Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Unknown adware [RESOLVED]

Started by ewisniew , Aug 07 2005 06:33 PM

This topic is locked

#16
Excal

Posted 14 August 2005 - 07:31 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

This is a nasty little infection that is hard to get rid of, we may have to do this a few times.

I am not sure about the errors, lets see who it goes this time.

Please run Killbox.

Select "Delete on Reboot".
Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\SYSTEM\AZRESX32.DLL
C:\WINDOWS\SYSTEM\jlproxy.dll
C:\WINDOWS\SYSTEM\IEIRCL.DLL
C:\WINDOWS\SYSTEM\IHCVID.DLL
C:\WINDOWS\SYSTEM\MTVFW32.DLL
C:\WINDOWS\SYSTEM\NATAPI32.DLL
C:\WINDOWS\SYSTEM\DRSERIAL.DLL
C:\WINDOWS\SYSTEM\WNN87EM.DLL
C:\WINDOWS\SYSTEM\NODLL.DLL
C:\WINDOWS\SYSTEM\IC1XDD.DLL
C:\WINDOWS\SYSTEM\MMNDEX.DLL
C:\WINDOWS\SYSTEM\MUSIP32.DLL
C:\WINDOWS\SYSTEM\MFVFW32.DLL
C:\WINDOWS\SYSTEM\oxhlp30t.dll
C:\WINDOWS\SYSTEM\Lgkrn70n.dll
C:\WINDOWS\SYSTEM\SZLAD1.dll
C:\WINDOWS\SYSTEM\MROTHUNK.DLL
C:\WINDOWS\SYSTEM\MROTHUNK.DLL
C:\WINDOWS\SYSTEM\RHCLTC6.DLL
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL
C:\WINDOWS\SYSTEM\DZMM.DLL
C:\WINDOWS\SYSTEM\SKFTPUB.DLL
C:\WINDOWS\SYSTEM\IZETCOMM.DLL
C:\WINDOWS\SYSTEM\WD2THK.DLL
C:\WINDOWS\SYSTEM\MDTCP.DLL
C:\WINDOWS\SYSTEM\PTGFILT.DLL
C:\WINDOWS\SYSTEM\WJSTREAM.DLL
C:\WINDOWS\SYSTEM\AEFSIPC.DLL
C:\WINDOWS\SYSTEM\NSTDI.DLL
C:\WINDOWS\SYSTEM\CIL3D32.DLL
C:\WINDOWS\SYSTEM\ISWDIAL.DLL
C:\WINDOWS\SYSTEM\LYAETK16.DLL
C:\WINDOWS\SYSTEM\lzkrn11n.dll
C:\WINDOWS\SYSTEM\eyfpixexif.dll
C:\WINDOWS\SYSTEM\AZRESX32.DLL
C:\WINDOWS\SYSTEM\jlproxy.dll
C:\WINDOWS\SYSTEM\IEIRCL.DLL
C:\WINDOWS\SYSTEM\IHCVID.DLL
C:\WINDOWS\SYSTEM\MTVFW32.DLL
C:\WINDOWS\SYSTEM\NATAPI32.DLL
C:\WINDOWS\SYSTEM\DRSERIAL.DLL
C:\WINDOWS\SYSTEM\WNN87EM.DLL
C:\WINDOWS\SYSTEM\NODLL.DLL
C:\WINDOWS\SYSTEM\IC1XDD.DLL
C:\WINDOWS\SYSTEM\MMNDEX.DLL
C:\WINDOWS\SYSTEM\MUSIP32.DLL
C:\WINDOWS\SYSTEM\MFVFW32.DLL
C:\WINDOWS\SYSTEM\oxhlp30t.dll
C:\WINDOWS\SYSTEM\Lgkrn70n.dll
C:\WINDOWS\SYSTEM\JKPL400.DLL
C:\WINDOWS\SYSTEM\SZLAD1.dll
C:\WINDOWS\SYSTEM\MROTHUNK.DLL
C:\WINDOWS\SYSTEM\RHCLTC6.DLL
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL
C:\WINDOWS\SYSTEM\DZMM.DLL
C:\WINDOWS\SYSTEM\SKFTPUB.DLL
C:\WINDOWS\SYSTEM\IZETCOMM.DLL
C:\WINDOWS\SYSTEM\WD2THK.DLL
C:\WINDOWS\SYSTEM\MDTCP.DLL
C:\WINDOWS\SYSTEM\PTGFILT.DLL
C:\WINDOWS\SYSTEM\WJSTREAM.DLL
C:\WINDOWS\SYSTEM\AEFSIPC.DLL
C:\WINDOWS\SYSTEM\NSTDI.DLL
C:\WINDOWS\SYSTEM\CIL3D32.DLL
C:\WINDOWS\SYSTEM\ISWDIAL.DLL
C:\WINDOWS\SYSTEM\LYAETK16.DLL
C:\WINDOWS\SYSTEM\lzkrn11n.dll
C:\WINDOWS\SYSTEM\eyfpixexif.dll
C:\WINDOWS\SYSTEM\MXNDEX.DLL
C:\WINDOWS\SYSTEM\guard.tmp
C:\WINDOWS\SYSTEM\GUARD.TMP
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Post another fresh findit log please.

#17
ewisniew

Posted 14 August 2005 - 08:55 PM

Member

Topic Starter
Member
31 posts

Here is the latest log.

Thanks

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 07D1-0216
Directory of C:\WINDOWS\SYSTEM

IEIRCL DLL 405,504 08-06-05 3:17a IEIRCL.DLL
MEDART32 DLL 405,504 08-06-05 3:17a MEDART32.DLL
2 file(s) 811,008 bytes
0 dir(s) 15,513.02 MB free

------- Hidden Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 07D1-0216
Directory of C:\WINDOWS\SYSTEM

LXAE9XDH GID 32,432 06-29-04 1:10p Lxae9xdh.GID
LXAETCSP GID 8,628 04-01-01 9:05a LXAETCSP.GID
FOLDER HTT 23,155 06-27-00 1:48p FOLDER.HTT
DESKTOP INI 271 06-27-00 1:48p DESKTOP.INI
4 file(s) 64,486 bytes
0 dir(s) 15,513.00 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{34F7832B-5ECF-8015-69BA-023610C1B0BF}"=""

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
ieircl.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
medart32.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K

2 items found: 2 files, 0 directories.
Total of file sizes: 811,008 bytes 792.00 K

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.P
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.N
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.I
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.H
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.E
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.D
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.A
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.P
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.N
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.I
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.H
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.E
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.D
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.G
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.C
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.B
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.A

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\AZRESX32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\AZRESX32.DLL: UMonitor
C:\WINDOWS\SYSTEM\AZRESX32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\jlproxy.dll: InitUMonitor
C:\WINDOWS\SYSTEM\jlproxy.dll: UMonitor
C:\WINDOWS\SYSTEM\jlproxy.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IEIRCL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IEIRCL.DLL: UMonitor
C:\WINDOWS\SYSTEM\IEIRCL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IHCVID.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IHCVID.DLL: UMonitor
C:\WINDOWS\SYSTEM\IHCVID.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MTVFW32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MTVFW32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MTVFW32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NATAPI32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NATAPI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\NATAPI32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: UMonitor
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WNN87EM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WNN87EM.DLL: UMonitor
C:\WINDOWS\SYSTEM\WNN87EM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NODLL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NODLL.DLL: UMonitor
C:\WINDOWS\SYSTEM\NODLL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IC1XDD.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IC1XDD.DLL: UMonitor
C:\WINDOWS\SYSTEM\IC1XDD.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MMNDEX.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MMNDEX.DLL: UMonitor
C:\WINDOWS\SYSTEM\MMNDEX.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MUSIP32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MUSIP32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MUSIP32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MFVFW32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MFVFW32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MFVFW32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\oxhlp30t.dll: InitUMonitor
C:\WINDOWS\SYSTEM\oxhlp30t.dll: UMonitor
C:\WINDOWS\SYSTEM\oxhlp30t.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: InitUMonitor
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: UMonitor
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\JKPL400.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\JKPL400.DLL: UMonitor
C:\WINDOWS\SYSTEM\JKPL400.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\SZLAD1.dll: InitUMonitor
C:\WINDOWS\SYSTEM\SZLAD1.dll: UMonitor
C:\WINDOWS\SYSTEM\SZLAD1.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: UMonitor
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: UMonitor
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: UMonitor
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DZMM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DZMM.DLL: UMonitor
C:\WINDOWS\SYSTEM\DZMM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: UMonitor
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: UMonitor
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WD2THK.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WD2THK.DLL: UMonitor
C:\WINDOWS\SYSTEM\WD2THK.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MDTCP.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MDTCP.DLL: UMonitor
C:\WINDOWS\SYSTEM\MDTCP.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\PTGFILT.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\PTGFILT.DLL: UMonitor
C:\WINDOWS\SYSTEM\PTGFILT.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: UMonitor
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: UMonitor
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NSTDI.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NSTDI.DLL: UMonitor
C:\WINDOWS\SYSTEM\NSTDI.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\CIL3D32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\CIL3D32.DLL: UMonitor
C:\WINDOWS\SYSTEM\CIL3D32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: UMonitor
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\LYAETK16.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\LYAETK16.DLL: UMonitor
C:\WINDOWS\SYSTEM\LYAETK16.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\lzkrn11n.dll: InitUMonitor
C:\WINDOWS\SYSTEM\lzkrn11n.dll: UMonitor
C:\WINDOWS\SYSTEM\lzkrn11n.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MEDART32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MEDART32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MEDART32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\eyfpixexif.dll: InitUMonitor
C:\WINDOWS\SYSTEM\eyfpixexif.dll: UMonitor
C:\WINDOWS\SYSTEM\eyfpixexif.dll: /cgi-bin/UMonitorV2

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"LexmarkPrinTray"="PrinTray.exe"
"LXSUPMON"="C:\\WINDOWS\\SYSTEM\\LXSUPMON.EXE RUN"
"AVG7_CC"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGCC.EXE /STARTUP"
"AVG7_AMSVR"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGAMSVR.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

#18
Excal

Posted 14 August 2005 - 09:33 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

Please run Killbox.

Select "Delete on Reboot".
Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\SYSTEM\AZRESX32.DLL
C:\WINDOWS\SYSTEM\jlproxy.dll
C:\WINDOWS\SYSTEM\IEIRCL.DLL
C:\WINDOWS\SYSTEM\IHCVID.DLL
C:\WINDOWS\SYSTEM\MTVFW32.DLL
C:\WINDOWS\SYSTEM\NATAPI32.DLL
C:\WINDOWS\SYSTEM\DRSERIAL.DLL
C:\WINDOWS\SYSTEM\WNN87EM.DLL
C:\WINDOWS\SYSTEM\NODLL.DLL
C:\WINDOWS\SYSTEM\IC1XDD.DLL
C:\WINDOWS\SYSTEM\MMNDEX.DLL
C:\WINDOWS\SYSTEM\MUSIP32.DLL
C:\WINDOWS\SYSTEM\MFVFW32.DLL
C:\WINDOWS\SYSTEM\oxhlp30t.dll
C:\WINDOWS\SYSTEM\Lgkrn70n.dll
C:\WINDOWS\SYSTEM\JKPL400.DLL
C:\WINDOWS\SYSTEM\SZLAD1.dll
C:\WINDOWS\SYSTEM\MROTHUNK.DLL
C:\WINDOWS\SYSTEM\RHCLTC6.DLL
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL
C:\WINDOWS\SYSTEM\DZMM.DLL
C:\WINDOWS\SYSTEM\SKFTPUB.DLL
C:\WINDOWS\SYSTEM\IZETCOMM.DLL
C:\WINDOWS\SYSTEM\WD2THK.DLL
C:\WINDOWS\SYSTEM\MDTCP.DLL
C:\WINDOWS\SYSTEM\PTGFILT.DLL
C:\WINDOWS\SYSTEM\WJSTREAM.DLL
C:\WINDOWS\SYSTEM\AEFSIPC.DLL
C:\WINDOWS\SYSTEM\NSTDI.DLL
C:\WINDOWS\SYSTEM\CIL3D32.DLL
C:\WINDOWS\SYSTEM\ISWDIAL.DLL
C:\WINDOWS\SYSTEM\LYAETK16.DLL
C:\WINDOWS\SYSTEM\lzkrn11n.dll
C:\WINDOWS\SYSTEM\MEDART32.DLL
C:\WINDOWS\SYSTEM\eyfpixexif.dll
C:\WINDOWS\SYSTEM\guard.tmp
C:\WINDOWS\SYSTEM\GUARD.TMP
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Post another fresh findit log please.

#19
ewisniew

Posted 14 August 2005 - 10:31 PM

Member

Topic Starter
Member
31 posts

Persistant nasty isn't it. Here is the new log.

Thanks, Gino

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 07D1-0216
Directory of C:\WINDOWS\SYSTEM

IEIRCL DLL 405,504 08-06-05 3:17a IEIRCL.DLL
1 file(s) 405,504 bytes
0 dir(s) 15,512.13 MB free

------- Hidden Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 07D1-0216
Directory of C:\WINDOWS\SYSTEM

LXAE9XDH GID 32,432 06-29-04 1:10p Lxae9xdh.GID
LXAETCSP GID 8,628 04-01-01 9:05a LXAETCSP.GID
FOLDER HTT 23,155 06-27-00 1:48p FOLDER.HTT
DESKTOP INI 271 06-27-00 1:48p DESKTOP.INI
4 file(s) 64,486 bytes
0 dir(s) 15,512.11 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{34F7832B-5ECF-8015-69BA-023610C1B0BF}"=""

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
ieircl.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 405,504 bytes 396.00 K

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.P
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.N
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.I
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.H
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.E
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.D
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.A
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.P
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.N
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.I
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.H
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.E
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.D
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.G
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.C
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.B
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.A

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\AZRESX32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\AZRESX32.DLL: UMonitor
C:\WINDOWS\SYSTEM\AZRESX32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\jlproxy.dll: InitUMonitor
C:\WINDOWS\SYSTEM\jlproxy.dll: UMonitor
C:\WINDOWS\SYSTEM\jlproxy.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IEIRCL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IEIRCL.DLL: UMonitor
C:\WINDOWS\SYSTEM\IEIRCL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IHCVID.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IHCVID.DLL: UMonitor
C:\WINDOWS\SYSTEM\IHCVID.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MTVFW32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MTVFW32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MTVFW32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NATAPI32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NATAPI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\NATAPI32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: UMonitor
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WNN87EM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WNN87EM.DLL: UMonitor
C:\WINDOWS\SYSTEM\WNN87EM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NODLL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NODLL.DLL: UMonitor
C:\WINDOWS\SYSTEM\NODLL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IC1XDD.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IC1XDD.DLL: UMonitor
C:\WINDOWS\SYSTEM\IC1XDD.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MMNDEX.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MMNDEX.DLL: UMonitor
C:\WINDOWS\SYSTEM\MMNDEX.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MUSIP32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MUSIP32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MUSIP32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MFVFW32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MFVFW32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MFVFW32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\oxhlp30t.dll: InitUMonitor
C:\WINDOWS\SYSTEM\oxhlp30t.dll: UMonitor
C:\WINDOWS\SYSTEM\oxhlp30t.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: InitUMonitor
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: UMonitor
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\JKPL400.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\JKPL400.DLL: UMonitor
C:\WINDOWS\SYSTEM\JKPL400.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\SZLAD1.dll: InitUMonitor
C:\WINDOWS\SYSTEM\SZLAD1.dll: UMonitor
C:\WINDOWS\SYSTEM\SZLAD1.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: UMonitor
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: UMonitor
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: UMonitor
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DZMM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DZMM.DLL: UMonitor
C:\WINDOWS\SYSTEM\DZMM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: UMonitor
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: UMonitor
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WD2THK.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WD2THK.DLL: UMonitor
C:\WINDOWS\SYSTEM\WD2THK.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MDTCP.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MDTCP.DLL: UMonitor
C:\WINDOWS\SYSTEM\MDTCP.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\PTGFILT.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\PTGFILT.DLL: UMonitor
C:\WINDOWS\SYSTEM\PTGFILT.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: UMonitor
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: UMonitor
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NSTDI.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NSTDI.DLL: UMonitor
C:\WINDOWS\SYSTEM\NSTDI.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\CIL3D32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\CIL3D32.DLL: UMonitor
C:\WINDOWS\SYSTEM\CIL3D32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: UMonitor
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\LYAETK16.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\LYAETK16.DLL: UMonitor
C:\WINDOWS\SYSTEM\LYAETK16.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\lzkrn11n.dll: InitUMonitor
C:\WINDOWS\SYSTEM\lzkrn11n.dll: UMonitor
C:\WINDOWS\SYSTEM\lzkrn11n.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NNDLL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NNDLL.DLL: UMonitor
C:\WINDOWS\SYSTEM\NNDLL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\eyfpixexif.dll: InitUMonitor
C:\WINDOWS\SYSTEM\eyfpixexif.dll: UMonitor
C:\WINDOWS\SYSTEM\eyfpixexif.dll: /cgi-bin/UMonitorV2

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"LexmarkPrinTray"="PrinTray.exe"
"LXSUPMON"="C:\\WINDOWS\\SYSTEM\\LXSUPMON.EXE RUN"
"AVG7_CC"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGCC.EXE /STARTUP"
"AVG7_AMSVR"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGAMSVR.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

#20
Excal

Posted 15 August 2005 - 07:08 AM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

ughh...lol. They seem to not want to go away. Lets try the automated one again.

Please download L2m9xfix here:
http://swandog46.gee...om/l2m9xfix.exe

Save it to the desktop and run it. Extract the files, and then open the l2m9xfix folder you just created and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat. and also antoher findit log.

Thanks,

:tazz:

Excal

#21
ewisniew

Posted 15 August 2005 - 06:21 PM

Member

Topic Starter
Member
31 posts

You must have a lot of patience. LOL

Here are the latest logs.

Thanks, Gino

Log of L2M9XFix v1

************

Running from directory:
C:\WINDOWS\DESKTOP\l2m9xfix

************

Files found:

C:\WINDOWS\system\AEFSIPC.DLL
C:\WINDOWS\system\AEFSIPC.DLL
C:\WINDOWS\system\AEFSIPC.DLL
C:\WINDOWS\system\AEFSIPC.DLL
C:\WINDOWS\system\AZRESX32.DLL
C:\WINDOWS\system\AZRESX32.DLL
C:\WINDOWS\system\AZRESX32.DLL
C:\WINDOWS\system\AZRESX32.DLL
C:\WINDOWS\system\CIL3D32.DLL
C:\WINDOWS\system\CIL3D32.DLL
C:\WINDOWS\system\CIL3D32.DLL
C:\WINDOWS\system\CIL3D32.DLL
C:\WINDOWS\system\DMNMPNTW.DLL
C:\WINDOWS\system\DMNMPNTW.DLL
C:\WINDOWS\system\DMNMPNTW.DLL
C:\WINDOWS\system\DMNMPNTW.DLL
C:\WINDOWS\system\DRSERIAL.DLL
C:\WINDOWS\system\DRSERIAL.DLL
C:\WINDOWS\system\DRSERIAL.DLL
C:\WINDOWS\system\DRSERIAL.DLL
C:\WINDOWS\system\DZMM.DLL
C:\WINDOWS\system\DZMM.DLL
C:\WINDOWS\system\DZMM.DLL
C:\WINDOWS\system\DZMM.DLL
C:\WINDOWS\system\eyfpixexif.dll
C:\WINDOWS\system\eyfpixexif.dll
C:\WINDOWS\system\eyfpixexif.dll
C:\WINDOWS\system\eyfpixexif.dll
C:\WINDOWS\system\IC1XDD.DLL
C:\WINDOWS\system\IC1XDD.DLL
C:\WINDOWS\system\IC1XDD.DLL
C:\WINDOWS\system\IC1XDD.DLL
C:\WINDOWS\system\IEIRCL.DLL
C:\WINDOWS\system\IEIRCL.DLL
C:\WINDOWS\system\IEIRCL.DLL
C:\WINDOWS\system\IEIRCL.DLL
C:\WINDOWS\system\IHCVID.DLL
C:\WINDOWS\system\IHCVID.DLL
C:\WINDOWS\system\IHCVID.DLL
C:\WINDOWS\system\IHCVID.DLL
C:\WINDOWS\system\ISWDIAL.DLL
C:\WINDOWS\system\ISWDIAL.DLL
C:\WINDOWS\system\ISWDIAL.DLL
C:\WINDOWS\system\ISWDIAL.DLL
C:\WINDOWS\system\IZETCOMM.DLL
C:\WINDOWS\system\IZETCOMM.DLL
C:\WINDOWS\system\IZETCOMM.DLL
C:\WINDOWS\system\IZETCOMM.DLL
C:\WINDOWS\system\JKPL400.DLL
C:\WINDOWS\system\JKPL400.DLL
C:\WINDOWS\system\JKPL400.DLL
C:\WINDOWS\system\JKPL400.DLL
C:\WINDOWS\system\jlproxy.dll
C:\WINDOWS\system\jlproxy.dll
C:\WINDOWS\system\jlproxy.dll
C:\WINDOWS\system\jlproxy.dll
C:\WINDOWS\system\Lgkrn70n.dll
C:\WINDOWS\system\Lgkrn70n.dll
C:\WINDOWS\system\Lgkrn70n.dll
C:\WINDOWS\system\Lgkrn70n.dll
C:\WINDOWS\system\LYAETK16.DLL
C:\WINDOWS\system\LYAETK16.DLL
C:\WINDOWS\system\LYAETK16.DLL
C:\WINDOWS\system\LYAETK16.DLL
C:\WINDOWS\system\lzkrn11n.dll
C:\WINDOWS\system\lzkrn11n.dll
C:\WINDOWS\system\lzkrn11n.dll
C:\WINDOWS\system\lzkrn11n.dll
C:\WINDOWS\system\MDTCP.DLL
C:\WINDOWS\system\MDTCP.DLL
C:\WINDOWS\system\MDTCP.DLL
C:\WINDOWS\system\MDTCP.DLL
C:\WINDOWS\system\MFVFW32.DLL
C:\WINDOWS\system\MFVFW32.DLL
C:\WINDOWS\system\MFVFW32.DLL
C:\WINDOWS\system\MFVFW32.DLL
C:\WINDOWS\system\MMNDEX.DLL
C:\WINDOWS\system\MMNDEX.DLL
C:\WINDOWS\system\MMNDEX.DLL
C:\WINDOWS\system\MMNDEX.DLL
C:\WINDOWS\system\MROTHUNK.DLL
C:\WINDOWS\system\MROTHUNK.DLL
C:\WINDOWS\system\MROTHUNK.DLL
C:\WINDOWS\system\MROTHUNK.DLL
C:\WINDOWS\system\MTVFW32.DLL
C:\WINDOWS\system\MTVFW32.DLL
C:\WINDOWS\system\MTVFW32.DLL
C:\WINDOWS\system\MTVFW32.DLL
C:\WINDOWS\system\MUSIP32.DLL
C:\WINDOWS\system\MUSIP32.DLL
C:\WINDOWS\system\MUSIP32.DLL
C:\WINDOWS\system\MUSIP32.DLL
C:\WINDOWS\system\NATAPI32.DLL
C:\WINDOWS\system\NATAPI32.DLL
C:\WINDOWS\system\NATAPI32.DLL
C:\WINDOWS\system\NATAPI32.DLL
C:\WINDOWS\system\NNDLL.DLL
C:\WINDOWS\system\NNDLL.DLL
C:\WINDOWS\system\NNDLL.DLL
C:\WINDOWS\system\NNDLL.DLL
C:\WINDOWS\system\NODLL.DLL
C:\WINDOWS\system\NODLL.DLL
C:\WINDOWS\system\NODLL.DLL
C:\WINDOWS\system\NODLL.DLL
C:\WINDOWS\system\NSTDI.DLL
C:\WINDOWS\system\NSTDI.DLL
C:\WINDOWS\system\NSTDI.DLL
C:\WINDOWS\system\NSTDI.DLL
C:\WINDOWS\system\oxhlp30t.dll
C:\WINDOWS\system\oxhlp30t.dll
C:\WINDOWS\system\oxhlp30t.dll
C:\WINDOWS\system\oxhlp30t.dll
C:\WINDOWS\system\PTGFILT.DLL
C:\WINDOWS\system\PTGFILT.DLL
C:\WINDOWS\system\PTGFILT.DLL
C:\WINDOWS\system\PTGFILT.DLL
C:\WINDOWS\system\RHCLTC6.DLL
C:\WINDOWS\system\RHCLTC6.DLL
C:\WINDOWS\system\RHCLTC6.DLL
C:\WINDOWS\system\RHCLTC6.DLL
C:\WINDOWS\system\SKFTPUB.DLL
C:\WINDOWS\system\SKFTPUB.DLL
C:\WINDOWS\system\SKFTPUB.DLL
C:\WINDOWS\system\SKFTPUB.DLL
C:\WINDOWS\system\SNI_CI.DLL
C:\WINDOWS\system\SNI_CI.DLL
C:\WINDOWS\system\SNI_CI.DLL
C:\WINDOWS\system\SNI_CI.DLL
C:\WINDOWS\system\SZLAD1.dll
C:\WINDOWS\system\SZLAD1.dll
C:\WINDOWS\system\SZLAD1.dll
C:\WINDOWS\system\SZLAD1.dll
C:\WINDOWS\system\WD2THK.DLL
C:\WINDOWS\system\WD2THK.DLL
C:\WINDOWS\system\WD2THK.DLL
C:\WINDOWS\system\WD2THK.DLL
C:\WINDOWS\system\WJSTREAM.DLL
C:\WINDOWS\system\WJSTREAM.DLL
C:\WINDOWS\system\WJSTREAM.DLL
C:\WINDOWS\system\WJSTREAM.DLL
C:\WINDOWS\system\WNN87EM.DLL
C:\WINDOWS\system\WNN87EM.DLL
C:\WINDOWS\system\WNN87EM.DLL
C:\WINDOWS\system\WNN87EM.DLL

************

Registry entries found:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{34F7832B-5ECF-8015-69BA-023610C1B0BF}"=""

************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!

Finished!

*********************************

Logfile of HijackThis v1.99.1
Scan saved at 7:07:31 PM, on 8/15/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\EXIF LAUNCHER\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_1_6_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_1_6_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0322.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com...load/nr1228.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c...ymmapi_0312.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab

****************************

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 07D1-0216
Directory of C:\WINDOWS\SYSTEM

IEIRCL DLL 405,504 08-06-05 3:17a IEIRCL.DLL
SNI_CI DLL 405,504 08-06-05 3:17a SNI_CI.DLL
IYIRCL DLL 405,504 08-06-05 3:17a IYIRCL.DLL
3 file(s) 1,216,512 bytes
0 dir(s) 15,505.88 MB free

------- Hidden Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 07D1-0216
Directory of C:\WINDOWS\SYSTEM

LXAE9XDH GID 32,432 06-29-04 1:10p Lxae9xdh.GID
LXAETCSP GID 8,628 04-01-01 9:05a LXAETCSP.GID
FOLDER HTT 23,155 06-27-00 1:48p FOLDER.HTT
DESKTOP INI 271 06-27-00 1:48p DESKTOP.INI
4 file(s) 64,486 bytes
0 dir(s) 15,505.86 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{34F7832B-5ECF-8015-69BA-023610C1B0BF}"=""

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
ieircl.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
sni_ci.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
iyircl.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K

3 items found: 3 files, 0 directories.
Total of file sizes: 1,216,512 bytes 1.16 M

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.P
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.N
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.I
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.H
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.E
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.D
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.A
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.P
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.N
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.I
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.H
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.E
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.D
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.G
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.C
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.B
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.A

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\AZRESX32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\AZRESX32.DLL: UMonitor
C:\WINDOWS\SYSTEM\AZRESX32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\jlproxy.dll: InitUMonitor
C:\WINDOWS\SYSTEM\jlproxy.dll: UMonitor
C:\WINDOWS\SYSTEM\jlproxy.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IEIRCL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IEIRCL.DLL: UMonitor
C:\WINDOWS\SYSTEM\IEIRCL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IHCVID.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IHCVID.DLL: UMonitor
C:\WINDOWS\SYSTEM\IHCVID.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MTVFW32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MTVFW32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MTVFW32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NATAPI32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NATAPI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\NATAPI32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: UMonitor
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WNN87EM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WNN87EM.DLL: UMonitor
C:\WINDOWS\SYSTEM\WNN87EM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NODLL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NODLL.DLL: UMonitor
C:\WINDOWS\SYSTEM\NODLL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IC1XDD.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IC1XDD.DLL: UMonitor
C:\WINDOWS\SYSTEM\IC1XDD.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MMNDEX.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MMNDEX.DLL: UMonitor
C:\WINDOWS\SYSTEM\MMNDEX.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MUSIP32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MUSIP32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MUSIP32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MFVFW32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MFVFW32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MFVFW32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\oxhlp30t.dll: InitUMonitor
C:\WINDOWS\SYSTEM\oxhlp30t.dll: UMonitor
C:\WINDOWS\SYSTEM\oxhlp30t.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: InitUMonitor
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: UMonitor
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\JKPL400.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\JKPL400.DLL: UMonitor
C:\WINDOWS\SYSTEM\JKPL400.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\SZLAD1.dll: InitUMonitor
C:\WINDOWS\SYSTEM\SZLAD1.dll: UMonitor
C:\WINDOWS\SYSTEM\SZLAD1.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: UMonitor
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: UMonitor
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: UMonitor
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DZMM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DZMM.DLL: UMonitor
C:\WINDOWS\SYSTEM\DZMM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: UMonitor
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: UMonitor
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WD2THK.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WD2THK.DLL: UMonitor
C:\WINDOWS\SYSTEM\WD2THK.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MDTCP.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MDTCP.DLL: UMonitor
C:\WINDOWS\SYSTEM\MDTCP.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\PTGFILT.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\PTGFILT.DLL: UMonitor
C:\WINDOWS\SYSTEM\PTGFILT.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: UMonitor
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: UMonitor
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NSTDI.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NSTDI.DLL: UMonitor
C:\WINDOWS\SYSTEM\NSTDI.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\CIL3D32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\CIL3D32.DLL: UMonitor
C:\WINDOWS\SYSTEM\CIL3D32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: UMonitor
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\LYAETK16.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\LYAETK16.DLL: UMonitor
C:\WINDOWS\SYSTEM\LYAETK16.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\lzkrn11n.dll: InitUMonitor
C:\WINDOWS\SYSTEM\lzkrn11n.dll: UMonitor
C:\WINDOWS\SYSTEM\lzkrn11n.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NNDLL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NNDLL.DLL: UMonitor
C:\WINDOWS\SYSTEM\NNDLL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\SNI_CI.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\SNI_CI.DLL: UMonitor
C:\WINDOWS\SYSTEM\SNI_CI.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\eyfpixexif.dll: InitUMonitor
C:\WINDOWS\SYSTEM\eyfpixexif.dll: UMonitor
C:\WINDOWS\SYSTEM\eyfpixexif.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IYIRCL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IYIRCL.DLL: UMonitor
C:\WINDOWS\SYSTEM\IYIRCL.DLL: /cgi-bin/UMonitorV2

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"LexmarkPrinTray"="PrinTray.exe"
"LXSUPMON"="C:\\WINDOWS\\SYSTEM\\LXSUPMON.EXE RUN"
"AVG7_CC"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGCC.EXE /STARTUP"
"AVG7_AMSVR"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGAMSVR.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

#22
Excal

Posted 15 August 2005 - 06:32 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

can you please post the contents of the clsid.txt file in the backups folder

thanks,

:tazz:

Excal

#23
ewisniew

Posted 15 August 2005 - 08:53 PM

Member

Topic Starter
Member
31 posts

File is about 1.5 meg. Too large to post or attach. Suggestions? :tazz:

Thanks

#24
ewisniew

Posted 15 August 2005 - 08:58 PM

Member

Topic Starter
Member
31 posts

Sorry about that. Staring at the problem too long. :tazz:

Should be attached as a zip.

Attached Files

clsid.zip 152.85KB 340 downloads

#25
Excal

Posted 15 August 2005 - 09:01 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

Thanks

The maker of the tool is going to review it, so please be patient.

Excal

#26
Excal

Posted 16 August 2005 - 09:48 AM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

Hi and thanks for your patience :tazz:

This is what we need you to do.

Please run L2m9xfix again. DO NOT REBOOT AFTER YOU RUN THIS TOOL until asked please.

Then post the results of the scan and also attach the new contents of the clsid.txt file in the backups folder

Thanks,

Excal

#27
ewisniew

Posted 16 August 2005 - 05:11 PM

Member

Topic Starter
Member
31 posts

The log follows and the CLSID file is attached. Hope this helps give a clue.

Thanks for helping.

Log of L2M9XFix v1

************

Running from directory:
C:\WINDOWS\DESKTOP\l2m9xfix

************

Files found:

C:\WINDOWS\system\AEFSIPC.DLL
C:\WINDOWS\system\AEFSIPC.DLL
C:\WINDOWS\system\AEFSIPC.DLL
C:\WINDOWS\system\AEFSIPC.DLL
C:\WINDOWS\system\AZRESX32.DLL
C:\WINDOWS\system\AZRESX32.DLL
C:\WINDOWS\system\AZRESX32.DLL
C:\WINDOWS\system\AZRESX32.DLL
C:\WINDOWS\system\CIL3D32.DLL
C:\WINDOWS\system\CIL3D32.DLL
C:\WINDOWS\system\CIL3D32.DLL
C:\WINDOWS\system\CIL3D32.DLL
C:\WINDOWS\system\DMNMPNTW.DLL
C:\WINDOWS\system\DMNMPNTW.DLL
C:\WINDOWS\system\DMNMPNTW.DLL
C:\WINDOWS\system\DMNMPNTW.DLL
C:\WINDOWS\system\DRSERIAL.DLL
C:\WINDOWS\system\DRSERIAL.DLL
C:\WINDOWS\system\DRSERIAL.DLL
C:\WINDOWS\system\DRSERIAL.DLL
C:\WINDOWS\system\DZMM.DLL
C:\WINDOWS\system\DZMM.DLL
C:\WINDOWS\system\DZMM.DLL
C:\WINDOWS\system\DZMM.DLL
C:\WINDOWS\system\eyfpixexif.dll
C:\WINDOWS\system\eyfpixexif.dll
C:\WINDOWS\system\eyfpixexif.dll
C:\WINDOWS\system\eyfpixexif.dll
C:\WINDOWS\system\IC1XDD.DLL
C:\WINDOWS\system\IC1XDD.DLL
C:\WINDOWS\system\IC1XDD.DLL
C:\WINDOWS\system\IC1XDD.DLL
C:\WINDOWS\system\IEIRCL.DLL
C:\WINDOWS\system\IEIRCL.DLL
C:\WINDOWS\system\IEIRCL.DLL
C:\WINDOWS\system\IEIRCL.DLL
C:\WINDOWS\system\IHCVID.DLL
C:\WINDOWS\system\IHCVID.DLL
C:\WINDOWS\system\IHCVID.DLL
C:\WINDOWS\system\IHCVID.DLL
C:\WINDOWS\system\ISWDIAL.DLL
C:\WINDOWS\system\ISWDIAL.DLL
C:\WINDOWS\system\ISWDIAL.DLL
C:\WINDOWS\system\ISWDIAL.DLL
C:\WINDOWS\system\IYIRCL.DLL
C:\WINDOWS\system\IYIRCL.DLL
C:\WINDOWS\system\IYIRCL.DLL
C:\WINDOWS\system\IYIRCL.DLL
C:\WINDOWS\system\IZETCOMM.DLL
C:\WINDOWS\system\IZETCOMM.DLL
C:\WINDOWS\system\IZETCOMM.DLL
C:\WINDOWS\system\IZETCOMM.DLL
C:\WINDOWS\system\JKPL400.DLL
C:\WINDOWS\system\JKPL400.DLL
C:\WINDOWS\system\JKPL400.DLL
C:\WINDOWS\system\JKPL400.DLL
C:\WINDOWS\system\jlproxy.dll
C:\WINDOWS\system\jlproxy.dll
C:\WINDOWS\system\jlproxy.dll
C:\WINDOWS\system\jlproxy.dll
C:\WINDOWS\system\Lgkrn70n.dll
C:\WINDOWS\system\Lgkrn70n.dll
C:\WINDOWS\system\Lgkrn70n.dll
C:\WINDOWS\system\Lgkrn70n.dll
C:\WINDOWS\system\LTXUSB32.DLL
C:\WINDOWS\system\LTXUSB32.DLL
C:\WINDOWS\system\LTXUSB32.DLL
C:\WINDOWS\system\LTXUSB32.DLL
C:\WINDOWS\system\LYAETK16.DLL
C:\WINDOWS\system\LYAETK16.DLL
C:\WINDOWS\system\LYAETK16.DLL
C:\WINDOWS\system\LYAETK16.DLL
C:\WINDOWS\system\lzkrn11n.dll
C:\WINDOWS\system\lzkrn11n.dll
C:\WINDOWS\system\lzkrn11n.dll
C:\WINDOWS\system\lzkrn11n.dll
C:\WINDOWS\system\MDTCP.DLL
C:\WINDOWS\system\MDTCP.DLL
C:\WINDOWS\system\MDTCP.DLL
C:\WINDOWS\system\MDTCP.DLL
C:\WINDOWS\system\MFVFW32.DLL
C:\WINDOWS\system\MFVFW32.DLL
C:\WINDOWS\system\MFVFW32.DLL
C:\WINDOWS\system\MFVFW32.DLL
C:\WINDOWS\system\MMNDEX.DLL
C:\WINDOWS\system\MMNDEX.DLL
C:\WINDOWS\system\MMNDEX.DLL
C:\WINDOWS\system\MMNDEX.DLL
C:\WINDOWS\system\MROTHUNK.DLL
C:\WINDOWS\system\MROTHUNK.DLL
C:\WINDOWS\system\MROTHUNK.DLL
C:\WINDOWS\system\MROTHUNK.DLL
C:\WINDOWS\system\MTVFW32.DLL
C:\WINDOWS\system\MTVFW32.DLL
C:\WINDOWS\system\MTVFW32.DLL
C:\WINDOWS\system\MTVFW32.DLL
C:\WINDOWS\system\MUSIP32.DLL
C:\WINDOWS\system\MUSIP32.DLL
C:\WINDOWS\system\MUSIP32.DLL
C:\WINDOWS\system\MUSIP32.DLL
C:\WINDOWS\system\NATAPI32.DLL
C:\WINDOWS\system\NATAPI32.DLL
C:\WINDOWS\system\NATAPI32.DLL
C:\WINDOWS\system\NATAPI32.DLL
C:\WINDOWS\system\NNDLL.DLL
C:\WINDOWS\system\NNDLL.DLL
C:\WINDOWS\system\NNDLL.DLL
C:\WINDOWS\system\NNDLL.DLL
C:\WINDOWS\system\NODLL.DLL
C:\WINDOWS\system\NODLL.DLL
C:\WINDOWS\system\NODLL.DLL
C:\WINDOWS\system\NODLL.DLL
C:\WINDOWS\system\NSTDI.DLL
C:\WINDOWS\system\NSTDI.DLL
C:\WINDOWS\system\NSTDI.DLL
C:\WINDOWS\system\NSTDI.DLL
C:\WINDOWS\system\oxhlp30t.dll
C:\WINDOWS\system\oxhlp30t.dll
C:\WINDOWS\system\oxhlp30t.dll
C:\WINDOWS\system\oxhlp30t.dll
C:\WINDOWS\system\PTGFILT.DLL
C:\WINDOWS\system\PTGFILT.DLL
C:\WINDOWS\system\PTGFILT.DLL
C:\WINDOWS\system\PTGFILT.DLL
C:\WINDOWS\system\RHCLTC6.DLL
C:\WINDOWS\system\RHCLTC6.DLL
C:\WINDOWS\system\RHCLTC6.DLL
C:\WINDOWS\system\RHCLTC6.DLL
C:\WINDOWS\system\SKFTPUB.DLL
C:\WINDOWS\system\SKFTPUB.DLL
C:\WINDOWS\system\SKFTPUB.DLL
C:\WINDOWS\system\SKFTPUB.DLL
C:\WINDOWS\system\SNI_CI.DLL
C:\WINDOWS\system\SNI_CI.DLL
C:\WINDOWS\system\SNI_CI.DLL
C:\WINDOWS\system\SNI_CI.DLL
C:\WINDOWS\system\SZLAD1.dll
C:\WINDOWS\system\SZLAD1.dll
C:\WINDOWS\system\SZLAD1.dll
C:\WINDOWS\system\SZLAD1.dll
C:\WINDOWS\system\WD2THK.DLL
C:\WINDOWS\system\WD2THK.DLL
C:\WINDOWS\system\WD2THK.DLL
C:\WINDOWS\system\WD2THK.DLL
C:\WINDOWS\system\WJSTREAM.DLL
C:\WINDOWS\system\WJSTREAM.DLL
C:\WINDOWS\system\WJSTREAM.DLL
C:\WINDOWS\system\WJSTREAM.DLL
C:\WINDOWS\system\WNN87EM.DLL
C:\WINDOWS\system\WNN87EM.DLL
C:\WINDOWS\system\WNN87EM.DLL
C:\WINDOWS\system\WNN87EM.DLL

************

Registry entries found:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{34F7832B-5ECF-8015-69BA-023610C1B0BF}"=""

************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!

Finished!

Attached Files

clsid1.zip 152.85KB 84 downloads

#28
Excal

Posted 17 August 2005 - 02:40 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

Launch Notepad, and copy/paste the box below into a new text file. Save it as fixme.reg (make sure that Save as Type is set at "All Files") on your Desktop. Ensure there is no space at above REGEDIT 4.

REGEDIT4

[-HKEY_CLASSES_ROOT\CLSID\{1DC178BC-76AC-4EB5-B529-DDA2417C0E4F}]

Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Then please run L2M9XFix.

reboot then post another finf it log along with the results from the L2M9Xfix.

Thanks,

:tazz:

Excal

#29
ewisniew

Posted 17 August 2005 - 05:52 PM

Member

Topic Starter
Member
31 posts

Here are the new logs.

Thanks

Log of L2M9XFix v1

************

Running from directory:
C:\WINDOWS\DESKTOP\l2m9xfix

************

Files found:

C:\WINDOWS\system\AEFSIPC.DLL
C:\WINDOWS\system\AEFSIPC.DLL
C:\WINDOWS\system\AEFSIPC.DLL
C:\WINDOWS\system\AEFSIPC.DLL
C:\WINDOWS\system\AZRESX32.DLL
C:\WINDOWS\system\AZRESX32.DLL
C:\WINDOWS\system\AZRESX32.DLL
C:\WINDOWS\system\AZRESX32.DLL
C:\WINDOWS\system\CIL3D32.DLL
C:\WINDOWS\system\CIL3D32.DLL
C:\WINDOWS\system\CIL3D32.DLL
C:\WINDOWS\system\CIL3D32.DLL
C:\WINDOWS\system\DMNMPNTW.DLL
C:\WINDOWS\system\DMNMPNTW.DLL
C:\WINDOWS\system\DMNMPNTW.DLL
C:\WINDOWS\system\DMNMPNTW.DLL
C:\WINDOWS\system\DRSERIAL.DLL
C:\WINDOWS\system\DRSERIAL.DLL
C:\WINDOWS\system\DRSERIAL.DLL
C:\WINDOWS\system\DRSERIAL.DLL
C:\WINDOWS\system\DZMM.DLL
C:\WINDOWS\system\DZMM.DLL
C:\WINDOWS\system\DZMM.DLL
C:\WINDOWS\system\DZMM.DLL
C:\WINDOWS\system\eyfpixexif.dll
C:\WINDOWS\system\eyfpixexif.dll
C:\WINDOWS\system\eyfpixexif.dll
C:\WINDOWS\system\eyfpixexif.dll
C:\WINDOWS\system\IC1XDD.DLL
C:\WINDOWS\system\IC1XDD.DLL
C:\WINDOWS\system\IC1XDD.DLL
C:\WINDOWS\system\IC1XDD.DLL
C:\WINDOWS\system\IEIRCL.DLL
C:\WINDOWS\system\IEIRCL.DLL
C:\WINDOWS\system\IEIRCL.DLL
C:\WINDOWS\system\IEIRCL.DLL
C:\WINDOWS\system\IHCVID.DLL
C:\WINDOWS\system\IHCVID.DLL
C:\WINDOWS\system\IHCVID.DLL
C:\WINDOWS\system\IHCVID.DLL
C:\WINDOWS\system\ISWDIAL.DLL
C:\WINDOWS\system\ISWDIAL.DLL
C:\WINDOWS\system\ISWDIAL.DLL
C:\WINDOWS\system\ISWDIAL.DLL
C:\WINDOWS\system\IYIRCL.DLL
C:\WINDOWS\system\IYIRCL.DLL
C:\WINDOWS\system\IYIRCL.DLL
C:\WINDOWS\system\IYIRCL.DLL
C:\WINDOWS\system\IZETCOMM.DLL
C:\WINDOWS\system\IZETCOMM.DLL
C:\WINDOWS\system\IZETCOMM.DLL
C:\WINDOWS\system\IZETCOMM.DLL
C:\WINDOWS\system\JKPL400.DLL
C:\WINDOWS\system\JKPL400.DLL
C:\WINDOWS\system\JKPL400.DLL
C:\WINDOWS\system\JKPL400.DLL
C:\WINDOWS\system\jlproxy.dll
C:\WINDOWS\system\jlproxy.dll
C:\WINDOWS\system\jlproxy.dll
C:\WINDOWS\system\jlproxy.dll
C:\WINDOWS\system\Lgkrn70n.dll
C:\WINDOWS\system\Lgkrn70n.dll
C:\WINDOWS\system\Lgkrn70n.dll
C:\WINDOWS\system\Lgkrn70n.dll
C:\WINDOWS\system\LTXUSB32.DLL
C:\WINDOWS\system\LTXUSB32.DLL
C:\WINDOWS\system\LTXUSB32.DLL
C:\WINDOWS\system\LTXUSB32.DLL
C:\WINDOWS\system\LYAETK16.DLL
C:\WINDOWS\system\LYAETK16.DLL
C:\WINDOWS\system\LYAETK16.DLL
C:\WINDOWS\system\LYAETK16.DLL
C:\WINDOWS\system\lzkrn11n.dll
C:\WINDOWS\system\lzkrn11n.dll
C:\WINDOWS\system\lzkrn11n.dll
C:\WINDOWS\system\lzkrn11n.dll
C:\WINDOWS\system\MDTCP.DLL
C:\WINDOWS\system\MDTCP.DLL
C:\WINDOWS\system\MDTCP.DLL
C:\WINDOWS\system\MDTCP.DLL
C:\WINDOWS\system\MFVFW32.DLL
C:\WINDOWS\system\MFVFW32.DLL
C:\WINDOWS\system\MFVFW32.DLL
C:\WINDOWS\system\MFVFW32.DLL
C:\WINDOWS\system\MMNDEX.DLL
C:\WINDOWS\system\MMNDEX.DLL
C:\WINDOWS\system\MMNDEX.DLL
C:\WINDOWS\system\MMNDEX.DLL
C:\WINDOWS\system\MROTHUNK.DLL
C:\WINDOWS\system\MROTHUNK.DLL
C:\WINDOWS\system\MROTHUNK.DLL
C:\WINDOWS\system\MROTHUNK.DLL
C:\WINDOWS\system\MTVFW32.DLL
C:\WINDOWS\system\MTVFW32.DLL
C:\WINDOWS\system\MTVFW32.DLL
C:\WINDOWS\system\MTVFW32.DLL
C:\WINDOWS\system\MUSIP32.DLL
C:\WINDOWS\system\MUSIP32.DLL
C:\WINDOWS\system\MUSIP32.DLL
C:\WINDOWS\system\MUSIP32.DLL
C:\WINDOWS\system\NATAPI32.DLL
C:\WINDOWS\system\NATAPI32.DLL
C:\WINDOWS\system\NATAPI32.DLL
C:\WINDOWS\system\NATAPI32.DLL
C:\WINDOWS\system\NNDLL.DLL
C:\WINDOWS\system\NNDLL.DLL
C:\WINDOWS\system\NNDLL.DLL
C:\WINDOWS\system\NNDLL.DLL
C:\WINDOWS\system\NODLL.DLL
C:\WINDOWS\system\NODLL.DLL
C:\WINDOWS\system\NODLL.DLL
C:\WINDOWS\system\NODLL.DLL
C:\WINDOWS\system\NSTDI.DLL
C:\WINDOWS\system\NSTDI.DLL
C:\WINDOWS\system\NSTDI.DLL
C:\WINDOWS\system\NSTDI.DLL
C:\WINDOWS\system\oxhlp30t.dll
C:\WINDOWS\system\oxhlp30t.dll
C:\WINDOWS\system\oxhlp30t.dll
C:\WINDOWS\system\oxhlp30t.dll
C:\WINDOWS\system\PTGFILT.DLL
C:\WINDOWS\system\PTGFILT.DLL
C:\WINDOWS\system\PTGFILT.DLL
C:\WINDOWS\system\PTGFILT.DLL
C:\WINDOWS\system\RHCLTC6.DLL
C:\WINDOWS\system\RHCLTC6.DLL
C:\WINDOWS\system\RHCLTC6.DLL
C:\WINDOWS\system\RHCLTC6.DLL
C:\WINDOWS\system\SKFTPUB.DLL
C:\WINDOWS\system\SKFTPUB.DLL
C:\WINDOWS\system\SKFTPUB.DLL
C:\WINDOWS\system\SKFTPUB.DLL
C:\WINDOWS\system\SNI_CI.DLL
C:\WINDOWS\system\SNI_CI.DLL
C:\WINDOWS\system\SNI_CI.DLL
C:\WINDOWS\system\SNI_CI.DLL
C:\WINDOWS\system\SZLAD1.dll
C:\WINDOWS\system\SZLAD1.dll
C:\WINDOWS\system\SZLAD1.dll
C:\WINDOWS\system\SZLAD1.dll
C:\WINDOWS\system\URBMON.DLL
C:\WINDOWS\system\URBMON.DLL
C:\WINDOWS\system\URBMON.DLL
C:\WINDOWS\system\URBMON.DLL
C:\WINDOWS\system\WD2THK.DLL
C:\WINDOWS\system\WD2THK.DLL
C:\WINDOWS\system\WD2THK.DLL
C:\WINDOWS\system\WD2THK.DLL
C:\WINDOWS\system\WJSTREAM.DLL
C:\WINDOWS\system\WJSTREAM.DLL
C:\WINDOWS\system\WJSTREAM.DLL
C:\WINDOWS\system\WJSTREAM.DLL
C:\WINDOWS\system\WNN87EM.DLL
C:\WINDOWS\system\WNN87EM.DLL
C:\WINDOWS\system\WNN87EM.DLL
C:\WINDOWS\system\WNN87EM.DLL

************

Registry entries found:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{34F7832B-5ECF-8015-69BA-023610C1B0BF}"=""

************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!

Finished!

*********************************************************

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 07D1-0216
Directory of C:\WINDOWS\SYSTEM

IEIRCL DLL 405,504 08-06-05 3:17a IEIRCL.DLL
SNI_CI DLL 405,504 08-06-05 3:17a SNI_CI.DLL
IYIRCL DLL 405,504 08-06-05 3:17a IYIRCL.DLL
LTXUSB32 DLL 405,504 08-06-05 3:17a LTXUSB32.DLL
URBMON DLL 405,504 08-06-05 3:17a URBMON.DLL
VKAME DLL 405,504 08-06-05 3:17a VKAME.DLL
6 file(s) 2,433,024 bytes
0 dir(s) 15,483.39 MB free

------- Hidden Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 07D1-0216
Directory of C:\WINDOWS\SYSTEM

LXAE9XDH GID 32,432 06-29-04 1:10p Lxae9xdh.GID
LXAETCSP GID 8,628 04-01-01 9:05a LXAETCSP.GID
FOLDER HTT 23,155 06-27-00 1:48p FOLDER.HTT
DESKTOP INI 271 06-27-00 1:48p DESKTOP.INI
4 file(s) 64,486 bytes
0 dir(s) 15,483.38 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{34F7832B-5ECF-8015-69BA-023610C1B0BF}"=""

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
ieircl.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
sni_ci.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
iyircl.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
ltxusb32.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
urbmon.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K
vkame.dll Sat Aug 6 2005 3:17:46a ..S.R 405,504 396.00 K

6 items found: 6 files, 0 directories.
Total of file sizes: 2,433,024 bytes 2.32 M

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.P
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.N
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.I
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.H
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.E
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.D
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.761: TROJ_QOOLOGIC.A
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.P
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.N
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.I
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.H
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.E
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.D
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.G
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.C
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.B
C:\WINDOWS\LPT$VPN.761: TROJ_QOOLOGIC.A

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\AZRESX32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\AZRESX32.DLL: UMonitor
C:\WINDOWS\SYSTEM\AZRESX32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\jlproxy.dll: InitUMonitor
C:\WINDOWS\SYSTEM\jlproxy.dll: UMonitor
C:\WINDOWS\SYSTEM\jlproxy.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IEIRCL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IEIRCL.DLL: UMonitor
C:\WINDOWS\SYSTEM\IEIRCL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IHCVID.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IHCVID.DLL: UMonitor
C:\WINDOWS\SYSTEM\IHCVID.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MTVFW32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MTVFW32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MTVFW32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NATAPI32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NATAPI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\NATAPI32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: UMonitor
C:\WINDOWS\SYSTEM\DRSERIAL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WNN87EM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WNN87EM.DLL: UMonitor
C:\WINDOWS\SYSTEM\WNN87EM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NODLL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NODLL.DLL: UMonitor
C:\WINDOWS\SYSTEM\NODLL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IC1XDD.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IC1XDD.DLL: UMonitor
C:\WINDOWS\SYSTEM\IC1XDD.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MMNDEX.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MMNDEX.DLL: UMonitor
C:\WINDOWS\SYSTEM\MMNDEX.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MUSIP32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MUSIP32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MUSIP32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MFVFW32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MFVFW32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MFVFW32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\oxhlp30t.dll: InitUMonitor
C:\WINDOWS\SYSTEM\oxhlp30t.dll: UMonitor
C:\WINDOWS\SYSTEM\oxhlp30t.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: InitUMonitor
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: UMonitor
C:\WINDOWS\SYSTEM\Lgkrn70n.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\JKPL400.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\JKPL400.DLL: UMonitor
C:\WINDOWS\SYSTEM\JKPL400.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\SZLAD1.dll: InitUMonitor
C:\WINDOWS\SYSTEM\SZLAD1.dll: UMonitor
C:\WINDOWS\SYSTEM\SZLAD1.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: UMonitor
C:\WINDOWS\SYSTEM\MROTHUNK.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: UMonitor
C:\WINDOWS\SYSTEM\RHCLTC6.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: UMonitor
C:\WINDOWS\SYSTEM\DMNMPNTW.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\DZMM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\DZMM.DLL: UMonitor
C:\WINDOWS\SYSTEM\DZMM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: UMonitor
C:\WINDOWS\SYSTEM\SKFTPUB.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: UMonitor
C:\WINDOWS\SYSTEM\IZETCOMM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WD2THK.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WD2THK.DLL: UMonitor
C:\WINDOWS\SYSTEM\WD2THK.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\MDTCP.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\MDTCP.DLL: UMonitor
C:\WINDOWS\SYSTEM\MDTCP.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\PTGFILT.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\PTGFILT.DLL: UMonitor
C:\WINDOWS\SYSTEM\PTGFILT.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: UMonitor
C:\WINDOWS\SYSTEM\WJSTREAM.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: UMonitor
C:\WINDOWS\SYSTEM\AEFSIPC.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NSTDI.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NSTDI.DLL: UMonitor
C:\WINDOWS\SYSTEM\NSTDI.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\CIL3D32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\CIL3D32.DLL: UMonitor
C:\WINDOWS\SYSTEM\CIL3D32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: UMonitor
C:\WINDOWS\SYSTEM\ISWDIAL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\LYAETK16.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\LYAETK16.DLL: UMonitor
C:\WINDOWS\SYSTEM\LYAETK16.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\lzkrn11n.dll: InitUMonitor
C:\WINDOWS\SYSTEM\lzkrn11n.dll: UMonitor
C:\WINDOWS\SYSTEM\lzkrn11n.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\NNDLL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\NNDLL.DLL: UMonitor
C:\WINDOWS\SYSTEM\NNDLL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\SNI_CI.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\SNI_CI.DLL: UMonitor
C:\WINDOWS\SYSTEM\SNI_CI.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\eyfpixexif.dll: InitUMonitor
C:\WINDOWS\SYSTEM\eyfpixexif.dll: UMonitor
C:\WINDOWS\SYSTEM\eyfpixexif.dll: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\IYIRCL.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\IYIRCL.DLL: UMonitor
C:\WINDOWS\SYSTEM\IYIRCL.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\LTXUSB32.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\LTXUSB32.DLL: UMonitor
C:\WINDOWS\SYSTEM\LTXUSB32.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\URBMON.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\URBMON.DLL: UMonitor
C:\WINDOWS\SYSTEM\URBMON.DLL: /cgi-bin/UMonitorV2
C:\WINDOWS\SYSTEM\VKAME.DLL: InitUMonitor
C:\WINDOWS\SYSTEM\VKAME.DLL: UMonitor
C:\WINDOWS\SYSTEM\VKAME.DLL: /cgi-bin/UMonitorV2

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"LexmarkPrinTray"="PrinTray.exe"
"LXSUPMON"="C:\\WINDOWS\\SYSTEM\\LXSUPMON.EXE RUN"
"AVG7_CC"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGCC.EXE /STARTUP"
"AVG7_AMSVR"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGAMSVR.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"