Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BookedSpace et al. on Windows ME [RESOLVED]


  • This topic is locked This topic is locked

#31
gambit293

gambit293

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
...and here is another Hijack log after one reboot.

Unfortunately, I am going out of town, and will be unable to work on the computer until sometime on Sunday. But I do look forward to wrapping it up after then (hopefully soon before I actually move away later next week).

Thanks for your help, and have a good weekend!

Logfile of HijackThis v1.99.1
Scan saved at 12:35:17 PM, on 8/4/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\B'S CLIP\BSCLIP.EXE
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\QUICKENW\QWDLLS.EXE
C:\TOOLS_95\IMGICON.EXE
C:\PROGRAM FILES\MSAC-FD1\MSSTAT.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\BSCLIP.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\RunDLL32.exe C:\PROGRA~1\OFOTO\OFOTONOW\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - Startup: Iomega Disk Icons.lnk = C:\Tools_95\imgicon.exe
O4 - Startup: Memory Stick Monitor.lnk = C:\Program Files\MSAC-FD1\MSstat.exe
O4 - Startup: Dell Control Utility.lnk = C:\Program Files\TM1184\ControlUtility\ControlUtility.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5020} - C:\CSFBDIRECT\FLOWHOOK.DLL
  • 0

Advertisements


#32
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
I will be here when you get back =).

Your HiJackThis log looks great. We will see how things look once we get the FindIt9xME log.

Have a great trip! :tazz:
  • 0

#33
gambit293

gambit293

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Last but not least... here is the 9x log file:

This will be my last post for a few days. Have a good weekend!
-Andrew


Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 07D0-0C0C
Directory of C:\WINDOWS\SYSTEM

1,344.20 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 07D0-0C0C
Directory of C:\WINDOWS\SYSTEM

VIDCTRL <DIR> 06-12-05 10:11p vidctrl
FOLDER HTT 23,155 06-27-00 1:48p FOLDER.HTT
DESKTOP INI 271 06-27-00 1:48p DESKTOP.INI
2 file(s) 23,426 bytes
1 dir(s) 1,344.20 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

------------------ Locate.com Results ------------------

No matches found.

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.P
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.N
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.I
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.H
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.E
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.D
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.A
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.P
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.N
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.I
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.H
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.E
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.D
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.G
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.C
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.B
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.A

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s"
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"EnsoniqMixer"="starter.exe"
"EM_EXEC"="C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"RxMon"="C:\\Program Files\\Dell\\Resolution Assistant\\Common\\bin\\RxMon9x.exe"
"MadExe"="C:\\PROGRAM FILES\\DELL\\RESOLUTION ASSISTANT\\COMMON\\BIN\\LaunchRA.exe -boot"
"Microsoft IntelliType Pro"="\"C:\\Program Files\\Microsoft Hardware\\Keyboard\\speedkey.exe\""
"LoadQM"="loadqm.exe"
"WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"MotiveMonitor"="C:\\Program Files\\Motive\\motmon.exe"
"Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"QuickTime Task"="C:\\WINDOWS\\SYSTEM\\QTTASK.EXE"
"B'sCLiP"="C:\\PROGRA~1\\B'SCLI~1\\BSCLIP.exe"
"TPP Auto Loader"="C:\\WINDOWS\\TPPALDR.EXE"
"ICSDCLT"="C:\\WINDOWS\\rundll32.exe C:\\WINDOWS\\SYSTEM\\icsdclt.dll,ICSClient"
"AVG7_CC"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGCC.EXE /STARTUP"
"AVG7_AMSVR"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGAMSVR.EXE"
"THGuard"="\"C:\\PROGRAM FILES\\TROJANHUNTER 4.2\\THGUARD.EXE\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"



  • 0

#34
gambit293

gambit293

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi Justin,

FYI, I'm back and ready to resume work on the computer. Unfortunately, another clock is ticking as well: I'm moving to DC this week, and will be returning the PC to my parents for good, probably Tuesday or Wednesday, before I leave. Hopefully we can get finished or at least close to it by then.

Thanks for all your time and help.

-Andrew
  • 0

#35
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Welcome Back!

I want to see what PandaScan shows on your computer.

Run Panda ActiveScan<<<Accept default settings, save and post the log.

We should be able to get this solved by Tuesday! :tazz:
  • 0

#36
gambit293

gambit293

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi Justin,

Unfortunately, although I left the system turned on when I left, it crashed while I was out of town. (&*^$! ME). So I had to reboot it.

Here is another Hijack log, followed by a Panda log.

Thanks. Let me know if I should run CleanUp to wipe out many of those temp files. (Running cleanup tends to speed up Panda too since there are fewer files to scan)

-Andrew

Logfile of HijackThis v1.99.1
Scan saved at 6:57:16 PM, on 8/7/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\B'S CLIP\BSCLIP.EXE
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\QUICKENW\QWDLLS.EXE
C:\TOOLS_95\IMGICON.EXE
C:\PROGRAM FILES\MSAC-FD1\MSSTAT.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\BSCLIP.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\RunDLL32.exe C:\PROGRA~1\OFOTO\OFOTONOW\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - Startup: Iomega Disk Icons.lnk = C:\Tools_95\imgicon.exe
O4 - Startup: Memory Stick Monitor.lnk = C:\Program Files\MSAC-FD1\MSstat.exe
O4 - Startup: Dell Control Utility.lnk = C:\Program Files\TM1184\ControlUtility\ControlUtility.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O18 - Protocol: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5020} - C:\CSFBDIRECT\FLOWHOOK.DLL

***********begin panda***********


Incident Status Location

Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Adware:adware/portalscan No disinfected C:\WINDOWS\SYSTEM\winupdt.bin
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Cache\Installer.exe
Adware:Adware/Searchforit No disinfected C:\WINDOWS\SYSTEM\ca2.dll
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\Brwjtn.exe
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\Lhyzbk.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\ABV01W9X.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\ALICAP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\CBTDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\CUFG95.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\GWDEF.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\HQSJMCRO.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\HUACTIVE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\HXDCI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\imv16.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\JDSH400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\LAAD50.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\LGAD50.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\ltawd80n.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\lvgif80n.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\MBWDAT10.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\MEACM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\MJNP32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\MWRSERV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\OQSSQ400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\Pabole32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\PHFMGR.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\PND.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\QRUT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\SHMSCRPT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\Stp.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\viar332.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\WDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\WGASERVC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\WXNINET.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA010.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD193.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD312.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD331.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav23AF.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3028.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav30EE.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav310B.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3133.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav313D.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav314E.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3157.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav31B2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav31FF.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3216.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav323D.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3279.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32BE.TMP[W0657908.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32C8.TMP[W0659080.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32D1.TMP[W0663218.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32D4.TMP[W0663254.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32D7.TMP[W0663284.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32E1.TMP[W0663264.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32E4.TMP[W0664384.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32E6.TMP[W0663296.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32F3.TMP[W0665399.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32F6.TMP[W0667399.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3302.TMP[W0668405.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3306.TMP[W0668440.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav33B0.TMP[W0668418.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav33B5.TMP[W0669890.CPY]
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\TEMP\pav4012.TMP[A0088113.CPY]
Spyware:Spyware/Dyfuca No disinfected C:\WINDOWS\TEMP\pav4012.TMP[A0088130.CPY]
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\TEMP\pav4061.TMP[A0088238.CPY]
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\TEMP\pav4061.TMP[A0088239.CPY]
Adware:Adware/DealHelper No disinfected C:\WINDOWS\TEMP\pav4061.TMP[A0088258.CPY]
Virus:Trj/Favadd.G No disinfected C:\WINDOWS\TEMP\pav4061.TMP[A0088279.CPY]
Adware:Adware/Apropos No disinfected C:\WINDOWS\TEMP\pav4071.TMP[W0670066.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav4074.TMP[W0669973.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav4081.TMP[W0670266.CPY]
Virus:Trj/Qoologic.D No disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088729.CPY]
Virus:Trj/Qoologic.E No disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088731.CPY]
Virus:Trj/Qoologic.F No disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088733.CPY]
Spyware:Spyware/ShopNav No disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088735.CPY]
Virus:Trj/Agent.ABE No disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088737.CPY]
Virus:Trj/Clicker.FV No disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088739.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088741.CPY]
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088743.CPY]
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088745.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088747.CPY]
Adware:Adware/eZula No disinfected C:\WINDOWS\TEMP\pav4085.TMP[A0088753.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav40A2.TMP[W0671287.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav40C6.TMP[W0673444.CPY]
Adware:Adware/Pacimedia No disinfected C:\WINDOWS\TEMP\pav5131.TMP[A0090929.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5140.TMP[W0673534.CPY]
Adware:Adware/Apropos No disinfected C:\WINDOWS\TEMP\pav5143.TMP[A0091193.CPY]
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\TEMP\pav5143.TMP[A0091195.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5161.TMP[W0673746.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5170.TMP[W0673612.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5175.TMP[W0674020.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5182.TMP[W0675137.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5184.TMP[W0674048.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\WINDOWS\TEMP\pav5185.TMP[A0091290.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\WINDOWS\TEMP\pav5185.TMP[A0091291.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\WINDOWS\TEMP\pav5185.TMP[A0091292.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5193.TMP[W0675154.CPY]
Virus:Trj/Dropper.DT No disinfected C:\WINDOWS\TEMP\pav7163.TMP[A0076193.CPY]
Adware:Adware/EliteBar No disinfected C:\WINDOWS\TEMP\pav7163.TMP[A0076205.CPY]
Adware:Adware/EliteBar No disinfected C:\WINDOWS\TEMP\pav7163.TMP[A0076247.CPY]
Adware:Adware/EliteBar No disinfected C:\WINDOWS\TEMP\pav7163.TMP[A0076267.CPY]
Adware:Adware/EliteBar No disinfected C:\WINDOWS\TEMP\pav7163.TMP[A0076268.CPY]
Virus:Trj/Downloader.BJG No disinfected C:\WINDOWS\TEMP\pav7163.TMP[A0076353.CPY]
Virus:Trj/Downloader.BJG No disinfected C:\WINDOWS\TEMP\pav7163.TMP[A0076354.CPY]
Adware:Adware/WinTools No disinfected C:\WINDOWS\TEMP\pav71A6.TMP[W0653543.CPY]
Virus:Trj/Downloader.BJG No disinfected C:\WINDOWS\TEMP\pav7221.TMP[A0076355.CPY]
Virus:Trj/Downloader.BYN No disinfected C:\WINDOWS\TEMP\pav7221.TMP[A0076367.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8208.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav83A2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav233A.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav301C.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav335D.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3379.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav33DB.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav33E5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav413A.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav415D.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav41F4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav428B.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav42AA.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav42F6.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav438C.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav43AE.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5032.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5125.TMP[W0657908.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5148.TMP[W0659080.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav514B.TMP[W0663218.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5150.TMP[W0663254.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5153.TMP[W0663284.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5156.TMP[W0663264.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5165.TMP[W0664384.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5177.TMP[W0663296.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav517B.TMP[W0665399.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5189.TMP[W0667399.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5197.TMP[W0668405.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav51A6.TMP[W0668440.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav52B6.TMP[W0668418.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav52D7.TMP[W0669890.CPY]
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\TEMP\pav52E3.TMP[A0088113.CPY]
Spyware:Spyware/Dyfuca No disinfected C:\WINDOWS\TEMP\pav52E3.TMP[A0088130.CPY]
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\TEMP\pav5361.TMP[A0088238.CPY]
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\TEMP\pav5361.TMP[A0088239.CPY]
Adware:Adware/DealHelper No disinfected C:\WINDOWS\TEMP\pav5361.TMP[A0088258.CPY]
Virus:Trj/Favadd.G No disinfected C:\WINDOWS\TEMP\pav5361.TMP[A0088279.CPY]
Adware:Adware/Apropos No disinfected C:\WINDOWS\TEMP\pav5366.TMP[W0670066.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5373.TMP[W0669973.CPY]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5375.TMP[W0670266.CPY]
Virus:Trj/Qoologic.D No disinfected C:\WINDOWS\TEMP\pav5386.TMP[A0088729.CPY]
Virus:Trj/Qoologic.E No disinfected C:\WINDOWS\TEMP\pav5386.TMP[A0088731.CPY]
Virus:Trj/Qoologic.F No disinfected C:\WINDOWS\TEMP\pav5386.TMP[A0088733.CPY]
Spyware:Spyware/ShopNav No disinfected C:\WINDOWS\TEMP\pav5386.TMP[A0088735.CPY]
Virus:Trj/Agent.ABE No disinfected C:\WINDOWS\TEMP\pav5386.TMP[A0088737.CPY]
Virus:Trj/Clicker.FV No disinfected C:\WINDOWS\TEMP\pav5386.TMP[A0088739.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\WINDOWS\TEMP\pav5386.TMP[A0088741.CPY]
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\TEMP\pav5386.TMP[A0088743.CPY]
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\TEMP\pav5386.TMP[A0088745.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\WINDOWS\TEMP\pav5386.TMP[A0088747.CPY]
Adware:Adware/eZula No disinfected C:\WINDOWS\TEMP\pav5386.TMP[A0088753.CPY]
  • 0

#37
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
This is one infection that really does not want to go away.

Run Cleanup to get rid of the temp files, and then run this fix...again. Sorry this is taking so long. If It doesnt work after this try, I will ask around.

Please download L2m9xfix here:
http://swandog46.gee...om/l2m9xfix.exe

Save it to the desktop and run it. Extract the files, and then open the l2m9xfix folder you just created and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.

Then run PandaScan and post the log. Also run the FindIt9xME scan and post that log.
  • 0

#38
gambit293

gambit293

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi Justin,

Before proceeding with l2m9xfix.exe, I decided to:

-run cleanup, which removed several gigs of tmp files
-and then run panda one more time.

Here is the panda log yet again. I DO believe that the l2m9xfix.exe did SOMETHING last time, because I noticed that there were no pop-ups at all while panda was running online with an active Internet connection. Also, you're probably aware of this already, but many of the look2 files reported by panda appear to be archived files quarantined by l2m9xfix itself.

Should I nevertheless rerun l2m9xfix?

Thanks.

-Andrew


Incident Status Location

Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Adware:adware/portalscan No disinfected C:\WINDOWS\SYSTEM\winupdt.bin
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Cache\Installer.exe
Adware:Adware/Searchforit No disinfected C:\WINDOWS\SYSTEM\ca2.dll
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\Brwjtn.exe
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\Lhyzbk.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\ABV01W9X.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\ALICAP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\CBTDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\CUFG95.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\GWDEF.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\HQSJMCRO.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\HUACTIVE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\HXDCI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\imv16.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\JDSH400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\LAAD50.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\LGAD50.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\ltawd80n.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\lvgif80n.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\MBWDAT10.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\MEACM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\MJNP32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\MWRSERV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\OQSSQ400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\Pabole32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\PHFMGR.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\PND.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\QRUT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\SHMSCRPT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\Stp.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\viar332.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\WDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\WGASERVC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\WXNINET.DLL
Adware:adware/weirdontheweb No disinfected C:\WINDOWS\Favorites\WeirdOnTheWeb.url
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\cfgmgr52.dll
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\banner.dll
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1124.CAB[W0657908.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1127.CAB[W0659080.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1130.CAB[W0663218.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1133.CAB[W0663254.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1138.CAB[W0663284.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1135.CAB[W0663264.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1144.CAB[W0664384.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1140.CAB[W0663296.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1147.CAB[W0665399.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1150.CAB[W0667399.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1153.CAB[W0668405.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1158.CAB[W0668440.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1155.CAB[W0668418.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1168.CAB[W0669890.CPY]
Spyware:Spyware/BetterInet No disinfected C:\_RESTORE\ARCHIVE\FS1166.CAB[A0088113.CPY]
Spyware:Spyware/Dyfuca No disinfected C:\_RESTORE\ARCHIVE\FS1166.CAB[A0088130.CPY]
Adware:Adware/DelFinMedia No disinfected C:\_RESTORE\ARCHIVE\FS1167.CAB[A0088238.CPY]
Adware:Adware/DelFinMedia No disinfected C:\_RESTORE\ARCHIVE\FS1167.CAB[A0088239.CPY]
Adware:Adware/DealHelper No disinfected C:\_RESTORE\ARCHIVE\FS1167.CAB[A0088258.CPY]
Virus:Trj/Favadd.G No disinfected C:\_RESTORE\ARCHIVE\FS1167.CAB[A0088279.CPY]
Adware:Adware/Apropos No disinfected C:\_RESTORE\ARCHIVE\FS1172.CAB[W0670066.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1170.CAB[W0669973.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1175.CAB[W0670266.CPY]
Virus:Trj/Qoologic.D No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088729.CPY]
Virus:Trj/Qoologic.E No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088731.CPY]
Virus:Trj/Qoologic.F No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088733.CPY]
Spyware:Spyware/ShopNav No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088735.CPY]
Virus:Trj/Agent.ABE No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088737.CPY]
Virus:Trj/Clicker.FV No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088739.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088741.CPY]
Adware:Adware/DelFinMedia No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088743.CPY]
Spyware:Spyware/ISTbar No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088745.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088747.CPY]
Adware:Adware/eZula No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088753.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1178.CAB[W0671287.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1184.CAB[W0673444.CPY]
Adware:Adware/Pacimedia No disinfected C:\_RESTORE\ARCHIVE\FS1188.CAB[A0090929.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1187.CAB[W0673534.CPY]
Adware:Adware/Apropos No disinfected C:\_RESTORE\ARCHIVE\FS1193.CAB[A0091193.CPY]
Adware:Adware/DelFinMedia No disinfected C:\_RESTORE\ARCHIVE\FS1193.CAB[A0091195.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1192.CAB[W0673746.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1189.CAB[W0673612.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1195.CAB[W0674020.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1200.CAB[W0675137.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1197.CAB[W0674048.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\_RESTORE\ARCHIVE\FS1199.CAB[A0091290.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\_RESTORE\ARCHIVE\FS1199.CAB[A0091291.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\_RESTORE\ARCHIVE\FS1199.CAB[A0091292.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1208.CAB[W0675929.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1202.CAB[W0675154.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1212.CAB[W0676321.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1214.CAB[W0676390.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1217.CAB[W0676517.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1220.CAB[W0676567.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1223.CAB[W0676731.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1227.CAB[W0677037.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1225.CAB[W0676991.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1232.CAB[W0678166.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1229.CAB[W0677154.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1236.CAB[W0678293.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1234.CAB[W0678190.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094561.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094563.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094565.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094567.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094569.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094571.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094573.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094575.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094577.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094579.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094581.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094583.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094585.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094587.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094589.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094591.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094593.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094595.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094597.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094599.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094601.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094603.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094605.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094607.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094609.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094611.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1239.CAB[A0094613.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1239.CAB[A0094615.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1239.CAB[A0094617.CPY]
Virus:Trj/Dropper.DT No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076193.CPY]
Adware:Adware/EliteBar No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076205.CPY]
Adware:Adware/EliteBar No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076247.CPY]
Adware:Adware/EliteBar No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076267.CPY]
Adware:Adware/EliteBar No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076268.CPY]
Virus:Trj/Downloader.BJG No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076353.CPY]
Virus:Trj/Downloader.BJG No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076354.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1116.CAB[W0653543.CPY]
Virus:Trj/Downloader.BJG No disinfected C:\_RESTORE\ARCHIVE\FS1115.CAB[A0076355.CPY]
Virus:Trj/Downloader.BYN No disinfected C:\_RESTORE\ARCHIVE\FS1115.CAB[A0076367.CPY]
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
  • 0

#39
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
I think L2M is gone. It looks like they are all in backup type folders.

Run Findit9xME for me, and we will see if any files are left.
  • 0

#40
gambit293

gambit293

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi Justin,

Here is the findit log:

Thanks

-Andrew

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 07D0-0C0C
Directory of C:\WINDOWS\SYSTEM

3,463.59 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 07D0-0C0C
Directory of C:\WINDOWS\SYSTEM

VIDCTRL <DIR> 06-12-05 10:11p vidctrl
FOLDER HTT 23,155 06-27-00 1:48p FOLDER.HTT
DESKTOP INI 271 06-27-00 1:48p DESKTOP.INI
2 file(s) 23,426 bytes
1 dir(s) 3,463.59 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

------------------ Locate.com Results ------------------

No matches found.

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.P
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.N
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.I
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.H
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.E
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.D
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.753: TROJ_QOOLOGIC.A
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.P
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.N
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.I
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.H
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.E
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.D
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.G
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.C
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.B
C:\WINDOWS\lpt$vpn.753: TROJ_QOOLOGIC.A

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s"
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"EnsoniqMixer"="starter.exe"
"EM_EXEC"="C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"RxMon"="C:\\Program Files\\Dell\\Resolution Assistant\\Common\\bin\\RxMon9x.exe"
"MadExe"="C:\\PROGRAM FILES\\DELL\\RESOLUTION ASSISTANT\\COMMON\\BIN\\LaunchRA.exe -boot"
"Microsoft IntelliType Pro"="\"C:\\Program Files\\Microsoft Hardware\\Keyboard\\speedkey.exe\""
"LoadQM"="loadqm.exe"
"WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"MotiveMonitor"="C:\\Program Files\\Motive\\motmon.exe"
"Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"QuickTime Task"="C:\\WINDOWS\\SYSTEM\\QTTASK.EXE"
"B'sCLiP"="C:\\PROGRA~1\\B'SCLI~1\\BSCLIP.exe"
"TPP Auto Loader"="C:\\WINDOWS\\TPPALDR.EXE"
"ICSDCLT"="C:\\WINDOWS\\rundll32.exe C:\\WINDOWS\\SYSTEM\\icsdclt.dll,ICSClient"
"AVG7_CC"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGCC.EXE /STARTUP"
"AVG7_AMSVR"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGAMSVR.EXE"
"THGuard"="\"C:\\PROGRAM FILES\\TROJANHUNTER 4.2\\THGUARD.EXE\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"



  • 0

Advertisements


#41
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Well, It looks clean!

Are you still having any problems on your computer?
  • 0

#42
gambit293

gambit293

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I've been afraid to use the computer normally to "test" it out. I will go ahead now, and rerun:

-Cleanup
-spybot
-adaware
-AVG
-Panda

and then reboot. I guess maybe the system is fine after this?

It's very likely that the above scanners will find stuff in the _RESTORE directory. Is that fine? Are the files in _RESTORE harmless/quarantined?

Thanks for your help. I'll let you know how things turn out.

-Andrew
  • 0

#43
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
If they find anything, go ahead and fix them, but they should not be any harm to your computer.

Let me know how the scans come out. :tazz:
  • 0

#44
gambit293

gambit293

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi Justin,

Spybot, AdAware, and AVG all found nothing.

Here is the Panda log again. The contents seem to be of three categories:

-Look2Me stuff that has been quarantined in the l2m9xfix folder.
-stuff in the _RESTORE folder. This stuff can be ignored?
-everything else:

Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Adware:adware/portalscan No disinfected C:\WINDOWS\SYSTEM\winupdt.bin
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Cache\Installer.exe
Adware:Adware/Searchforit No disinfected C:\WINDOWS\SYSTEM\ca2.dll
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\Brwjtn.exe
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\Lhyzbk.exe
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\cfgmgr52.dll
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\banner.dll
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe

Do I need to worry about any of these ^? The only one I immediately recognize is the TrojanHunter. I'm posting for the first time using the infected system. I haven't seen any pop-ups, though at the moment I am using Firefox anyway.

If the above files can be accounted for and excused or ignored, then I guess the computer is clean.

Let me know your final thoughts.

Thanks!

Andrew

Here is the full log:


Incident Status Location

Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Adware:adware/portalscan No disinfected C:\WINDOWS\SYSTEM\winupdt.bin
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Cache\Installer.exe
Adware:Adware/Searchforit No disinfected C:\WINDOWS\SYSTEM\ca2.dll
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\Brwjtn.exe
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\Lhyzbk.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\ABV01W9X.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\ALICAP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\CBTDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\CUFG95.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\GWDEF.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\HQSJMCRO.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\HUACTIVE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\HXDCI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\imv16.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\JDSH400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\LAAD50.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\LGAD50.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\ltawd80n.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\lvgif80n.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\MBWDAT10.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\MEACM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\MJNP32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\MWRSERV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\OQSSQ400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\Pabole32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\PHFMGR.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\PND.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\QRUT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\SHMSCRPT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\Stp.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\viar332.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\WDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\WGASERVC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\DESKTOP\l2m9xfix\backups\WXNINET.DLL
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\cfgmgr52.dll
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\banner.dll
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1124.CAB[W0657908.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1127.CAB[W0659080.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1130.CAB[W0663218.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1133.CAB[W0663254.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1138.CAB[W0663284.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1135.CAB[W0663264.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1144.CAB[W0664384.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1140.CAB[W0663296.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1147.CAB[W0665399.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1150.CAB[W0667399.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1153.CAB[W0668405.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1158.CAB[W0668440.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1155.CAB[W0668418.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1168.CAB[W0669890.CPY]
Spyware:Spyware/BetterInet No disinfected C:\_RESTORE\ARCHIVE\FS1166.CAB[A0088113.CPY]
Spyware:Spyware/Dyfuca No disinfected C:\_RESTORE\ARCHIVE\FS1166.CAB[A0088130.CPY]
Adware:Adware/DelFinMedia No disinfected C:\_RESTORE\ARCHIVE\FS1167.CAB[A0088238.CPY]
Adware:Adware/DelFinMedia No disinfected C:\_RESTORE\ARCHIVE\FS1167.CAB[A0088239.CPY]
Adware:Adware/DealHelper No disinfected C:\_RESTORE\ARCHIVE\FS1167.CAB[A0088258.CPY]
Virus:Trj/Favadd.G No disinfected C:\_RESTORE\ARCHIVE\FS1167.CAB[A0088279.CPY]
Adware:Adware/Apropos No disinfected C:\_RESTORE\ARCHIVE\FS1172.CAB[W0670066.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1170.CAB[W0669973.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1175.CAB[W0670266.CPY]
Virus:Trj/Qoologic.D No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088729.CPY]
Virus:Trj/Qoologic.E No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088731.CPY]
Virus:Trj/Qoologic.F No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088733.CPY]
Spyware:Spyware/ShopNav No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088735.CPY]
Virus:Trj/Agent.ABE No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088737.CPY]
Virus:Trj/Clicker.FV No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088739.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088741.CPY]
Adware:Adware/DelFinMedia No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088743.CPY]
Spyware:Spyware/ISTbar No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088745.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088747.CPY]
Adware:Adware/eZula No disinfected C:\_RESTORE\ARCHIVE\FS1179.CAB[A0088753.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1178.CAB[W0671287.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1184.CAB[W0673444.CPY]
Adware:Adware/Pacimedia No disinfected C:\_RESTORE\ARCHIVE\FS1188.CAB[A0090929.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1187.CAB[W0673534.CPY]
Adware:Adware/Apropos No disinfected C:\_RESTORE\ARCHIVE\FS1193.CAB[A0091193.CPY]
Adware:Adware/DelFinMedia No disinfected C:\_RESTORE\ARCHIVE\FS1193.CAB[A0091195.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1192.CAB[W0673746.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1189.CAB[W0673612.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1195.CAB[W0674020.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1200.CAB[W0675137.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1197.CAB[W0674048.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\_RESTORE\ARCHIVE\FS1199.CAB[A0091290.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\_RESTORE\ARCHIVE\FS1199.CAB[A0091291.CPY]
Adware:Adware/ConsumerAlertSystemNo disinfected C:\_RESTORE\ARCHIVE\FS1199.CAB[A0091292.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1208.CAB[W0675929.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1202.CAB[W0675154.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1212.CAB[W0676321.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1214.CAB[W0676390.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1217.CAB[W0676517.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1220.CAB[W0676567.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1223.CAB[W0676731.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1227.CAB[W0677037.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1225.CAB[W0676991.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1232.CAB[W0678166.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1229.CAB[W0677154.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1236.CAB[W0678293.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1234.CAB[W0678190.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094561.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094563.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094565.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094567.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094569.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094571.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094573.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094575.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094577.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094579.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094581.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094583.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094585.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094587.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094589.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094591.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094593.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094595.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094597.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094599.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094601.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094603.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094605.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094607.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094609.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1238.CAB[A0094611.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1239.CAB[A0094613.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1239.CAB[A0094615.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS1239.CAB[A0094617.CPY]
Virus:Trj/Dropper.DT No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076193.CPY]
Adware:Adware/EliteBar No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076205.CPY]
Adware:Adware/EliteBar No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076247.CPY]
Adware:Adware/EliteBar No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076267.CPY]
Adware:Adware/EliteBar No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076268.CPY]
Virus:Trj/Downloader.BJG No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076353.CPY]
Virus:Trj/Downloader.BJG No disinfected C:\_RESTORE\ARCHIVE\FS1114.CAB[A0076354.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1116.CAB[W0653543.CPY]
Virus:Trj/Downloader.BJG No disinfected C:\_RESTORE\ARCHIVE\FS1115.CAB[A0076355.CPY]
Virus:Trj/Downloader.BYN No disinfected C:\_RESTORE\ARCHIVE\FS1115.CAB[A0076367.CPY]
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
  • 0

#45
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

The files in restore are system restore files. So lets clear your system restore.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP) See if it is the same for ME.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Then, lets get rid of these files.

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\SYSTEM\QBUninstaller.exe
C:\WINDOWS\SYSTEM\winupdt.bin
C:\WINDOWS\SYSTEM\Cache\Installer.exe
C:\WINDOWS\SYSTEM\ca2.dll
C:\WINDOWS\SYSTEM\Brwjtn.exe
C:\WINDOWS\SYSTEM\Lhyzbk.exe
C:\WINDOWS\cfgmgr52.dll
C:\WINDOWS\cfgmgr52.ini
C:\WINDOWS\banner.dll
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe 
C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

Edited by Jfcap, 08 August 2005 - 06:22 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP