Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Lots of pop-ups[RESOLVED]


  • This topic is locked This topic is locked

#31
Trippster

Trippster

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 356 posts
i cant use dummy on delete on reboot
  • 0

Advertisements


#32
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Sorry Trippster, lots going on today...use Replace on Reboot, and Use Dummy.

/bonk self.
  • 0

#33
Trippster

Trippster

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 356 posts
Heres FINdit9xme


Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3939-1903
Directory of C:\WINDOWS\SYSTEM

DWVXDE~1 DLL 226,592 05-10-05 5:14p dwvxdec_0411.dll
OHSLB400 DLL 226,592 05-10-05 5:14p OHSLB400.DLL
KGYGAAVL SYS 1,682 11-24-04 3:00a KGyGaAvL.sys
D55526~1 SYS 56 11-24-04 3:00a D55526893A.sys
4 file(s) 454,922 bytes
0 dir(s) 11,996.80 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3939-1903
Directory of C:\WINDOWS\SYSTEM

KGYGAAVL SYS 1,682 11-24-04 3:00a KGyGaAvL.sys
D55526~1 SYS 56 11-24-04 3:00a D55526893A.sys
FOLDER HTT 13,122 10-12-04 6:08p folder.htt
DESKTOP INI 266 10-12-04 6:08p desktop.ini
4 file(s) 15,126 bytes
0 dir(s) 11,996.78 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{979865C0-8385-F0C1-472E-63B48B96D6B5}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
dwvxde~1.dll Tue May 10 2005 5:14:00p ..S.R 226,592 221.28 K
ohslb400.dll Tue May 10 2005 5:14:00p ..S.R 226,592 221.28 K

2 items found: 2 files, 0 directories.
Total of file sizes: 453,184 bytes 442.56 K

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\USER.DAT: Find-Qoologic
C:\WINDOWS\USER.DAT: Find_Qoologic2
C:\WINDOWS\USER.DAT: Find-Qoologic
C:\WINDOWS\USER.DAT: filemenu4C:\WINDOWS\Desktop\Find_Qoologic2.zipgic2.zip
C:\WINDOWS\USER.DAT: filemenu4C:\WINDOWS\Desktop\Find_Qoologic2.zipp
C:\WINDOWS\USER.DAT: filemenu4C:\WINDOWS\Desktop\Find_Qoologic2.zip.zip
C:\WINDOWS\USER.DAT: filemenu4C:\WINDOWS\Desktop\Find_Qoologic2.zip
C:\WINDOWS\USER.DAT: how to remove qoologic
C:\WINDOWS\VPTNFILE.663: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.663: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.663: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.663: TROJ_QOOLOGIC.A
C:\WINDOWS\lpt$vpn.663: TROJ_QOOLOGIC.G
C:\WINDOWS\lpt$vpn.663: TROJ_QOOLOGIC.C
C:\WINDOWS\lpt$vpn.663: TROJ_QOOLOGIC.B
C:\WINDOWS\lpt$vpn.663: TROJ_QOOLOGIC.A
C:\WINDOWS\hosts: 127.0.0.1 www.qoologic.com

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime"
"a-winpoet-service"="\"C:\\Program Files\\Verizon Online\\WinPoET\\winpppoverethernet.exe\""
"POINTER"="C:\\Program Files\\Microsoft Hardware\\Mouse\\point32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"



  • 0

#34
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Trippster, we might hae to do this a few more tims so hang in there!


Open up Killbox, and select Delete on Reboot.(Thats not a mistake this time)

C:\WINDOWS\SYSTEM\dwvxde~1.dll
C:\WINDOWS\SYSTEM\ohslb400.dll

Then select delete file(Red Circle with the White X), and reboot your computer manually.

Then post a new FindIt9xME log for me.
  • 0

#35
Trippster

Trippster

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 356 posts
Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3939-1903
Directory of C:\WINDOWS\SYSTEM

OHSLB400 DLL 226,592 05-10-05 5:14p OHSLB400.DLL
KGYGAAVL SYS 1,682 11-24-04 3:00a KGyGaAvL.sys
D55526~1 SYS 56 11-24-04 3:00a D55526893A.sys
3 file(s) 228,330 bytes
0 dir(s) 11,987.83 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3939-1903
Directory of C:\WINDOWS\SYSTEM

KGYGAAVL SYS 1,682 11-24-04 3:00a KGyGaAvL.sys
D55526~1 SYS 56 11-24-04 3:00a D55526893A.sys
FOLDER HTT 13,122 10-12-04 6:08p folder.htt
DESKTOP INI 266 10-12-04 6:08p desktop.ini
4 file(s) 15,126 bytes
0 dir(s) 11,987.81 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{979865C0-8385-F0C1-472E-63B48B96D6B5}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
ohslb400.dll Tue May 10 2005 5:14:00p ..S.R 226,592 221.28 K

1 item found: 1 file, 0 directories.
Total of file sizes: 226,592 bytes 221.28 K

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\USER.DAT: Find-Qoologic
C:\WINDOWS\USER.DAT: Find_Qoologic2
C:\WINDOWS\USER.DAT: Find-Qoologic
C:\WINDOWS\USER.DAT: filemenu4C:\WINDOWS\Desktop\Find_Qoologic2.zipgic2.zip
C:\WINDOWS\USER.DAT: filemenu4C:\WINDOWS\Desktop\Find_Qoologic2.zipp
C:\WINDOWS\USER.DAT: filemenu4C:\WINDOWS\Desktop\Find_Qoologic2.zip.zip
C:\WINDOWS\USER.DAT: filemenu4C:\WINDOWS\Desktop\Find_Qoologic2.zip
C:\WINDOWS\USER.DAT: how to remove qoologic
C:\WINDOWS\VPTNFILE.663: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.663: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.663: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.663: TROJ_QOOLOGIC.A
C:\WINDOWS\lpt$vpn.663: TROJ_QOOLOGIC.G
C:\WINDOWS\lpt$vpn.663: TROJ_QOOLOGIC.C
C:\WINDOWS\lpt$vpn.663: TROJ_QOOLOGIC.B
C:\WINDOWS\lpt$vpn.663: TROJ_QOOLOGIC.A
C:\WINDOWS\hosts: 127.0.0.1 www.qoologic.com

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime"
"a-winpoet-service"="\"C:\\Program Files\\Verizon Online\\WinPoET\\winpppoverethernet.exe\""
"POINTER"="C:\\Program Files\\Microsoft Hardware\\Mouse\\point32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"



  • 0

#36
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
And again...

Trippster, we might hae to do this a few more tims so hang in there!

Open up Killbox, and select Delete on Reboot.

C:\WINDOWS\SYSTEM\ohslb400.dll

Then select delete file(Red Circle with the White X), and reboot your computer manually.

Then post a new FindIt9xME log for me.
  • 0

#37
Trippster

Trippster

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 356 posts
Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3939-1903
Directory of C:\WINDOWS\SYSTEM

OHSLB400 DLL 226,592 05-10-05 5:14p OHSLB400.DLL
KGYGAAVL SYS 1,682 11-24-04 3:00a KGyGaAvL.sys
D55526~1 SYS 56 11-24-04 3:00a D55526893A.sys
3 file(s) 228,330 bytes
0 dir(s) 11,938.69 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3939-1903
Directory of C:\WINDOWS\SYSTEM

KGYGAAVL SYS 1,682 11-24-04 3:00a KGyGaAvL.sys
D55526~1 SYS 56 11-24-04 3:00a D55526893A.sys
FOLDER HTT 13,122 10-12-04 6:08p folder.htt
DESKTOP INI 266 10-12-04 6:08p desktop.ini
4 file(s) 15,126 bytes
0 dir(s) 11,938.67 MB free

---------------- User Agent ------------


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
ohslb400.dll Tue May 10 2005 5:14:00p ..S.R 226,592 221.28 K

1 item found: 1 file, 0 directories.
Total of file sizes: 226,592 bytes 221.28 K

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\USER.DAT: Find-Qoologic
C:\WINDOWS\USER.DAT: Find_Qoologic2
C:\WINDOWS\USER.DAT: Find-Qoologic
C:\WINDOWS\USER.DAT: filemenu4C:\WINDOWS\Desktop\Find_Qoologic2.zipgic2.zip
C:\WINDOWS\USER.DAT: filemenu4C:\WINDOWS\Desktop\Find_Qoologic2.zipp
C:\WINDOWS\USER.DAT: filemenu4C:\WINDOWS\Desktop\Find_Qoologic2.zip.zip
C:\WINDOWS\USER.DAT: filemenu4C:\WINDOWS\Desktop\Find_Qoologic2.zip
C:\WINDOWS\USER.DAT: how to remove qoologic
C:\WINDOWS\VPTNFILE.663: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.663: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.663: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.663: TROJ_QOOLOGIC.A
C:\WINDOWS\lpt$vpn.663: TROJ_QOOLOGIC.G
C:\WINDOWS\lpt$vpn.663: TROJ_QOOLOGIC.C
C:\WINDOWS\lpt$vpn.663: TROJ_QOOLOGIC.B
C:\WINDOWS\lpt$vpn.663: TROJ_QOOLOGIC.A
C:\WINDOWS\hosts: 127.0.0.1 www.qoologic.com

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime"
"a-winpoet-service"="\"C:\\Program Files\\Verizon Online\\WinPoET\\winpppoverethernet.exe\""
"POINTER"="C:\\Program Files\\Microsoft Hardware\\Mouse\\point32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"



  • 0

#38
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Trippster,

Lets try deleting this from DOS. You might want to print this or write it down.

* Click the Start button
* Select Shut Down
* Select Restart the computer in MS-DOS mode
* Click the Yes button

When in DOS...

Type:

del C:\Windows\System\ohslb400.dll

Press Enter

Reboot into normal windows and post a new Findit9xME for me.
  • 0

#39
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Trippster,

Open up Killbox, and select Standard File Kill.

C:\WINDOWS\SYSTEM\ohslb400.dll

Then select delete file(Red Circle with the White X), and reboot your computer manually.

If it says you cannot delete the file with standard file kill, do replace on Reboot With dummy.

Then post a new FindIt9xME log for me.
  • 0

#40
Trippster

Trippster

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 356 posts
Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3939-1903
Directory of C:\WINDOWS\SYSTEM

IX41_QC DLL 226,592 05-10-05 5:14p IX41_QC.dll
OHSLB400 DLL 226,592 05-10-05 5:14p OHSLB400.DLL
KGYGAAVL SYS 1,682 11-24-04 3:00a KGyGaAvL.sys
D55526~1 SYS 56 11-24-04 3:00a D55526893A.sys
4 file(s) 454,922 bytes
0 dir(s) 11,931.77 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3939-1903
Directory of C:\WINDOWS\SYSTEM

KGYGAAVL SYS 1,682 11-24-04 3:00a KGyGaAvL.sys
D55526~1 SYS 56 11-24-04 3:00a D55526893A.sys
FOLDER HTT 13,122 10-12-04 6:08p folder.htt
DESKTOP INI 266 10-12-04 6:08p desktop.ini
4 file(s) 15,126 bytes
0 dir(s) 11,931.75 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{979865C0-8385-F0C1-472E-63B48B96D6B5}"=""

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
ix41_qc.dll Tue May 10 2005 5:14:00p ..S.R 226,592 221.28 K
ohslb400.dll Tue May 10 2005 5:14:00p ..S.R 226,592 221.28 K

2 items found: 2 files, 0 directories.
Total of file sizes: 453,184 bytes 442.56 K

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\USER.DAT: Find-Qoologic
C:\WINDOWS\USER.DAT: Find_Qoologic2
C:\WINDOWS\USER.DAT: Find-Qoologic
C:\WINDOWS\USER.DAT: filemenu4C:\WINDOWS\Desktop\Find_Qoologic2.zipgic2.zip
C:\WINDOWS\USER.DAT: filemenu4C:\WINDOWS\Desktop\Find_Qoologic2.zipp
C:\WINDOWS\USER.DAT: filemenu4C:\WINDOWS\Desktop\Find_Qoologic2.zip.zip
C:\WINDOWS\USER.DAT: filemenu4C:\WINDOWS\Desktop\Find_Qoologic2.zip
C:\WINDOWS\USER.DAT: how to remove qoologic
C:\WINDOWS\VPTNFILE.663: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.663: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.663: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.663: TROJ_QOOLOGIC.A
C:\WINDOWS\lpt$vpn.663: TROJ_QOOLOGIC.G
C:\WINDOWS\lpt$vpn.663: TROJ_QOOLOGIC.C
C:\WINDOWS\lpt$vpn.663: TROJ_QOOLOGIC.B
C:\WINDOWS\lpt$vpn.663: TROJ_QOOLOGIC.A
C:\WINDOWS\hosts: 127.0.0.1 www.qoologic.com

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime"
"a-winpoet-service"="\"C:\\Program Files\\Verizon Online\\WinPoET\\winpppoverethernet.exe\""
"POINTER"="C:\\Program Files\\Microsoft Hardware\\Mouse\\point32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"



  • 0

Advertisements


#41
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Open up Killbox, and select Standard File Kill. Put these files in the delete box.

C:\WINDOWS\SYSTEM\ohslb400.dll
C:\WINDOWS\SYSTEM\ix41_qc.dll

Then select delete file(Red Circle with the White X), and reboot your computer manually.

If it says you cannot delete the file with standard file kill, do replace on Reboot With dummy.

Then post a new FindIt9xME log for me.
  • 0

#42
Trippster

Trippster

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 356 posts
Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3939-1903
Directory of C:\WINDOWS\SYSTEM

OHSLB400 DLL 226,592 05-10-05 5:14p OHSLB400.DLL
KGYGAAVL SYS 1,682 11-24-04 3:00a KGyGaAvL.sys
D55526~1 SYS 56 11-24-04 3:00a D55526893A.sys
3 file(s) 228,330 bytes
0 dir(s) 11,926.22 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3939-1903
Directory of C:\WINDOWS\SYSTEM

KGYGAAVL SYS 1,682 11-24-04 3:00a KGyGaAvL.sys
D55526~1 SYS 56 11-24-04 3:00a D55526893A.sys
FOLDER HTT 13,122 10-12-04 6:08p folder.htt
DESKTOP INI 266 10-12-04 6:08p desktop.ini
4 file(s) 15,126 bytes
0 dir(s) 11,926.20 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{979865C0-8385-F0C1-472E-63B48B96D6B5}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
ohslb400.dll Tue May 10 2005 5:14:00p ..S.R 226,592 221.28 K

1 item found: 1 file, 0 directories.
Total of file sizes: 226,592 bytes 221.28 K

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\USER.DAT: Find-Qoologic
C:\WINDOWS\USER.DAT: Find_Qoologic2
C:\WINDOWS\USER.DAT: Find-Qoologic
C:\WINDOWS\USER.DAT: filemenu4C:\WINDOWS\Desktop\Find_Qoologic2.zipgic2.zip
C:\WINDOWS\USER.DAT: filemenu4C:\WINDOWS\Desktop\Find_Qoologic2.zipp
C:\WINDOWS\USER.DAT: filemenu4C:\WINDOWS\Desktop\Find_Qoologic2.zip.zip
C:\WINDOWS\USER.DAT: filemenu4C:\WINDOWS\Desktop\Find_Qoologic2.zip
C:\WINDOWS\USER.DAT: how to remove qoologic
C:\WINDOWS\VPTNFILE.663: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.663: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.663: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.663: TROJ_QOOLOGIC.A
C:\WINDOWS\lpt$vpn.663: TROJ_QOOLOGIC.G
C:\WINDOWS\lpt$vpn.663: TROJ_QOOLOGIC.C
C:\WINDOWS\lpt$vpn.663: TROJ_QOOLOGIC.B
C:\WINDOWS\lpt$vpn.663: TROJ_QOOLOGIC.A
C:\WINDOWS\hosts: 127.0.0.1 www.qoologic.com

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime"
"a-winpoet-service"="\"C:\\Program Files\\Verizon Online\\WinPoET\\winpppoverethernet.exe\""
"POINTER"="C:\\Program Files\\Microsoft Hardware\\Mouse\\point32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"



  • 0

#43
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Trippster,

Try it again.

In Killbox select replace on reboot with dummy.

Delete this file:

C:\WINDOWS\SYSTEM\ohslb400.dll


Post new Findit9xME log.

I know this is a pain in the butt, so we will try it a few more times, and then ill ask around.
  • 0

#44
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Trippster, dont Killbox anymore..Im going to give you the AdAware VX2 cleaner and we will see if that clears it. If not ill have to ask around.
  • 0

#45
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Download the latest version of Ad-Aware from here (if you already have Ad-Aware installed, make sure that it is the latest version and always go online and update it before you run it).

Download Lavasoft's VX2 Cleaner plug-in here
http://updates.ls-se...lvx2cleaner.exe

How to use Lavasoft's VX2 Cleaner plug-in

- Close Ad-Aware 6 build 181 and Ad-Watch (if running)
- Download the free VX2 Cleaner at http://updates.ls-se...lvx2cleaner.exe
- Install the VX2 Cleaner
- Start Ad-Aware 6 build 181
- Go to "Plug-ins"
- Select the VX2 Cleaner plug-in and click "Run Plugin"
- If your computer isn't infected, click "Close".
If your computer is infected

- Select "Clean system"
- Reboot your computer
- Scan your computer with Ad-Aware
- Remove any VX2 objects detected
- Reboot your computer again
- Run a second scan to make sure the files have been removed from your computer

Reboot your PC.

If you would please, rescan with FixIt9xME, and post the log for me.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP