Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

loadingwebsite.com, adopt.hotbar.com, pacimedia... [RESOLVED]

Started by aep22 , Jul 30 2005 11:03 PM

  • This topic is locked This topic is locked

#1
aep22
Posted 30 July 2005 - 11:03 PM

aep22

    Member

  • Member
  • PipPip
  • 20 posts
:tazz: ;)

Please help! I've followed the recommendations... CleanUp!, Ad-Aware Se, CWShredder, Spybot S&D, Trend Micro Housecall, have current Windows Updates, and have run Spyware Doctor. They either say I have no more spyware or say the infections cannot be removed and will be removed at next reboot (but they are not removed when I reboot). The popups are: loadingwebsite.com, partypoker.com, www211.paypopup.com, adopt.hotbar.com, pacimedia.com, automotive.com, etc. (those are the ones that have come up in the last 15 minutes or so). So frustrating!!!

Any help will be VERY much appreciated!
Thanks so much!
Amy

Here's my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:53:32 PM, on 7/30/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\LTMSG.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\E_S4I2L1.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.1.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [MadExe] C:\Program Files\Dell\Resolution Assistant\LaunchRA.exe -boot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\SYSTEM\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O7 "EPUSB1:" /M "Stylus CX6400"
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Startup: Spyware Doctor.lnk = C:\Program Files\Spyware Doctor\swdoctor.exe
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://www.ritzpix.c...ploadClient.cab
O16 - DPF: {539DA0E0-74A7-11D9-9669-0800200C9A66} - http://www.ouchvideo...viewer_ic13.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.ritzpix.c...ploadClient.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
  • 0

Advertisements

#2
aep22
Posted 31 July 2005 - 08:18 AM

aep22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Addition to above post:

The Housecall scan turned up Troj.agent.kr and Troj.Dloader.ot but said they were uncleanable.

Thanks again for any help!

Amy
  • 0

#3
ukbiker
Posted 04 August 2005 - 06:20 PM

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi there aep22 :tazz:

I am UKBiker and I will be helping you with this log. I must apologise for the delay, but as soon as I have analysed the log, I will post the fix for you here.

UKBiker
  • 0

#4
ukbiker
Posted 04 August 2005 - 06:42 PM

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi there again aep22 :tazz:

Important:
before we start this fix, you must move your copy of HJT into the correct location. It is not recommended to run HJT from the desktop as you are currently doing, as it will not create backups in that location.

Do it like this-

Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. Please delete the old copy (including the zip copy) so it can't be used.


On with the fix (thanks swandog46)

Please download L2m9xfix :
HERE

Save it to the desktop and run it. Extract the files, and then open the l2m9xfix folder you just created and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.

Good Luck

UKBiker
  • 0

#5
aep22
Posted 04 August 2005 - 07:31 PM

aep22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi UKBiker! Thanks for your reply -- I am so glad to be able to get rid of this stuff!

I saved Hijack This to my c: drive and deleted the old one as you requested.

Here are the logs. Thanks! :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 8:26:21 PM, on 8/4/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\LTMSG.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\E_S4I2L1.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.1.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [MadExe] C:\Program Files\Dell\Resolution Assistant\LaunchRA.exe -boot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\SYSTEM\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O7 "EPUSB1:" /M "Stylus CX6400"
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Startup: Spyware Doctor.lnk = C:\Program Files\Spyware Doctor\swdoctor.exe
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://www.ritzpix.c...ploadClient.cab
O16 - DPF: {539DA0E0-74A7-11D9-9669-0800200C9A66} - http://www.ouchvideo...viewer_ic13.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.ritzpix.c...ploadClient.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab



Log of L2M9XFix v1

************

Running from directory:
C:\WINDOWS\Desktop\l2m9xfix

************

Files found:


************

Registry entries found:



************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!
  • 0

#6
ukbiker
Posted 04 August 2005 - 07:41 PM

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There aep22

Could you please run that L2M9XFix tool again for me, but this time in safe mode?

UKBiker
  • 0

#7
aep22
Posted 04 August 2005 - 08:30 PM

aep22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Log of L2M9XFix v1

************

Running from directory:
C:\WINDOWS\Desktop\l2m9xfix

************

Files found:


************

Registry entries found:


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{F9E1E245-177A-222B-D8C5-D8D0B6763DB7}"=""


************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!
  • 0

#8
ukbiker
Posted 04 August 2005 - 08:35 PM

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi there aep22,

ahh, thats better :tazz: , ok. Could you please give me a new HJT log.

UKBiker
  • 0

#9
aep22
Posted 04 August 2005 - 08:38 PM

aep22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Great! Here's a new HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 9:41:16 PM, on 8/4/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\LTMSG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\E_S4I2L1.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.1.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\HJT\HIJACKTHIS.EXE

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [MadExe] C:\Program Files\Dell\Resolution Assistant\LaunchRA.exe -boot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\SYSTEM\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O7 "EPUSB1:" /M "Stylus CX6400"
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Startup: Spyware Doctor.lnk = C:\Program Files\Spyware Doctor\swdoctor.exe
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://www.ritzpix.c...ploadClient.cab
O16 - DPF: {539DA0E0-74A7-11D9-9669-0800200C9A66} - http://www.ouchvideo...viewer_ic13.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.ritzpix.c...ploadClient.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
  • 0

#10
ukbiker
Posted 04 August 2005 - 09:00 PM

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi again aep22 :tazz:

Close all windows and browsers leaving only HijackThis running. Place a check mark against this item

O16 - DPF: {539DA0E0-74A7-11D9-9669-0800200C9A66} - http://www.ouchvideo...viewer_ic13.cab

Click on Fix Checked and then exit HijackThis.

Reboot, and then Please run this online scan

Panda ActiveScan<<<Accept default settings, save and post the log

Rescan with HJT and post the log as well as the Panda log

Good Luck

UKBiker
  • 0

Advertisements

#11
aep22
Posted 04 August 2005 - 10:20 PM

aep22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Ok, Panda scan is finally done! Here's that scan and the new HJT scan. While the scan was running, 6 loadingwebsite.com popups came up, as well as 1 winantiviruspro.com and winfixer.com. Also, a dialog box reading "buffer overrun detected. c:\windows\rundll32.exe" popped up. Finally, another dialog box reading "Runtime Error c:\windows\explorer.exe. Abnormal program termination" came up. I didn't click ok, I just moved it out of the way.


Incident Status Location

Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MUNSSPC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JDMD400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DWRAWEX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DDDRM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QKDWIPES.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PFSPL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mvxml4r.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QPV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DIDRM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DDTRANS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DYDRM.DLL
Adware:Adware/404Search No disinfected C:\WINDOWS\SYSTEM\k404SearchSetup_MS14.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SEELL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OAFIL400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QGVD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DXDRAMP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\emenu.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LDDIS11n.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WFNASPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MWCAT32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DDNPUT8.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\GGDEF.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CRMDLG32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\GLDEF.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CQDIAL32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PNUSTAB.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ldpcd11n.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DKDMOPRP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\VPHELPER.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LJDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IFWDIAL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DTDMOPRP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DNEML.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OJGFS400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IFMP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ULS16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mtidntld.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\iietclnt.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LHDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MYACM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DBLAY.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SKMSCRPT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NGNDS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MKXOCI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ISDICDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\erenu.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RSCLTCCM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\muident.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UDBUI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NBWMSDRM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ALRESX32.DLL
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM\goldnew2b.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MUYUV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WSASF.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QJDIT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OYBC32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Pibole32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OZMREG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IZSCLASS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AVI2Q9AA.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MZXBDE40.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\VYB32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LNRT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DRNPUT8.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UIDMXFRM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CUDetres.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ICIGN32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DRDMOPRP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MNRD2X40.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\KWUSER.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IPWPHBK.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LIKODAK.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DENMPNTW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DJDRM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PTPD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JRVACYPT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DXDMO.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QLDWIPES.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QUGR.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MOAWT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PNSPL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\rUve.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MUSIP32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mlidntld.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MHXBDE40.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\vablock.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\TLAPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MLISAM11.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QRVD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\BFOWSEWM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SRREAMCI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DGLAY.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\GYDEF.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WQCTHUNK.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DYNPUT8.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RZASETUP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MISIP32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OSBCINT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DJNPUT8.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JDEG1X32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\HDINK.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IHWPHBK.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MMAFD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wxhext.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RP3228_8.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WD32DLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MIACM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\macrlrev.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OQESVR32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AEI_VPAA.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\lgpcx11n.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EZSHARED.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DLSPDIB.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MZWSOSP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\miimsg.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OYTWA400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DBDIM700.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\USS16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DFTMSFT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DALAY.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\srrmdll.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MRXML3A.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\TVD32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UJER.EXE
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JJSD400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DSNPUT8.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\pkcrt.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DMNPUT8.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ETBTEG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MKLTUS40.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\iamfilter.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QCDIT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Sncvrt32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\BWOWSELC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SYNS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QDDIT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SBNS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mlxml4r.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CKGWIZ.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\aplndi.dll
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\INF\SATMAT.INF
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\INF\MMAKER2.INF
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav62D4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav62D5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav6385.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav6392.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7183.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav72C4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav72E4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav72F0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7395.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7396.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav73A0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav73A2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav73A4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8024.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav80A0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8182.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8193.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8194.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8195.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8196.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8197.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81A0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81A1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81A2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81A3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81A4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81A5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81A6.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81A7.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81A8.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81A9.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81C7.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81D0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81D1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81D2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81D3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81D4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81D5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81D6.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81D7.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81D8.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81DA.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81E0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81E1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81E2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81E3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81E4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81E5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81E6.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81F4.TMP
  • 0

#12
aep22
Posted 04 August 2005 - 10:25 PM

aep22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
The logs didn't fit in my last reply. Here's the rest...

Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8201.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8204.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8205.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8206.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8211.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8212.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8215.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8220.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8221.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8222.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8223.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8225.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8226.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8231.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8233.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8234.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8235.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8236.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8237.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8238.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8239.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8240.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8241.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8242.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8244.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8245.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8250.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8251.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8252.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8253.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8254.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8255.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8256.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8260.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8261.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82A1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82A2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82A3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82A4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82A5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82A6.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82B4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82B5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82B6.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82C0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82C1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82C2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82C4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82D0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82D1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82D2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82D3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82D4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82D5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82E0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82E1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82E2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82E3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82E4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82E5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82E6.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82F1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82F2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82F4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8300.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8301.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8302.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8303.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8304.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8305.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8310.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8311.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8335.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8341.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8342.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8343.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8371.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8373.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8374.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8376.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8380.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8381.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8383.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8384.TMP
Virus:Trj/Qhost.Y Disinfected C:\WINDOWS\hosts
Adware:Adware/AdSquash No disinfected C:\WINDOWS\OFFERSCR.EXE
Spyware:spyware/adclicker No disinfected C:\WINDOWS\usta33.ini
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\SSK3_B5_SSK3_B5.exe
Spyware:Spyware/Media-motor No disinfected C:\_RESTORE\TEMP\A0005669.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\CGNBJMON.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\JIAW400.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\MGXML3A.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\QV3D.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\ORDBSE32.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\MXVIDCTL.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\IFMFIL~1.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\DOSKCOPY.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\DNDIM700.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\ALTXPRXY.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\URER.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\ALFERROR.0
Adware:Adware/SAHAgent No disinfected C:\_RESTORE\ARCHIVE\FS7.CAB[A0002082.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS6.CAB[W0003090.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS9.CAB[W0003234.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS13.CAB[W0004316.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS17.CAB[W0004392.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS15.CAB[W0004355.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS22.CAB[W0006478.CPY]
Spyware:Spyware/Media-motor No disinfected C:\_RESTORE\ARCHIVE\FS21.CAB[A0005273.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS25.CAB[W0006573.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS29.CAB[W0009654.CPY]
Spyware:Spyware/Dyfuca No disinfected C:\_RESTORE\ARCHIVE\FS28.CAB[A0007339.CPY]
Spyware:Spyware/BetterInet No disinfected C:\_RESTORE\ARCHIVE\FS28.CAB[A0007347.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS32.CAB[W0010719.CPY]
Adware:Adware/SAHAgent No disinfected C:\_RESTORE\ARCHIVE\FS38.CAB[W0019037.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS34.CAB[W0010783.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS46.CAB[W0026102.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS40.CAB[W0019095.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS57.CAB[W0031489.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS60.CAB[W0032545.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS58.CAB[W0032502.CPY]
Spyware:Spyware/Virtumonde No disinfected C:\_RESTORE\ARCHIVE\FS70.CAB[A0015574.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS69.CAB[W0033207.CPY]
Spyware:Spyware/Media-motor No disinfected C:\_RESTORE\ARCHIVE\FS63.CAB[A0015122.CPY]
Adware:Adware/DelFinMedia No disinfected C:\_RESTORE\ARCHIVE\FS63.CAB[A0015123.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS62.CAB[W0032678.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS74.CAB[W0033501.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS71.CAB[W0033294.CPY]
Adware:Adware/MediaTickets No disinfected C:\_RESTORE\ARCHIVE\FS78.CAB[A0017799.CPY]
Spyware:Spyware/Media-motor No disinfected C:\_RESTORE\ARCHIVE\FS78.CAB[A0017801.CPY]
Spyware:Spyware/SurfSideKick No disinfected C:\_RESTORE\ARCHIVE\FS78.CAB[A0017804.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS77.CAB[W0035501.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS81.CAB[W0000117.CPY]
Adware:Adware/StatBlaster No disinfected C:\_RESTORE\ARCHIVE\FS79.CAB[A0017811.CPY]
Virus:Trj/Bhotcher.A No disinfected C:\_RESTORE\ARCHIVE\FS79.CAB[A0017812.CPY]
Adware:Adware/DelFinMedia No disinfected C:\_RESTORE\ARCHIVE\FS79.CAB[A0017813.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS79.CAB[A0017814.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS86.CAB[W0000262.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS83.CAB[W0000154.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS92.CAB[W0000667.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS100.CAB[W0009344.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS115.CAB[W0015871.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS102.CAB[W0009380.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS103.CAB[W0010415.CPY]
Adware:Adware/DelFinMedia No disinfected C:\_RESTORE\ARCHIVE\FS114.CAB[A0006062.CPY]
Spyware:Spyware/Dyfuca No disinfected C:\_RESTORE\ARCHIVE\FS114.CAB[A0006063.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS125.CAB[W0018760.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS160.CAB[W0030725.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS169.CAB[W0032559.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS180.CAB[W0036084.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS194.CAB[W0038707.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS182.CAB[W0036091.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS198.CAB[W0038936.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS209.CAB[W0039851.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS222.CAB[W0041641.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS229.CAB[W0043149.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS232.CAB[W0044227.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS240.CAB[W0045375.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS234.CAB[W0044326.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS266.CAB[W0045774.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS242.CAB[W0045462.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS289.CAB[W0047730.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS268.CAB[W0045876.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS292.CAB[W0048808.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS301.CAB[W0049754.CPY]
Adware:Adware/ImGiant No disinfected C:\_RESTORE\ARCHIVE\FS307.CAB[A0036224.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS308.CAB[W0054831.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS316.CAB[W0055892.CPY]
Adware:Adware/Look2Me No disinfected C:\_RESTORE\ARCHIVE\FS2.CAB[W0000050.CPY]



Logfile of HijackThis v1.99.1
Scan saved at 11:23:22 PM, on 8/4/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\LTMSG.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\E_S4I2L1.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.1.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\ACCESSORIES\WORDPAD.EXE
C:\HJT\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [MadExe] C:\Program Files\Dell\Resolution Assistant\LaunchRA.exe -boot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\SYSTEM\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O7 "EPUSB1:" /M "Stylus CX6400"
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Startup: Spyware Doctor.lnk = C:\Program Files\Spyware Doctor\swdoctor.exe
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - Back to top -->

#13
ukbiker
Posted 04 August 2005 - 10:26 PM

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi again

Ok then, this is a funny one here as the batch file isnt finding the infection when it should :tazz: , I need you to download a few things and send some files to one of my colleagues so we can figure out what is going on here. I will post again in a few minutes with some instructions, please DO NOT reboot until you have completed the next steps.

UKBiker
  • 0

#14
ukbiker
Posted 04 August 2005 - 10:39 PM

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi again

dont worry, we will get this sorted.

Please download the Suspicious File Packer from here:
http://www.safer-net...g/files/sfp.zip
Unzip it to the desktop and run it.

Paste the following list of bad files into the Suspicious File Packer window:

C:\WINDOWS\SYSTEM\MUNSSPC.DLL
C:\WINDOWS\SYSTEM\JDMD400.DLL
C:\WINDOWS\SYSTEM\DWRAWEX.DLL
C:\WINDOWS\SYSTEM\DDDRM.DLL
C:\WINDOWS\SYSTEM\QKDWIPES.DLL
C:\WINDOWS\SYSTEM\PFSPL.DLL
C:\WINDOWS\SYSTEM\mvxml4r.dll
C:\WINDOWS\SYSTEM\QPV.DLL
C:\WINDOWS\SYSTEM\DIDRM.DLL
C:\WINDOWS\SYSTEM\DDTRANS.DLL
C:\WINDOWS\SYSTEM\DYDRM.DLL
C:\WINDOWS\SYSTEM\k404SearchSetup_MS14.exe
C:\WINDOWS\SYSTEM\SEELL.DLL
C:\WINDOWS\SYSTEM\OAFIL400.DLL
C:\WINDOWS\SYSTEM\QGVD.DLL
C:\WINDOWS\SYSTEM\DXDRAMP.DLL
C:\WINDOWS\SYSTEM\emenu.dll
C:\WINDOWS\SYSTEM\LDDIS11n.dll
C:\WINDOWS\SYSTEM\WFNASPI.DLL
C:\WINDOWS\SYSTEM\MWCAT32.DLL
C:\WINDOWS\SYSTEM\DDNPUT8.DLL
C:\WINDOWS\SYSTEM\GGDEF.DLL
C:\WINDOWS\SYSTEM\CRMDLG32.DLL
C:\WINDOWS\SYSTEM\GLDEF.DLL
C:\WINDOWS\SYSTEM\CQDIAL32.DLL
C:\WINDOWS\SYSTEM\PNUSTAB.DLL
C:\WINDOWS\SYSTEM\ldpcd11n.dll
C:\WINDOWS\SYSTEM\DKDMOPRP.DLL
C:\WINDOWS\SYSTEM\VPHELPER.DLL
C:\WINDOWS\SYSTEM\LJDLL.DLL
C:\WINDOWS\SYSTEM\IFWDIAL.DLL
C:\WINDOWS\SYSTEM\DTDMOPRP.DLL
C:\WINDOWS\SYSTEM\DNEML.DLL
C:\WINDOWS\SYSTEM\OJGFS400.DLL
C:\WINDOWS\SYSTEM\IFMP.DLL
C:\WINDOWS\SYSTEM\ULS16.DLL
C:\WINDOWS\SYSTEM\mtidntld.dll
C:\WINDOWS\SYSTEM\iietclnt.dll
C:\WINDOWS\SYSTEM\LHDLL.DLL
C:\WINDOWS\SYSTEM\MYACM.DLL
C:\WINDOWS\SYSTEM\DBLAY.DLL
C:\WINDOWS\SYSTEM\SKMSCRPT.DLL
C:\WINDOWS\SYSTEM\NGNDS.DLL
C:\WINDOWS\SYSTEM\MKXOCI.DLL
C:\WINDOWS\SYSTEM\ISDICDLL.DLL
C:\WINDOWS\SYSTEM\erenu.dll
C:\WINDOWS\SYSTEM\RSCLTCCM.DLL
C:\WINDOWS\SYSTEM\muident.dll
C:\WINDOWS\SYSTEM\UDBUI.DLL
C:\WINDOWS\SYSTEM\NBWMSDRM.DLL
C:\WINDOWS\SYSTEM\ALRESX32.DLL
C:\WINDOWS\SYSTEM\goldnew2b.dll
C:\WINDOWS\SYSTEM\MUYUV.DLL
C:\WINDOWS\SYSTEM\WSASF.DLL
C:\WINDOWS\SYSTEM\QJDIT.DLL
C:\WINDOWS\SYSTEM\OYBC32.DLL
C:\WINDOWS\SYSTEM\Pibole32.dll
C:\WINDOWS\SYSTEM\OZMREG.DLL
C:\WINDOWS\SYSTEM\IZSCLASS.DLL
C:\WINDOWS\SYSTEM\AVI2Q9AA.DLL
C:\WINDOWS\SYSTEM\MZXBDE40.DLL
C:\WINDOWS\SYSTEM\VYB32.DLL
C:\WINDOWS\SYSTEM\LNRT.DLL
C:\WINDOWS\SYSTEM\DRNPUT8.DLL
C:\WINDOWS\SYSTEM\UIDMXFRM.DLL
C:\WINDOWS\SYSTEM\CUDetres.dll
C:\WINDOWS\SYSTEM\ICIGN32.DLL
C:\WINDOWS\SYSTEM\DRDMOPRP.DLL
C:\WINDOWS\SYSTEM\MNRD2X40.DLL
C:\WINDOWS\SYSTEM\KWUSER.DLL
C:\WINDOWS\SYSTEM\IPWPHBK.DLL
C:\WINDOWS\SYSTEM\LIKODAK.DLL
C:\WINDOWS\SYSTEM\DENMPNTW.DLL
C:\WINDOWS\SYSTEM\DJDRM.DLL
C:\WINDOWS\SYSTEM\PTPD.DLL
C:\WINDOWS\SYSTEM\JRVACYPT.DLL
C:\WINDOWS\SYSTEM\DXDMO.DLL
C:\WINDOWS\SYSTEM\QLDWIPES.DLL
C:\WINDOWS\SYSTEM\QUGR.DLL
C:\WINDOWS\SYSTEM\MOAWT.DLL
C:\WINDOWS\SYSTEM\PNSPL.DLL
C:\WINDOWS\SYSTEM\rUve.dll
C:\WINDOWS\SYSTEM\MUSIP32.DLL
C:\WINDOWS\SYSTEM\mlidntld.dll
C:\WINDOWS\SYSTEM\MHXBDE40.DLL
C:\WINDOWS\SYSTEM\vablock.dll
C:\WINDOWS\SYSTEM\TLAPI.DLL
C:\WINDOWS\SYSTEM\MLISAM11.DLL
C:\WINDOWS\SYSTEM\QRVD.DLL
C:\WINDOWS\SYSTEM\BFOWSEWM.DLL
C:\WINDOWS\SYSTEM\SRREAMCI.DLL
C:\WINDOWS\SYSTEM\DGLAY.DLL
C:\WINDOWS\SYSTEM\GYDEF.DLL
C:\WINDOWS\SYSTEM\WQCTHUNK.DLL
C:\WINDOWS\SYSTEM\DYNPUT8.DLL
C:\WINDOWS\SYSTEM\RZASETUP.DLL
C:\WINDOWS\SYSTEM\MISIP32.DLL
C:\WINDOWS\SYSTEM\OSBCINT.DLL
C:\WINDOWS\SYSTEM\DJNPUT8.DLL
C:\WINDOWS\SYSTEM\JDEG1X32.DLL
C:\WINDOWS\SYSTEM\HDINK.DLL
C:\WINDOWS\SYSTEM\IHWPHBK.DLL
C:\WINDOWS\SYSTEM\MMAFD.DLL
C:\WINDOWS\SYSTEM\wxhext.dll
C:\WINDOWS\SYSTEM\RP3228_8.DLL
C:\WINDOWS\SYSTEM\WD32DLL.DLL
C:\WINDOWS\SYSTEM\MIACM.DLL
C:\WINDOWS\SYSTEM\macrlrev.dll
C:\WINDOWS\SYSTEM\OQESVR32.DLL
C:\WINDOWS\SYSTEM\AEI_VPAA.DLL
C:\WINDOWS\SYSTEM\lgpcx11n.dll
C:\WINDOWS\SYSTEM\EZSHARED.DLL
C:\WINDOWS\SYSTEM\DLSPDIB.DLL
C:\WINDOWS\SYSTEM\MZWSOSP.DLL
C:\WINDOWS\SYSTEM\miimsg.dll
C:\WINDOWS\SYSTEM\OYTWA400.DLL
C:\WINDOWS\SYSTEM\DBDIM700.DLL
C:\WINDOWS\SYSTEM\USS16.DLL
C:\WINDOWS\SYSTEM\DFTMSFT.DLL
C:\WINDOWS\SYSTEM\DALAY.DLL
C:\WINDOWS\SYSTEM\srrmdll.dll
C:\WINDOWS\SYSTEM\MRXML3A.DLL
C:\WINDOWS\SYSTEM\TVD32.DLL
C:\WINDOWS\SYSTEM\UJER.EXE
C:\WINDOWS\SYSTEM\JJSD400.DLL
C:\WINDOWS\SYSTEM\DSNPUT8.DLL
C:\WINDOWS\SYSTEM\pkcrt.dll
C:\WINDOWS\SYSTEM\DMNPUT8.DLL
C:\WINDOWS\SYSTEM\ETBTEG.DLL
C:\WINDOWS\SYSTEM\MKLTUS40.DLL
C:\WINDOWS\SYSTEM\iamfilter.dll
C:\WINDOWS\SYSTEM\QCDIT.DLL
C:\WINDOWS\SYSTEM\Sncvrt32.dll
C:\WINDOWS\SYSTEM\BWOWSELC.DLL
C:\WINDOWS\SYSTEM\SYNS.DLL
C:\WINDOWS\SYSTEM\QDDIT.DLL
C:\WINDOWS\SYSTEM\SBNS.DLL
C:\WINDOWS\SYSTEM\mlxml4r.dll
C:\WINDOWS\SYSTEM\CKGWIZ.DLL
C:\WINDOWS\SYSTEM\aplndi.dll
C:\WINDOWS\INF\SATMAT.INF
C:\WINDOWS\INF\MMAKER2.INF
C:\WINDOWS\TEMP\pav62D4.TMP
C:\WINDOWS\TEMP\pav62D5.TMP
C:\WINDOWS\TEMP\pav6385.TMP
C:\WINDOWS\TEMP\pav6392.TMP
C:\WINDOWS\TEMP\pav7183.TMP
C:\WINDOWS\TEMP\pav72C4.TMP
C:\WINDOWS\TEMP\pav72E4.TMP
C:\WINDOWS\TEMP\pav72F0.TMP
C:\WINDOWS\TEMP\pav7395.TMP
C:\WINDOWS\TEMP\pav7396.TMP
C:\WINDOWS\TEMP\pav73A0.TMP
C:\WINDOWS\TEMP\pav73A2.TMP
C:\WINDOWS\TEMP\pav73A4.TMP
C:\WINDOWS\TEMP\pav8024.TMP
C:\WINDOWS\TEMP\pav80A0.TMP
C:\WINDOWS\TEMP\pav8182.TMP
C:\WINDOWS\TEMP\pav8193.TMP
C:\WINDOWS\TEMP\pav8194.TMP
C:\WINDOWS\TEMP\pav8195.TMP
C:\WINDOWS\TEMP\pav8196.TMP
C:\WINDOWS\TEMP\pav8197.TMP
C:\WINDOWS\TEMP\pav81A0.TMP
C:\WINDOWS\TEMP\pav81A1.TMP
C:\WINDOWS\TEMP\pav81A2.TMP
C:\WINDOWS\TEMP\pav81A3.TMP
C:\WINDOWS\TEMP\pav81A4.TMP
C:\WINDOWS\TEMP\pav81A5.TMP
C:\WINDOWS\TEMP\pav81A6.TMP
C:\WINDOWS\TEMP\pav81A7.TMP
C:\WINDOWS\TEMP\pav81A8.TMP
C:\WINDOWS\TEMP\pav81A9.TMP
C:\WINDOWS\TEMP\pav81C7.TMP
C:\WINDOWS\TEMP\pav81D0.TMP
C:\WINDOWS\TEMP\pav81D1.TMP
C:\WINDOWS\TEMP\pav81D2.TMP
C:\WINDOWS\TEMP\pav81D3.TMP
C:\WINDOWS\TEMP\pav81D4.TMP
C:\WINDOWS\TEMP\pav81D5.TMP
C:\WINDOWS\TEMP\pav81D6.TMP
C:\WINDOWS\TEMP\pav81D7.TMP
C:\WINDOWS\TEMP\pav81D8.TMP
C:\WINDOWS\TEMP\pav81DA.TMP
C:\WINDOWS\TEMP\pav81E0.TMP
C:\WINDOWS\TEMP\pav81E1.TMP
C:\WINDOWS\TEMP\pav81E2.TMP
C:\WINDOWS\TEMP\pav81E3.TMP
C:\WINDOWS\TEMP\pav81E4.TMP
C:\WINDOWS\TEMP\pav81E5.TMP
C:\WINDOWS\TEMP\pav81E6.TMP
C:\WINDOWS\TEMP\pav81F4.TMP
C:\WINDOWS\TEMP\pav8201.TMP
C:\WINDOWS\TEMP\pav8204.TMP
C:\WINDOWS\TEMP\pav8205.TMP
C:\WINDOWS\TEMP\pav8206.TMP
C:\WINDOWS\TEMP\pav8211.TMP
C:\WINDOWS\TEMP\pav8212.TMP
C:\WINDOWS\TEMP\pav8215.TMP
C:\WINDOWS\TEMP\pav8220.TMP
C:\WINDOWS\TEMP\pav8221.TMP
C:\WINDOWS\TEMP\pav8222.TMP
C:\WINDOWS\TEMP\pav8223.TMP
C:\WINDOWS\TEMP\pav8225.TMP
C:\WINDOWS\TEMP\pav8226.TMP
C:\WINDOWS\TEMP\pav8231.TMP
C:\WINDOWS\TEMP\pav8233.TMP
C:\WINDOWS\TEMP\pav8234.TMP
C:\WINDOWS\TEMP\pav8235.TMP
C:\WINDOWS\TEMP\pav8236.TMP
C:\WINDOWS\TEMP\pav8237.TMP
C:\WINDOWS\TEMP\pav8238.TMP
C:\WINDOWS\TEMP\pav8239.TMP
C:\WINDOWS\TEMP\pav8240.TMP
C:\WINDOWS\TEMP\pav8241.TMP
C:\WINDOWS\TEMP\pav8242.TMP
C:\WINDOWS\TEMP\pav8244.TMP
C:\WINDOWS\TEMP\pav8245.TMP
C:\WINDOWS\TEMP\pav8250.TMP
C:\WINDOWS\TEMP\pav8251.TMP
C:\WINDOWS\TEMP\pav8252.TMP
C:\WINDOWS\TEMP\pav8253.TMP
C:\WINDOWS\TEMP\pav8254.TMP
C:\WINDOWS\TEMP\pav8255.TMP
C:\WINDOWS\TEMP\pav8256.TMP
C:\WINDOWS\TEMP\pav8260.TMP
C:\WINDOWS\TEMP\pav8261.TMP
C:\WINDOWS\TEMP\pav82A1.TMP
C:\WINDOWS\TEMP\pav82A2.TMP
C:\WINDOWS\TEMP\pav82A3.TMP
C:\WINDOWS\TEMP\pav82A4.TMP
C:\WINDOWS\TEMP\pav82A5.TMP
C:\WINDOWS\TEMP\pav82A6.TMP
C:\WINDOWS\TEMP\pav82B4.TMP
C:\WINDOWS\TEMP\pav82B5.TMP
C:\WINDOWS\TEMP\pav82B6.TMP
C:\WINDOWS\TEMP\pav82C0.TMP
C:\WINDOWS\TEMP\pav82C1.TMP
C:\WINDOWS\TEMP\pav82C2.TMP
C:\WINDOWS\TEMP\pav82C4.TMP
C:\WINDOWS\TEMP\pav82D0.TMP
C:\WINDOWS\TEMP\pav82D1.TMP
C:\WINDOWS\TEMP\pav82D2.TMP
C:\WINDOWS\TEMP\pav82D3.TMP
C:\WINDOWS\TEMP\pav82D4.TMP
C:\WINDOWS\TEMP\pav82D5.TMP
C:\WINDOWS\TEMP\pav82E0.TMP
C:\WINDOWS\TEMP\pav82E1.TMP
C:\WINDOWS\TEMP\pav82E2.TMP
C:\WINDOWS\TEMP\pav82E3.TMP
C:\WINDOWS\TEMP\pav82E4.TMP
C:\WINDOWS\TEMP\pav82E5.TMP
C:\WINDOWS\TEMP\pav82E6.TMP
C:\WINDOWS\TEMP\pav82F1.TMP
C:\WINDOWS\TEMP\pav82F2.TMP
C:\WINDOWS\TEMP\pav82F4.TMP
C:\WINDOWS\TEMP\pav8300.TMP
C:\WINDOWS\TEMP\pav8301.TMP
C:\WINDOWS\TEMP\pav8302.TMP
C:\WINDOWS\TEMP\pav8303.TMP
C:\WINDOWS\TEMP\pav8304.TMP
C:\WINDOWS\TEMP\pav8305.TMP
C:\WINDOWS\TEMP\pav8310.TMP
C:\WINDOWS\TEMP\pav8311.TMP
C:\WINDOWS\TEMP\pav8335.TMP
C:\WINDOWS\TEMP\pav8341.TMP
C:\WINDOWS\TEMP\pav8342.TMP
C:\WINDOWS\TEMP\pav8343.TMP
C:\WINDOWS\TEMP\pav8371.TMP
C:\WINDOWS\TEMP\pav8373.TMP
C:\WINDOWS\TEMP\pav8374.TMP
C:\WINDOWS\TEMP\pav8376.TMP
C:\WINDOWS\TEMP\pav8380.TMP
C:\WINDOWS\TEMP\pav8381.TMP
C:\WINDOWS\TEMP\pav8383.TMP
C:\WINDOWS\TEMP\pav8384.TMP
C:\WINDOWS\OFFERSCR.EXE
C:\WINDOWS\usta33.ini
C:\WINDOWS\SSK3_B5_SSK3_B5.exe

Allow SFP to pack the files. This will generate a CAB archive on your desktop. Please email the files to Swandog46[AT]go[DOT]com. (replace [AT] with @ and [DOT] with .)

Please include a link to this log, as well as your most recent HijackThis log. Thank you! :tazz:


More instructions to come in a minute

UKBiker
  • 0

#15
ukbiker
Posted 04 August 2005 - 10:46 PM

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi yet again :tazz:

After you have sent the file .cab in the previous post, can you please download this scan tool

http://lineofire.gee...indIt 9x-ME.zip

Unzip it to your desktop and run the findit batch file, post the results here for me.

UKBiker
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP