[rob.jackson]

Shortly after startup winlogon.exe gives this error

szAppName : winlogon.exe szAppVer : 0.0.0.0 szModName : wspdxm.dll
szModVer : 0.0.0.0 offset : 00013cd8


The appcompat.txt gives this

<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="wspdxm.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="wspdxm.dll" SIZE="417792" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="kernel32.dll" SIZE="983552" CHECKSUM="0x4CE79457" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xFF848" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:36" UPTO_LINK_DATE="08/04/2004 07:56:36" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>


Anyone have a clue about the cause of this?

[Advertisements]

Download Dllcompare here: http://www.downloads.../DllCompare.exe and put it on your desktop. Open Dllcompare. It is preset to scan the System32 directory, so nothing other than you clicking the [Run locate.com] button is required.

When the scan is complete, you will see in blue Completed the scan, Click Compare to Continue at which time you will click the [Compare] button.

It will sort through the files it found and determine which should be flagged as "No access" and display them in the lower box.

In a few minutes it will complete *in blue Completed

Click the button [Make a Log of what was Found]

Post that log.

Regards,

[Metallica]

Download Dllcompare here: http://www.downloads.../DllCompare.exe and put it on your desktop. Open Dllcompare. It is preset to scan the System32 directory, so nothing other than you clicking the [Run locate.com] button is required.

When the scan is complete, you will see in blue Completed the scan, Click Compare to Continue at which time you will click the [Compare] button.

It will sort through the files it found and determine which should be flagged as "No access" and display them in the lower box.

In a few minutes it will complete *in blue Completed

Click the button [Make a Log of what was Found]

Post that log.

Regards,

[rob.jackson]

here is the dll log:

* DLLCompare Log version()
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\bfackbox.dll Thu Jul 14 2005 3:45:18p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\ckfgnt.dll Thu Jul 14 2005 3:45:26p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\mniwave.dll Fri Jul 15 2005 8:03:50a ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\mwapsspc.dll Fri Jul 15 2005 1:03:16a ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\pbmas.dll Thu Jul 14 2005 12:13:36p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\pnqsp.dll Thu Jul 14 2005 11:50:20p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\smbrccsp.dll Thu Jul 14 2005 1:16:22p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\srbrccsp.dll Thu Jul 14 2005 1:16:16p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\ualmon.dll Tue Jul 12 2005 1:28:42a ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\uspnpmgr.dll Wed Jul 13 2005 6:25:24p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\vboy.dll Thu Jul 14 2005 2:16:20p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\vmr.dll Thu Jul 14 2005 5:10:24p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\vrpodbc.dll Thu Jul 14 2005 2:16:14p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\vsame.dll Thu Jul 14 2005 5:10:18p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\wb2_32.dll Thu Jul 14 2005 9:11:30p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\wspdxm.dll Thu Jul 14 2005 10:32:20p ..S.R 417,792 408.00 K
C:\WINDOWS\SYSTEM32\wwvdmoe2.dll Thu Jul 14 2005 9:11:18p ..S.R 417,792 408.00 K
________________________________________________

1,302 items found: 1,302 files (17 H/S), 0 directories.
Total of file sizes: 270,051,294 bytes 257.54 M

Administrator Account = True

--------------------End log---------------------

[Metallica]

*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Standard File Kill option option.

One by one paste these paths to files in the box for Full Path of File to Delete:

C:\WINDOWS\SYSTEM32\bfackbox.dll
C:\WINDOWS\SYSTEM32\ckfgnt.dll
C:\WINDOWS\SYSTEM32\mniwave.dll
C:\WINDOWS\SYSTEM32\mwapsspc.dll
C:\WINDOWS\SYSTEM32\pbmas.dll
C:\WINDOWS\SYSTEM32\pnqsp.dll
C:\WINDOWS\SYSTEM32\smbrccsp.dll
C:\WINDOWS\SYSTEM32\srbrccsp.dll
C:\WINDOWS\SYSTEM32\ualmon.dll
C:\WINDOWS\SYSTEM32\uspnpmgr.dll
C:\WINDOWS\SYSTEM32\vboy.dll
C:\WINDOWS\SYSTEM32\vmr.dll
C:\WINDOWS\SYSTEM32\vrpodbc.dll
C:\WINDOWS\SYSTEM32\vsame.dll
C:\WINDOWS\SYSTEM32\wb2_32.dll
C:\WINDOWS\SYSTEM32\wspdxm.dll
C:\WINDOWS\SYSTEM32\wwvdmoe2.dll


After every file click the red-and-white "Delete File" button. Click "Yes" at the prompt.

Let me know if any of these files can not be deleted this way.

Regards,

[rob.jackson]

Thanks but I fixed the problem with l2mfix.bat. Although I'm not exactly sure, I believe the Look2me Spyware was installed by the uninstallation program used for "A Better Internet". But I cant say for sure.

Rob

[Metallica]

Hi Rob,

It's your computer, so your decision, but the files I listed are present and hidden from you on your computer. You do the math.

Regards,