Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

loadingwebsite.com, adopt.hotbar.com, pacimedia... [RESOLVED]


  • This topic is locked This topic is locked

#31
Swandog46

Swandog46

    Malware Expert

  • Member
  • PipPipPipPip
  • 1,026 posts
  • MVP
This is becoming some kind of bad comedy act...

When I log in at CastleCops and look at your posts, neither one of them has any files attached.... did the attachment action fail or something?

You need to Add a new topic or a reply to a topic, then click "Browse" to locate the file for attachment, then select the file and click Open. Then click "Add Attachment". Then, you click the "Submit" button to submit the entire post.

Can we try this one more time? I am quite mortified by now!... :tazz:
  • 0

Advertisements


#32
aep22

aep22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
;)

I know that's what I did, but I didn't see any verification that the files were attached. I did see that non-staff wouldn't be able to see attached files for safety reasons, so I assumed they were there. Anyway, went back and did it again and this time saw (on message bar at top of post) that they do not allow .cab files to be uploaded. Tried my zip file, and it is too large (maximum size 1 MB and the zip is 1.5 MB).

What to do now?
:tazz:


Ok, I went back and created two .cab files and zipped them both separately -- both are now under 1MB. I re-uploaded them to Castlecops and it looks like it took this time. Maybe? Hopefully? :) Let me know...

Edited by aep22, 07 August 2005 - 08:08 AM.

  • 0

#33
Swandog46

Swandog46

    Malware Expert

  • Member
  • PipPipPipPip
  • 1,026 posts
  • MVP
SUCCESS!! ;) :tazz:

Good idea on your part. I actually unzipped the files this time to make sure I really did have them! And I do. So let me go and look at these right now, so you don't have to wait any longer, and I'll get right back to you hopefully within an hour or so.

Thank you :)
  • 0

#34
aep22

aep22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Fantastic! :tazz:

I'm at work again today -- but I'll be able to run everything this evening. Sorry for the weird hours -- starting tomorrow it will be more regular and I'll be able to work on this more!

Thanks!!
  • 0

#35
Swandog46

Swandog46

    Malware Expert

  • Member
  • PipPipPipPip
  • 1,026 posts
  • MVP
No problem! Thank YOU for your patience with me.... :tazz:

I see what the little b*stards are doing..... let me see how I can circumvent it.
  • 0

#36
Swandog46

Swandog46

    Malware Expert

  • Member
  • PipPipPipPip
  • 1,026 posts
  • MVP
OK, after much ado :tazz: I think I figured it out. The files you have are very old; the reason the batch was failing is that this is a version of the infection we haven't seen for a few months. But if it still appears in the wild, then it is great that we found it.

I'm currently having the updated file uploaded to the GeeksToGo server, and then when that is done I'll post revised instructions for you (probably an hour or two). Thanks again for your help --- I'd probably not have spotted this bug if you hadn't brought it to my attention. ;)
  • 0

#37
Swandog46

Swandog46

    Malware Expert

  • Member
  • PipPipPipPip
  • 1,026 posts
  • MVP
OK, finally! --- sorry for the wait. :tazz:

Please download L2m9xfix from here:
http://swandog46.gee...om/l2m9xfix.exe

Save it to the desktop and run it. Extract the files, and then open the l2m9xfix folder you just created and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat. ;)
  • 0

#38
aep22

aep22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I downloaded it to my desktop and tried to run it. It says it can only run under Win32. What now? :tazz:
  • 0

#39
Swandog46

Swandog46

    Malware Expert

  • Member
  • PipPipPipPip
  • 1,026 posts
  • MVP
Really? I guess I have to look at that....

Try the attached version, which is a regular zip file.

Attached Files


  • 0

#40
aep22

aep22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:08:31 PM, on 8/8/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\LTMSG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\E_S4I2L1.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.1.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [MadExe] C:\Program Files\Dell\Resolution Assistant\LaunchRA.exe -boot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\SYSTEM\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O7 "EPUSB1:" /M "Stylus CX6400"
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Startup: Spyware Doctor.lnk = C:\Program Files\Spyware Doctor\swdoctor.exe
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://www.ritzpix.c...ploadClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.ritzpix.c...ploadClient.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab



Log of L2M9XFix v1

************

Running from directory:
C:\WINDOWS\Desktop\l2m9xfix

************

Files found:

C:\WINDOWS\system\AEI_VPAA.DLL
C:\WINDOWS\system\AEI_VPAA.DLL
C:\WINDOWS\system\ALI_I9AA.DLL
C:\WINDOWS\system\ALI_I9AA.DLL
C:\WINDOWS\system\ALRESX32.DLL
C:\WINDOWS\system\ALRESX32.DLL
C:\WINDOWS\system\aplndi.dll
C:\WINDOWS\system\aplndi.dll
C:\WINDOWS\system\AVI2Q9AA.DLL
C:\WINDOWS\system\AVI2Q9AA.DLL
C:\WINDOWS\system\BFOWSEWM.DLL
C:\WINDOWS\system\BFOWSEWM.DLL
C:\WINDOWS\system\BWOWSELC.DLL
C:\WINDOWS\system\BWOWSELC.DLL
C:\WINDOWS\system\CKGWIZ.DLL
C:\WINDOWS\system\CKGWIZ.DLL
C:\WINDOWS\system\CQDIAL32.DLL
C:\WINDOWS\system\CQDIAL32.DLL
C:\WINDOWS\system\CRMDLG32.DLL
C:\WINDOWS\system\CRMDLG32.DLL
C:\WINDOWS\system\CUDetres.dll
C:\WINDOWS\system\CUDetres.dll
C:\WINDOWS\system\DALAY.DLL
C:\WINDOWS\system\DALAY.DLL
C:\WINDOWS\system\DBDIM700.DLL
C:\WINDOWS\system\DBDIM700.DLL
C:\WINDOWS\system\DBLAY.DLL
C:\WINDOWS\system\DBLAY.DLL
C:\WINDOWS\system\DDDRM.DLL
C:\WINDOWS\system\DDDRM.DLL
C:\WINDOWS\system\DDNPUT8.DLL
C:\WINDOWS\system\DDNPUT8.DLL
C:\WINDOWS\system\DDTRANS.DLL
C:\WINDOWS\system\DDTRANS.DLL
C:\WINDOWS\system\DENMPNTW.DLL
C:\WINDOWS\system\DENMPNTW.DLL
C:\WINDOWS\system\DFTMSFT.DLL
C:\WINDOWS\system\DFTMSFT.DLL
C:\WINDOWS\system\DGLAY.DLL
C:\WINDOWS\system\DGLAY.DLL
C:\WINDOWS\system\DIDRM.DLL
C:\WINDOWS\system\DIDRM.DLL
C:\WINDOWS\system\DJDRM.DLL
C:\WINDOWS\system\DJDRM.DLL
C:\WINDOWS\system\DJNPUT8.DLL
C:\WINDOWS\system\DJNPUT8.DLL
C:\WINDOWS\system\DKDMOPRP.DLL
C:\WINDOWS\system\DKDMOPRP.DLL
C:\WINDOWS\system\DLSPDIB.DLL
C:\WINDOWS\system\DLSPDIB.DLL
C:\WINDOWS\system\DMNPUT8.DLL
C:\WINDOWS\system\DMNPUT8.DLL
C:\WINDOWS\system\DNEML.DLL
C:\WINDOWS\system\DNEML.DLL
C:\WINDOWS\system\DRDMOPRP.DLL
C:\WINDOWS\system\DRDMOPRP.DLL
C:\WINDOWS\system\DRNPUT8.DLL
C:\WINDOWS\system\DRNPUT8.DLL
C:\WINDOWS\system\DSNPUT8.DLL
C:\WINDOWS\system\DSNPUT8.DLL
C:\WINDOWS\system\DTDMOPRP.DLL
C:\WINDOWS\system\DTDMOPRP.DLL
C:\WINDOWS\system\DWRAWEX.DLL
C:\WINDOWS\system\DWRAWEX.DLL
C:\WINDOWS\system\DXDMO.DLL
C:\WINDOWS\system\DXDMO.DLL
C:\WINDOWS\system\DXDRAMP.DLL
C:\WINDOWS\system\DXDRAMP.DLL
C:\WINDOWS\system\DYDRM.DLL
C:\WINDOWS\system\DYDRM.DLL
C:\WINDOWS\system\DYNPUT8.DLL
C:\WINDOWS\system\DYNPUT8.DLL
C:\WINDOWS\system\emenu.dll
C:\WINDOWS\system\emenu.dll
C:\WINDOWS\system\erenu.dll
C:\WINDOWS\system\erenu.dll
C:\WINDOWS\system\ETBTEG.DLL
C:\WINDOWS\system\ETBTEG.DLL
C:\WINDOWS\system\EZSHARED.DLL
C:\WINDOWS\system\EZSHARED.DLL
C:\WINDOWS\system\GGDEF.DLL
C:\WINDOWS\system\GGDEF.DLL
C:\WINDOWS\system\GLDEF.DLL
C:\WINDOWS\system\GLDEF.DLL
C:\WINDOWS\system\GYDEF.DLL
C:\WINDOWS\system\GYDEF.DLL
C:\WINDOWS\system\HDINK.DLL
C:\WINDOWS\system\HDINK.DLL
C:\WINDOWS\system\iamfilter.dll
C:\WINDOWS\system\iamfilter.dll
C:\WINDOWS\system\ICIGN32.DLL
C:\WINDOWS\system\ICIGN32.DLL
C:\WINDOWS\system\IFMP.DLL
C:\WINDOWS\system\IFMP.DLL
C:\WINDOWS\system\IFWDIAL.DLL
C:\WINDOWS\system\IFWDIAL.DLL
C:\WINDOWS\system\IHWPHBK.DLL
C:\WINDOWS\system\IHWPHBK.DLL
C:\WINDOWS\system\iietclnt.dll
C:\WINDOWS\system\iietclnt.dll
C:\WINDOWS\system\IPWPHBK.DLL
C:\WINDOWS\system\IPWPHBK.DLL
C:\WINDOWS\system\ISDICDLL.DLL
C:\WINDOWS\system\ISDICDLL.DLL
C:\WINDOWS\system\IZSCLASS.DLL
C:\WINDOWS\system\IZSCLASS.DLL
C:\WINDOWS\system\JDEG1X32.DLL
C:\WINDOWS\system\JDEG1X32.DLL
C:\WINDOWS\system\JDMD400.DLL
C:\WINDOWS\system\JDMD400.DLL
C:\WINDOWS\system\JJSD400.DLL
C:\WINDOWS\system\JJSD400.DLL
C:\WINDOWS\system\JRVACYPT.DLL
C:\WINDOWS\system\JRVACYPT.DLL
C:\WINDOWS\system\KWUSER.DLL
C:\WINDOWS\system\KWUSER.DLL
C:\WINDOWS\system\lbfax11n.dll
C:\WINDOWS\system\lbfax11n.dll
C:\WINDOWS\system\LDDIS11n.dll
C:\WINDOWS\system\LDDIS11n.dll
C:\WINDOWS\system\ldpcd11n.dll
C:\WINDOWS\system\ldpcd11n.dll
C:\WINDOWS\system\lgpcx11n.dll
C:\WINDOWS\system\lgpcx11n.dll
C:\WINDOWS\system\LHDLL.DLL
C:\WINDOWS\system\LHDLL.DLL
C:\WINDOWS\system\LIKODAK.DLL
C:\WINDOWS\system\LIKODAK.DLL
C:\WINDOWS\system\LJDLL.DLL
C:\WINDOWS\system\LJDLL.DLL
C:\WINDOWS\system\LNRT.DLL
C:\WINDOWS\system\LNRT.DLL
C:\WINDOWS\system\macrlrev.dll
C:\WINDOWS\system\macrlrev.dll
C:\WINDOWS\system\MHXBDE40.DLL
C:\WINDOWS\system\MHXBDE40.DLL
C:\WINDOWS\system\MIACM.DLL
C:\WINDOWS\system\MIACM.DLL
C:\WINDOWS\system\miimsg.dll
C:\WINDOWS\system\MISIP32.DLL
C:\WINDOWS\system\MISIP32.DLL
C:\WINDOWS\system\MKLTUS40.DLL
C:\WINDOWS\system\MKLTUS40.DLL
C:\WINDOWS\system\MKXOCI.DLL
C:\WINDOWS\system\MKXOCI.DLL
C:\WINDOWS\system\mlidntld.dll
C:\WINDOWS\system\mlidntld.dll
C:\WINDOWS\system\MLISAM11.DLL
C:\WINDOWS\system\MLISAM11.DLL
C:\WINDOWS\system\mlxml4r.dll
C:\WINDOWS\system\mlxml4r.dll
C:\WINDOWS\system\MMAFD.DLL
C:\WINDOWS\system\MMAFD.DLL
C:\WINDOWS\system\MNRD2X40.DLL
C:\WINDOWS\system\MNRD2X40.DLL
C:\WINDOWS\system\MOAWT.DLL
C:\WINDOWS\system\MOAWT.DLL
C:\WINDOWS\system\MRXML3A.DLL
C:\WINDOWS\system\MRXML3A.DLL
C:\WINDOWS\system\mtidntld.dll
C:\WINDOWS\system\mtidntld.dll
C:\WINDOWS\system\muident.dll
C:\WINDOWS\system\MUNSSPC.DLL
C:\WINDOWS\system\MUNSSPC.DLL
C:\WINDOWS\system\MUSIP32.DLL
C:\WINDOWS\system\MUSIP32.DLL
C:\WINDOWS\system\MUYUV.DLL
C:\WINDOWS\system\MUYUV.DLL
C:\WINDOWS\system\mvxml4r.dll
C:\WINDOWS\system\mvxml4r.dll
C:\WINDOWS\system\MWCAT32.DLL
C:\WINDOWS\system\MWCAT32.DLL
C:\WINDOWS\system\MYACM.DLL
C:\WINDOWS\system\MYACM.DLL
C:\WINDOWS\system\MZWSOSP.DLL
C:\WINDOWS\system\MZXBDE40.DLL
C:\WINDOWS\system\MZXBDE40.DLL
C:\WINDOWS\system\NBWMSDRM.DLL
C:\WINDOWS\system\NBWMSDRM.DLL
C:\WINDOWS\system\NGNDS.DLL
C:\WINDOWS\system\NGNDS.DLL
C:\WINDOWS\system\OAFIL400.DLL
C:\WINDOWS\system\OAFIL400.DLL
C:\WINDOWS\system\OJGFS400.DLL
C:\WINDOWS\system\OJGFS400.DLL
C:\WINDOWS\system\OQESVR32.DLL
C:\WINDOWS\system\OQESVR32.DLL
C:\WINDOWS\system\OSBCINT.DLL
C:\WINDOWS\system\OSBCINT.DLL
C:\WINDOWS\system\OUEXL32.DLL
C:\WINDOWS\system\OUEXL32.DLL
C:\WINDOWS\system\OYBC32.DLL
C:\WINDOWS\system\OYBC32.DLL
C:\WINDOWS\system\OYTWA400.DLL
C:\WINDOWS\system\OZMREG.DLL
C:\WINDOWS\system\OZMREG.DLL
C:\WINDOWS\system\PFSPL.DLL
C:\WINDOWS\system\PFSPL.DLL
C:\WINDOWS\system\Pibole32.dll
C:\WINDOWS\system\Pibole32.dll
C:\WINDOWS\system\pkcrt.dll
C:\WINDOWS\system\pkcrt.dll
C:\WINDOWS\system\PNSPL.DLL
C:\WINDOWS\system\PNSPL.DLL
C:\WINDOWS\system\PNUSTAB.DLL
C:\WINDOWS\system\PNUSTAB.DLL
C:\WINDOWS\system\PTPD.DLL
C:\WINDOWS\system\PTPD.DLL
C:\WINDOWS\system\QCDIT.DLL
C:\WINDOWS\system\QCDIT.DLL
C:\WINDOWS\system\QDDIT.DLL
C:\WINDOWS\system\QDDIT.DLL
C:\WINDOWS\system\QGVD.DLL
C:\WINDOWS\system\QGVD.DLL
C:\WINDOWS\system\QJDIT.DLL
C:\WINDOWS\system\QJDIT.DLL
C:\WINDOWS\system\QKDWIPES.DLL
C:\WINDOWS\system\QKDWIPES.DLL
C:\WINDOWS\system\QLDWIPES.DLL
C:\WINDOWS\system\QLDWIPES.DLL
C:\WINDOWS\system\QPV.DLL
C:\WINDOWS\system\QPV.DLL
C:\WINDOWS\system\QRVD.DLL
C:\WINDOWS\system\QRVD.DLL
C:\WINDOWS\system\QUGR.DLL
C:\WINDOWS\system\QUGR.DLL
C:\WINDOWS\system\RP3228_8.DLL
C:\WINDOWS\system\RP3228_8.DLL
C:\WINDOWS\system\RSCLTCCM.DLL
C:\WINDOWS\system\RSCLTCCM.DLL
C:\WINDOWS\system\rUve.dll
C:\WINDOWS\system\rUve.dll
C:\WINDOWS\system\RZASETUP.DLL
C:\WINDOWS\system\RZASETUP.DLL
C:\WINDOWS\system\SBNS.DLL
C:\WINDOWS\system\SBNS.DLL
C:\WINDOWS\system\SEELL.DLL
C:\WINDOWS\system\SKMSCRPT.DLL
C:\WINDOWS\system\SKMSCRPT.DLL
C:\WINDOWS\system\Sncvrt32.dll
C:\WINDOWS\system\Sncvrt32.dll
C:\WINDOWS\system\SRREAMCI.DLL
C:\WINDOWS\system\SRREAMCI.DLL
C:\WINDOWS\system\srrmdll.dll
C:\WINDOWS\system\srrmdll.dll
C:\WINDOWS\system\SYNS.DLL
C:\WINDOWS\system\SYNS.DLL
C:\WINDOWS\system\TLAPI.DLL
C:\WINDOWS\system\TLAPI.DLL
C:\WINDOWS\system\TVD32.DLL
C:\WINDOWS\system\TVD32.DLL
C:\WINDOWS\system\UDBUI.DLL
C:\WINDOWS\system\UDBUI.DLL
C:\WINDOWS\system\UIDMXFRM.DLL
C:\WINDOWS\system\UIDMXFRM.DLL
C:\WINDOWS\system\ULS16.DLL
C:\WINDOWS\system\ULS16.DLL
C:\WINDOWS\system\USS16.DLL
C:\WINDOWS\system\vablock.dll
C:\WINDOWS\system\vablock.dll
C:\WINDOWS\system\VPHELPER.DLL
C:\WINDOWS\system\VPHELPER.DLL
C:\WINDOWS\system\VYB32.DLL
C:\WINDOWS\system\VYB32.DLL
C:\WINDOWS\system\WD32DLL.DLL
C:\WINDOWS\system\WD32DLL.DLL
C:\WINDOWS\system\WFNASPI.DLL
C:\WINDOWS\system\WFNASPI.DLL
C:\WINDOWS\system\WQCTHUNK.DLL
C:\WINDOWS\system\WQCTHUNK.DLL
C:\WINDOWS\system\WSASF.DLL
C:\WINDOWS\system\WSASF.DLL
C:\WINDOWS\system\wxhext.dll
C:\WINDOWS\system\wxhext.dll

************

Registry entries found:

[HKEY_CLASSES_ROOT\CLSID\{14A6C576-15FD-4D96-869B-93DA5AB5229C}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\DBDIM700.DLL"
[HKEY_CLASSES_ROOT\CLSID\{14A6C576-15FD-4D96-869B-93DA5AB5229C}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\DBDIM700.DLL"


************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!
  • 0

Advertisements


#41
Swandog46

Swandog46

    Malware Expert

  • Member
  • PipPipPipPip
  • 1,026 posts
  • MVP
Perfect! Any symptoms of infection remaining? :tazz:
  • 0

#42
aep22

aep22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I'm out of town for a funeral. I'll be home tomorrow and will be able to check. I did notice yesterday that there were no popups -- yea!!! -- but haven't been able to run any scans. Should I go through the ones I did in the recommendation list -- adaware, spybot, etc.? Anything else?

Thanks again for all your help,

Amy
  • 0

#43
Swandog46

Swandog46

    Malware Expert

  • Member
  • PipPipPipPip
  • 1,026 posts
  • MVP
Well, first of all, I am very sorry to hear about the funeral... my condolences.

Can you actually check something for me? I tried to fix that download, so can you download this file:
http://swandog46.gee...om/l2m9xfix.exe

and just run it and try to unzip the files, and see if you still get the "Win32" error message? You don't need to actually run the batch; you can delete the files after unzipping them. I just want to make sure it works.

I think it's all clear --- if you still report no symptoms tomorrow I'll post some recommendations for you to keep your system clean for the future :tazz:
  • 0

#44
aep22

aep22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thank you for your kind words.

I downloaded the file and did not have any problems opening it this time. It works!

Another day without pop-ups -- such a relief! Thanks for everything (and you too, UKBiker!). I look forward to getting your next post and making sure this doesn't happen again! (But if it does, you know I'm coming to you guys!!!).

Have a great day!

:tazz:
  • 0

#45
Swandog46

Swandog46

    Malware Expert

  • Member
  • PipPipPipPip
  • 1,026 posts
  • MVP
Everything looks great --- your HijackThis log is completely clean. :)
Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. :tazz:

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.o...oducts/firefox/

4) I notice that you do not seem to be running antivirus software. This is somewhat suicidal in today's digital world. AVG makes an excellent free antivirus client, as do AntiVir or avast!.

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are ZoneAlarm, Kerio, or Sygate.
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. ;)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP