Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unknown adware [RESOLVED]


  • This topic is locked This topic is locked

#1
ewisniew

ewisniew

    Member

  • Member
  • PipPip
  • 31 posts
Hi,

Am trying to help my brother-in-law with his box. Have used Adaware, Spybot S&D, and AVG to clean up his machine. Had alot of spywre and viruses/trojans.

All 3 report clean now. Also CWshredder, Trend Housecall, and Trojan Hunter report clean.

When ever he is dialed into the net, (He only has dialup available where he lives), IE opens a window and serves up ads. It waits a few minutes before doing this and then sporadically keeps opening more windows with different ads etc. Some of the sites are SEARC-H, FIXWIN and PAYPOPUP.

I followed the directions on the first time here page and am now sending the HJT log. Any help is appreciated.

Gino :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 7:01:46 PM, on 8/7/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\EXIF LAUNCHER\QUICKDCF.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSNDELL\MSNCOREFILES\MSN6.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_1_6_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_1_6_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com...load/nr1228.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c...ymmapi_0312.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi ewisniew and welcome to GeeksToGo! My name is Excal and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.

:tazz:

Excal
  • 0

#3
ewisniew

ewisniew

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi Excal. Your help is greatly appreciated.

I have also run a Panda scan online and it reported clean. I did delete a registry key for RUNDLL32 AUNPS2.DLL,_Run@16 that was left over from all the stuff cleaned out so far.

The fresh log follows.

Thanks, Gino

Logfile of HijackThis v1.99.1
Scan saved at 1:01:32 AM, on 8/13/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\EXIF LAUNCHER\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_1_6_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_1_6_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com...load/nr1228.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c...ymmapi_0312.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
  • 0

#4
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
are you haveing any more problems?

Run this online virus scan: ActiveScan - Please save and post the results from the scan!


:tazz:

Excal
  • 0

#5
ewisniew

ewisniew

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Ads are still popping up. Thanks for telling me to run Panda again. I thought the second half of the download last night was the scan, (He still has dial up so it was quite slow.) Looks like it's still a mess with most of it being Look2Me.

Results follow. Thanks


Incident Status Location

Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WJSTREAM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IEIRCL.DLL
Adware:adware/virtualbouncer No disinfected C:\WINDOWS\TEMP\wrapperouter.exe
Adware:adware/quicksearch No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\Install.inf
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AZRESX32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\jlproxy.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IEIRCL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IHCVID.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MTVFW32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NATAPI32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DRSERIAL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WNN87EM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NODLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IC1XDD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MMNDEX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MUSIP32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MFVFW32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\oxhlp30t.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Lgkrn70n.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JKPL400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SZLAD1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MROTHUNK.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RHCLTC6.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DMNMPNTW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DZMM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SKFTPUB.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IZETCOMM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WD2THK.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MDTCP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PTGFILT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WJSTREAM.DLL
Hacktool:Hacktool/Processor No disinfected C:\WINDOWS\SYSTEM32\Process.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\nsh_107.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\TEMP\wrapperouter.exe
Adware:Adware/Pacimedia No disinfected C:\WINDOWS\TEMP\ptf_0026.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\upd209.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5121.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5182.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav2234.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav51E5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav51F6.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5206.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav5273.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7025.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7044.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7124.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav71A3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav71E5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav71F2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7204.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7221.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7232.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7240.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7243.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7251.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7254.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8144.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8152.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8156.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8164.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8172.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81E3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81F2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav4126.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav4129.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav412C.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav4130.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav4138.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD095.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD0F1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav6061.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB010.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB052.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB064.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB0D0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB39D.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB39F.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC125.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC1A5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC1E4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC1F1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC201.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC213.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC225.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC233.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC241.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC246.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC255.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD142.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD154.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD156.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD164.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD176.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD212.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD220.TMP
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temporary Internet Files\CONTENT.IE5\5KB6IMW0\abiuninst[1].exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Temporary Internet Files\CONTENT.IE5\KLAF0L2N\upd209[1].exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Temporary Internet Files\CONTENT.IE5\KLAF0L2N\webservice[2].html
Hacktool:Hacktool/Processor No disinfected C:\WINDOWS\Temporary Internet Files\l2mfix\Process.exe
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\cfgmgr52.dll
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\CWUTIL.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\ISSENG.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\MRPI.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\MXIMRT.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\MZLOCUSR.0
Hacktool:Hacktool/Processor No disinfected C:\Recycled\Dc38\Process.exe
Hacktool:Hacktool/Processor No disinfected C:\Recycled\Dc39.exe[Process.exe]
Adware:Adware/Look2Me No disinfected C:\Temp\Installer.exe
  • 0

#6
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
You still have the L2M infection ;) and your temp files/folders are filled with nasties.

Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
Run the program CleanUp!

Please download L2m9xfix here:
http://swandog46.gee...om/l2m9xfix.exe

Save it to the desktop and run it. Extract the files, and then open the l2m9xfix folder you just created and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.


thanks,

:tazz:

Excal
  • 0

#7
ewisniew

ewisniew

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
The two logs follow.

Thanks,

Gino


Logfile of HijackThis v1.99.1
Scan saved at 12:03:44 AM, on 8/14/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\EXIF LAUNCHER\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_1_6_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_1_6_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com...load/nr1228.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c...ymmapi_0312.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab



Log of L2M9XFix v1

************

Running from directory:
C:\WINDOWS\DESKTOP\l2m9xfix

************

Files found:

C:\WINDOWS\system\AEFSIPC.DLL
C:\WINDOWS\system\AEFSIPC.DLL
C:\WINDOWS\system\AEFSIPC.DLL
C:\WINDOWS\system\AEFSIPC.DLL
C:\WINDOWS\system\AZRESX32.DLL
C:\WINDOWS\system\AZRESX32.DLL
C:\WINDOWS\system\AZRESX32.DLL
C:\WINDOWS\system\AZRESX32.DLL
C:\WINDOWS\system\DMNMPNTW.DLL
C:\WINDOWS\system\DMNMPNTW.DLL
C:\WINDOWS\system\DMNMPNTW.DLL
C:\WINDOWS\system\DMNMPNTW.DLL
C:\WINDOWS\system\DRSERIAL.DLL
C:\WINDOWS\system\DRSERIAL.DLL
C:\WINDOWS\system\DRSERIAL.DLL
C:\WINDOWS\system\DRSERIAL.DLL
C:\WINDOWS\system\DZMM.DLL
C:\WINDOWS\system\DZMM.DLL
C:\WINDOWS\system\DZMM.DLL
C:\WINDOWS\system\DZMM.DLL
C:\WINDOWS\system\IC1XDD.DLL
C:\WINDOWS\system\IC1XDD.DLL
C:\WINDOWS\system\IC1XDD.DLL
C:\WINDOWS\system\IC1XDD.DLL
C:\WINDOWS\system\IEIRCL.DLL
C:\WINDOWS\system\IEIRCL.DLL
C:\WINDOWS\system\IEIRCL.DLL
C:\WINDOWS\system\IEIRCL.DLL
C:\WINDOWS\system\IHCVID.DLL
C:\WINDOWS\system\IHCVID.DLL
C:\WINDOWS\system\IHCVID.DLL
C:\WINDOWS\system\IHCVID.DLL
C:\WINDOWS\system\IZETCOMM.DLL
C:\WINDOWS\system\IZETCOMM.DLL
C:\WINDOWS\system\IZETCOMM.DLL
C:\WINDOWS\system\IZETCOMM.DLL
C:\WINDOWS\system\JKPL400.DLL
C:\WINDOWS\system\JKPL400.DLL
C:\WINDOWS\system\JKPL400.DLL
C:\WINDOWS\system\JKPL400.DLL
C:\WINDOWS\system\jlproxy.dll
C:\WINDOWS\system\jlproxy.dll
C:\WINDOWS\system\jlproxy.dll
C:\WINDOWS\system\jlproxy.dll
C:\WINDOWS\system\Lgkrn70n.dll
C:\WINDOWS\system\Lgkrn70n.dll
C:\WINDOWS\system\Lgkrn70n.dll
C:\WINDOWS\system\Lgkrn70n.dll
C:\WINDOWS\system\MDTCP.DLL
C:\WINDOWS\system\MDTCP.DLL
C:\WINDOWS\system\MDTCP.DLL
C:\WINDOWS\system\MDTCP.DLL
C:\WINDOWS\system\MFVFW32.DLL
C:\WINDOWS\system\MFVFW32.DLL
C:\WINDOWS\system\MFVFW32.DLL
C:\WINDOWS\system\MFVFW32.DLL
C:\WINDOWS\system\MMNDEX.DLL
C:\WINDOWS\system\MMNDEX.DLL
C:\WINDOWS\system\MMNDEX.DLL
C:\WINDOWS\system\MMNDEX.DLL
C:\WINDOWS\system\MROTHUNK.DLL
C:\WINDOWS\system\MROTHUNK.DLL
C:\WINDOWS\system\MROTHUNK.DLL
C:\WINDOWS\system\MROTHUNK.DLL
C:\WINDOWS\system\MTVFW32.DLL
C:\WINDOWS\system\MTVFW32.DLL
C:\WINDOWS\system\MTVFW32.DLL
C:\WINDOWS\system\MTVFW32.DLL
C:\WINDOWS\system\MUSIP32.DLL
C:\WINDOWS\system\MUSIP32.DLL
C:\WINDOWS\system\MUSIP32.DLL
C:\WINDOWS\system\MUSIP32.DLL
C:\WINDOWS\system\NATAPI32.DLL
C:\WINDOWS\system\NATAPI32.DLL
C:\WINDOWS\system\NATAPI32.DLL
C:\WINDOWS\system\NATAPI32.DLL
C:\WINDOWS\system\NODLL.DLL
C:\WINDOWS\system\NODLL.DLL
C:\WINDOWS\system\NODLL.DLL
C:\WINDOWS\system\NODLL.DLL
C:\WINDOWS\system\oxhlp30t.dll
C:\WINDOWS\system\oxhlp30t.dll
C:\WINDOWS\system\oxhlp30t.dll
C:\WINDOWS\system\oxhlp30t.dll
C:\WINDOWS\system\PTGFILT.DLL
C:\WINDOWS\system\PTGFILT.DLL
C:\WINDOWS\system\PTGFILT.DLL
C:\WINDOWS\system\PTGFILT.DLL
C:\WINDOWS\system\RHCLTC6.DLL
C:\WINDOWS\system\RHCLTC6.DLL
C:\WINDOWS\system\RHCLTC6.DLL
C:\WINDOWS\system\RHCLTC6.DLL
C:\WINDOWS\system\SKFTPUB.DLL
C:\WINDOWS\system\SKFTPUB.DLL
C:\WINDOWS\system\SKFTPUB.DLL
C:\WINDOWS\system\SKFTPUB.DLL
C:\WINDOWS\system\SZLAD1.dll
C:\WINDOWS\system\SZLAD1.dll
C:\WINDOWS\system\SZLAD1.dll
C:\WINDOWS\system\SZLAD1.dll
C:\WINDOWS\system\WD2THK.DLL
C:\WINDOWS\system\WD2THK.DLL
C:\WINDOWS\system\WD2THK.DLL
C:\WINDOWS\system\WD2THK.DLL
C:\WINDOWS\system\WJSTREAM.DLL
C:\WINDOWS\system\WJSTREAM.DLL
C:\WINDOWS\system\WJSTREAM.DLL
C:\WINDOWS\system\WJSTREAM.DLL
C:\WINDOWS\system\WNN87EM.DLL
C:\WINDOWS\system\WNN87EM.DLL
C:\WINDOWS\system\WNN87EM.DLL
C:\WINDOWS\system\WNN87EM.DLL

************

Registry entries found:


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{34F7832B-5ECF-8015-69BA-023610C1B0BF}"=""


************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!
  • 0

#8
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
looks really good!

If you use Windows 95/98/ME/NT/2K, go to My Computer->View->Folder Options->View tab and make sure that 'Show all files' is checked under the 'Hidden Files' section. Also make sure there is no checkmark beside 'Hide file extensions for known file types'.


Boot into safe mode and delete these 2 files:

C:\WINDOWS\DOWNLOADED PROGRAM FILES\Install.inf
C:\WINDOWS\cfgmgr52.dll

Hows everything running ;)

:tazz:

Excal
  • 0

#9
ewisniew

ewisniew

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Show hidden files and folders is ticked. Hide protected operating system files is not ticked.

Deleted C:\WINDOWS\cfgmgr52.dll and C:\WINDOWS\cfgmgr52.ini .

Could not find C:\WINDOWS\DOWNLOADED PROGRAM FILES\Install.inf . Did a search for Install.inf in C:\ including subdirectories with no results.

After rebooting, problem is still there, ad windows popping up. Did Panda activescan again. Still shows Look2me.

Thank you for helping.
  • 0

#10
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Download Findit Here and unzip the contents to a folder. When it has unzipped, open that folder and double click on Find.bat. It will run for a while, so be patient, and then produce a log (ignore any File not found messages on the screen, it should continue anyway).

Please copy and paste that log here.

From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the files will have changed and the fix provided will not work.
  • 0

Advertisements


#11
ewisniew

ewisniew

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Here is the log from Findit.

Thanks

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 07D1-0216
Directory of C:\WINDOWS\SYSTEM

AZRESX32 DLL 405,504 08-06-05 3:17a AZRESX32.DLL
IEIRCL DLL 405,504 08-06-05 3:17a IEIRCL.DLL
IHCVID DLL 405,504 08-06-05 3:17a IHCVID.DLL
DZMM DLL 405,504 08-06-05 3:17a DZMM.DLL
SKFTPUB DLL 405,504 08-06-05 3:17a SKFTPUB.DLL
IZETCOMM DLL 405,504 08-06-05 3:17a IZETCOMM.DLL
WD2THK DLL 405,504 08-06-05 3:17a WD2THK.DLL
MDTCP DLL 405,504 08-06-05 3:17a MDTCP.DLL
PTGFILT DLL 405,504 08-06-05 3:17a PTGFILT.DLL
WJSTREAM DLL 405,504 08-06-05 3:17a WJSTREAM.DLL
AEFSIPC DLL 405,504 08-06-05 3:17a AEFSIPC.DLL
NSTDI DLL 405,504 08-06-05 3:17a NSTDI.DLL
CIL3D32 DLL 405,504 08-06-05 3:17a CIL3D32.DLL
ISWDIAL DLL 405,504 08-06-05 3:17a ISWDIAL.DLL
DMSERIAL DLL 405,504 08-06-05 3:17a DMSERIAL.DLL
LZKRN11N DLL 405,504 08-06-05 3:17a lzkrn11n.dll
EYFPIX~1 DLL 405,504 08-06-05 3:17a eyfpixexif.dll
JLPROXY DLL 405,504 07-14-05 8:32p jlproxy.dll
NODLL DLL 405,504 07-14-05 8:32p NODLL.DLL
MMNDEX DLL 405,504 07-14-05 8:32p MMNDEX.DLL
MUSIP32 DLL 405,504 07-14-05 8:32p MUSIP32.DLL
MFVFW32 DLL 405,504 07-14-05 8:32p MFVFW32.DLL
OXHLP30T DLL 405,504 07-14-05 8:32p oxhlp30t.dll
JKPL400 DLL 405,504 07-14-05 8:32p JKPL400.DLL
SZLAD1 DLL 405,504 07-14-05 8:32p SZLAD1.dll
MROTHUNK DLL 405,504 07-14-05 8:32p MROTHUNK.DLL
RHCLTC6 DLL 405,504 07-14-05 8:32p RHCLTC6.DLL
DMNMPNTW DLL 405,504 07-14-05 8:32p DMNMPNTW.DLL
MTVFW32 DLL 405,504 06-19-05 11:03p MTVFW32.DLL
NATAPI32 DLL 405,504 06-19-05 11:03p NATAPI32.DLL
DRSERIAL DLL 405,504 06-19-05 11:03p DRSERIAL.DLL
WNN87EM DLL 405,504 06-19-05 11:03p WNN87EM.DLL
32 file(s) 12,976,128 bytes
0 dir(s) 15,510.61 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 07D1-0216
Directory of C:\WINDOWS\SYSTEM

LXAE9XDH GID 32,432 06-29-04 1:10p Lxae9xdh.GID
LXAETCSP GID 8,628 04-01-01 9:05a LXAETCSP.GID
FOLDER HTT 23,155 06-27-00 1:48p FOLDER.HTT
DESKTOP INI 271 06-27-00 1:48p DESKTOP.INI
4 file(s) 64,486 bytes
0 dir(s) 15,510.59 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{34F7832B-5ECF-8015-69BA-023610C1B0BF}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
azresx32.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
jlproxy.dll Thu Jul 14 2005 8:32:38p ..S.R 405,504 396.00 K
ieircl.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
ihcvid.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
mtvfw32.dll Sun Jun 19 2005 11:03:28p ..S.R 405,504 396.00 K
natapi32.dll Sun Jun 19 2005 11:03:28p ..S.R 405,504 396.00 K
drserial.dll Sun Jun 19 2005 11:03:28p ..S.R 405,504 396.00 K
wnn87em.dll Sun Jun 19 2005 11:03:28p ..S.R 405,504 396.00 K
nodll.dll Thu Jul 14 2005 8:32:38p ..S.R 405,504 396.00 K
mmndex.dll Thu Jul 14 2005 8:32:38p ..S.R 405,504 396.00 K
musip32.dll Thu Jul 14 2005 8:32:38p ..S.R 405,504 396.00 K
mfvfw32.dll Thu Jul 14 2005 8:32:38p ..S.R 405,504 396.00 K
oxhlp30t.dll Thu Jul 14 2005 8:32:38p ..S.R 405,504 396.00 K
jkpl400.dll Thu Jul 14 2005 8:32:38p ..S.R 405,504 396.00 K
szlad1.dll Thu Jul 14 2005 8:32:38p ..S.R 405,504 396.00 K
mrothunk.dll Thu Jul 14 2005 8:32:38p ..S.R 405,504 396.00 K
rhcltc6.dll Thu Jul 14 2005 8:32:38p ..S.R 405,504 396.00 K
dmnmpntw.dll Thu Jul 14 2005 8:32:38p ..S.R 405,504 396.00 K
dzmm.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
skftpub.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
izetcomm.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
wd2thk.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
mdtcp.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
ptgfilt.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
wjstream.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
aefsipc.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
nstdi.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
cil3d32.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
iswdial.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
dmserial.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
lzkrn11n.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
eyfpix~1.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K

32 items found: 32 files, 0 directories.
Total of file sizes: 12,976,128 bytes 12.38 M

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.P
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.N
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.I
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.H
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.E
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.D
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.A
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.P
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.N
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.I
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.H
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.E
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.D
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.G
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.C
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.B
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.A

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\AZRESX32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\AZRESX32.DLL: UMonitor
C:\WINDOWS\SYSTEM\AZRESX32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\jlproxy.dll: InitUMonitor
C:\WINDOWS\SYSTEM\jlproxy.dll: UMonitor
C:\WINDOWS\SYSTEM\jlproxy.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IEIRCL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IEIRCL.DLL: UMonitor
C:\WINDOWS\SYSTEM\IEIRCL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IHCVID.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IHCVID.DLL: UMonitor
C:\WINDOWS\SYSTEM\IHCVID.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MTVFW32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MTVFW32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MTVFW32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NATAPI32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NATAPI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\NATAPI32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: UMonitor
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WNN87EM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WNN87EM.DLL: UMonitor
C:\WINDOWS\SYSTEM\WNN87EM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NODLL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NODLL.DLL: UMonitor
C:\WINDOWS\SYSTEM\NODLL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IC1XDD.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IC1XDD.DLL: UMonitor
C:\WINDOWS\SYSTEM\IC1XDD.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MMNDEX.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MMNDEX.DLL: UMonitor
C:\WINDOWS\SYSTEM\MMNDEX.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MUSIP32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MUSIP32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MUSIP32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MFVFW32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MFVFW32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MFVFW32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\oxhlp30t.dll: InitUMonitor
C:\WINDOWS\SYSTEM\oxhlp30t.dll: UMonitor
C:\WINDOWS\SYSTEM\oxhlp30t.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: InitUMonitor
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: UMonitor
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\JKPL400.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\JKPL400.DLL: UMonitor
C:\WINDOWS\SYSTEM\JKPL400.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\SZLAD1.dll: InitUMonitor
C:\WINDOWS\SYSTEM\SZLAD1.dll: UMonitor
C:\WINDOWS\SYSTEM\SZLAD1.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: UMonitor
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: UMonitor
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: UMonitor
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DZMM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DZMM.DLL: UMonitor
C:\WINDOWS\SYSTEM\DZMM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: UMonitor
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: UMonitor
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WD2THK.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WD2THK.DLL: UMonitor
C:\WINDOWS\SYSTEM\WD2THK.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MDTCP.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MDTCP.DLL: UMonitor
C:\WINDOWS\SYSTEM\MDTCP.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\PTGFILT.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\PTGFILT.DLL: UMonitor
C:\WINDOWS\SYSTEM\PTGFILT.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: UMonitor
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: UMonitor
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NSTDI.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NSTDI.DLL: UMonitor
C:\WINDOWS\SYSTEM\NSTDI.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\CIL3D32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\CIL3D32.DLL: UMonitor
C:\WINDOWS\SYSTEM\CIL3D32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: UMonitor
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DMSERIAL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DMSERIAL.DLL: UMonitor
C:\WINDOWS\SYSTEM\DMSERIAL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\lzkrn11n.dll: InitUMonitor
C:\WINDOWS\SYSTEM\lzkrn11n.dll: UMonitor
C:\WINDOWS\SYSTEM\lzkrn11n.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\eyfpixexif.dll: InitUMonitor
C:\WINDOWS\SYSTEM\eyfpixexif.dll: UMonitor
C:\WINDOWS\SYSTEM\eyfpixexif.dll: /cgi-bin/UMonitorV2

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"LexmarkPrinTray"="PrinTray.exe"
"LXSUPMON"="C:\\WINDOWS\\SYSTEM\\LXSUPMON.EXE RUN"
"AVG7_CC"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGCC.EXE /STARTUP"
"AVG7_AMSVR"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGAMSVR.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"


  • 0

#12
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Download Pocket KillBox from here. There is a Direct Download and a description of what the Program does inside this link.

Open Pocket Killbox and Copy & Paste the entries below into the "Full Path of File to Delete"

C:\WINDOWS\SYSTEM\AZRESX32.DLL
C:\WINDOWS\SYSTEM\IEIRCL.DLL
C:\WINDOWS\SYSTEM\IHCVID.DLL
C:\WINDOWS\SYSTEM\DZMM.DLL
C:\WINDOWS\SYSTEM\SKFTPUB.DLL
C:\WINDOWS\SYSTEM\IZETCOMM.DLL
C:\WINDOWS\SYSTEM\WD2THK.DLL
C:\WINDOWS\SYSTEM\MDTCP.DLL
C:\WINDOWS\SYSTEM\PTGFILT.DLL
C:\WINDOWS\SYSTEM\WJSTREAM.DLL
C:\WINDOWS\SYSTEM\AEFSIPC.DLL
C:\WINDOWS\SYSTEM\NSTDI.DLL
C:\WINDOWS\SYSTEM\CIL3D32.DLL
C:\WINDOWS\SYSTEM\ISWDIAL.DLL
C:\WINDOWS\SYSTEM\DMSERIAL.DLL
C:\WINDOWS\SYSTEM\lzkrn11n.dll
C:\WINDOWS\SYSTEM\eyfpixexif.dll
C:\WINDOWS\SYSTEM\jlproxy.dll
C:\WINDOWS\SYSTEM\NODLL.DLL
C:\WINDOWS\SYSTEM\MMNDEX.DLL
C:\WINDOWS\SYSTEM\MUSIP32.DLL
C:\WINDOWS\SYSTEM\MFVFW32.DLL
C:\WINDOWS\SYSTEM\oxhlp30t.dll
C:\WINDOWS\SYSTEM\JKPL400.DLL
C:\WINDOWS\SYSTEM\SZLAD1.dll
C:\WINDOWS\SYSTEM\MROTHUNK.DLL
C:\WINDOWS\SYSTEM\RHCLTC6.DLL
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL
C:\WINDOWS\SYSTEM\MTVFW32.DLL
C:\WINDOWS\SYSTEM\NATAPI32.DLL
C:\WINDOWS\SYSTEM\DRSERIAL.DLL
C:\WINDOWS\SYSTEM\WNN87EM.DLL
C:\WINDOWS\SYSTEM\guard.tmp


As you Paste each entry into Killbox,place a tick by any of these Selections available

"Delete on Reboot"
"Unregister .dll before Deleting"


Click the Red Circle with the White X in the Middle to Delete!


Please post a fresh Findit log.


Thanks,

:tazz:

Excal
  • 0

#13
ewisniew

ewisniew

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Do I reboot before running findit again?

Thanks
  • 0

#14
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
killbox should have rebooted your computer for u. So go ahead an run the FindIt ;)

thanks,

:tazz:

Excal
  • 0

#15
ewisniew

ewisniew

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
killbox did not reboot. went ahaead and rebooted.

After running findit, notepad quit responding. had to kill it and rerun findit. Machine locked up during string execution of 2nd run. Had to hardoot.

Reran findit.

Not complianing, I mention it in case it provides you with any symptoms.

New findit log follows.

Thanks, Gino





Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 07D1-0216
Directory of C:\WINDOWS\SYSTEM

IEIRCL DLL 405,504 08-06-05 3:17a IEIRCL.DLL
1 file(s) 405,504 bytes
0 dir(s) 15,508.09 MB free

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 07D1-0216
Directory of C:\WINDOWS\SYSTEM

IEIRCL DLL 405,504 08-06-05 3:17a IEIRCL.DLL
MXNDEX DLL 405,504 08-06-05 3:17a MXNDEX.DLL
2 file(s) 811,008 bytes
0 dir(s) 15,515.80 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 07D1-0216
Directory of C:\WINDOWS\SYSTEM

LXAE9XDH GID 32,432 06-29-04 1:10p Lxae9xdh.GID
LXAETCSP GID 8,628 04-01-01 9:05a LXAETCSP.GID
FOLDER HTT 23,155 06-27-00 1:48p FOLDER.HTT
DESKTOP INI 271 06-27-00 1:48p DESKTOP.INI
4 file(s) 64,486 bytes
0 dir(s) 15,508.08 MB free

---------------- User Agent ------------

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 07D1-0216
Directory of C:\WINDOWS\SYSTEM

LXAE9XDH GID 32,432 06-29-04 1:10p Lxae9xdh.GID
LXAETCSP GID 8,628 04-01-01 9:05a LXAETCSP.GID
FOLDER HTT 23,155 06-27-00 1:48p FOLDER.HTT
DESKTOP INI 271 06-27-00 1:48p DESKTOP.INI
4 file(s) 64,486 bytes
0 dir(s) 15,515.80 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{34F7832B-5ECF-8015-69BA-023610C1B0BF}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
ieircl.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 405,504 bytes 396.00 K

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
ieircl.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
mxndex.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K

2 items found: 2 files, 0 directories.
Total of file sizes: 811,008 bytes 792.00 K

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.P
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.N
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.I
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.H
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.E
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.D
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.A
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.P
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.N
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.I
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.H
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.E
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.D
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.G
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.C
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.B
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.A
------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.P
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.N
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.I
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.H
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.E
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.D
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.A
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.P
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.N
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.I
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.H
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.E
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.D
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.G
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.C
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.B
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.A

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\AZRESX32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\AZRESX32.DLL: UMonitor
C:\WINDOWS\SYSTEM\AZRESX32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\jlproxy.dll: InitUMonitor
C:\WINDOWS\SYSTEM\jlproxy.dll: UMonitor
C:\WINDOWS\SYSTEM\jlproxy.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IEIRCL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IEIRCL.DLL: UMonitor
C:\WINDOWS\SYSTEM\IEIRCL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IHCVID.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IHCVID.DLL: UMonitor
C:\WINDOWS\SYSTEM\IHCVID.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MTVFW32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MTVFW32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MTVFW32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NATAPI32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NATAPI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\NATAPI32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: UMonitor
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WNN87EM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WNN87EM.DLL: UMonitor
C:\WINDOWS\SYSTEM\WNN87EM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NODLL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NODLL.DLL: UMonitor
C:\WINDOWS\SYSTEM\NODLL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IC1XDD.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IC1XDD.DLL: UMonitor
C:\WINDOWS\SYSTEM\IC1XDD.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MMNDEX.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MMNDEX.DLL: UMonitor
C:\WINDOWS\SYSTEM\MMNDEX.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MUSIP32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MUSIP32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MUSIP32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MFVFW32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MFVFW32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MFVFW32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\oxhlp30t.dll: InitUMonitor
C:\WINDOWS\SYSTEM\oxhlp30t.dll: UMonitor
C:\WINDOWS\SYSTEM\oxhlp30t.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: InitUMonitor
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: UMonitor
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\JKPL400.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\JKPL400.DLL: UMonitor
C:\WINDOWS\SYSTEM\JKPL400.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\SZLAD1.dll: InitUMonitor
C:\WINDOWS\SYSTEM\SZLAD1.dll: UMonitor
C:\WINDOWS\SYSTEM\SZLAD1.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: UMonitor
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: UMonitor
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: UMonitor
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DZMM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DZMM.DLL: UMonitor
C:\WINDOWS\SYSTEM\DZMM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: UMonitor
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: UMonitor
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WD2THK.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WD2THK.DLL: UMonitor
C:\WINDOWS\SYSTEM\WD2THK.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MDTCP.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MDTCP.DLL: UMonitor
C:\WINDOWS\SYSTEM\MDTCP.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\PTGFILT.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\PTGFILT.DLL: UMonitor
C:\WINDOWS\SYSTEM\PTGFILT.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: UMonitor
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: UMonitor
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NSTDI.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NSTDI.DLL: UMonitor
C:\WINDOWS\SYSTEM\NSTDI.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\CIL3D32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\CIL3D32.DLL: UMonitor
C:\WINDOWS\SYSTEM\CIL3D32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: UMonitor
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\LYAETK16.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\LYAETK16.DLL: UMonitor
C:\WINDOWS\SYSTEM\LYAETK16.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\lzkrn11n.dll: InitUMonitor
C:\WINDOWS\SYSTEM\lzkrn11n.dll: UMonitor
C:\WINDOWS\SYSTEM\lzkrn11n.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\eyfpixexif.dll: InitUMonitor
C:\WINDOWS\SYSTEM\eyfpixexif.dll: UMonitor
C:\WINDOWS\SYSTEM\eyfpixexif.dll: /cgi-bin/UMonitorV2

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\AZRESX32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\AZRESX32.DLL: UMonitor
C:\WINDOWS\SYSTEM\AZRESX32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\jlproxy.dll: InitUMonitor
C:\WINDOWS\SYSTEM\jlproxy.dll: UMonitor
C:\WINDOWS\SYSTEM\jlproxy.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IEIRCL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IEIRCL.DLL: UMonitor
C:\WINDOWS\SYSTEM\IEIRCL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IHCVID.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IHCVID.DLL: UMonitor
C:\WINDOWS\SYSTEM\IHCVID.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MTVFW32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MTVFW32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MTVFW32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NATAPI32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NATAPI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\NATAPI32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: UMonitor
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WNN87EM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WNN87EM.DLL: UMonitor
C:\WINDOWS\SYSTEM\WNN87EM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NODLL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NODLL.DLL: UMonitor
C:\WINDOWS\SYSTEM\NODLL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IC1XDD.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IC1XDD.DLL: UMonitor
C:\WINDOWS\SYSTEM\IC1XDD.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MMNDEX.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MMNDEX.DLL: UMonitor
C:\WINDOWS\SYSTEM\MMNDEX.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MUSIP32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MUSIP32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MUSIP32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MFVFW32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MFVFW32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MFVFW32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\oxhlp30t.dll: InitUMonitor
C:\WINDOWS\SYSTEM\oxhlp30t.dll: UMonitor
C:\WINDOWS\SYSTEM\oxhlp30t.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: InitUMonitor
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: UMonitor
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\JKPL400.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\JKPL400.DLL: UMonitor
C:\WINDOWS\SYSTEM\JKPL400.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\SZLAD1.dll: InitUMonitor
C:\WINDOWS\SYSTEM\SZLAD1.dll: UMonitor
C:\WINDOWS\SYSTEM\SZLAD1.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: UMonitor
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: UMonitor
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: UMonitor
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DZMM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DZMM.DLL: UMonitor
C:\WINDOWS\SYSTEM\DZMM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: UMonitor
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: UMonitor
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WD2THK.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WD2THK.DLL: UMonitor
C:\WINDOWS\SYSTEM\WD2THK.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MDTCP.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MDTCP.DLL: UMonitor
C:\WINDOWS\SYSTEM\MDTCP.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\PTGFILT.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\PTGFILT.DLL: UMonitor
C:\WINDOWS\SYSTEM\PTGFILT.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: UMonitor
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: UMonitor
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NSTDI.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NSTDI.DLL: UMonitor
C:\WINDOWS\SYSTEM\NSTDI.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\CIL3D32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\CIL3D32.DLL: UMonitor
C:\WINDOWS\SYSTEM\CIL3D32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: UMonitor
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\LYAETK16.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\LYAETK16.DLL: UMonitor
C:\WINDOWS\SYSTEM\LYAETK16.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\lzkrn11n.dll: InitUMonitor
C:\WINDOWS\SYSTEM\lzkrn11n.dll: UMonitor
C:\WINDOWS\SYSTEM\lzkrn11n.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\eyfpixexif.dll: InitUMonitor
C:\WINDOWS\SYSTEM\eyfpixexif.dll: UMonitor
C:\WINDOWS\SYSTEM\eyfpixexif.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MXNDEX.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MXNDEX.DLL: UMonitor
C:\WINDOWS\SYSTEM\MXNDEX.DLL: /cgi-bin/UMonitorV2



  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP