Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

3 hours of my evening gone! [RESOLVED]


  • This topic is locked This topic is locked

#16
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Are you having problems with Killbox working? These files should not be showing up in the logs if Killbox removed them.

Also I don't need to see the uninstall list any more.
  • 0

Advertisements


#17
sjhoffm

sjhoffm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Killbox had been giving me the prompts that you suggested it would.

Just to be certain though, I just deleted Killbox, downloaded it again, and ran back through those steps (going back a couple days) again.
I've posted the results as of 5 minutes ago.

Logfile of HijackThis v1.99.1
Scan saved at 10:48:54 AM, on 8/21/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\IMAGEMATE COMPACTFLASH USB\SANDICON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SGLDPS.EXE
C:\PROGRAM FILES\RRBT\HTCR.EXE
C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com.../hp/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com.../hp/search.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\sgldps.exe reg_run
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Whtt] C:\Program Files\rrbt\htcr.exe
O4 - Startup: D-Link AirPlus.lnk = C:\Program Files\D-Link AirPlus\AIRPLUS.EXE
O4 - Startup: iknt.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* web-nex C:\WINDOWS\System\DATADX.DLL
* winsync C:\WINDOWS\System\DATADX.DLL
* rec2_run C:\WINDOWS\System\DATADX.DLL
* winsync C:\WINDOWS\SJSGSFJ.DLL
* winsync C:\WINDOWS\ANJBA.DLL
* conres.cpl C:\WINDOWS\System\CONRES.CPL
* datadx.dll C:\WINDOWS\System\DATADX.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* UPX! C:\WINDOWS\System\SKYTOWN.EXE
* UPX! C:\WINDOWS\System\AUNPS2.DLL
* UPX! C:\WINDOWS\System\HTCR.EXE
* UPX! C:\WINDOWS\System\INSTAL~1.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» startup files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* exe C:\WINDOWS\startm~1\programs\startup\IKNT.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»


Global Startup:
problem locating dir

User Startup:
C:\WINDOWS\Start Menu\Programs\StartUp

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* winsync C:\WINDOWS\SJSGSFJ.DLL
* winsync C:\WINDOWS\ANJBA.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* UPX! C:\WINDOWS\System\HTCR.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» startup files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* exe C:\WINDOWS\startm~1\programs\startup\IKNT.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»


Global Startup:
problem locating dir

User Startup:
C:\WINDOWS\Start Menu\Programs\StartUp

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* winsync C:\WINDOWS\SJSGSFJ.DLL
* winsync C:\WINDOWS\ANJBA.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* UPX! C:\WINDOWS\System\HTCR.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» startup files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* exe C:\WINDOWS\startm~1\programs\startup\IKNT.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»


Global Startup:
problem locating dir

User Startup:
C:\WINDOWS\Start Menu\Programs\StartUp

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* winsync C:\WINDOWS\SJSGSFJ.DLL
* winsync C:\WINDOWS\ANJBA.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»»» startup files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* exe C:\WINDOWS\startm~1\programs\startup\IKNT.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»


Global Startup:
problem locating dir

User Startup:
C:\WINDOWS\Start Menu\Programs\StartUp

...and after glancing over it, it appears to be exactly the same as the last log I posted... :tazz:

Edited by sjhoffm, 21 August 2005 - 09:07 AM.

  • 0

#18
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's try this.

Open Killbox and select the Delete on reboot option.
Copy and paste the following file to the field labeled "Full path of file to delete"

C:\WINDOWS\System\DATADX.DLL

Press the Delete button (the button that looks like a red circle with a white X in it).
A first dialog box will ask if you want to delete the file on reboot, press the YES button.
A second dialog box will ask you if you want to REBOOT now. Press the YES button.

Your computer will reboot.



Post a new log from FindQoologic.
  • 0

#19
sjhoffm

sjhoffm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* web-nex C:\WINDOWS\System\DATADX.DLL
* winsync C:\WINDOWS\System\DATADX.DLL
* rec2_run C:\WINDOWS\System\DATADX.DLL
* winsync C:\WINDOWS\SJSGSFJ.DLL
* winsync C:\WINDOWS\ANJBA.DLL
* conres.cpl C:\WINDOWS\System\CONRES.CPL
* datadx.dll C:\WINDOWS\System\DATADX.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* UPX! C:\WINDOWS\System\SKYTOWN.EXE
* UPX! C:\WINDOWS\System\AUNPS2.DLL
* UPX! C:\WINDOWS\System\HTCR.EXE
* UPX! C:\WINDOWS\System\INSTAL~1.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» startup files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* exe C:\WINDOWS\startm~1\programs\startup\IKNT.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»


Global Startup:
problem locating dir

User Startup:
C:\WINDOWS\Start Menu\Programs\StartUp

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* winsync C:\WINDOWS\SJSGSFJ.DLL
* winsync C:\WINDOWS\ANJBA.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* UPX! C:\WINDOWS\System\HTCR.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» startup files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* exe C:\WINDOWS\startm~1\programs\startup\IKNT.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»


Global Startup:
problem locating dir

User Startup:
C:\WINDOWS\Start Menu\Programs\StartUp

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* winsync C:\WINDOWS\SJSGSFJ.DLL
* winsync C:\WINDOWS\ANJBA.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* UPX! C:\WINDOWS\System\HTCR.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» startup files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* exe C:\WINDOWS\startm~1\programs\startup\IKNT.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»


Global Startup:
problem locating dir

User Startup:
C:\WINDOWS\Start Menu\Programs\StartUp

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* winsync C:\WINDOWS\SJSGSFJ.DLL
* winsync C:\WINDOWS\ANJBA.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»»» startup files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* exe C:\WINDOWS\startm~1\programs\startup\IKNT.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»


Global Startup:
problem locating dir

User Startup:
C:\WINDOWS\Start Menu\Programs\StartUp

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* winsync C:\WINDOWS\SJSGSFJ.DLL
* winsync C:\WINDOWS\ANJBA.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»»» startup files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* exe C:\WINDOWS\startm~1\programs\startup\IKNT.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»


Global Startup:
problem locating dir

User Startup:
C:\WINDOWS\Start Menu\Programs\StartUp
  • 0

#20
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Reboot into Safe mode and manually delete these files.

C:\WINDOWS\SYSTEM\skytown.exe
C:\WINDOWS\SYSTEM\AUNPS2.dll
C:\WINDOWS\SYSTEM\htcr.exe
C:\WINDOWS\SYSTEM\InstallAPS.exe
C:\WINDOWS\System\DATADX.DLL
C:\WINDOWS\SJSGSFJ.DLL
C:\WINDOWS\ANJBA.DLL
C:\WINDOWS\System\CONRES.CPL
C:\WINDOWS\start menu\programs\startup\IKNT.EXE


Let me know if you are unable to delete any of them.

Reboot back to normal mode and post one log from FindQoologic.
  • 0

#21
sjhoffm

sjhoffm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
The only files I WAS able to delete were :
C..SJSGSFJ.dll
and
C....IKNT.exe

None of the others were found in Safe Mode.

And here's the log:
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* web-nex C:\WINDOWS\System\DATADX.DLL
* winsync C:\WINDOWS\System\DATADX.DLL
* rec2_run C:\WINDOWS\System\DATADX.DLL
* winsync C:\WINDOWS\SJSGSFJ.DLL
* winsync C:\WINDOWS\ANJBA.DLL
* conres.cpl C:\WINDOWS\System\CONRES.CPL
* datadx.dll C:\WINDOWS\System\DATADX.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* UPX! C:\WINDOWS\System\SKYTOWN.EXE
* UPX! C:\WINDOWS\System\AUNPS2.DLL
* UPX! C:\WINDOWS\System\HTCR.EXE
* UPX! C:\WINDOWS\System\INSTAL~1.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» startup files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* exe C:\WINDOWS\startm~1\programs\startup\IKNT.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»


Global Startup:
problem locating dir

User Startup:
C:\WINDOWS\Start Menu\Programs\StartUp

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* winsync C:\WINDOWS\SJSGSFJ.DLL
* winsync C:\WINDOWS\ANJBA.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* UPX! C:\WINDOWS\System\HTCR.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» startup files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* exe C:\WINDOWS\startm~1\programs\startup\IKNT.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»


Global Startup:
problem locating dir

User Startup:
C:\WINDOWS\Start Menu\Programs\StartUp

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* winsync C:\WINDOWS\SJSGSFJ.DLL
* winsync C:\WINDOWS\ANJBA.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* UPX! C:\WINDOWS\System\HTCR.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» startup files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* exe C:\WINDOWS\startm~1\programs\startup\IKNT.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»


Global Startup:
problem locating dir

User Startup:
C:\WINDOWS\Start Menu\Programs\StartUp

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* winsync C:\WINDOWS\SJSGSFJ.DLL
* winsync C:\WINDOWS\ANJBA.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»»» startup files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* exe C:\WINDOWS\startm~1\programs\startup\IKNT.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»


Global Startup:
problem locating dir

User Startup:
C:\WINDOWS\Start Menu\Programs\StartUp

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* winsync C:\WINDOWS\SJSGSFJ.DLL
* winsync C:\WINDOWS\ANJBA.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»»» startup files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* exe C:\WINDOWS\startm~1\programs\startup\IKNT.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»


Global Startup:
problem locating dir

User Startup:
C:\WINDOWS\Start Menu\Programs\StartUp

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* winsync C:\WINDOWS\SJSGSFJ.DLL
* winsync C:\WINDOWS\ANJBA.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* UPX! C:\WINDOWS\System\HTCR.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» startup files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* exe C:\WINDOWS\startm~1\programs\startup\IKNT.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»


Global Startup:
problem locating dir

User Startup:
C:\WINDOWS\Start Menu\Programs\StartUp
  • 0

#22
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please post a new hijackthis log.
  • 0

#23
sjhoffm

sjhoffm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:27:20 PM, on 8/23/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\IMAGEMATE COMPACTFLASH USB\SANDICON.EXE
C:\WINDOWS\SGLDPS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SEEVE.EXE
C:\WINDOWS\SYSTEM\9FTV9CB9.EXE
C:\WINDOWS\SYSTEM\NSVSVC\NSVSVC.EXE
C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com.../hp/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com.../hp/search.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\sgldps.exe reg_run
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\SEEVE.exe
O4 - HKLM\..\Run: [9ftv9cb9] C:\WINDOWS\SYSTEM\9ftv9cb9.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Whtt] C:\Program Files\rrbt\htcr.exe
O4 - Startup: D-Link AirPlus.lnk = C:\Program Files\D-Link AirPlus\AIRPLUS.EXE
O4 - Startup: iknt.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
  • 0

#24
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please make sure that you can VIEW ALL HIDDEN FILES.

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\sgldps.exe reg_run
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\SEEVE.exe
O4 - HKLM\..\Run: [9ftv9cb9] C:\WINDOWS\SYSTEM\9ftv9cb9.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
O4 - HKCU\..\Run: [Whtt] C:\Program Files\rrbt\htcr.exe
O4 - Startup: iknt.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab



Please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* if you have trouble getting into Safe mode go here for more info.




Once in Safe mode, delete these files or directories (Do not be concerned if they do not exist):

C:\WINDOWS\sgldps.exe
C:\WINDOWS\SEEVE.exe
C:\WINDOWS\SYSTEM\9ftv9cb9.exe
C:\WINDOWS\SYSTEM\nsvsvc
C:\WINDOWS\SYSTEM\VIDCTRL
C:\Program Files\rrbt



Reboot back to normal mode.
Please run Panda Online Virus Scan
  • Make sure it is set to clean automatically.
  • There may be files that this scan will not remove.
  • Please include that information in your next post.

Reboot and post a new hijackthis log and the info from your virus scan.
  • 0

#25
sjhoffm

sjhoffm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I tried running Panda for almost 2 hours and it didn't complete.
I will try again this evening.
Here is the hijacklog though...



Logfile of HijackThis v1.99.1
Scan saved at 7:31:18 AM, on 8/24/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\IMAGEMATE COMPACTFLASH USB\SANDICON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com.../hp/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com.../hp/search.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Whtt] C:\Program Files\rrbt\htcr.exe
O4 - Startup: D-Link AirPlus.lnk = C:\Program Files\D-Link AirPlus\AIRPLUS.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
  • 0

Advertisements


#26
sjhoffm

sjhoffm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Ran the Panda program, but it didn't appear to do any "disinfection"...
Here is the log:


Incident Status Location

Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\HWD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AWIVPEAG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DY7VB.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DDD8.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OSUI400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AUIV16XX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DAMV2CLT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DOCNDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WWP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SMI_CI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MCYUV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\jfmd400.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WHW32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\cgnemres.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\VCAJET32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ADITVOUT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RSCLTSCM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ahl.dll
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM\Shex.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SXI_CI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UpdInst.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SMHANNEL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PPNMAP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\GKI32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IFRNONCE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wtv9dmod.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MZTIME.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QWAP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wqsdmod.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\pwdrv.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wxvaudio.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AFI3DUAG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ITSETUP.DLL
Adware:Adware/Midaddle No disinfected C:\WINDOWS\SYSTEM\htcr.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MJDOCS.DLL
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM\h4me96pf.exe
Adware:Adware/AdLogix No disinfected C:\WINDOWS\SYSTEM\jqfbzf.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM\n7iejcot.dll
Adware:adware/apropos No disinfected C:\WINDOWS\TEMP\cfout.txt
Adware:Adware/PurityScan No disinfected C:\WINDOWS\TEMP\!update.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\TEMP\180sainstallernusac.exe
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\tp7543.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\TEMP\ICD2.tmp\installer_VENDARE.exe
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\TEMP\iB2D1.TMP
Spyware:spyware/surfsidekick No disinfected C:\WINDOWS\TEMP\Ssk.log
Adware:Adware/ISearch No disinfected C:\WINDOWS\TEMP\cmdinst.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\TEMP\wrapperouter.exe
Adware:Adware/AdBehavior No disinfected C:\WINDOWS\TEMP\f437434.exe
Adware:adware/ncase No disinfected C:\WINDOWS\TEMP\180sainstallersca.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\TEMP\umqltg4cl_.exe
Adware:Adware/Midaddle No disinfected C:\WINDOWS\TEMP\pav4285.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav4287.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav42BC.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7100.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7152.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav71A2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7230.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81F2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81F4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8200.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8201.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8204.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8205.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8210.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8214.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8221.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8222.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8224.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8226.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8231.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav82C5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9052.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9054.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9073.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9074.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9080.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9082.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9084.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9090.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9095.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav9096.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav90A1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav90A2.TMP
Adware:Adware/Midaddle No disinfected C:\WINDOWS\TEMP\pav90A3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav90A5.TMP
Adware:Adware/Midaddle No disinfected C:\WINDOWS\TEMP\pavF2A2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav739E.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav801A.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA353.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA3A5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB041.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB0D1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavE0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavE4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavE5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavF0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav00F5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav101.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav102.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav105.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav110.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav112.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav1B2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav0306.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav310.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav330.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav331.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav333.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav334.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav341.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav343.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav351.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav352.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav354.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav355.TMP
Adware:Adware/Midaddle No disinfected C:\WINDOWS\TEMP\pav360.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav361.TMP
Adware:Adware/Midaddle No disinfected C:\WINDOWS\TEMP\pav80E3.TMP
Adware:Adware/PurityScan No disinfected C:\WINDOWS\TEMP\pavB0B3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC18A.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC1E8.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC248.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavC2C5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD2D1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD2D2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD2D6.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD2E0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD2E4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD2E5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD2F0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD2F4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD302.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD303.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD305.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD311.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD313.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavD3B3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavE152.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavE153.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavE173.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavE174.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavE175.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavE181.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavE184.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavE186.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavE195.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavE1A0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavE1A1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavE1A2.TMP
Adware:Adware/Midaddle No disinfected C:\WINDOWS\TEMP\pavE1A3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavE1A5.TMP
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\Desktop\backups\backup-20050818-180914-913.dll
Adware:Adware/QoolShown No disinfected C:\WINDOWS\Desktop\backups\backup-20050818-180914-872-iknt.exe
Adware:Adware/QoolShown No disinfected C:\WINDOWS\Desktop\backups\backup-20050823-222055-765-iknt.exe
Adware:Adware/WUpd No disinfected C:\WINDOWS\Desktop\backups\backup-20050823-222055-648.dll
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\Downloaded Program Files\installer_VENDARE.exe
Adware:adware/look2me No disinfected C:\WINDOWS\Downloaded Program Files\ActiveX.ocx
Adware:Adware/QoolShown No disinfected C:\WINDOWS\kapvu.dat
Adware:Adware/QoolShown No disinfected C:\WINDOWS\sjsgsfj.dll
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\dcxlwzmk.exe
Adware:Adware/QoolShown No disinfected C:\WINDOWS\sjsgsfj.dll.tmp
Adware:Adware/QoolShown No disinfected C:\WINDOWS\mnboadn.exe
Adware:Adware/Midaddle No disinfected C:\WINDOWS\ru.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\thin-143-1-x-x.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\bundle_mediamotor1004.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\afmh1q19.exe
Adware:adware/sahagent No disinfected C:\WINDOWS\unstall.exe
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
Adware:Adware/PurityScan No disinfected C:\Program Files\rrbt\htcr.exe
Adware:Adware/Apropos No disinfected C:\Program Files\Aprps\ProxyStub.dll
Adware:Adware/ISearch No disinfected C:\MTE2NzY6ODoxNg.exe
Spyware:Spyware/SurfSideKick No disinfected C:\SSK39.exe
Adware:Adware/QoolShown No disinfected C:\!Submit\IKNT.EXE

Edited by sjhoffm, 24 August 2005 - 06:14 PM.

  • 0

#27
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
That's ok. It showed us where all the bad guys are hiding. :tazz:


Delete these files:

C:\MTE2NzY6ODoxNg.exe
C:\SSK39.exe
C:\WINDOWS\SYSTEM\Shex.exe
C:\WINDOWS\SYSTEM\htcr.exe
C:\WINDOWS\SYSTEM\h4me96pf.exe
C:\WINDOWS\SYSTEM\jqfbzf.exe
C:\WINDOWS\SYSTEM\n7iejcot.dll
C:\WINDOWS\Desktop\backups\backup-20050818-180914-913.dll
C:\WINDOWS\Desktop\backups\backup-20050818-180914-872-iknt.exe
C:\WINDOWS\Desktop\backups\backup-20050823-222055-765-iknt.exe
C:\WINDOWS\Desktop\backups\backup-20050823-222055-648.dll
C:\WINDOWS\Downloaded Program Files\installer_VENDARE.exe
C:\WINDOWS\Downloaded Program Files\ActiveX.ocx
C:\WINDOWS\kapvu.dat
C:\WINDOWS\sjsgsfj.dll
C:\WINDOWS\cfgmgr52.ini
C:\WINDOWS\dcxlwzmk.exe
C:\WINDOWS\sjsgsfj.dll.tmp
C:\WINDOWS\mnboadn.exe
C:\WINDOWS\ru.exe
C:\WINDOWS\thin-143-1-x-x.exe
C:\WINDOWS\bundle_mediamotor1004.exe
C:\WINDOWS\afmh1q19.exe
C:\WINDOWS\unstall.exe
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
C:\Program Files\rrbt <-- delete this folder
C:\Program Files\Aprps <-- delete this folder



==========


Please download L2m9xfix here:
http://swandog46.gee...om/l2m9xfix.exe

Save it to the desktop and run it. Extract the files, and then open the l2m9xfix folder you just created and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.
  • 0

#28
sjhoffm

sjhoffm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
log.txt:

Log of L2M9XFix v1

************

Running from directory:
C:\WINDOWS\Desktop\l2m9xfix

************

Files found:

C:\WINDOWS\system\ADITVOUT.DLL
C:\WINDOWS\system\ADITVOUT.DLL
C:\WINDOWS\system\ADITVOUT.DLL
C:\WINDOWS\system\ADITVOUT.DLL
C:\WINDOWS\system\AFI3DUAG.DLL
C:\WINDOWS\system\AFI3DUAG.DLL
C:\WINDOWS\system\AFI3DUAG.DLL
C:\WINDOWS\system\AFI3DUAG.DLL
C:\WINDOWS\system\ahl.dll
C:\WINDOWS\system\ahl.dll
C:\WINDOWS\system\ahl.dll
C:\WINDOWS\system\ahl.dll
C:\WINDOWS\system\AUIV16XX.DLL
C:\WINDOWS\system\AUIV16XX.DLL
C:\WINDOWS\system\AUIV16XX.DLL
C:\WINDOWS\system\AUIV16XX.DLL
C:\WINDOWS\system\AWIVPEAG.DLL
C:\WINDOWS\system\AWIVPEAG.DLL
C:\WINDOWS\system\AWIVPEAG.DLL
C:\WINDOWS\system\AWIVPEAG.DLL
C:\WINDOWS\system\cgnemres.dll
C:\WINDOWS\system\cgnemres.dll
C:\WINDOWS\system\cgnemres.dll
C:\WINDOWS\system\cgnemres.dll
C:\WINDOWS\system\DAMV2CLT.DLL
C:\WINDOWS\system\DAMV2CLT.DLL
C:\WINDOWS\system\DAMV2CLT.DLL
C:\WINDOWS\system\DAMV2CLT.DLL
C:\WINDOWS\system\DDD8.DLL
C:\WINDOWS\system\DDD8.DLL
C:\WINDOWS\system\DDD8.DLL
C:\WINDOWS\system\DDD8.DLL
C:\WINDOWS\system\DOCNDI.DLL
C:\WINDOWS\system\DOCNDI.DLL
C:\WINDOWS\system\DOCNDI.DLL
C:\WINDOWS\system\DOCNDI.DLL
C:\WINDOWS\system\DY7VB.DLL
C:\WINDOWS\system\DY7VB.DLL
C:\WINDOWS\system\DY7VB.DLL
C:\WINDOWS\system\DY7VB.DLL
C:\WINDOWS\system\GKI32.DLL
C:\WINDOWS\system\GKI32.DLL
C:\WINDOWS\system\GKI32.DLL
C:\WINDOWS\system\GKI32.DLL
C:\WINDOWS\system\HWD.DLL
C:\WINDOWS\system\HWD.DLL
C:\WINDOWS\system\HWD.DLL
C:\WINDOWS\system\HWD.DLL
C:\WINDOWS\system\IFRNONCE.DLL
C:\WINDOWS\system\IFRNONCE.DLL
C:\WINDOWS\system\IFRNONCE.DLL
C:\WINDOWS\system\IFRNONCE.DLL
C:\WINDOWS\system\ITSETUP.DLL
C:\WINDOWS\system\ITSETUP.DLL
C:\WINDOWS\system\ITSETUP.DLL
C:\WINDOWS\system\ITSETUP.DLL
C:\WINDOWS\system\jfmd400.dll
C:\WINDOWS\system\jfmd400.dll
C:\WINDOWS\system\jfmd400.dll
C:\WINDOWS\system\jfmd400.dll
C:\WINDOWS\system\MCYUV.DLL
C:\WINDOWS\system\MCYUV.DLL
C:\WINDOWS\system\MCYUV.DLL
C:\WINDOWS\system\MCYUV.DLL
C:\WINDOWS\system\MJDOCS.DLL
C:\WINDOWS\system\MJDOCS.DLL
C:\WINDOWS\system\MJDOCS.DLL
C:\WINDOWS\system\MJDOCS.DLL
C:\WINDOWS\system\MZTIME.DLL
C:\WINDOWS\system\MZTIME.DLL
C:\WINDOWS\system\MZTIME.DLL
C:\WINDOWS\system\MZTIME.DLL
C:\WINDOWS\system\OSUI400.DLL
C:\WINDOWS\system\OSUI400.DLL
C:\WINDOWS\system\OSUI400.DLL
C:\WINDOWS\system\OSUI400.DLL
C:\WINDOWS\system\PPNMAP.DLL
C:\WINDOWS\system\PPNMAP.DLL
C:\WINDOWS\system\PPNMAP.DLL
C:\WINDOWS\system\PPNMAP.DLL
C:\WINDOWS\system\pwdrv.dll
C:\WINDOWS\system\pwdrv.dll
C:\WINDOWS\system\pwdrv.dll
C:\WINDOWS\system\pwdrv.dll
C:\WINDOWS\system\QWAP.DLL
C:\WINDOWS\system\QWAP.DLL
C:\WINDOWS\system\QWAP.DLL
C:\WINDOWS\system\QWAP.DLL
C:\WINDOWS\system\RSCLTSCM.DLL
C:\WINDOWS\system\RSCLTSCM.DLL
C:\WINDOWS\system\RSCLTSCM.DLL
C:\WINDOWS\system\RSCLTSCM.DLL
C:\WINDOWS\system\SMHANNEL.DLL
C:\WINDOWS\system\SMHANNEL.DLL
C:\WINDOWS\system\SMHANNEL.DLL
C:\WINDOWS\system\SMHANNEL.DLL
C:\WINDOWS\system\SMI_CI.DLL
C:\WINDOWS\system\SMI_CI.DLL
C:\WINDOWS\system\SMI_CI.DLL
C:\WINDOWS\system\SMI_CI.DLL
C:\WINDOWS\system\SXI_CI.DLL
C:\WINDOWS\system\SXI_CI.DLL
C:\WINDOWS\system\SXI_CI.DLL
C:\WINDOWS\system\SXI_CI.DLL
C:\WINDOWS\system\VCAJET32.DLL
C:\WINDOWS\system\VCAJET32.DLL
C:\WINDOWS\system\VCAJET32.DLL
C:\WINDOWS\system\VCAJET32.DLL
C:\WINDOWS\system\WHW32.DLL
C:\WINDOWS\system\WHW32.DLL
C:\WINDOWS\system\WHW32.DLL
C:\WINDOWS\system\WHW32.DLL
C:\WINDOWS\system\wqsdmod.dll
C:\WINDOWS\system\wqsdmod.dll
C:\WINDOWS\system\wqsdmod.dll
C:\WINDOWS\system\wqsdmod.dll
C:\WINDOWS\system\wtv9dmod.dll
C:\WINDOWS\system\wtv9dmod.dll
C:\WINDOWS\system\wtv9dmod.dll
C:\WINDOWS\system\wtv9dmod.dll
C:\WINDOWS\system\WWP.DLL
C:\WINDOWS\system\WWP.DLL
C:\WINDOWS\system\WWP.DLL
C:\WINDOWS\system\WWP.DLL
C:\WINDOWS\system\wxvaudio.dll
C:\WINDOWS\system\wxvaudio.dll
C:\WINDOWS\system\wxvaudio.dll
C:\WINDOWS\system\wxvaudio.dll

************

Registry entries found:

[HKEY_CLASSES_ROOT\CLSID\{6166A700-0E79-11DA-A857-0040055C3643}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\AWIVPEAG.DLL"
[HKEY_CLASSES_ROOT\CLSID\{6166A700-0E79-11DA-A857-0040055C3643}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\AWIVPEAG.DLL"
[HKEY_CLASSES_ROOT\CLSID\{6166A700-0E79-11DA-A857-0040055C3643}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\AWIVPEAG.DLL"
[HKEY_CLASSES_ROOT\CLSID\{6166A700-0E79-11DA-A857-0040055C3643}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\AWIVPEAG.DLL"
[HKEY_CLASSES_ROOT\CLSID\{0F594260-0E88-11DA-A857-0040055C3643}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\OSUI400.DLL"
[HKEY_CLASSES_ROOT\CLSID\{0F594260-0E88-11DA-A857-0040055C3643}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\OSUI400.DLL"
[HKEY_CLASSES_ROOT\CLSID\{0F594260-0E88-11DA-A857-0040055C3643}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\OSUI400.DLL"
[HKEY_CLASSES_ROOT\CLSID\{0F594260-0E88-11DA-A857-0040055C3643}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\OSUI400.DLL"

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{21588F38-F430-AF9F-29A2-0C732BF42F0E}"=""


************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!


HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 2:49:51 AM, on 8/25/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\IMAGEMATE COMPACTFLASH USB\SANDICON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\NSVSVC\NSVSVC.EXE
C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
C:\PROGRAM FILES\COMMON FILES\WINDOWS\SERVICES32.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com.../hp/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com.../hp/search.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Whtt] C:\Program Files\rrbt\htcr.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000117.exe
O4 - Startup: D-Link AirPlus.lnk = C:\Program Files\D-Link AirPlus\AIRPLUS.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
  • 0

#29
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please make sure that you can VIEW ALL HIDDEN FILES.

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
O4 - HKCU\..\Run: [Whtt] C:\Program Files\rrbt\htcr.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000117.exe



Please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* if you have trouble getting into Safe mode go here for more info.




Once in Safe mode, delete these files or directories (Do not be concerned if they do not exist):

C:\WINDOWS\SYSTEM\nsvsvc
C:\WINDOWS\SYSTEM\VIDCTRL
C:\Program Files\rrbt
C:\Program Files\Common Files\Windows\mc-58-12-0000117.exe


Reboot back to normal mode and run a new scan with Panda online virus scan. Then post a new hijackthis log and the info from Panda.
  • 0

#30
sjhoffm

sjhoffm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Incident Status Location

Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UpdInst.exe
Adware:adware/apropos No disinfected C:\WINDOWS\TEMP\cfout.txt
Adware:Adware/PurityScan No disinfected C:\WINDOWS\TEMP\!update.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\TEMP\180sainstallernusac.exe
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\tp7543.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\TEMP\ICD2.tmp\installer_VENDARE.exe
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\TEMP\iB2D1.TMP
Spyware:spyware/surfsidekick No disinfected C:\WINDOWS\TEMP\Ssk.log
Adware:Adware/ISearch No disinfected C:\WINDOWS\TEMP\cmdinst.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\TEMP\wrapperouter.exe
Adware:Adware/AdBehavior No disinfected C:\WINDOWS\TEMP\f437434.exe
Adware:adware/ncase No disinfected C:\WINDOWS\TEMP\180sainstallersca.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\TEMP\umqltg4cl_.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\ADITVOUT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\AFI3DUAG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\ahl.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\AUIV16XX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\AWIVPEAG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\cgnemres.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\DAMV2CLT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\DDD8.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\DOCNDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\DY7VB.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\GKI32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\HWD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\IFRNONCE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\ITSETUP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\jfmd400.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\MCYUV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\MJDOCS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\MZTIME.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\OSUI400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\PPNMAP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\pwdrv.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\QWAP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\RSCLTSCM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\SMHANNEL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\SMI_CI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\SXI_CI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\VCAJET32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\WHW32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\wqsdmod.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\wtv9dmod.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\WWP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\wxvaudio.dll
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\Downloaded Program Files\installer_VENDARE.exe
Adware:adware/look2me No disinfected C:\WINDOWS\Downloaded Program Files\ActiveX.ocx
Adware:Adware/DelFinMedia No disinfected C:\RECYCLED\DC1\nsvsvc.exe
Adware:Adware/DelFinMedia No disinfected C:\RECYCLED\DC1\nsvs.dll
Adware:Adware/DelFinMedia No disinfected C:\RECYCLED\DC1\nsv.ocx
Adware:Adware/DelFinMedia No disinfected C:\RECYCLED\DC2\vidctrl.exe
Adware:Adware/QoolShown No disinfected C:\!Submit\IKNT.EXE
Logfile of HijackThis v1.99.1
Scan saved at 7:08:10 PM, on 8/25/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\IMAGEMATE COMPACTFLASH USB\SANDICON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com.../hp/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com.../hp/search.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: D-Link AirPlus.lnk = C:\Program Files\D-Link AirPlus\AIRPLUS.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP