Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Frustrated w/psguard [RESOLVED]


  • This topic is locked This topic is locked

#16
mucha

mucha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello, Here is the new PandaScan. Thanks, Mucha


Incident Status Location

Adware:adware/transponder No disinfected C:\WINDOWS\SYSTEM\msts32.exe
Adware:adware/navipromo No disinfected C:\WINDOWS\SYSTEM\sdkfe32.exe
Spyware:spyware/new.net No disinfected C:\PROGRAM FILES\FirstLook
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntkc32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crxu.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sysiv32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winjr32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winsz.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkyw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ipth.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\appsx32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winps32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mszt.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\iefp32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addgy.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sysvv32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javaas32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntyv.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addpv32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\adddr32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javalh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntaf32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sysjn.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\netst32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkfg32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntow.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addus32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sysxe.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sysae32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winam.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkcf.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntfn32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkfv32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mfcsh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkqv32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlwu32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javana.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntdq.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlni32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntly.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mfcpk32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javazq.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ieax.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winfc.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addty32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winzo.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\iegv.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javakh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ieol.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\appye32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apixm.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javatq.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mslr32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addby.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apifc32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apppd.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlvz32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\msos32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\d3ki32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\netkq.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javags.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apiwe.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\d3uz32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apiqk.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winvo.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javauw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlat32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mscc.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javazi32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crhy.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\applh32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addlq.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntuy.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlto32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apiha32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crqj32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winud.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkhz32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ipdd.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\appct32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\syszc32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\netfr32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addqc.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sysfz32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\netoa.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\msoi.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crpn.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\nter32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addmh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crdo32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlzt.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winsi32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addsy.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkgv32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\msye.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apivr32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\appfa.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mfcyt32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winsy.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\netgp32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winai32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlzg32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\netui.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crky32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ieif32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apirl.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdknp.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\msgq32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addwy.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apiac32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\appkc.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlpz32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\msjs32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crgn.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\netob32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\d3jn32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\iewr32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ipwh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ipyb32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkkm.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winyr32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javark32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crrs32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ieth.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\appda.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\d3ch32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlrw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntvi.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sysvr.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkug32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntsb32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\nethz32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkii.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ipyf32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addcj.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\iegn.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\creb32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\cria32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\d3pi32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ievn32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ipog.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javahh32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\msyp32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mfcpv.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\d3da32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winuh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addzm.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addbf32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\d3gb32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\appbn32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mfcps32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\msdc32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crgw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\winip.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\syslb32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlci32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crej32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\msgr.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javavg.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apigz32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\netia32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mfcxx32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntbw.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\d3am.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crzq.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdksd.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\iewe.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\cray.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlpt.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apiiu32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkyc.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javamg.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\javaga32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apilw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atljz32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ipzh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntml.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atllb32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkgn32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\crur32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mfcuh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\mfcwt32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addgz.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\netcd.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\sdkuw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\msld.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\addph32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ieyq.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\apihq32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlcc32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\ntar.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\appzh32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\msed32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM\atlzp.dll
  • 0

Advertisements


#17
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Well that didnt work!

Thanks to Michelle we are going to try a new fix. :tazz:

Please download L2m9xfix here:
http://swandog46.gee...om/l2m9xfix.exe

Save it to the desktop and run it. Extract the files, and then open the l2m9xfix folder you just created and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat..

Edited by Jfcap, 31 August 2005 - 09:36 PM.

  • 0

#18
mucha

mucha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello, Here is the new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:24:15 AM, on 9/1/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MFCKZ32.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\COMMON FILES\FOTONATION\EVLSTNR.EXE
C:\PROGRAM FILES\SANDICON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\QUICKENW\QWDLLS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Program Files\Common Files\FotoNation\EvLstnr.exe
O4 - HKLM\..\Run: [SandIcon] C:\Program Files\SandIcon.Exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INSF2F3.TMP /R /A
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SDKBM32.EXE] C:\WINDOWS\SYSTEM\SDKBM32.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [MFCKZ32.EXE] C:\WINDOWS\SYSTEM\MFCKZ32.EXE /s
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Dell Home - {CAD3EF00-9556-11D4-9740-0001031AA926} - http://smbusiness.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .asf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com...load/nm1228.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.c.../zoomify157.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai...meInstaller.exe
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.refurbdep...sses/CFJava.cab
O16 - DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} (printQuick Browser Add In) - http://www.pqvalet.c.../printQuick.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bits...om/tdserver.cab
O16 - DPF: {9386632C-00D9-440F-A448-E25BE16459B2} (DemoShield DemoX Class) - http://www.asicomp.c...ox/pm/demox.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...344/mcfscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 209.183.229.3,205.216.137.2,205.216.137.4

And here is the log.txt file

Log of L2M9XFix v1

************

Running from directory:
C:\WINDOWS\Desktop\l2m9xfix

************

Files found:


************

Registry entries found:



************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!

Thanks again, Mucha
  • 0

#19
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hmm, again no luck!

Lets run aSquared,

A-squared Free is a trojan removal tool. To be able to use it, you must set up a free a-squared Account, to get access to the update server.
Please setup an a-squared account at the following link:
http://www.emsisoft....oftware/account

Then download a-squared free from this link:

http://www.emsisoft....ftware/download

Install it and update it.

Then boot your computer to safe mode by tapping the F8 key repeatedly on reboot until you get a boot menu. From this boot menu choose safe mode.

Once in safe mode fire up a-squared and let it run. Do not fix anything yet lets just see what it finds. When it is done scanning click the save log as html button.

Reboot to normal windows and upload that html file with your next post. I will go through and analyze the log to tell you if any of the files should not be removed.
  • 0

#20
mucha

mucha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello, sorry I didn't get back to you sooner, but I was out of town for a week. Here is the a-squared file. Thanks, Mucha

a² Report
Filename Diagnosis
c:\WINDOWS\SYSTEM\mfckz32.exe Trojan.Win32.Agent.bi
c:\WINDOWS\SYSTEM\atlzp.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\d3tr.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\netsg32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\mfcqb32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\appzc.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\mfcxm32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\netgi.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\mfcvf.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\mfcbb.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\mspy.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\apijj.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\appyz.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\javahf32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\ntfa32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\d3hp.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\netai32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\sdkta32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\mfcan32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\apiav32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\winnh.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\nthb.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\atlgr32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\addem32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\sysnm.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\sdkmc32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\appms.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\winjp32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\crjd32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\syszk.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\winhi32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\crme32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\addhq32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\atluv32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\javadb.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\apire32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\netym.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\appuq32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\ienw.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\apiwf.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\winvu32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\sysbo.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\sdkad32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\apihb.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\atlkt32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\appio32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\msqc32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\atlon32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\mfcka32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\d3ty32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\javawa.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\crwy32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\netbu32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\d3eg32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\javatb32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\atlye32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\apidi.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\mfcej32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\addin.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\sdkfq32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\ipun32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\addcl32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\appqv.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\atlkh32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\apigh32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\apiox.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\javaen32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\mscu32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\appnd32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\winqn.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\adder.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\addyl32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\d3dh32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\appyt32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\mfclx32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\addkt32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\netiy32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\addhn.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\javawy32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\crme.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\SYSTEM\d3sb.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\z74q1fvr.default\Cache\11EFAC94d01 Adware.ToolBar.MyWebSearch
c:\WINDOWS\Cookies\chris@advertising[2].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@doubleclick[1].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@atdmt[2].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@adsremote.scripps[1].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@z1.adserver[1].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@2o7[1].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@bs.serving-sys[1].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@serving-sys[2].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@questionmarket[1].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@revenue[2].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@trafficmp[1].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@sextracker[1].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@tribalfusion[2].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@adknowledge[1].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@fastclick[2].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@mediaplex[2].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@counter9.sextracker[1].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@data.coremetrics[1].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@internetfuel[1].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@zedo[2].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@realmedia[2].txt Trace.TrackingCookie
c:\WINDOWS\Cookies\chris@servedby.advertising[2].txt Trace.TrackingCookie
c:\WINDOWS\crsp32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\netac.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\javawg.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\msoh32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sdkzy32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ntov32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfchu.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\d3vy32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\addzl.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\javanm32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\atlav32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ipex32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ierb32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sdkzo32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\appjw32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\atlje32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\nthz.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\javast32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\syswv32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sysik32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sdkgx32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\winvu32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\addds32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\crxj.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\d3lg.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\msko.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\addjl.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\iebc.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apprr32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\netpz32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfckl.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\applp.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ipjn32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\javazu32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sysrd.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sdkqt32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\netoq32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\atlyr.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\netrs32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ieai32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\msdi32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ntim32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\iedy32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\winqc32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\javakw.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\d3dx32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\syste32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ntny32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\syszx32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\appmk32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ipvs32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\netym32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sdkdq.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ipso.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ntyk.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apprd32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\javard32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\winup32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfccb32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\winay.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ipjh.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\appiw32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ntxu32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfcwj32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\javafs32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sysje.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ntwi32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\winxg32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\netvm32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\netvu.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sysxv.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\javawl32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apivi.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfcya32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\appew32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\atlee32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\netii.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apiri32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfcgf32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\iekb.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\addec32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sysor.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mslo.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ieql.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sysqt.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\d3gi.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\msoq.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ntwc.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\crod.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apifc32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\d3ur.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\crre.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mskx32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\addan32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apitw32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\atlox.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apicc.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apiwv32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sysbs32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\neted32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ipji32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfcwc32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ipmk32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apipv.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\winol32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sdkic.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ieeg32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\crnh.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\d3bd32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\netmw32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sysun.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\msjk32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfcss.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\atlwk32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sdklz.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfcql32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\appni32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apigr.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\atlvo32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ieal32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\d3yg.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\netxo32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apilk32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\iela.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\d3mn.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\iprp.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\winfu.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\appth32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ipzk.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\crvo.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sysop32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\appew.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfcsb.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfcmu32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ierr32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ieng32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\msvb32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sysws.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sdkvs.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\wintf.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mscg32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\crsd32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\crdd32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\d3lr.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\javaio.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\d3ot.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sdkda.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\winng32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\addgw32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\windb32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\appqo32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\winmx.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apptv32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\d3ys32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\atlbd32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfchi32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\iejr32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\crtq.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sysxu.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\atlhv32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\netfc.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\crbg32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ntlh.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sdkzd32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\atlkw32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sdkwe.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apiox32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\atlec.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfcmq32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\iefj32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ipfz32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\msjl32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\syswg32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\syshg32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\winho32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\addvs32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apito.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\atldo32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\winnp.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\addsl32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfclu.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\winty32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\atlrg.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ipnk32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apiwk.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apich32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sysva32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\winmw.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfcll32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ipbt32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\msts.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\crcs.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\atlly32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apiyl32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\netyb.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\javawq32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ieny32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apiwe.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sdkai.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mskj32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\winaq.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfceu32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\appov.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\appur32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfciu.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\addxj.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\iebn.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\appfr.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\netps32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sdkgz.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mskd32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sysmd32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sysml.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ievl.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ipap32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apivt.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\wincj32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\iese32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\crcf.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\d3pb32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sysik.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\addwn32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfcbr.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\appkz32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\d3vs32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\addke32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfcbm.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\netoq.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\netik32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\addng32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ipis32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\javakh.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ipzo.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfcva.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ntze.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\d3jx32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sysie.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfcei.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sdkqa32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfcpy.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\cryg.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\netxw32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfcur32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\appko32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apidx.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\crve.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfcai.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ntee32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\neton.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\nettb32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\winnu32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\iekx.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ntcx32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apiav.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ienz.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sdkpg.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\syssq32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\appxw32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\atlfk32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apilp32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\netlv.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ipid32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apify.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sysfg32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sdkhf32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\ielz.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\javasd32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sdkkv32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\mfcpr32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\d3yh32.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\apidl.dll Trojan-Downloader.Win32.Agent.bc
c:\WINDOWS\sysdk.dll Trojan-Downloader.Win32.Agent.bc
  • 0

#21
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Go ahead and have aSquared fix all of those files, then post a HJT log for me.

Hope you had a nice time out of town =)
  • 0

#22
mucha

mucha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello, I ran a-squared and fixed what it found. Here is the new HijackThis log. Thanks, Mucha

Logfile of HijackThis v1.99.1
Scan saved at 10:13:47 PM, on 9/8/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\COMMON FILES\FOTONATION\EVLSTNR.EXE
C:\PROGRAM FILES\SANDICON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\QUICKENW\QWDLLS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\CMMON32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Program Files\Common Files\FotoNation\EvLstnr.exe
O4 - HKLM\..\Run: [SandIcon] C:\Program Files\SandIcon.Exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INSF2F3.TMP /R /A
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SDKBM32.EXE] C:\WINDOWS\SYSTEM\SDKBM32.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [MFCKZ32.EXE] C:\WINDOWS\SYSTEM\MFCKZ32.EXE /s
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Dell Home - {CAD3EF00-9556-11D4-9740-0001031AA926} - http://smbusiness.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .asf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com...load/nm1228.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.c.../zoomify157.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai...meInstaller.exe
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.refurbdep...sses/CFJava.cab
O16 - DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} (printQuick Browser Add In) - http://www.pqvalet.c.../printQuick.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bits...om/tdserver.cab
O16 - DPF: {9386632C-00D9-440F-A448-E25BE16459B2} (DemoShield DemoX Class) - http://www.asicomp.c...ox/pm/demox.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...344/mcfscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 209.183.229.3,205.216.137.2,205.216.137.4
  • 0

#23
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
I see two small things that we still need to fix, however I need to head out to school :), so I will post a response when I get home this afternoon.

Let me know how the computer is running :tazz:
  • 0

#24
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Please reopen HiJackThis and scan your computer. Please place a check mark next to the following entries. Be sure to select only the entries that are listed below, as deleting the wrong file could cause harm to your system.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =


Next, please close all programs except for HiJackThis, and select Fix Checked.
Reboot your computer, and then post a new log for me to look at.

Let me know how things are running.
  • 0

#25
mucha

mucha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello, Here is the new log. Things seem to be running fine thanks, Mucha

Logfile of HijackThis v1.99.1
Scan saved at 4:48:24 PM, on 9/9/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\COMMON FILES\FOTONATION\EVLSTNR.EXE
C:\PROGRAM FILES\SANDICON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\QUICKENW\QWDLLS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Program Files\Common Files\FotoNation\EvLstnr.exe
O4 - HKLM\..\Run: [SandIcon] C:\Program Files\SandIcon.Exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INSF2F3.TMP /R /A
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SDKBM32.EXE] C:\WINDOWS\SYSTEM\SDKBM32.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [MFCKZ32.EXE] C:\WINDOWS\SYSTEM\MFCKZ32.EXE /s
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Dell Home - {CAD3EF00-9556-11D4-9740-0001031AA926} - http://smbusiness.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .asf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com...load/nm1228.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.c.../zoomify157.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai...meInstaller.exe
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.refurbdep...sses/CFJava.cab
O16 - DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} (printQuick Browser Add In) - http://www.pqvalet.c.../printQuick.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bits...om/tdserver.cab
O16 - DPF: {9386632C-00D9-440F-A448-E25BE16459B2} (DemoShield DemoX Class) - http://www.asicomp.c...ox/pm/demox.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...344/mcfscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 209.183.229.3,205.216.137.2,205.216.137.4
  • 0

Advertisements


#26
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
  • 0

#27
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP