Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

loadingwebsite.com - At the end of my rope! [RESOLVED]


  • This topic is locked This topic is locked

#1
AnnaNimitee101

AnnaNimitee101

    New Member

  • Member
  • Pip
  • 3 posts
M'kay. Uncle. I give up. I've looked all over (and under and around) for info on how to remove this MOST annoying pop-up problem, to no avail. You guys have been a great source of info any other time I've had a problem (and no, I never had to post, just was able to figure stuff out from your answers to others with similar problems) so I'm hoping you can help me tackle this one as well.

I've done all the you-must-do-this-before-posting-a-hijackthis-log stuff.. AdAware, Spybot, Cleanup!, AVG, and so on. Even turned on all the stuff I've ignored with msconfig up 'til now. So here's the log.. Any and all help will be MOST appreciated.. :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 2:21:07 PM, on 8/3/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTPSPD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\WAOL.EXE
C:\WINDOWS\SYSTEM\IASRP3M.EXE
C:\BYSLDKBR.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE
C:\PROGRAM FILES\INTUIT\QUICKBOOKS PRO\COMPONENTS\QBAGENT\QBDAGENT2001.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\ULTIMATEZIP\UZQKST.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1122989975\EE\AOLHOSTMANAGER.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1122989975\EE\AOLSERVICEHOST.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\SHELLMON.EXE
C:\WINDOWS\TEMP\!UPDATE.EXE
C:\PROGRAM FILES\UTHM\AREA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1122989975\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRAM FILES\AMERICA ONLINE 9.0A\AOL.EXE" -b
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [aornRWbpl] IASRP3M.EXE
O4 - HKCU\..\Run: [Send To Phone (myPhoneFiles.com)] C:\PROGRAM FILES\SIGI - MYPHONEFILES.COM DESKTOP EXTENSION\MPFEXET
O4 - HKCU\..\Run: [Jcmn] \bysldkbr.exe
O4 - HKCU\..\Run: [Uate] C:\Program Files\uthm\area.exe
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.co...w-ob-assets.cab
O16 - DPF: Sawgrass Golf by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb08.pog...aploader_v6.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...h-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.co...p-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: EA Sports Web Soccer by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.co...1-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/CleanUp.exe ) and install it. Don't run it yet.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O4 - HKCU\..\Run: [aornRWbpl] IASRP3M.EXE
O4 - HKCU\..\Run: [Send To Phone (myPhoneFiles.com)] C:\PROGRAM FILES\SIGI - MYPHONEFILES.COM DESKTOP EXTENSION\MPFEXET - unless you know what this for, fix it
O4 - HKCU\..\Run: [Jcmn] \bysldkbr.exe
O4 - HKCU\..\Run: [Uate] C:\Program Files\uthm\area.exe


Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

IASRP3M.EXE
C:\PROGRAM FILES\SIGI - MYPHONEFILES.COM DESKTOP EXTENSION\ - unless you know what this for, delete it
bysldkbr.exe
C:\Program Files\uthm\


Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Restart and run a new HijackThis scan. Save the log file and post it here. Do you still get popups from loadingwebsite.com now?
  • 0

#3
AnnaNimitee101

AnnaNimitee101

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I tried posting my new HJT log, and it came up with a blank screen and doesn't appear to have gone through, so at the risk of being terribly repetitious, I'll post it again. Please forgive me if it goes through twice.

First, thank you for your quick reply!

Yes, I'm still getting the loadingwebsite.com popups, and the Rundll32 in my running processes seems to be somehow related. (It never used to be there before all this) Here's the new log:

Logfile of HijackThis v1.99.1
Scan saved at 2:47:26 PM, on 8/4/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTPSPD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\SHELLMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\RunServices: [AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRAM FILES\AMERICA ONLINE 9.0A\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.co...w-ob-assets.cab
O16 - DPF: Sawgrass Golf by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb08.pog...aploader_v6.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...h-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.co...p-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: EA Sports Web Soccer by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.co...1-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
No problem, I think we got it now :tazz:

Do this:

Please download L2m9xfix here:
http://www.geekstogo...ds/l2m9xfix.exe

Save it to the desktop and run it. Extract the files, and then open the l2m9xfix folder you just created and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.
  • 0

#5
AnnaNimitee101

AnnaNimitee101

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
This was me yesterday: :) ;) :tazz:

This is me today: :( :( (All dreamy-eyed and swooning and stuff)

You are, as they say in Latin, "Da Man". :-)

I sincerely can't thank you enough.

Here are my nice sparkly clean logs:

Log of L2M9XFix v1

************

Running from directory:
C:\WINDOWS\Desktop\l2m9xfix

************

Files found:

C:\WINDOWS\system\acltcp16.dll
C:\WINDOWS\system\acltcp16.dll
C:\WINDOWS\system\acltcp16.dll
C:\WINDOWS\system\acltcp16.dll
C:\WINDOWS\system\AUCODC32.DLL
C:\WINDOWS\system\AUCODC32.DLL
C:\WINDOWS\system\AUCODC32.DLL
C:\WINDOWS\system\AUCODC32.DLL
C:\WINDOWS\system\aXmd532.dll
C:\WINDOWS\system\aXmd532.dll
C:\WINDOWS\system\aXmd532.dll
C:\WINDOWS\system\aXmd532.dll
C:\WINDOWS\system\CCSRW3M.DLL
C:\WINDOWS\system\CCSRW3M.DLL
C:\WINDOWS\system\CCSRW3M.DLL
C:\WINDOWS\system\CCSRW3M.DLL
C:\WINDOWS\system\CGBIVR3M.DLL
C:\WINDOWS\system\CGBIVR3M.DLL
C:\WINDOWS\system\CGBIVR3M.DLL
C:\WINDOWS\system\CGBIVR3M.DLL
C:\WINDOWS\system\CJBISM3M.DLL
C:\WINDOWS\system\CJBISM3M.DLL
C:\WINDOWS\system\CJBISM3M.DLL
C:\WINDOWS\system\CJBISM3M.DLL
C:\WINDOWS\system\CQET16.DLL
C:\WINDOWS\system\CQET16.DLL
C:\WINDOWS\system\CQET16.DLL
C:\WINDOWS\system\CQET16.DLL
C:\WINDOWS\system\CUPRP3M.DLL
C:\WINDOWS\system\CUPRP3M.DLL
C:\WINDOWS\system\CUPRP3M.DLL
C:\WINDOWS\system\CUPRP3M.DLL
C:\WINDOWS\system\CVPLIF3M.DLL
C:\WINDOWS\system\CVPLIF3M.DLL
C:\WINDOWS\system\CVPLIF3M.DLL
C:\WINDOWS\system\CVPLIF3M.DLL
C:\WINDOWS\system\CYINRC3M.DLL
C:\WINDOWS\system\CYINRC3M.DLL
C:\WINDOWS\system\CYINRC3M.DLL
C:\WINDOWS\system\CYINRC3M.DLL
C:\WINDOWS\system\DCMV2CLT.DLL
C:\WINDOWS\system\DCMV2CLT.DLL
C:\WINDOWS\system\DCMV2CLT.DLL
C:\WINDOWS\system\DCMV2CLT.DLL
C:\WINDOWS\system\DECPROP.DLL
C:\WINDOWS\system\DECPROP.DLL
C:\WINDOWS\system\DECPROP.DLL
C:\WINDOWS\system\DECPROP.DLL
C:\WINDOWS\system\dfnetlib.dll
C:\WINDOWS\system\dfnetlib.dll
C:\WINDOWS\system\dfnetlib.dll
C:\WINDOWS\system\dfnetlib.dll
C:\WINDOWS\system\DFOUND.DLL
C:\WINDOWS\system\DFOUND.DLL
C:\WINDOWS\system\DFOUND.DLL
C:\WINDOWS\system\DFOUND.DLL
C:\WINDOWS\system\DFTACLEN.DLL
C:\WINDOWS\system\DFTACLEN.DLL
C:\WINDOWS\system\DFTACLEN.DLL
C:\WINDOWS\system\DFTACLEN.DLL
C:\WINDOWS\system\dinetlib.dll
C:\WINDOWS\system\dinetlib.dll
C:\WINDOWS\system\dinetlib.dll
C:\WINDOWS\system\dinetlib.dll
C:\WINDOWS\system\DIVENUM.DLL
C:\WINDOWS\system\DIVENUM.DLL
C:\WINDOWS\system\DIVENUM.DLL
C:\WINDOWS\system\DIVENUM.DLL
C:\WINDOWS\system\dtnaddr.dll
C:\WINDOWS\system\dtnaddr.dll
C:\WINDOWS\system\dtnaddr.dll
C:\WINDOWS\system\dtnaddr.dll
C:\WINDOWS\system\dydiagn.dll
C:\WINDOWS\system\dydiagn.dll
C:\WINDOWS\system\dydiagn.dll
C:\WINDOWS\system\dydiagn.dll
C:\WINDOWS\system\ebtier2.dll
C:\WINDOWS\system\ebtier2.dll
C:\WINDOWS\system\ebtier2.dll
C:\WINDOWS\system\ebtier2.dll
C:\WINDOWS\system\FEWPP.DLL
C:\WINDOWS\system\FEWPP.DLL
C:\WINDOWS\system\FEWPP.DLL
C:\WINDOWS\system\FEWPP.DLL
C:\WINDOWS\system\FYWPP.DLL
C:\WINDOWS\system\FYWPP.DLL
C:\WINDOWS\system\FYWPP.DLL
C:\WINDOWS\system\FYWPP.DLL
C:\WINDOWS\system\GJXAPI32.dll
C:\WINDOWS\system\GJXAPI32.dll
C:\WINDOWS\system\GJXAPI32.dll
C:\WINDOWS\system\GJXAPI32.dll
C:\WINDOWS\system\HaSocEx.dll
C:\WINDOWS\system\HaSocEx.dll
C:\WINDOWS\system\HaSocEx.dll
C:\WINDOWS\system\HaSocEx.dll
C:\WINDOWS\system\HoSocEx.dll
C:\WINDOWS\system\HoSocEx.dll
C:\WINDOWS\system\HoSocEx.dll
C:\WINDOWS\system\HoSocEx.dll
C:\WINDOWS\system\IASAPI32.DLL
C:\WINDOWS\system\IASAPI32.DLL
C:\WINDOWS\system\IASAPI32.DLL
C:\WINDOWS\system\IASAPI32.DLL
C:\WINDOWS\system\IIROP.DLL
C:\WINDOWS\system\IIROP.DLL
C:\WINDOWS\system\IIROP.DLL
C:\WINDOWS\system\IIROP.DLL
C:\WINDOWS\system\inctl.dll
C:\WINDOWS\system\inctl.dll
C:\WINDOWS\system\inctl.dll
C:\WINDOWS\system\inctl.dll
C:\WINDOWS\system\INGSHL.DLL
C:\WINDOWS\system\INGSHL.DLL
C:\WINDOWS\system\INGSHL.DLL
C:\WINDOWS\system\INGSHL.DLL
C:\WINDOWS\system\INSRMT.DLL
C:\WINDOWS\system\INSRMT.DLL
C:\WINDOWS\system\INSRMT.DLL
C:\WINDOWS\system\INSRMT.DLL
C:\WINDOWS\system\IOSAPI32.DLL
C:\WINDOWS\system\IOSAPI32.DLL
C:\WINDOWS\system\IOSAPI32.DLL
C:\WINDOWS\system\IOSAPI32.DLL
C:\WINDOWS\system\ivctl.dll
C:\WINDOWS\system\ivctl.dll
C:\WINDOWS\system\ivctl.dll
C:\WINDOWS\system\ivctl.dll
C:\WINDOWS\system\IVS.DLL
C:\WINDOWS\system\IVS.DLL
C:\WINDOWS\system\IVS.DLL
C:\WINDOWS\system\IVS.DLL
C:\WINDOWS\system\JUBEXEC.DLL
C:\WINDOWS\system\JUBEXEC.DLL
C:\WINDOWS\system\JUBEXEC.DLL
C:\WINDOWS\system\JUBEXEC.DLL
C:\WINDOWS\system\lqpsd80n.dll
C:\WINDOWS\system\lqpsd80n.dll
C:\WINDOWS\system\lqpsd80n.dll
C:\WINDOWS\system\lqpsd80n.dll
C:\WINDOWS\system\lvtwn80n.dll
C:\WINDOWS\system\lvtwn80n.dll
C:\WINDOWS\system\lvtwn80n.dll
C:\WINDOWS\system\lvtwn80n.dll
C:\WINDOWS\system\LWPRXY.DLL
C:\WINDOWS\system\LWPRXY.DLL
C:\WINDOWS\system\LWPRXY.DLL
C:\WINDOWS\system\LWPRXY.DLL
C:\WINDOWS\system\MBLTUS40.DLL
C:\WINDOWS\system\MBLTUS40.DLL
C:\WINDOWS\system\MBLTUS40.DLL
C:\WINDOWS\system\MBLTUS40.DLL
C:\WINDOWS\system\mdikbden.dll
C:\WINDOWS\system\mdikbden.dll
C:\WINDOWS\system\mdikbden.dll
C:\WINDOWS\system\mdikbden.dll
C:\WINDOWS\system\MKLOCUSR.DLL
C:\WINDOWS\system\MKLOCUSR.DLL
C:\WINDOWS\system\MKLOCUSR.DLL
C:\WINDOWS\system\MKLOCUSR.DLL
C:\WINDOWS\system\MKVFW32.DLL
C:\WINDOWS\system\MKVFW32.DLL
C:\WINDOWS\system\MKVFW32.DLL
C:\WINDOWS\system\MKVFW32.DLL
C:\WINDOWS\system\MMACM32.DLL
C:\WINDOWS\system\MMACM32.DLL
C:\WINDOWS\system\MMACM32.DLL
C:\WINDOWS\system\MMACM32.DLL
C:\WINDOWS\system\MPDEMUI.DLL
C:\WINDOWS\system\MPDEMUI.DLL
C:\WINDOWS\system\MPDEMUI.DLL
C:\WINDOWS\system\MPDEMUI.DLL
C:\WINDOWS\system\MRC71.dll
C:\WINDOWS\system\MRC71.dll
C:\WINDOWS\system\MRC71.dll
C:\WINDOWS\system\MRC71.dll
C:\WINDOWS\system\MYC71.dll
C:\WINDOWS\system\MYC71.dll
C:\WINDOWS\system\MYC71.dll
C:\WINDOWS\system\MYC71.dll
C:\WINDOWS\system\MZPCIC.DLL
C:\WINDOWS\system\MZPCIC.DLL
C:\WINDOWS\system\MZPCIC.DLL
C:\WINDOWS\system\MZPCIC.DLL
C:\WINDOWS\system\NDTAudioFile2.dll
C:\WINDOWS\system\NDTAudioFile2.dll
C:\WINDOWS\system\NDTAudioFile2.dll
C:\WINDOWS\system\NDTAudioFile2.dll
C:\WINDOWS\system\NGMKCERT.DLL
C:\WINDOWS\system\NGMKCERT.DLL
C:\WINDOWS\system\NGMKCERT.DLL
C:\WINDOWS\system\NGMKCERT.DLL
C:\WINDOWS\system\NISWAN32.DLL
C:\WINDOWS\system\NISWAN32.DLL
C:\WINDOWS\system\NISWAN32.DLL
C:\WINDOWS\system\NISWAN32.DLL
C:\WINDOWS\system\OFE2NLS.DLL
C:\WINDOWS\system\OFE2NLS.DLL
C:\WINDOWS\system\OFE2NLS.DLL
C:\WINDOWS\system\OFE2NLS.DLL
C:\WINDOWS\system\ombcconf.dll
C:\WINDOWS\system\ombcconf.dll
C:\WINDOWS\system\ombcconf.dll
C:\WINDOWS\system\ombcconf.dll
C:\WINDOWS\system\OQEAUT32.DLL
C:\WINDOWS\system\OQEAUT32.DLL
C:\WINDOWS\system\OQEAUT32.DLL
C:\WINDOWS\system\OQEAUT32.DLL
C:\WINDOWS\system\OVETHK32.DLL
C:\WINDOWS\system\OVETHK32.DLL
C:\WINDOWS\system\OVETHK32.DLL
C:\WINDOWS\system\OVETHK32.DLL
C:\WINDOWS\system\QVARTZ.DLL
C:\WINDOWS\system\QVARTZ.DLL
C:\WINDOWS\system\QVARTZ.DLL
C:\WINDOWS\system\QVARTZ.DLL
C:\WINDOWS\system\RIRC32.DLL
C:\WINDOWS\system\RIRC32.DLL
C:\WINDOWS\system\RIRC32.DLL
C:\WINDOWS\system\RIRC32.DLL
C:\WINDOWS\system\RPR20.DLL
C:\WINDOWS\system\RPR20.DLL
C:\WINDOWS\system\RPR20.DLL
C:\WINDOWS\system\RPR20.DLL
C:\WINDOWS\system\szpdate.dll
C:\WINDOWS\system\szpdate.dll
C:\WINDOWS\system\szpdate.dll
C:\WINDOWS\system\szpdate.dll
C:\WINDOWS\system\tOembed.dll
C:\WINDOWS\system\tOembed.dll
C:\WINDOWS\system\tOembed.dll
C:\WINDOWS\system\tOembed.dll
C:\WINDOWS\system\tRembed.dll
C:\WINDOWS\system\tRembed.dll
C:\WINDOWS\system\tRembed.dll
C:\WINDOWS\system\tRembed.dll
C:\WINDOWS\system\UEP10.DLL
C:\WINDOWS\system\UEP10.DLL
C:\WINDOWS\system\UEP10.DLL
C:\WINDOWS\system\UEP10.DLL
C:\WINDOWS\system\UQMCFG32.DLL
C:\WINDOWS\system\UQMCFG32.DLL
C:\WINDOWS\system\UQMCFG32.DLL
C:\WINDOWS\system\UQMCFG32.DLL
C:\WINDOWS\system\uridrv.dll
C:\WINDOWS\system\uridrv.dll
C:\WINDOWS\system\uridrv.dll
C:\WINDOWS\system\uridrv.dll
C:\WINDOWS\system\UWLMON.DLL
C:\WINDOWS\system\UWLMON.DLL
C:\WINDOWS\system\UWLMON.DLL
C:\WINDOWS\system\UWLMON.DLL
C:\WINDOWS\system\VYR.DLL
C:\WINDOWS\system\VYR.DLL
C:\WINDOWS\system\VYR.DLL
C:\WINDOWS\system\VYR.DLL
C:\WINDOWS\system\vyt3216.dll
C:\WINDOWS\system\vyt3216.dll
C:\WINDOWS\system\vyt3216.dll
C:\WINDOWS\system\vyt3216.dll
C:\WINDOWS\system\WFADRVUD.DLL
C:\WINDOWS\system\WFADRVUD.DLL
C:\WINDOWS\system\WFADRVUD.DLL
C:\WINDOWS\system\WFADRVUD.DLL
C:\WINDOWS\system\WXADRVUD.DLL
C:\WINDOWS\system\WXADRVUD.DLL
C:\WINDOWS\system\WXADRVUD.DLL
C:\WINDOWS\system\WXADRVUD.DLL
C:\WINDOWS\system\XLILEXR.DLL
C:\WINDOWS\system\XLILEXR.DLL
C:\WINDOWS\system\XLILEXR.DLL
C:\WINDOWS\system\XLILEXR.DLL
C:\WINDOWS\system\ZAec.dll
C:\WINDOWS\system\ZAec.dll
C:\WINDOWS\system\ZAec.dll
C:\WINDOWS\system\ZAec.dll

************

Registry entries found:




[HKEY_CLASSES_ROOT\CLSID\{D79053A9-6640-4427-BD6E-399935E70376}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\UQMCFG32.DLL"

[HKEY_CLASSES_ROOT\CLSID\{D79053A9-6640-4427-BD6E-399935E70376}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\UQMCFG32.DLL"

[HKEY_CLASSES_ROOT\CLSID\{D79053A9-6640-4427-BD6E-399935E70376}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\UQMCFG32.DLL"

[HKEY_CLASSES_ROOT\CLSID\{D79053A9-6640-4427-BD6E-399935E70376}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\UQMCFG32.DLL"




[HKEY_CLASSES_ROOT\CLSID\{D79053A9-6640-4427-BD6E-399935E70376}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\UQMCFG32.DLL"

[HKEY_CLASSES_ROOT\CLSID\{D79053A9-6640-4427-BD6E-399935E70376}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\UQMCFG32.DLL"

[HKEY_CLASSES_ROOT\CLSID\{D79053A9-6640-4427-BD6E-399935E70376}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\UQMCFG32.DLL"

[HKEY_CLASSES_ROOT\CLSID\{D79053A9-6640-4427-BD6E-399935E70376}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\UQMCFG32.DLL"


************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 8:21:05 AM, on 8/5/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTPSPD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\WAOL.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\SHELLMON.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\RunServices: [AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRAM FILES\AMERICA ONLINE 9.0A\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.co...w-ob-assets.cab
O16 - DPF: Sawgrass Golf by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb08.pog...aploader_v6.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...h-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.co...p-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: EA Sports Web Soccer by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.co...1-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.co...o-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Are you that sure that your log is clean?....

:tazz: Just kidding ;)

Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.
  • 0

#7
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP