
C:\WINDOWS\SYSTEM\DZDIM700.DLL
C:\WINDOWS\SYSTEM\MDSIGN32.DLL
C:\WINDOWS\SYSTEM\wgstream.dll
C:\WINDOWS\SYSTEM\HYINK.DLL
C:\WINDOWS\SYSTEM\IO1XGDEV.DLL
C:\WINDOWS\SYSTEM\HTINK.DLL
C:\WINDOWS\INF\CERES.INF
C:\WINDOWS\INF\PYNIX.INF
c:\WINDOWS\INF\DLMAX.INF
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\dbaccess.exe
C:\WINDOWS\isrvs\mfiltis.dll
C:\WINDOWS\isrvs\isearch.xpi
C:\WINDOWS\isrvs\isearch.xpi[isearch.jar][isearch.js]
C:\WINDOWS\deskbar.ini
C:\WINDOWS\delprot.ini
C:\WINDOWS\Buddy.exe
C:\Program Files\Common Files\SYSTEM\Mapi\1033\95\WrapperOuter.exe
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
C:\Program Files\Mozilla Firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de}\chrome\isearch.jar[isearch.js]
C:\WrapperOuter.exe

Rescan with panda and post the scan log

Kc :tazz:
  • 0

#9
rogerwithnell
Posted 19 May 2005 - 01:13 PM

rogerwithnell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Many thanks again. Instructions completed. Panda scan below.


Incident Status Location

Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CZLENG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MMNETOBJ.DLL
Adware:Adware/SaveNow No disinfected C:\WINDOWS\SYSTEM\wsxsvc
Spyware:Spyware/AdClicker No disinfected Windows Registry
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\banner.inf
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM\vmss
Adware:Adware/ISearch No disinfected C:\WINDOWS\deskbar.ini
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UpdInstall.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\dlmax.inf
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\TKPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MSSLGN32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WLAVUSD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SZDPAPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AHDENC32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NYARCH16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UYLMON.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JFPL400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WBOCK32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OZFOX32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ISGSHL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WNNNET16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\hlztbi08.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mWpi32x.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM\akcore.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IHM32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wxsdmoe.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MITCP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OEBCCP32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QVVD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PSPD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EKABLE3.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SXLWAPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NYDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ALMUI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DQ3J.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PLSPL.DLL
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM\nsvsvc\nsvs.dll
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM\nsvsvc\nsv.ocx
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\smnscfg.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MVCUIW32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DA7VB.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WDAUPD98.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DQCNDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DNNMPNTW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DNDRM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MWVCRT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NGDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MKRLE32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DO3J.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\II41_QCX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CZOL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Syace.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CzlEng.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SVORAGE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mjisip.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\huinv.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ASRESX32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RMASETUP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WJI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mpvidctl.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mMpi32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mmnetobj.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MHJAVA.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WPPLENC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MTWEBDVD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CQMDLG32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MGDVDOPT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QDDWIPES.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\TDPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IB1XCG9X.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UpdInstall.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AHHOOK.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IKDKCS32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EDIFLN62.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MDUTILSE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RGR20.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OWTWA400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mtnetobj.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MJCD30.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\FO20.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IQS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OEE32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DZSKCP16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SLORAGE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WHBVW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AAYCFILT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OEGFS400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mbndex.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LQRT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RQRC32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EJIFLN62.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IVIRCL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JCMD400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IQ41_QCX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\hginv.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CQBINET.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MCEXCL40.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EYH4E0M2.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Opbcint.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DOCNDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QMVD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MKMFCNT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WRWIZDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DTTACLEN.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\avferror.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AKV01W9X.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RYOCURS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IN1XGDEV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\lwflt09.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\hhzcon08.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\hyzstsin.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wzvdmod.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OOE32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MOSYSTEM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\eecapi.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MERECR40.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WPAUPD98.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DZDIM700.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MDSIGN32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wgstream.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\HYINK.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IO1XGDEV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\HTINK.DLL
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\INF\CERES.INF
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\PYNIX.INF
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\DLMAX.INF
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\INF\banner.inf
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\TEMP\tsvcin.exe
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\TEMP\uppicsvr.exe
Adware:Adware/StartPage.EL No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\dbaccess.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\deskbar.ini
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Buddy.exe
Adware:Adware/VirtualBouncer No disinfected C:\Program Files\Common Files\SYSTEM\Mapi\1033\95\WrapperOuter.exe
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
Adware:Adware/ISearch No disinfected C:\Program Files\Mozilla Firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de}\chrome\isearch.jar[isearch.js]
Adware:Adware/IESearchBar No disinfected C:\Recycled\Dc6\mfiltis.dll
Adware:Adware/ISearch No disinfected C:\Recycled\Dc6\isearch.xpi
Adware:Adware/ISearch No disinfected C:\Recycled\Dc6\isearch.xpi[isearch.jar][isearch.js]
Adware:Adware/VirtualBouncer No disinfected C:\WrapperOuter.exe
  • 0

#10
Guest_thatman_*
Posted 20 May 2005 - 09:51 AM

Guest_thatman_*
  • Guest
Hi

Have not replyed to your last post trying to find some more information on this

Kc :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP