Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BookedSpace et al. on Windows ME [RESOLVED]


  • This topic is locked This topic is locked

#16
gambit293

gambit293

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi Justin,

I ran Clean-it, which removed over a gig of files, rebooted once, and then ran Panda. Here is the log. The computer is presently sitting idle, disconnected from the Internet but still on.

Thanks.

Andrew


Incident Status Location

Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\GWDEF.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MBWDAT10.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CUFG95.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SHMSCRPT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ALICAP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\HXDCI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QRUT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LGAD50.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PND.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MJNP32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WGASERVC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OQSSQ400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WXNINET.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\lvgif80n.dll
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Adware:adware/portalscan No disinfected C:\WINDOWS\SYSTEM\winupdt.bin
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PHFMGR.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CBTDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Cache\Installer.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Pabole32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ABV01W9X.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\viar332.dll
Adware:Adware/Searchforit No disinfected C:\WINDOWS\SYSTEM\ca2.dll
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\Brwjtn.exe
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\Lhyzbk.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\HQSJMCRO.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LAAD50.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MEACM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MWRSERV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JDSH400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\imv16.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Stp.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ltawd80n.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MJJDBC10.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA010.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD193.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD312.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD331.TMP
Adware:adware/weirdontheweb No disinfected C:\WINDOWS\Favorites\WeirdOnTheWeb.url
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\cfgmgr52.dll
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\banner.dll
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\IW50_QC.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\MIREPL35.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\HCSJ1695.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\BPOWSEUI.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\MZDOCS.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\WONETMGR.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\RZLMAIN.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\LDTIF11N.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\LHTIF80N.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\SSGE.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\MZENCODE.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\WSASERVC.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\HPINKPRX.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1124.CAB[W0657908.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1127.CAB[W0659080.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1130.CAB[W0663218.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1133.CAB[W0663254.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1138.CAB[W0663284.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1135.CAB[W0663264.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1144.CAB[W0664384.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1140.CAB[W0663296.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1147.CAB[W0665399.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1150.CAB[W0667399.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1153.CAB[W0668405.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1158.CAB[W0668440.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1155.CAB[W0668418.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1168.CAB[W0669890.CPY]
Spyware:Spyware/BetterInet No disinfected C:\_RESTORE\ARCHIVE\FS1166.CAB[A0088113.CPY]
Spyware:Spyware/Dyfuca No disinfected C:\_RESTORE\ARCHIVE\FS1166.CAB[A0088130.CPY]
Adware:Adware/DelFinMedia No disinfected C:\_RESTORE\ARCHIVE\FS1167.CAB[A0088238.CPY]
Adware:Adware/DelFinMedia No disinfected C:\_RESTORE\ARCHIVE\FS1167.CAB[A0088239.CPY]
Adware:Adware/DealHelper No disinfected C:\_RESTORE\ARCHIVE\FS1167.CAB[A0088258.CPY]
Virus:Trj/Favadd.G No disinfected C:\_RESTORE\ARCHIVE\FS1167.CAB[A0088279.CPY]
Adware:Adware/Apropos No disinfected C:\_RESTORE\ARCHIVE\FS1172.CAB[W0670066.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1170.CAB[W0669973.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1175.CAB[W0670266.CPY]
Virus:Trj/Qoologic.D No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088729.CPY]
Virus:Trj/Qoologic.E No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088731.CPY]
Virus:Trj/Qoologic.F No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088733.CPY]
Spyware:Spyware/ShopNav No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088735.CPY]
Virus:Trj/Agent.ABE No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088737.CPY]
Virus:Trj/Clicker.FV No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088739.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088741.CPY]
Adware:Adware/DelFinMedia No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088743.CPY]
Spyware:Spyware/ISTbar No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088745.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088747.CPY]
Adware:Adware/eZula No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088753.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1178.CAB[W0671287.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1184.CAB[W0673444.CPY]
Adware:Adware/Pacimedia No disinfected C:\_RESTORE\ARCHIVE\FS1188.CAB[A0090929.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1187.CAB[W0673534.CPY]
Adware:Adware/Apropos No disinfected C:\_RESTORE\ARCHIVE\FS1193.CAB[A0091193.CPY]
Adware:Adware/DelFinMedia No disinfected C:\_RESTORE\ARCHIVE\FS1193.CAB[A0091195.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1192.CAB[W0673746.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1189.CAB[W0673612.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1195.CAB[W0674020.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1200.CAB[W0675137.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1197.CAB[W0674048.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\_RESTORE\ARCHIVE\FS1199.CAB[A0091290.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\_RESTORE\ARCHIVE\FS1199.CAB[A0091291.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\_RESTORE\ARCHIVE\FS1199.CAB[A0091292.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1202.CAB[W0675154.CPY]
Virus:Trj/Dropper.DT No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076193.CPY]
Adware:Adware/EliteBar No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076205.CPY]
Adware:Adware/EliteBar No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076247.CPY]
Adware:Adware/EliteBar No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076267.CPY]
Adware:Adware/EliteBar No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076268.CPY]
Virus:Trj/Downloader.BJG No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076353.CPY]
Virus:Trj/Downloader.BJG No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076354.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1116.CAB[W0653543.CPY]
Virus:Trj/Downloader.BJG No disinfected C:\_RESTORE\ARCHIVE\FS1115.CAB[A0076355.CPY]
Virus:Trj/Downloader.BYN No disinfected C:\_RESTORE\ARCHIVE\FS1115.CAB[A0076367.CPY]
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe

Edited by gambit293, 03 August 2005 - 09:41 AM.

  • 0

Advertisements


#17
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

Once in Safe Mode, please run Killbox.

Select "Delete on Reboot".

Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\SYSTEM\GWDEF.DLL
C:\WINDOWS\SYSTEM\MBWDAT10.DLL
C:\WINDOWS\SYSTEM\CUFG95.DLL
C:\WINDOWS\SYSTEM\WDI.DLL
C:\WINDOWS\SYSTEM\SHMSCRPT.DLL
C:\WINDOWS\SYSTEM\ALICAP.DLL
C:\WINDOWS\SYSTEM\HXDCI.DLL
C:\WINDOWS\SYSTEM\QRUT.DLL
C:\WINDOWS\SYSTEM\LGAD50.DLL
C:\WINDOWS\SYSTEM\PND.DLL
C:\WINDOWS\SYSTEM\MJNP32.DLL
C:\WINDOWS\SYSTEM\WGASERVC.DLL
C:\WINDOWS\SYSTEM\OQSSQ400.DLL
C:\WINDOWS\SYSTEM\WXNINET.DLL
C:\WINDOWS\SYSTEM\lvgif80n.dll
C:\WINDOWS\SYSTEM\QBUninstaller.exe
C:\WINDOWS\SYSTEM\winupdt.bin
C:\WINDOWS\SYSTEM\PHFMGR.DLL
C:\WINDOWS\SYSTEM\CBTDLL.DLL
C:\WINDOWS\SYSTEM\Cache\Installer.exe
C:\WINDOWS\SYSTEM\Pabole32.dll
C:\WINDOWS\SYSTEM\ABV01W9X.DLL
C:\WINDOWS\SYSTEM\viar332.dll
C:\WINDOWS\SYSTEM\ca2.dll
C:\WINDOWS\SYSTEM\Brwjtn.exe
C:\WINDOWS\SYSTEM\Lhyzbk.exe
C:\WINDOWS\SYSTEM\HQSJMCRO.DLL
C:\WINDOWS\SYSTEM\LAAD50.DLL
C:\WINDOWS\SYSTEM\MEACM.DLL
C:\WINDOWS\SYSTEM\MWRSERV.DLL
C:\WINDOWS\SYSTEM\JDSH400.DLL
C:\WINDOWS\SYSTEM\imv16.dll
C:\WINDOWS\SYSTEM\Stp.dll
C:\WINDOWS\SYSTEM\ltawd80n.dll
C:\WINDOWS\SYSTEM\MJJDBC10.DLL
C:\WINDOWS\TEMP\pavA010.TMP
C:\WINDOWS\TEMP\pavD193.TMP
C:\WINDOWS\TEMP\pavD312.TMP
C:\WINDOWS\TEMP\pavD331.TMP
C:\WINDOWS\Favorites\WeirdOnTheWeb.url
C:\WINDOWS\cfgmgr52.dll
C:\WINDOWS\cfgmgr52.ini
C:\WINDOWS\banner.dll
C:\_RESTORE\TEMP\IW50_QC.0
C:\_RESTORE\TEMP\MIREPL35.0
C:\_RESTORE\TEMP\HCSJ1695.0
C:\_RESTORE\TEMP\BPOWSEUI.0
C:\_RESTORE\TEMP\MZDOCS.0
C:\_RESTORE\TEMP\WONETMGR.0
C:\_RESTORE\TEMP\RZLMAIN.0
C:\_RESTORE\TEMP\LDTIF11N.0
C:\_RESTORE\TEMP\LHTIF80N.0
C:\_RESTORE\TEMP\SSGE.0
C:\_RESTORE\TEMP\MZENCODE.0
C:\_RESTORE\TEMP\WSASERVC.0
C:\_RESTORE\TEMP\HPINKPRX.0
C:\_RESTORE\ARCHIVE\FS1124.CAB[W0657908.CPY]
C:\_RESTORE\ARCHIVE\FS1127.CAB[W0659080.CPY]
C:\_RESTORE\ARCHIVE\FS1130.CAB[W0663218.CPY]
C:\_RESTORE\ARCHIVE\FS1133.CAB[W0663254.CPY]
C:\_RESTORE\ARCHIVE\FS1138.CAB[W0663284.CPY]
C:\_RESTORE\ARCHIVE\FS1135.CAB[W0663264.CPY]
C:\_RESTORE\ARCHIVE\FS1144.CAB[W0664384.CPY]
C:\_RESTORE\ARCHIVE\FS1140.CAB[W0663296.CPY]
C:\_RESTORE\ARCHIVE\FS1147.CAB[W0665399.CPY]
C:\_RESTORE\ARCHIVE\FS1150.CAB[W0667399.CPY]
C:\_RESTORE\ARCHIVE\FS1153.CAB[W0668405.CPY]
C:\_RESTORE\ARCHIVE\FS1158.CAB[W0668440.CPY]
C:\_RESTORE\ARCHIVE\FS1155.CAB[W0668418.CPY]
C:\_RESTORE\ARCHIVE\FS1168.CAB[W0669890.CPY]
C:\_RESTORE\ARCHIVE\FS1166.CAB[A0088113.CPY]
C:\_RESTORE\ARCHIVE\FS1166.CAB[A0088130.CPY]
C:\_RESTORE\ARCHIVE\FS1167.CAB[A0088238.CPY]
C:\_RESTORE\ARCHIVE\FS1167.CAB[A0088239.CPY]
C:\_RESTORE\ARCHIVE\FS1167.CAB[A0088258.CPY]
C:\_RESTORE\ARCHIVE\FS1167.CAB[A0088279.CPY]
C:\_RESTORE\ARCHIVE\FS1172.CAB[W0670066.CPY]
C:\_RESTORE\ARCHIVE\FS1170.CAB[W0669973.CPY]
C:\_RESTORE\ARCHIVE\FS1175.CAB[W0670266.CPY]
C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088729.CPY]
C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088731.CPY]
C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088733.CPY]
C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088735.CPY]
C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088737.CPY]
C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088739.CPY]
C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088741.CPY]
C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088743.CPY]
C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088745.CPY]
C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088747.CPY]
C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088753.CPY]
C:\_RESTORE\ARCHIVE\FS1178.CAB[W0671287.CPY]
C:\_RESTORE\ARCHIVE\FS1184.CAB[W0673444.CPY]
C:\_RESTORE\ARCHIVE\FS1188.CAB[A0090929.CPY]
C:\_RESTORE\ARCHIVE\FS1187.CAB[W0673534.CPY]
C:\_RESTORE\ARCHIVE\FS1193.CAB[A0091193.CPY]
C:\_RESTORE\ARCHIVE\FS1193.CAB[A0091195.CPY]
C:\_RESTORE\ARCHIVE\FS1192.CAB[W0673746.CPY]
C:\_RESTORE\ARCHIVE\FS1189.CAB[W0673612.CPY]
C:\_RESTORE\ARCHIVE\FS1195.CAB[W0674020.CPY]
C:\_RESTORE\ARCHIVE\FS1200.CAB[W0675137.CPY]
C:\_RESTORE\ARCHIVE\FS1197.CAB[W0674048.CPY]
C:\_RESTORE\ARCHIVE\FS1199.CAB[A0091290.CPY]
C:\_RESTORE\ARCHIVE\FS1199.CAB[A0091291.CPY]
C:\_RESTORE\ARCHIVE\FS1199.CAB[A0091292.CPY]
C:\_RESTORE\ARCHIVE\FS1202.CAB[W0675154.CPY]
C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076193.CPY]
C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076205.CPY]
C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076247.CPY]
C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076267.CPY]
C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076268.CPY]
C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076353.CPY]
C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076354.CPY]
C:\_RESTORE\ARCHIVE\FS1116.CAB[W0653543.CPY]
C:\_RESTORE\ARCHIVE\FS1115.CAB[A0076355.CPY]
C:\_RESTORE\ARCHIVE\FS1115.CAB[A0076367.CPY]
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

Run PandaScan again and post a new log, as well as a log from HiJackThis.
  • 0

#18
gambit293

gambit293

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi Justin,

Here is another Hijack log, and I will rerun Panda again, but I can't help but feel that I am not using Killbox correctly. I already manually checked several of the listed files after I rebooted, and they are all still there.

In killbox, I select Delete on Reboot, and then paste the list of files in, like you instructed; the file list appears in the text box/drop down. When I click on the red icon to exeute the Delete, it prompts that the files will be deleted on Reboot with an OK/Cancel pop-up. I select OK, and then killbox clears out its own parameters and more or less resets itself to its initial load status.

Is it supposed to automatically restart the computer at this point? I manually restart the computer myself.

Next time, can I manually delete the files myself in explorer in safe mode? Thanks for your patience!

-Andrew

Logfile of HijackThis v1.99.1
Scan saved at 2:43:14 PM, on 8/3/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\B'S CLIP\BSCLIP.EXE
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\QUICKENW\QWDLLS.EXE
C:\TOOLS_95\IMGICON.EXE
C:\PROGRAM FILES\MSAC-FD1\MSSTAT.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\BSCLIP.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\RunDLL32.exe C:\PROGRA~1\OFOTO\OFOTONOW\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - Startup: Iomega Disk Icons.lnk = C:\Tools_95\imgicon.exe
O4 - Startup: Memory Stick Monitor.lnk = C:\Program Files\MSAC-FD1\MSstat.exe
O4 - Startup: Dell Control Utility.lnk = C:\Program Files\TM1184\ControlUtility\ControlUtility.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5020} - C:\CSFBDIRECT\FLOWHOOK.DLL
  • 0

#19
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

I dont see anything bad in your log, so lets wait on the pandascan. Its odd because usually this stuff would show up in your HiJackThis log. If the Look2Me stuff shows up in your log, we will take the other method to removing the infection.
  • 0

#20
gambit293

gambit293

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hey Justin,

Here's the Panda log again. Thanks, as always, for your help.

-Andrew


Incident Status Location

Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\GWDEF.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MBWDAT10.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CUFG95.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SHMSCRPT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ALICAP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\HXDCI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QRUT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LGAD50.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PND.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MJNP32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WGASERVC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OQSSQ400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WXNINET.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\lvgif80n.dll
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Adware:adware/portalscan No disinfected C:\WINDOWS\SYSTEM\winupdt.bin
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PHFMGR.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CBTDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Cache\Installer.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Pabole32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ABV01W9X.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\viar332.dll
Adware:Adware/Searchforit No disinfected C:\WINDOWS\SYSTEM\ca2.dll
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\Brwjtn.exe
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\Lhyzbk.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\HQSJMCRO.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LAAD50.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MEACM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MWRSERV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JDSH400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\imv16.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Stp.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ltawd80n.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\HUACTIVE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA010.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD193.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD312.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD331.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav23AF.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3028.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav30EE.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav310B.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3133.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav313D.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav314E.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3157.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav31B2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav31FF.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3216.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav323D.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3279.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32BE.TMP[W0657908.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32C8.TMP[W0659080.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32D1.TMP[W0663218.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32D4.TMP[W0663254.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32D7.TMP[W0663284.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32E1.TMP[W0663264.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32E4.TMP[W0664384.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32E6.TMP[W0663296.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32F3.TMP[W0665399.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32F6.TMP[W0667399.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3302.TMP[W0668405.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3306.TMP[W0668440.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav33B0.TMP[W0668418.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav33B5.TMP[W0669890.CPY]
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\TEMP\pav4012.TMP[A0088113.CPY]
Spyware:Spyware/Dyfuca No disinfected C:\WINDOWS\TEMP\pav4012.TMP[A0088130.CPY]
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\TEMP\pav4061.TMP[A0088238.CPY]
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\TEMP\pav4061.TMP[A0088239.CPY]
Adware:Adware/DealHelper No disinfected C:\WINDOWS\TEMP\pav4061.TMP[A0088258.CPY]
Virus:Trj/Favadd.G No disinfected C:\WINDOWS\TEMP\pav4061.TMP[A0088279.CPY]
Adware:Adware/Apropos No disinfected C:\WINDOWS\TEMP\pav4071.TMP[W0670066.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav4074.TMP[W0669973.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav4081.TMP[W0670266.CPY]
Virus:Trj/Qoologic.D No disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088729.CPY]
Virus:Trj/Qoologic.E No disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088731.CPY]
Virus:Trj/Qoologic.F No disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088733.CPY]
Spyware:Spyware/ShopNav No disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088735.CPY]
Virus:Trj/Agent.ABE No disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088737.CPY]
Virus:Trj/Clicker.FV No disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088739.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088741.CPY]
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088743.CPY]
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088745.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088747.CPY]
Adware:Adware/eZula No disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088753.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav40A2.TMP[W0671287.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav40C6.TMP[W0673444.CPY]
Adware:Adware/Pacimedia No disinfected C:\WINDOWS\TEMP\pav5131.TMP[A0090929.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5140.TMP[W0673534.CPY]
Adware:Adware/Apropos No disinfected C:\WINDOWS\TEMP\pav5143.TMP[A0091193.CPY]
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\TEMP\pav5143.TMP[A0091195.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5161.TMP[W0673746.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5170.TMP[W0673612.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5175.TMP[W0674020.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5182.TMP[W0675137.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5184.TMP[W0674048.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\WINDOWS\TEMP\pav5185.TMP[A0091290.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\WINDOWS\TEMP\pav5185.TMP[A0091291.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\WINDOWS\TEMP\pav5185.TMP[A0091292.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5193.TMP[W0675154.CPY]
Virus:Trj/Dropper.DT No disinfected C:\WINDOWS\TEMP\pav7163.TMP[A0076193.CPY]
Adware:Adware/EliteBar No disinfected C:\WINDOWS\TEMP\pav7163.TMP[A0076205.CPY]
Adware:Adware/EliteBar No disinfected C:\WINDOWS\TEMP\pav7163.TMP[A0076247.CPY]
Adware:Adware/EliteBar No disinfected C:\WINDOWS\TEMP\pav7163.TMP[A0076267.CPY]
Adware:Adware/EliteBar No disinfected C:\WINDOWS\TEMP\pav7163.TMP[A0076268.CPY]
Virus:Trj/Downloader.BJG No disinfected C:\WINDOWS\TEMP\pav7163.TMP[A0076353.CPY]
Virus:Trj/Downloader.BJG No disinfected C:\WINDOWS\TEMP\pav7163.TMP[A0076354.CPY]
Adware:Adware/WinTools No disinfected C:\WINDOWS\TEMP\pav71A6.TMP[W0653543.CPY]
Virus:Trj/Downloader.BJG No disinfected C:\WINDOWS\TEMP\pav7221.TMP[A0076355.CPY]
Virus:Trj/Downloader.BYN No disinfected C:\WINDOWS\TEMP\pav7221.TMP[A0076367.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8208.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav83A2.TMP
Adware:adware/weirdontheweb No disinfected C:\WINDOWS\Favorites\WeirdOnTheWeb.url
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\cfgmgr52.dll
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\banner.dll
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\IW50_QC.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\MIREPL35.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\HCSJ1695.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\BPOWSEUI.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\MZDOCS.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\WONETMGR.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\RZLMAIN.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\LDTIF11N.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\LHTIF80N.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\SSGE.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\MZENCODE.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\WSASERVC.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\HPINKPRX.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\MJJDBC10.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\IB1X329X.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1124.CAB[W0657908.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1127.CAB[W0659080.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1130.CAB[W0663218.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1133.CAB[W0663254.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1138.CAB[W0663284.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1135.CAB[W0663264.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1144.CAB[W0664384.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1140.CAB[W0663296.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1147.CAB[W0665399.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1150.CAB[W0667399.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1153.CAB[W0668405.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1158.CAB[W0668440.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1155.CAB[W0668418.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1168.CAB[W0669890.CPY]
Spyware:Spyware/BetterInet No disinfected C:\_RESTORE\ARCHIVE\FS1166.CAB[A0088113.CPY]
Spyware:Spyware/Dyfuca No disinfected C:\_RESTORE\ARCHIVE\FS1166.CAB[A0088130.CPY]
Adware:Adware/DelFinMedia No disinfected C:\_RESTORE\ARCHIVE\FS1167.CAB[A0088238.CPY]
Adware:Adware/DelFinMedia No disinfected C:\_RESTORE\ARCHIVE\FS1167.CAB[A0088239.CPY]
Adware:Adware/DealHelper No disinfected C:\_RESTORE\ARCHIVE\FS1167.CAB[A0088258.CPY]
Virus:Trj/Favadd.G No disinfected C:\_RESTORE\ARCHIVE\FS1167.CAB[A0088279.CPY]
Adware:Adware/Apropos No disinfected C:\_RESTORE\ARCHIVE\FS1172.CAB[W0670066.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1170.CAB[W0669973.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1175.CAB[W0670266.CPY]
Virus:Trj/Qoologic.D No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088729.CPY]
Virus:Trj/Qoologic.E No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088731.CPY]
Virus:Trj/Qoologic.F No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088733.CPY]
Spyware:Spyware/ShopNav No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088735.CPY]
Virus:Trj/Agent.ABE No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088737.CPY]
Virus:Trj/Clicker.FV No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088739.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088741.CPY]
Adware:Adware/DelFinMedia No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088743.CPY]
Spyware:Spyware/ISTbar No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088745.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088747.CPY]
Adware:Adware/eZula No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088753.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1178.CAB[W0671287.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1184.CAB[W0673444.CPY]
Adware:Adware/Pacimedia No disinfected C:\_RESTORE\ARCHIVE\FS1188.CAB[A0090929.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1187.CAB[W0673534.CPY]
Adware:Adware/Apropos No disinfected C:\_RESTORE\ARCHIVE\FS1193.CAB[A0091193.CPY]
Adware:Adware/DelFinMedia No disinfected C:\_RESTORE\ARCHIVE\FS1193.CAB[A0091195.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1192.CAB[W0673746.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1189.CAB[W0673612.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1195.CAB[W0674020.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1200.CAB[W0675137.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1197.CAB[W0674048.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\_RESTORE\ARCHIVE\FS1199.CAB[A0091290.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\_RESTORE\ARCHIVE\FS1199.CAB[A0091291.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\_RESTORE\ARCHIVE\FS1199.CAB[A0091292.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1202.CAB[W0675154.CPY]
Virus:Trj/Dropper.DT No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076193.CPY]
Adware:Adware/EliteBar No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076205.CPY]
Adware:Adware/EliteBar No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076247.CPY]
Adware:Adware/EliteBar No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076267.CPY]
Adware:Adware/EliteBar No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076268.CPY]
Virus:Trj/Downloader.BJG No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076353.CPY]
Virus:Trj/Downloader.BJG No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076354.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1116.CAB[W0653543.CPY]
Virus:Trj/Downloader.BJG No disinfected C:\_RESTORE\ARCHIVE\FS1115.CAB[A0076355.CPY]
Virus:Trj/Downloader.BYN No disinfected C:\_RESTORE\ARCHIVE\FS1115.CAB[A0076367.CPY]
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
  • 0

#21
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

I do not like how this is working out. So we are going to use the "old school" method.

Download FindIt9xME.

Unzip the contents to a folder. When it has unzipped, open that folder and double click on Find.bat. It will run for a while, so be patient, and then produce a log (ignore any File not found messages on the screen, it should continue anyway).

Please copy and paste that log here.

From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the files will have changed and the fix provided will not work.

You probably still have this installed. If you do, then just run it and post the log for me.
  • 0

#22
gambit293

gambit293

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi Justin,

Here is the log file from FindIt:

Thanks!

-Andrew

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 07D0-0C0C
Directory of C:\WINDOWS\SYSTEM

LGAD50 DLL 405,504 07-31-05 7:36p LGAD50.DLL
1 file(s) 405,504 bytes
0 dir(s) 1,339.03 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 07D0-0C0C
Directory of C:\WINDOWS\SYSTEM

VIDCTRL <DIR> 06-12-05 10:11p vidctrl
FOLDER HTT 23,155 06-27-00 1:48p FOLDER.HTT
DESKTOP INI 271 06-27-00 1:48p DESKTOP.INI
2 file(s) 23,426 bytes
1 dir(s) 1,339.02 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{B610C3C1-97CC-B4EA-C6D4-2593E62B2630}"=""

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
lgad50.dll Sun Jul 31 2005 7:36:54p ..S.R 405,504 396.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 405,504 bytes 396.00 K

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.P
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.N
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.I
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.H
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.E
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.D
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.A
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.P
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.N
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.I
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.H
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.E
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.D
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.G
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.C
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.B
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.A

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\GWDEF.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\GWDEF.DLL: UMonitor
C:\WINDOWS\SYSTEM\GWDEF.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MBWDAT10.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MBWDAT10.DLL: UMonitor
C:\WINDOWS\SYSTEM\MBWDAT10.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\CUFG95.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\CUFG95.DLL: UMonitor
C:\WINDOWS\SYSTEM\CUFG95.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WDI.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WDI.DLL: UMonitor
C:\WINDOWS\SYSTEM\WDI.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\SHMSCRPT.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\SHMSCRPT.DLL: UMonitor
C:\WINDOWS\SYSTEM\SHMSCRPT.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\ALICAP.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\ALICAP.DLL: UMonitor
C:\WINDOWS\SYSTEM\ALICAP.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\HXDCI.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\HXDCI.DLL: UMonitor
C:\WINDOWS\SYSTEM\HXDCI.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\QRUT.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\QRUT.DLL: UMonitor
C:\WINDOWS\SYSTEM\QRUT.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\LGAD50.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\LGAD50.DLL: UMonitor
C:\WINDOWS\SYSTEM\LGAD50.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\PND.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\PND.DLL: UMonitor
C:\WINDOWS\SYSTEM\PND.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MJNP32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MJNP32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MJNP32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WGASERVC.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WGASERVC.DLL: UMonitor
C:\WINDOWS\SYSTEM\WGASERVC.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\OQSSQ400.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\OQSSQ400.DLL: UMonitor
C:\WINDOWS\SYSTEM\OQSSQ400.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WXNINET.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WXNINET.DLL: UMonitor
C:\WINDOWS\SYSTEM\WXNINET.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\lvgif80n.dll: InitUMonitor
C:\WINDOWS\SYSTEM\lvgif80n.dll: UMonitor
C:\WINDOWS\SYSTEM\lvgif80n.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\PHFMGR.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\PHFMGR.DLL: UMonitor
C:\WINDOWS\SYSTEM\PHFMGR.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\CBTDLL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\CBTDLL.DLL: UMonitor
C:\WINDOWS\SYSTEM\CBTDLL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\Pabole32.dll: InitUMonitor
C:\WINDOWS\SYSTEM\Pabole32.dll: UMonitor
C:\WINDOWS\SYSTEM\Pabole32.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\ABV01W9X.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\ABV01W9X.DLL: UMonitor
C:\WINDOWS\SYSTEM\ABV01W9X.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\viar332.dll: InitUMonitor
C:\WINDOWS\SYSTEM\viar332.dll: UMonitor
C:\WINDOWS\SYSTEM\viar332.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\HQSJMCRO.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\HQSJMCRO.DLL: UMonitor
C:\WINDOWS\SYSTEM\HQSJMCRO.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\LAAD50.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\LAAD50.DLL: UMonitor
C:\WINDOWS\SYSTEM\LAAD50.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MEACM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MEACM.DLL: UMonitor
C:\WINDOWS\SYSTEM\MEACM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MWRSERV.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MWRSERV.DLL: UMonitor
C:\WINDOWS\SYSTEM\MWRSERV.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\JDSH400.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\JDSH400.DLL: UMonitor
C:\WINDOWS\SYSTEM\JDSH400.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\imv16.dll: InitUMonitor
C:\WINDOWS\SYSTEM\imv16.dll: UMonitor
C:\WINDOWS\SYSTEM\imv16.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\Stp.dll: InitUMonitor
C:\WINDOWS\SYSTEM\Stp.dll: UMonitor
C:\WINDOWS\SYSTEM\Stp.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\ltawd80n.dll: InitUMonitor
C:\WINDOWS\SYSTEM\ltawd80n.dll: UMonitor
C:\WINDOWS\SYSTEM\ltawd80n.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\HUACTIVE.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\HUACTIVE.DLL: UMonitor
C:\WINDOWS\SYSTEM\HUACTIVE.DLL: /cgi-bin/UMonitorV2

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s"
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"EnsoniqMixer"="starter.exe"
"EM_EXEC"="C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"RxMon"="C:\\Program Files\\Dell\\Resolution Assistant\\Common\\bin\\RxMon9x.exe"
"MadExe"="C:\\PROGRAM FILES\\DELL\\RESOLUTION ASSISTANT\\COMMON\\BIN\\LaunchRA.exe -boot"
"Microsoft IntelliType Pro"="\"C:\\Program Files\\Microsoft Hardware\\Keyboard\\speedkey.exe\""
"LoadQM"="loadqm.exe"
"WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"MotiveMonitor"="C:\\Program Files\\Motive\\motmon.exe"
"Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"QuickTime Task"="C:\\WINDOWS\\SYSTEM\\QTTASK.EXE"
"B'sCLiP"="C:\\PROGRA~1\\B'SCLI~1\\BSCLIP.exe"
"TPP Auto Loader"="C:\\WINDOWS\\TPPALDR.EXE"
"ICSDCLT"="C:\\WINDOWS\\rundll32.exe C:\\WINDOWS\\SYSTEM\\icsdclt.dll,ICSClient"
"AVG7_CC"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGCC.EXE /STARTUP"
"AVG7_AMSVR"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGAMSVR.EXE"
"THGuard"="\"C:\\PROGRAM FILES\\TROJANHUNTER 4.2\\THGUARD.EXE\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"



  • 0

#23
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

I am consulting with another helper about this issue. I am confused how one scan shows lots of one infection, and then the other infection shows 1 file. Please keep your system on if possible.
  • 0

#24
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Please download L2m9xfix here:
http://forums.spywar...ype=post&id=803

Unzip it to the desktop and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.
  • 0

#25
gambit293

gambit293

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi Justin,

At the moment, I am having problems downloading the file. Is it hosted anywhere else? Here is a link to what I believe is the original thread:

http://forums.spywar...pic=52069&st=15

Thanks.

-Andrew
  • 0

Advertisements


#26
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Try this link
  • 0

#27
gambit293

gambit293

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi Justin,

I'm still having problems with this link:

http://forums.spywar...ype=post&id=803

I receive an error message that says:

"Sorry, but you do not have permission to use this feature. If you are not logged in, you may do so using the form below if available."

...although I am registered and logged in at spywareinfo.

Thanks.

Andrew
  • 0

#28
Swandog46

Swandog46

    Malware Expert

  • Member
  • PipPipPipPip
  • 1,026 posts
  • MVP
Hi gambit293 :tazz:

I apologize to Jfcap for stepping in on this thread, but I've uploaded the tool you've been trying to download (I wrote it) to the bottom of this post, to avoid the problems with the link. We should have the links fixed by later today, but I didn't want you to have to wait that long to give it a try. Please download from the attachment at the bottom of this post and then proceed with Jfcap's instructions.

Thanks to both of you! ;)


Edit: GeeksToGo now has a mirror up at:
http://www.geekstogo...ds/l2m9xfix.zip

So I am removing the attachment from this thread. Thanks! :)

Edited by Swandog46, 04 August 2005 - 08:38 AM.

  • 0

#29
gambit293

gambit293

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi Justin,

Here is the log from the bat file. Keep in mind that there are a lot of blank lines in the log:

Log of L2M9XFix v1

************

Running from directory:
C:\WINDOWS\DESKTOP\l2m9xfix

************

Files found:

C:\WINDOWS\system\ABV01W9X.DLL
C:\WINDOWS\system\ABV01W9X.DLL
C:\WINDOWS\system\ABV01W9X.DLL
C:\WINDOWS\system\ABV01W9X.DLL
C:\WINDOWS\system\ALICAP.DLL
C:\WINDOWS\system\ALICAP.DLL
C:\WINDOWS\system\ALICAP.DLL
C:\WINDOWS\system\ALICAP.DLL
C:\WINDOWS\system\CBTDLL.DLL
C:\WINDOWS\system\CBTDLL.DLL
C:\WINDOWS\system\CBTDLL.DLL
C:\WINDOWS\system\CBTDLL.DLL
C:\WINDOWS\system\CUFG95.DLL
C:\WINDOWS\system\CUFG95.DLL
C:\WINDOWS\system\CUFG95.DLL
C:\WINDOWS\system\CUFG95.DLL
C:\WINDOWS\system\GWDEF.DLL
C:\WINDOWS\system\GWDEF.DLL
C:\WINDOWS\system\GWDEF.DLL
C:\WINDOWS\system\GWDEF.DLL
C:\WINDOWS\system\HQSJMCRO.DLL
C:\WINDOWS\system\HQSJMCRO.DLL
C:\WINDOWS\system\HQSJMCRO.DLL
C:\WINDOWS\system\HQSJMCRO.DLL
C:\WINDOWS\system\HUACTIVE.DLL
C:\WINDOWS\system\HUACTIVE.DLL
C:\WINDOWS\system\HUACTIVE.DLL
C:\WINDOWS\system\HUACTIVE.DLL
C:\WINDOWS\system\HXDCI.DLL
C:\WINDOWS\system\HXDCI.DLL
C:\WINDOWS\system\HXDCI.DLL
C:\WINDOWS\system\HXDCI.DLL
C:\WINDOWS\system\imv16.dll
C:\WINDOWS\system\imv16.dll
C:\WINDOWS\system\imv16.dll
C:\WINDOWS\system\imv16.dll
C:\WINDOWS\system\JDSH400.DLL
C:\WINDOWS\system\JDSH400.DLL
C:\WINDOWS\system\JDSH400.DLL
C:\WINDOWS\system\JDSH400.DLL
C:\WINDOWS\system\LAAD50.DLL
C:\WINDOWS\system\LAAD50.DLL
C:\WINDOWS\system\LAAD50.DLL
C:\WINDOWS\system\LAAD50.DLL
C:\WINDOWS\system\LGAD50.DLL
C:\WINDOWS\system\LGAD50.DLL
C:\WINDOWS\system\LGAD50.DLL
C:\WINDOWS\system\LGAD50.DLL
C:\WINDOWS\system\ltawd80n.dll
C:\WINDOWS\system\ltawd80n.dll
C:\WINDOWS\system\ltawd80n.dll
C:\WINDOWS\system\ltawd80n.dll
C:\WINDOWS\system\lvgif80n.dll
C:\WINDOWS\system\lvgif80n.dll
C:\WINDOWS\system\lvgif80n.dll
C:\WINDOWS\system\lvgif80n.dll
C:\WINDOWS\system\MBWDAT10.DLL
C:\WINDOWS\system\MBWDAT10.DLL
C:\WINDOWS\system\MBWDAT10.DLL
C:\WINDOWS\system\MBWDAT10.DLL
C:\WINDOWS\system\MEACM.DLL
C:\WINDOWS\system\MEACM.DLL
C:\WINDOWS\system\MEACM.DLL
C:\WINDOWS\system\MEACM.DLL
C:\WINDOWS\system\MJNP32.DLL
C:\WINDOWS\system\MJNP32.DLL
C:\WINDOWS\system\MJNP32.DLL
C:\WINDOWS\system\MJNP32.DLL
C:\WINDOWS\system\MWRSERV.DLL
C:\WINDOWS\system\MWRSERV.DLL
C:\WINDOWS\system\MWRSERV.DLL
C:\WINDOWS\system\MWRSERV.DLL
C:\WINDOWS\system\OQSSQ400.DLL
C:\WINDOWS\system\OQSSQ400.DLL
C:\WINDOWS\system\OQSSQ400.DLL
C:\WINDOWS\system\OQSSQ400.DLL
C:\WINDOWS\system\Pabole32.dll
C:\WINDOWS\system\Pabole32.dll
C:\WINDOWS\system\Pabole32.dll
C:\WINDOWS\system\Pabole32.dll
C:\WINDOWS\system\PHFMGR.DLL
C:\WINDOWS\system\PHFMGR.DLL
C:\WINDOWS\system\PHFMGR.DLL
C:\WINDOWS\system\PHFMGR.DLL
C:\WINDOWS\system\PND.DLL
C:\WINDOWS\system\PND.DLL
C:\WINDOWS\system\PND.DLL
C:\WINDOWS\system\PND.DLL
C:\WINDOWS\system\QRUT.DLL
C:\WINDOWS\system\QRUT.DLL
C:\WINDOWS\system\QRUT.DLL
C:\WINDOWS\system\QRUT.DLL
C:\WINDOWS\system\SHMSCRPT.DLL
C:\WINDOWS\system\SHMSCRPT.DLL
C:\WINDOWS\system\SHMSCRPT.DLL
C:\WINDOWS\system\SHMSCRPT.DLL
C:\WINDOWS\system\Stp.dll
C:\WINDOWS\system\Stp.dll
C:\WINDOWS\system\Stp.dll
C:\WINDOWS\system\Stp.dll
C:\WINDOWS\system\viar332.dll
C:\WINDOWS\system\viar332.dll
C:\WINDOWS\system\viar332.dll
C:\WINDOWS\system\viar332.dll
C:\WINDOWS\system\WDI.DLL
C:\WINDOWS\system\WDI.DLL
C:\WINDOWS\system\WDI.DLL
C:\WINDOWS\system\WDI.DLL
C:\WINDOWS\system\WGASERVC.DLL
C:\WINDOWS\system\WGASERVC.DLL
C:\WINDOWS\system\WGASERVC.DLL
C:\WINDOWS\system\WGASERVC.DLL
C:\WINDOWS\system\WXNINET.DLL
C:\WINDOWS\system\WXNINET.DLL
C:\WINDOWS\system\WXNINET.DLL
C:\WINDOWS\system\WXNINET.DLL

************

Registry entries found:













































[HKEY_CLASSES_ROOT\CLSID\{D91092FA-775C-478C-906E-CBB19490CDF5}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\LGAD50.DLL"

[HKEY_CLASSES_ROOT\CLSID\{D91092FA-775C-478C-906E-CBB19490CDF5}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\LGAD50.DLL"

[HKEY_CLASSES_ROOT\CLSID\{D91092FA-775C-478C-906E-CBB19490CDF5}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\LGAD50.DLL"

[HKEY_CLASSES_ROOT\CLSID\{D91092FA-775C-478C-906E-CBB19490CDF5}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\LGAD50.DLL"







































































************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!
  • 0

#30
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Well that looks like it accomplished what it needed to do! Can you post a new FindIt9xME log, so we can make sure its all gone. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP