Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HijackThis log-Please Help-Thanks! [CLOSED]

Started by MelindaG , Aug 20 2005 09:13 PM

  • This topic is locked This topic is locked

#1
MelindaG
Posted 20 August 2005 - 09:13 PM

MelindaG

    Member

  • Member
  • PipPip
  • 10 posts
I did every step on the "required" steps post, removing tons of malware/spyware,etc. Running better except for the following 2 problems:



When I start my computer, I have a box immediately pop up titled "Microsoft Visual C++ Runtime Library" and it reads,
"Runtime Error!
Program: C:\WINDOWS\EXPLORER.EXE
This application has requested the Runtime to terminate it in an unusual way"
My only option to click on this box is "OK", and when I click on it, windows attempts to restart but freezes and I have to restart my computer.

I also keep having a box pop up titled "Alert" and it reads, "The URL is not valid and cannot be loaded." When I click the X box to close it, Mozilla Firefox opens with a blank page. Several of these sometimes pop up at once.

Thanks!

Below is my HijackThis Log:


Logfile of HijackThis v1.99.1
Scan saved at 10:57:44 PM, on 8/20/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\ETB\POKAPOKA63.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\ETB\POKAPOKA63.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O12 - Plugin for .qt: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
  • 0

Advertisements

#2
Justin
Posted 27 August 2005 - 01:31 AM

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello, and welcome to the GeekstoGo Forums. My name is Jfcap,and I will be helping you clean your system. I would like to start off by apologizing in the delay in our response time. We try not to let posts slip through the cracks, but things do happen due the the ammount of posts on our website, so again I apologize.

HijackThis is being run from a temporary folder; this means that any backups it creates as a result of fixes made with it will be lost. Please create a new folder for it and place the program into that new folder.

Please reopen HiJackThis and scan your computer. Please place a check mark next to the following entries. Be sure to select only the entries that are listed below, as deleting the wrong file could cause harm to your system.

O4 - HKLM\..\Run: [System service63] C:\WINDOWS\ETB\POKAPOKA63.EXE


Next, please close all programs except for HiJackThis, and select Fix Checked.
Reboot your computer and boot into safe mode.

To boot into safe mode turn your computer on and press f8, continiously, until a menu appears. At this menu please select safemode

Next, open Windows Explorer. The easiest way to do this is:Click Start
Select Run
Type in Explorer
While in Windows Explorer, please delete the following Files, if they are found. Please note thay you may not find the files, please let me know if you do not find them.

C:\WINDOWS\ETB\POKAPOKA63.EXE


Also, please note the other files in C:\Windows\ETB and let me know if your next reply.

Please exit Windows Explorer and reboot you computer normally.
In your next reply, please post a new HiJackThis log, as well as any other information that has been requested
  • 0

#3
MelindaG
Posted 27 August 2005 - 12:42 PM

MelindaG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello and thank you for your help!
I did NOT find the file "etb" in my Windows Explorer. However, I did "fix" the pokapoka 63 in HijackThis.
I am still having the pop ups and the Alert box that opens a new blank Mozilla Firefox window.
Here is my new HijackThis log.
Thanks

Logfile of HijackThis v1.99.1
Scan saved at 2:36:46 PM, on 8/27/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS-1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O12 - Plugin for .qt: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: www.geekstogo.com
O15 - Trusted Zone: www.housecall.trendmicro.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
  • 0

#4
Justin
Posted 27 August 2005 - 03:55 PM

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Open Windows Explorer:

Click on Tools
Click on Folder Options
Click on the View Tab
Select Show all files and folders.

Then look for the ETB folder. If you find it, let me know what is inside of it.

Then lets hide the hidden files.

Click Tools
Click Folder Options
Click on the View Tab
Select Hide hidden files and folders.
  • 0

#5
MelindaG
Posted 27 August 2005 - 04:48 PM

MelindaG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi....Still no ETB Folder. I did as you told me to do and I also used "find files and folder", but still no "etb" folder.
  • 0

#6
Justin
Posted 27 August 2005 - 07:52 PM

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Thats good that no ETB is present.

Overall, how is the computer running?

Are you seeing any popups? Is anything slower than usual?
  • 0

#7
MelindaG
Posted 28 August 2005 - 09:00 AM

MelindaG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I am still having occasional pop ups. I still constantly have the box appear that is titled "alert" and reads "the url is not valid and can not be loaded".
  • 0

#8
Justin
Posted 28 August 2005 - 10:33 AM

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Lets get this fixed for you!

Please Panda ActiveScan<<<Accept default settings, save and post the log

Then reboot your computer, and rescan with HiJackThis. (It is important that you run HiJackThis after PandaScan.)

Save the HiJackThis log.

Post the log from PandaScan and the log from HiJackThis.
  • 0

#9
MelindaG
Posted 28 August 2005 - 01:14 PM

MelindaG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello again!

Here is the PandaActiveScan Log:


Incident Status Location

Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IJ6AM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DSDRG16F.DLL
Adware:adware/sahagent No disinfected C:\WINDOWS\SYSTEM\SHAgentNew.dll
Adware:adware/funweb No disinfected C:\WINDOWS\SYSTEM\Popular Screensavers.scr
Adware:adware/portalscan No disinfected C:\WINDOWS\SYSTEM\winupdt.bin
Adware:adware/comet No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\dm.inf
Adware:adware/searchtheweb No disinfected C:\WINDOWS\SYSTEM\CACHE\mswinstall.exe
Adware:adware/ezula No disinfected C:\ezStub.exe
Adware:adware/ncase No disinfected C:\WINDOWS\msbbi.exe
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Adware:adware/quicksearch No disinfected C:\PROGRAM FILES\QuickSearch
Dialer:dialer.akd No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\SGRUNT.BIZ
Dialer:dialer.bjp No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\ARCHIVIOSEX.NET
Adware:adware/mywebsearch No disinfected Windows Registry
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WXVDMOE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IC32_32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RKASETUP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\THAIN_32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MIDMO.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IEETWH16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MXRCLR40.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\VFODCTL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RJCNS4.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mhwebdvd.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\cpmintfs.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MXWLTRES.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CCT32.DLL
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM\SHAgentNew.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\jlmd400.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\eienu.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Vro532vw.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WJNALIGN.DLL
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\SYSTEM\Cache\wrapperouter.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Cache\Installer.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MZC30.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SOANCTRL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mmpst32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wcdmlog.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PMXPCZ.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IISENG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\XRNROLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DCLOADER.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DERAW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PTBASE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WLI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PLGRAP32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CMYPTNET.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\icctl.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DHNIM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DORAW16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RIAUI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MHAXDD32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\BNOWSEWM.DLL
Adware:Adware/Searchforit No disinfected C:\WINDOWS\SYSTEM\ca2.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MKRSERV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WJBVW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IYAGEHLP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IDSENG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mcndex.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ij6am.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\VWAME.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PSGRAP32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\in6am.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ldpsd11n.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\eyenu.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DSDRG16F.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\lvpsd11n.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\iwctl.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AJIFILE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\sdnscfg.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IKMUPG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DDMSSHRN.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DGNDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EGSN.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ltaiinst.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MKCD30.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MTCUIW32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\idetcfg.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RVR20.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\sgbapi.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wxdmlog.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\psdlib32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ix6am.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Vio532ut.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\lixusb32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\cuutil.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\dynet.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SGD401LC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SDP32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mzc70.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav2100.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav2152.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32C2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32D3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32E1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32E5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav32F3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3301.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3322.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav4021.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav60A3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7152.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7161.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7172.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav71F1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7201.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7204.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7334.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7352.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7361.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7365.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7372.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7380.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7385.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav7395.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav73A4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav73B3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8002.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8011.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8015.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8023.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8030.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8035.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8042.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8050.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8060.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8065.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8074.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8091.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8094.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav80A3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav80B0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav80B4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav80C2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav80D2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav80E3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav80F1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav80F4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8102.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8120.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8125.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8132.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8141.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8151.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8155.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8174.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8183.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8190.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81A1.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81A6.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81B5.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81C4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav81D3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8200.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8203.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8245.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8252.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8255.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8263.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8271.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav8281.TMP
Adware:Adware/Comet No disinfected C:\WINDOWS\Downloaded Program Files\dm.inf
Possible Virus. No disinfected C:\WINDOWS\Downloaded Program Files\RegDload.dll
Adware:Adware/PortalScan No disinfected C:\WINDOWS\Helper101.dll
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\kirnqtey.exe
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\cfgmgr52.dll
Adware:Adware/EliteBar No disinfected C:\RECYCLED\DC0\pokapoka63.exe
Spyware:Spyware/BargainBuddy No disinfected C:\RECYCLED\DC0\xml\images\dating.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\RECYCLED\DC0\xml\images\drugs.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\RECYCLED\DC0\xml\images\casino.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\RECYCLED\DC0\xml\images\virus.bmp
Adware:Adware/QuickSearch No disinfected C:\Program Files\ThemesUnlimited\frog-55516.zip\TBEZA127Q.exe
Spyware:Spyware/New.net No disinfected C:\Program Files\ThemesUnlimited\frog-55516.zip\NNEZTA388.exe
Spyware:Spyware/New.net No disinfected C:\Program Files\Support.com\backup\ne\newdotnet6_30.dll\229376_568966ed3_[newdotnet6_30.dll]
Spyware:Spyware/New.net No disinfected C:\Program Files\Support.com\backup\ne\newdotnet6_38.dll\229376_51a9f736b_[newdotnet6_38.dll]
Possible Virus. No disinfected C:\NULL
Adware:Adware/eZula No disinfected C:\ezStub.exe
Adware:Adware/ISearch No disinfected C:\MTE2NzY6ODoxNg.exe


AND HERE IS MY HIJACKTHIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 3:11:41 PM, on 8/28/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS-1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O12 - Plugin for .qt: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: www.geekstogo.com
O15 - Trusted Zone: www.housecall.trendmicro.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5
  • 0

#10
Justin
Posted 28 August 2005 - 02:01 PM

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
aha!

Thats why things are not getting better. You have a fun infection called Look2Me. The thing about L2M is that it shows no sign of it being present on a 9x system. The good news is that pandascan finds it, but does not know how to fix it. However, I do know how to fix it!

Please download L2m9xfix here:
http://swandog46.gee...om/l2m9xfix.exe

Save it to the desktop and run it. Extract the files, and then open the l2m9xfix folder you just created and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.
  • 0

Advertisements

#11
MelindaG
Posted 28 August 2005 - 02:56 PM

MelindaG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok...Here is the HiJack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:54:23 PM, on 8/28/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS-1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O12 - Plugin for .qt: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: www.geekstogo.com
O15 - Trusted Zone: www.housecall.trendmicro.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab


AND HERE IS THE OTHER LOG:

Log of L2M9XFix v1

************

Running from directory:
C:\WINDOWS\Desktop\l2m9xfix

************

Files found:

C:\WINDOWS\system\AJIFILE.DLL
C:\WINDOWS\system\AJIFILE.DLL
C:\WINDOWS\system\AJIFILE.DLL
C:\WINDOWS\system\AJIFILE.DLL
C:\WINDOWS\system\BNOWSEWM.DLL
C:\WINDOWS\system\BNOWSEWM.DLL
C:\WINDOWS\system\BNOWSEWM.DLL
C:\WINDOWS\system\BNOWSEWM.DLL
C:\WINDOWS\system\CCT32.DLL
C:\WINDOWS\system\CCT32.DLL
C:\WINDOWS\system\CCT32.DLL
C:\WINDOWS\system\CCT32.DLL
C:\WINDOWS\system\CMYPTNET.DLL
C:\WINDOWS\system\CMYPTNET.DLL
C:\WINDOWS\system\CMYPTNET.DLL
C:\WINDOWS\system\CMYPTNET.DLL
C:\WINDOWS\system\cpmintfs.dll
C:\WINDOWS\system\cpmintfs.dll
C:\WINDOWS\system\cpmintfs.dll
C:\WINDOWS\system\cpmintfs.dll
C:\WINDOWS\system\cuutil.dll
C:\WINDOWS\system\cuutil.dll
C:\WINDOWS\system\cuutil.dll
C:\WINDOWS\system\cuutil.dll
C:\WINDOWS\system\DCLOADER.DLL
C:\WINDOWS\system\DCLOADER.DLL
C:\WINDOWS\system\DCLOADER.DLL
C:\WINDOWS\system\DCLOADER.DLL
C:\WINDOWS\system\DDMSSHRN.DLL
C:\WINDOWS\system\DDMSSHRN.DLL
C:\WINDOWS\system\DDMSSHRN.DLL
C:\WINDOWS\system\DDMSSHRN.DLL
C:\WINDOWS\system\DERAW.DLL
C:\WINDOWS\system\DERAW.DLL
C:\WINDOWS\system\DERAW.DLL
C:\WINDOWS\system\DERAW.DLL
C:\WINDOWS\system\DGNDI.DLL
C:\WINDOWS\system\DGNDI.DLL
C:\WINDOWS\system\DGNDI.DLL
C:\WINDOWS\system\DGNDI.DLL
C:\WINDOWS\system\DHNIM.DLL
C:\WINDOWS\system\DHNIM.DLL
C:\WINDOWS\system\DHNIM.DLL
C:\WINDOWS\system\DHNIM.DLL
C:\WINDOWS\system\dhvacm.dll
C:\WINDOWS\system\dhvacm.dll
C:\WINDOWS\system\dhvacm.dll
C:\WINDOWS\system\dhvacm.dll
C:\WINDOWS\system\DORAW16.DLL
C:\WINDOWS\system\DORAW16.DLL
C:\WINDOWS\system\DORAW16.DLL
C:\WINDOWS\system\DORAW16.DLL
C:\WINDOWS\system\DSDRG16F.DLL
C:\WINDOWS\system\DSDRG16F.DLL
C:\WINDOWS\system\DSDRG16F.DLL
C:\WINDOWS\system\DSDRG16F.DLL
C:\WINDOWS\system\dynet.dll
C:\WINDOWS\system\dynet.dll
C:\WINDOWS\system\dynet.dll
C:\WINDOWS\system\dynet.dll
C:\WINDOWS\system\EGSN.DLL
C:\WINDOWS\system\EGSN.DLL
C:\WINDOWS\system\EGSN.DLL
C:\WINDOWS\system\EGSN.DLL
C:\WINDOWS\system\eienu.dll
C:\WINDOWS\system\eienu.dll
C:\WINDOWS\system\eienu.dll
C:\WINDOWS\system\eienu.dll
C:\WINDOWS\system\eyenu.dll
C:\WINDOWS\system\eyenu.dll
C:\WINDOWS\system\eyenu.dll
C:\WINDOWS\system\eyenu.dll
C:\WINDOWS\system\IC32_32.DLL
C:\WINDOWS\system\IC32_32.DLL
C:\WINDOWS\system\IC32_32.DLL
C:\WINDOWS\system\IC32_32.DLL
C:\WINDOWS\system\icctl.dll
C:\WINDOWS\system\icctl.dll
C:\WINDOWS\system\icctl.dll
C:\WINDOWS\system\icctl.dll
C:\WINDOWS\system\idetcfg.dll
C:\WINDOWS\system\idetcfg.dll
C:\WINDOWS\system\idetcfg.dll
C:\WINDOWS\system\idetcfg.dll
C:\WINDOWS\system\IDSENG.DLL
C:\WINDOWS\system\IDSENG.DLL
C:\WINDOWS\system\IDSENG.DLL
C:\WINDOWS\system\IDSENG.DLL
C:\WINDOWS\system\IEETWH16.DLL
C:\WINDOWS\system\IEETWH16.DLL
C:\WINDOWS\system\IEETWH16.DLL
C:\WINDOWS\system\IEETWH16.DLL
C:\WINDOWS\system\IISENG.DLL
C:\WINDOWS\system\IISENG.DLL
C:\WINDOWS\system\IISENG.DLL
C:\WINDOWS\system\IISENG.DLL
C:\WINDOWS\system\ij6am.dll
C:\WINDOWS\system\ij6am.dll
C:\WINDOWS\system\ij6am.dll
C:\WINDOWS\system\ij6am.dll
C:\WINDOWS\system\IKMUPG.DLL
C:\WINDOWS\system\IKMUPG.DLL
C:\WINDOWS\system\IKMUPG.DLL
C:\WINDOWS\system\IKMUPG.DLL
C:\WINDOWS\system\in6am.dll
C:\WINDOWS\system\in6am.dll
C:\WINDOWS\system\in6am.dll
C:\WINDOWS\system\in6am.dll
C:\WINDOWS\system\iwctl.dll
C:\WINDOWS\system\iwctl.dll
C:\WINDOWS\system\iwctl.dll
C:\WINDOWS\system\iwctl.dll
C:\WINDOWS\system\ix6am.dll
C:\WINDOWS\system\ix6am.dll
C:\WINDOWS\system\ix6am.dll
C:\WINDOWS\system\ix6am.dll
C:\WINDOWS\system\IYAGEHLP.DLL
C:\WINDOWS\system\IYAGEHLP.DLL
C:\WINDOWS\system\IYAGEHLP.DLL
C:\WINDOWS\system\IYAGEHLP.DLL
C:\WINDOWS\system\jlmd400.dll
C:\WINDOWS\system\jlmd400.dll
C:\WINDOWS\system\jlmd400.dll
C:\WINDOWS\system\jlmd400.dll
C:\WINDOWS\system\ldpsd11n.dll
C:\WINDOWS\system\ldpsd11n.dll
C:\WINDOWS\system\ldpsd11n.dll
C:\WINDOWS\system\ldpsd11n.dll
C:\WINDOWS\system\lixusb32.dll
C:\WINDOWS\system\lixusb32.dll
C:\WINDOWS\system\lixusb32.dll
C:\WINDOWS\system\lixusb32.dll
C:\WINDOWS\system\ltaiinst.dll
C:\WINDOWS\system\ltaiinst.dll
C:\WINDOWS\system\ltaiinst.dll
C:\WINDOWS\system\ltaiinst.dll
C:\WINDOWS\system\lvpsd11n.dll
C:\WINDOWS\system\lvpsd11n.dll
C:\WINDOWS\system\lvpsd11n.dll
C:\WINDOWS\system\lvpsd11n.dll
C:\WINDOWS\system\mcndex.dll
C:\WINDOWS\system\mcndex.dll
C:\WINDOWS\system\mcndex.dll
C:\WINDOWS\system\mcndex.dll
C:\WINDOWS\system\MHAXDD32.DLL
C:\WINDOWS\system\MHAXDD32.DLL
C:\WINDOWS\system\MHAXDD32.DLL
C:\WINDOWS\system\MHAXDD32.DLL
C:\WINDOWS\system\mhwebdvd.dll
C:\WINDOWS\system\mhwebdvd.dll
C:\WINDOWS\system\mhwebdvd.dll
C:\WINDOWS\system\mhwebdvd.dll
C:\WINDOWS\system\MIDMO.DLL
C:\WINDOWS\system\MIDMO.DLL
C:\WINDOWS\system\MIDMO.DLL
C:\WINDOWS\system\MIDMO.DLL
C:\WINDOWS\system\MKCD30.DLL
C:\WINDOWS\system\MKCD30.DLL
C:\WINDOWS\system\MKCD30.DLL
C:\WINDOWS\system\MKCD30.DLL
C:\WINDOWS\system\MKRSERV.DLL
C:\WINDOWS\system\MKRSERV.DLL
C:\WINDOWS\system\MKRSERV.DLL
C:\WINDOWS\system\MKRSERV.DLL
C:\WINDOWS\system\mmpst32.dll
C:\WINDOWS\system\mmpst32.dll
C:\WINDOWS\system\mmpst32.dll
C:\WINDOWS\system\mmpst32.dll
C:\WINDOWS\system\MTCUIW32.DLL
C:\WINDOWS\system\MTCUIW32.DLL
C:\WINDOWS\system\MTCUIW32.DLL
C:\WINDOWS\system\MTCUIW32.DLL
C:\WINDOWS\system\MXRCLR40.DLL
C:\WINDOWS\system\MXRCLR40.DLL
C:\WINDOWS\system\MXRCLR40.DLL
C:\WINDOWS\system\MXRCLR40.DLL
C:\WINDOWS\system\MXWLTRES.DLL
C:\WINDOWS\system\MXWLTRES.DLL
C:\WINDOWS\system\MXWLTRES.DLL
C:\WINDOWS\system\MXWLTRES.DLL
C:\WINDOWS\system\MZC30.DLL
C:\WINDOWS\system\MZC30.DLL
C:\WINDOWS\system\MZC30.DLL
C:\WINDOWS\system\MZC30.DLL
C:\WINDOWS\system\mzc70.dll
C:\WINDOWS\system\mzc70.dll
C:\WINDOWS\system\mzc70.dll
C:\WINDOWS\system\mzc70.dll
C:\WINDOWS\system\PLGRAP32.DLL
C:\WINDOWS\system\PLGRAP32.DLL
C:\WINDOWS\system\PLGRAP32.DLL
C:\WINDOWS\system\PLGRAP32.DLL
C:\WINDOWS\system\PMXPCZ.DLL
C:\WINDOWS\system\PMXPCZ.DLL
C:\WINDOWS\system\PMXPCZ.DLL
C:\WINDOWS\system\PMXPCZ.DLL
C:\WINDOWS\system\psdlib32.dll
C:\WINDOWS\system\psdlib32.dll
C:\WINDOWS\system\psdlib32.dll
C:\WINDOWS\system\psdlib32.dll
C:\WINDOWS\system\PSGRAP32.DLL
C:\WINDOWS\system\PSGRAP32.DLL
C:\WINDOWS\system\PSGRAP32.DLL
C:\WINDOWS\system\PSGRAP32.DLL
C:\WINDOWS\system\PTBASE.DLL
C:\WINDOWS\system\PTBASE.DLL
C:\WINDOWS\system\PTBASE.DLL
C:\WINDOWS\system\PTBASE.DLL
C:\WINDOWS\system\RIAUI.DLL
C:\WINDOWS\system\RIAUI.DLL
C:\WINDOWS\system\RIAUI.DLL
C:\WINDOWS\system\RIAUI.DLL
C:\WINDOWS\system\RJCNS4.DLL
C:\WINDOWS\system\RJCNS4.DLL
C:\WINDOWS\system\RJCNS4.DLL
C:\WINDOWS\system\RJCNS4.DLL
C:\WINDOWS\system\RKASETUP.DLL
C:\WINDOWS\system\RKASETUP.DLL
C:\WINDOWS\system\RKASETUP.DLL
C:\WINDOWS\system\RKASETUP.DLL
C:\WINDOWS\system\RVR20.DLL
C:\WINDOWS\system\RVR20.DLL
C:\WINDOWS\system\RVR20.DLL
C:\WINDOWS\system\RVR20.DLL
C:\WINDOWS\system\sdnscfg.dll
C:\WINDOWS\system\sdnscfg.dll
C:\WINDOWS\system\sdnscfg.dll
C:\WINDOWS\system\sdnscfg.dll
C:\WINDOWS\system\SDP32.DLL
C:\WINDOWS\system\SDP32.DLL
C:\WINDOWS\system\SDP32.DLL
C:\WINDOWS\system\SDP32.DLL
C:\WINDOWS\system\sgbapi.dll
C:\WINDOWS\system\sgbapi.dll
C:\WINDOWS\system\sgbapi.dll
C:\WINDOWS\system\sgbapi.dll
C:\WINDOWS\system\SGD401LC.DLL
C:\WINDOWS\system\SGD401LC.DLL
C:\WINDOWS\system\SGD401LC.DLL
C:\WINDOWS\system\SGD401LC.DLL
C:\WINDOWS\system\SOANCTRL.DLL
C:\WINDOWS\system\SOANCTRL.DLL
C:\WINDOWS\system\SOANCTRL.DLL
C:\WINDOWS\system\SOANCTRL.DLL
C:\WINDOWS\system\THAIN_32.DLL
C:\WINDOWS\system\THAIN_32.DLL
C:\WINDOWS\system\THAIN_32.DLL
C:\WINDOWS\system\THAIN_32.DLL
C:\WINDOWS\system\VFODCTL.DLL
C:\WINDOWS\system\VFODCTL.DLL
C:\WINDOWS\system\VFODCTL.DLL
C:\WINDOWS\system\VFODCTL.DLL
C:\WINDOWS\system\Vio532ut.dll
C:\WINDOWS\system\Vio532ut.dll
C:\WINDOWS\system\Vio532ut.dll
C:\WINDOWS\system\Vio532ut.dll
C:\WINDOWS\system\Vro532vw.dll
C:\WINDOWS\system\Vro532vw.dll
C:\WINDOWS\system\Vro532vw.dll
C:\WINDOWS\system\Vro532vw.dll
C:\WINDOWS\system\VWAME.DLL
C:\WINDOWS\system\VWAME.DLL
C:\WINDOWS\system\VWAME.DLL
C:\WINDOWS\system\VWAME.DLL
C:\WINDOWS\system\wcdmlog.dll
C:\WINDOWS\system\wcdmlog.dll
C:\WINDOWS\system\wcdmlog.dll
C:\WINDOWS\system\wcdmlog.dll
C:\WINDOWS\system\WJBVW.DLL
C:\WINDOWS\system\WJBVW.DLL
C:\WINDOWS\system\WJBVW.DLL
C:\WINDOWS\system\WJBVW.DLL
C:\WINDOWS\system\WJNALIGN.DLL
C:\WINDOWS\system\WJNALIGN.DLL
C:\WINDOWS\system\WJNALIGN.DLL
C:\WINDOWS\system\WJNALIGN.DLL
C:\WINDOWS\system\WLI.DLL
C:\WINDOWS\system\WLI.DLL
C:\WINDOWS\system\WLI.DLL
C:\WINDOWS\system\WLI.DLL
C:\WINDOWS\system\wxdmlog.dll
C:\WINDOWS\system\wxdmlog.dll
C:\WINDOWS\system\wxdmlog.dll
C:\WINDOWS\system\wxdmlog.dll
C:\WINDOWS\system\WXVDMOE.DLL
C:\WINDOWS\system\WXVDMOE.DLL
C:\WINDOWS\system\WXVDMOE.DLL
C:\WINDOWS\system\WXVDMOE.DLL
C:\WINDOWS\system\XRNROLL.DLL
C:\WINDOWS\system\XRNROLL.DLL
C:\WINDOWS\system\XRNROLL.DLL
C:\WINDOWS\system\XRNROLL.DLL

************

Registry entries found:

[HKEY_CLASSES_ROOT\CLSID\{623F58C0-E9A3-11D9-AFCB-00045A8C6207}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\DSDRG16F.DLL"
[HKEY_CLASSES_ROOT\CLSID\{623F58C0-E9A3-11D9-AFCB-00045A8C6207}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\DSDRG16F.DLL"
[HKEY_CLASSES_ROOT\CLSID\{623F58C0-E9A3-11D9-AFCB-00045A8C6207}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\DSDRG16F.DLL"
[HKEY_CLASSES_ROOT\CLSID\{623F58C0-E9A3-11D9-AFCB-00045A8C6207}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\DSDRG16F.DLL"

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{66527A50-ABB1-F4EE-C114-790D3D7FE9B7}"=""


************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!
  • 0

#12
Justin
Posted 28 August 2005 - 04:03 PM

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Perfect, That will everything that it was supposed to kill.

Lets clean up the rest of the baddies that PandaScan found.

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\SYSTEM\IJ6AM.DLL
C:\WINDOWS\SYSTEM\DSDRG16F.DLL
C:\WINDOWS\SYSTEM\SHAgentNew.dll
C:\WINDOWS\SYSTEM\Popular Screensavers.scr
C:\WINDOWS\SYSTEM\winupdt.bin
C:\WINDOWS\DOWNLOADED PROGRAM FILES\dm.inf
C:\WINDOWS\SYSTEM\CACHE\mswinstall.exe
C:\ezStub.exe
C:\WINDOWS\msbbi.exe
C:\WINDOWS\cfgmgr52.ini
C:\PROGRAM FILES\QuickSearch
C:\WINDOWS\Downloaded Program Files\dm.inf
C:\WINDOWS\Downloaded Program Files\RegDload.dll
C:\WINDOWS\Helper101.dll
C:\WINDOWS\kirnqtey.exe
C:\WINDOWS\cfgmgr52.dll 
C:\Program Files\ThemesUnlimited\frog-55516.zip\TBEZA127Q.exe
C:\Program Files\ThemesUnlimited\frog-55516.zip\NNEZTA388.exe
C:\Program Files\Support.com\backup\ne\newdotnet6_30.dll\229376_568966ed3_[newdotnet6_30.dll]
C:\Program Files\Support.com\backup\ne\newdotnet6_38.dll\229376_51a9f736b_[newdotnet6_38.dll]
C:\ezStub.exe
C:\MTE2NzY6ODoxNg.exe
6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

Please run Notepad and paste the following text into a new file:(starting with REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\SGRUNT.BIZ]

[-HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\ARCHIVIOSEX.NET]


Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Then post a new HiJackThis log and let me know how thigns are running :tazz:
  • 0

#13
MelindaG
Posted 28 August 2005 - 04:51 PM

MelindaG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok...here is the latest HiJack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 6:51:48 PM, on 8/28/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS-1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O12 - Plugin for .qt: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: www.geekstogo.com
O15 - Trusted Zone: www.housecall.trendmicro.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
  • 0

#14
Justin
Posted 28 August 2005 - 08:40 PM

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

How is your computer running?
  • 0

#15
MelindaG
Posted 29 August 2005 - 01:34 PM

MelindaG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi!
My computer seems to be running better so far!

Thanks so much!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP