Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win98 Muchos Problemos [RESOLVED]


  • This topic is locked This topic is locked

#1
geodava

geodava

    Member

  • Member
  • PipPip
  • 49 posts
Hello All,

I have been having many problems with my PC lately. I am using Win98 and have had a lot of popups and messages asking me if I want to download stuff even when I am not online. I have used Adaware, Spybot, and am using a trial of Kasperskey Antivirus .... after running all I still get the AUNPS2.DLL and WUAUCLT.DLL error messages on startup and if I hit CTRL-ALT-DEL to bring up the program manager I usually see like 7-15 "Iexplore"s running.

Please help me with any advice ... I understand if it will take a while. I do have HiJack this if you want a log, but I will wait in case there are specific instructions you would recommend first.

Thank you.

GDA
  • 0

Advertisements


#2
geodava

geodava

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Please someone help me with this ........... ANYTHING!
  • 0

#3
geodava

geodava

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Logfile of HijackThis v1.99.1
Scan saved at 4:43:02 PM, on 9/24/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAV.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\0h9nhowi.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\0h9nhowi.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [newexp] C:\WINDOWS\SYSTEM\newexp
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\WUAUCLT.DLL,SHStart
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [kavsvc] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"
O4 - HKCU\..\Run: [Skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: Dell Home - {66742CE0-4F3F-11D3-A2FD-E07146C1C6A0} - http://www.dell.com/ (file missing) (HKCU)
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
O12 - Plugin for .com/ovftpdfs/IDNJHKPFHBBGAK00D/fs013/ovft/live/gv003/00022707/00022707-200207000-00006: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppdf32.dll
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} - http://client2.tvton...6/TVTStage1.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.thinaboom...ts/tdserver.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
  • 0

#4
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi geodava

Please download QooFix9x and save it to your desktop. Do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click QooFix9x.exe and unzip it to the desktop. Open the QooFix9x folder on your desktop and run RunThis.bat. If you get a warning about running MS-DOS programs in Safe Mode, please just click OK to continue. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the QooFix9x folder.
  • 0

#5
geodava

geodava

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
**Here is the HiJackThis! LogFile:

Logfile of HijackThis v1.99.1
Scan saved at 10:34:37 AM, on 10/4/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\0h9nhowi.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\0h9nhowi.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [newexp] C:\WINDOWS\SYSTEM\newexp
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: Dell Home - {66742CE0-4F3F-11D3-A2FD-E07146C1C6A0} - http://www.dell.com/ (file missing) (HKCU)
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
O12 - Plugin for .com/ovftpdfs/IDNJHKPFHBBGAK00D/fs013/ovft/live/gv003/00022707/00022707-200207000-00006: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppdf32.dll
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} - http://client2.tvton...6/TVTStage1.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.thinaboom...ts/tdserver.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

**Here is the QFix logfile:

Log of QooFix9x v1

************

Running from directory:
C:\WINDOWS\Desktop\QooFix9x

************

Files found:

c:\windows\pysoft_uninstaller.exe
c:\windows\ungins.exe
c:\windows\unwash.exe

************

Deleting files:

Deletion of c:\windows\pysoft_uninstaller.exe succeeded!
Deletion of c:\windows\ungins.exe succeeded!
Deletion of c:\windows\unwash.exe succeeded!

************

Removing registry entries:

Done!
Backing up files:

Done!

Finished!
  • 0

#6
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi geodava

Open HijackThis and click Scan. Put a check next to these:

O4 - HKLM\..\Run: [newexp] C:\WINDOWS\SYSTEM\newexp
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16


Close all other windows except HijackThis and click Fix Checked.

Then delete these files if found:

C:\WINDOWS\SYSTEM\newexp
C:\WINDOWS\SYSTEM\AUNPS2.DLL

After that, reboot. Go here to make an online scan:

http://www.pandasoft.../activescan.htm

Let it remove if it finds anything and save the results.

Then post a new HijackThis log along with the Activescan results. I take the error messages should be gone now..are you getting any popups? How is the computer running?
  • 0

#7
geodava

geodava

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Here goes .... thanks for your help so far.


** The Activescan file:


Incident Status Location

Adware:adware/iedriver No disinfected C:\WINDOWS\SYSTEM\Searchx.htm
Adware:adware/wupd No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\MediaPassX.dll
Dialer:dialer generic No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\sex.exe
Adware:adware/adurl No disinfected C:\WINDOWS\icont.exe
Adware:adware/effectivebrandtoolbarNo disinfected C:\WINDOWS\games.exe
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Spyware:spyware/betterinet No disinfected C:\WINDOWS\thin-143-1-x-x.exe
Adware:adware/sahagent No disinfected C:\WINDOWS\unstall.exe
Adware:adware/savenow No disinfected C:\WINDOWS\ALL USERS\APPLICATION DATA\nsv
Adware:adware/delfinmedia No disinfected C:\WINDOWS\ALL USERS\APPLICATION DATA\picsvr
Spyware:spyware/searchcentrix No disinfected Windows Registry
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MYWSTR10.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MBAFD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\TQD32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DQ16GT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\jcproxy.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MLXML3.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MHVCRT40.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DVDRM32F.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OVFOX32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RZCLTC6.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WBW32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MZOERT2.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ULBUI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IJSCLASS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SZNCUI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\szbapi.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MMNET32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OPETHK32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SRMSETUP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ATCWIZ.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WCW32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MMVCP60.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MRVIDC32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PFPD32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EWABLE3.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\plcrt.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\VV4EN16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SPLFREG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MYDADC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CTWMDM.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\FLWPP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\GRDEF.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UCBUI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WJW32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\KLUSER.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\EDEXCH32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\xi_x263dec.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SUI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WCWIZDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\HTDCI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wwidx.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DATMSFT3.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NPPP32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mopatcha.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DKDRM8F.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wuasf.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WJBVW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\vwinit.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UpdInst.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\GNPI32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ORESVR32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MFRD2X40.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NOSWAN32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DRDRG8F.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MJVBVM50.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DDDRM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DETACLEN.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PNPD32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MPNET32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ANVPACK.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\rdaenh.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ST2EVNT1.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WMLP32T.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SVRMDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\KGUSER.DLL
Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\SYSTEM\IEHost30.exe
Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\SYSTEM\IEDll300.dll
Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\SYSTEM\uninstal.exe
Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\SYSTEM\pinstaller.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\pwcn20.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\VGHELPER.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WZBVW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\vmregexp.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PRBOLE32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\vemonapi.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OVESVR.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MZPWL32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WIICORE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\akferror.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\iyircl.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MUANG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\HSDCI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LZOUSE16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MRPBDE40.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ETABLE3.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mpexch35.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DJNIM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MAPWL32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MCVBVM50.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WALP32T.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\GSDEF.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DEDRM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SRCUR32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WYLP32T.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WHN32S16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MKPDOX35.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MLAFD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\VFR.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\TXPI32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DW3J.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\zxcommdb.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WACTHUNK.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CNRVIDDC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DSNMPNTW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MWRSERV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DWDRG24F.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PTSTWPP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Sdace.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OKCOM400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DSAO35.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WAPDINFO.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\TZD32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\TOAPI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WTLP32T.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WLN32S16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IJGCMN.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WELDLB32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\FSPWPP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RAAUI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\GEHAND.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\llavi11n.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ODTLACCT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WJNNET16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WPNALIGN.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UBDMXFRM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DXSPDIB.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\hbsetup.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SNLFREG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\iawphbk.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OFE32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DBNDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NVDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\dgnhupnp.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\BJTMETER.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DWTACLEN.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DvvX.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SRLSTR.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mbscp.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DDWSOCKX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WXHEXT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\wwvdmoe2.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JLVAPRXY.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IQCFGDLL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DNGEST.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RRCRT4.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RFCLTSPX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mtg4dmod.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\VGB32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DJDRM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mfyuv.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\GWDEF.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MRSIGN32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\PUWEROLD.DLL
Adware:Adware/Coupons No disinfected C:\WINDOWS\Desktop\HJT\Quarant\backups\backup-20050223-123025-699.dll
Dialer:Dialer.BSV No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\all.exe
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\MediaTicketsInstaller.INF
Adware:Adware/WinAD No disinfected C:\WINDOWS\Downloaded Program Files\MediaPassX.dll
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\MediaTicketsInstaller.INF
Dialer:Dialer.BPL No disinfected C:\WINDOWS\Downloaded Program Files\ParisVoyeur.exe
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1015.dll
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\MediaTicketsInstaller.INF
Dialer:Dialer.BSV No disinfected C:\WINDOWS\Downloaded Program Files\sex.exe
Dialer:Dialer.BSV No disinfected C:\WINDOWS\Downloaded Program Files\all.exe
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\bgwmnupa.exe
Adware:Adware/Ucmore No disinfected C:\WINDOWS\games.exe[IUCMORE.DLL]
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\thin-143-1-x-x.exe
Dialer:Dialer.DF No disinfected C:\!Submit\ia.dll
Adware:Adware/Look2Me No disinfected C:\!Submit\RXAUI.DLL
Virus:Exploit/iFrame Disinfected Local Folders\Inbox\(no subject)[~0000001.~]
Virus:Exploit/iFrame Disinfected Local Folders\Inbox\du[~0000001.~]
Virus:W97M/Marker.{O,AK} Disinfected Local Folders\Journal\C:\WINDOWS\Desktop\Medical School Application Materials\UMinn_Supp.doc[UMINN_~1.DOC]

**here is the HJT file:
Logfile of HijackThis v1.99.1
Scan saved at 3:08:56 PM, on 10/5/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\0h9nhowi.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\0h9nhowi.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..

Edited by geodava, 05 October 2005 - 01:13 PM.

  • 0

#8
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi geodava

That HijackThis log wasn't complete, please make sure you post a new whole log in your next reply.

Please download L2m9xfix here:
http://swandog46.gee...om/l2m9xfix.exe

Save it to the desktop and run it. Extract the files, and then open the l2m9xfix folder you just created and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.
  • 0

#9
geodava

geodava

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
OK, I think my message was too long for one post before- so here is the swandog log in this post and I will follow it with the HJT log.

----

Log of L2M9XFix v1.01a

************

Running from directory:
C:\WINDOWS\Desktop\l2m9xfix

************

Files found:

C:\WINDOWS\system\akferror.dll
C:\WINDOWS\system\ANVPACK.DLL
C:\WINDOWS\system\ATCWIZ.DLL
C:\WINDOWS\system\BJTMETER.DLL
C:\WINDOWS\system\CNRVIDDC.DLL
C:\WINDOWS\system\CTWMDM.dll
C:\WINDOWS\system\DATMSFT3.DLL
C:\WINDOWS\system\DBNDI.DLL
C:\WINDOWS\system\DDDRM.DLL
C:\WINDOWS\system\DDWSOCKX.DLL
C:\WINDOWS\system\DEDRM.DLL
C:\WINDOWS\system\DETACLEN.DLL
C:\WINDOWS\system\dgnhupnp.dll
C:\WINDOWS\system\DJDRM.DLL
C:\WINDOWS\system\DJNIM.DLL
C:\WINDOWS\system\DKDRM8F.DLL
C:\WINDOWS\system\DNGEST.DLL
C:\WINDOWS\system\DQ16GT.DLL
C:\WINDOWS\system\DRDRG8F.DLL
C:\WINDOWS\system\DSAO35.DLL
C:\WINDOWS\system\DSNMPNTW.DLL
C:\WINDOWS\system\DVDRM32F.DLL
C:\WINDOWS\system\DvvX.dll
C:\WINDOWS\system\DW3J.DLL
C:\WINDOWS\system\DWDRG24F.DLL
C:\WINDOWS\system\DWTACLEN.DLL
C:\WINDOWS\system\DXSPDIB.DLL
C:\WINDOWS\system\EDEXCH32.DLL
C:\WINDOWS\system\ETABLE3.DLL
C:\WINDOWS\system\EWABLE3.DLL
C:\WINDOWS\system\FLWPP.DLL
C:\WINDOWS\system\FSPWPP.DLL
C:\WINDOWS\system\GEHAND.DLL
C:\WINDOWS\system\GNPI32.DLL
C:\WINDOWS\system\GRDEF.DLL
C:\WINDOWS\system\GSDEF.DLL
C:\WINDOWS\system\GWDEF.DLL
C:\WINDOWS\system\hbsetup.dll
C:\WINDOWS\system\HSDCI.DLL
C:\WINDOWS\system\HTDCI.DLL
C:\WINDOWS\system\iawphbk.dll
C:\WINDOWS\system\IJGCMN.DLL
C:\WINDOWS\system\IJSCLASS.DLL
C:\WINDOWS\system\IQCFGDLL.DLL
C:\WINDOWS\system\iyircl.dll
C:\WINDOWS\system\jcproxy.dll
C:\WINDOWS\system\JLVAPRXY.DLL
C:\WINDOWS\system\KGUSER.DLL
C:\WINDOWS\system\KLUSER.DLL
C:\WINDOWS\system\llavi11n.dll
C:\WINDOWS\system\LZOUSE16.DLL
C:\WINDOWS\system\MAPWL32.DLL
C:\WINDOWS\system\MBAFD.DLL
C:\WINDOWS\system\mbscp.dll
C:\WINDOWS\system\MCVBVM50.DLL
C:\WINDOWS\system\MFRD2X40.DLL
C:\WINDOWS\system\mfyuv.dll
C:\WINDOWS\system\MHVCRT40.DLL
C:\WINDOWS\system\MJVBVM50.DLL
C:\WINDOWS\system\MKPDOX35.DLL
C:\WINDOWS\system\MLAFD.DLL
C:\WINDOWS\system\MLXML3.DLL
C:\WINDOWS\system\MMNET32.DLL
C:\WINDOWS\system\MMVCP60.DLL
C:\WINDOWS\system\mopatcha.dll
C:\WINDOWS\system\mpexch35.dll
C:\WINDOWS\system\MPNET32.DLL
C:\WINDOWS\system\MRPBDE40.DLL
C:\WINDOWS\system\MRSIGN32.DLL
C:\WINDOWS\system\MRVIDC32.DLL
C:\WINDOWS\system\mtg4dmod.dll
C:\WINDOWS\system\MUANG.DLL
C:\WINDOWS\system\MWRSERV.DLL
C:\WINDOWS\system\MYDADC.DLL
C:\WINDOWS\system\MYWSTR10.DLL
C:\WINDOWS\system\MZOERT2.DLL
C:\WINDOWS\system\MZPWL32.DLL
C:\WINDOWS\system\NOSWAN32.DLL
C:\WINDOWS\system\NPPP32.DLL
C:\WINDOWS\system\NVDLL.DLL
C:\WINDOWS\system\ODTLACCT.DLL
C:\WINDOWS\system\OFE32.DLL
C:\WINDOWS\system\OKCOM400.DLL
C:\WINDOWS\system\OPETHK32.DLL
C:\WINDOWS\system\ORESVR32.DLL
C:\WINDOWS\system\OVESVR.DLL
C:\WINDOWS\system\OVFOX32.DLL
C:\WINDOWS\system\PFPD32.DLL
C:\WINDOWS\system\plcrt.dll
C:\WINDOWS\system\PNPD32.DLL
C:\WINDOWS\system\PRBOLE32.DLL
C:\WINDOWS\system\PTSTWPP.DLL
C:\WINDOWS\system\PUWEROLD.DLL
C:\WINDOWS\system\pwcn20.dll
C:\WINDOWS\system\RAAUI.DLL
C:\WINDOWS\system\rdaenh.dll
C:\WINDOWS\system\RFCLTSPX.DLL
C:\WINDOWS\system\RRCRT4.DLL
C:\WINDOWS\system\RZCLTC6.DLL
C:\WINDOWS\system\Sdace.dll
C:\WINDOWS\system\SNLFREG.DLL
C:\WINDOWS\system\SPLFREG.DLL
C:\WINDOWS\system\SRCUR32.DLL
C:\WINDOWS\system\SRLSTR.DLL
C:\WINDOWS\system\SRMSETUP.DLL
C:\WINDOWS\system\ST2EVNT1.DLL
C:\WINDOWS\system\SUI.DLL
C:\WINDOWS\system\SVRMDLL.DLL
C:\WINDOWS\system\szbapi.dll
C:\WINDOWS\system\SZNCUI.DLL
C:\WINDOWS\system\TOAPI.DLL
C:\WINDOWS\system\TQD32.DLL
C:\WINDOWS\system\TXPI32.DLL
C:\WINDOWS\system\TZD32.DLL
C:\WINDOWS\system\UBDMXFRM.DLL
C:\WINDOWS\system\UCBUI.DLL
C:\WINDOWS\system\ULBUI.DLL
C:\WINDOWS\system\vemonapi.dll
C:\WINDOWS\system\VFR.DLL
C:\WINDOWS\system\VGB32.DLL
C:\WINDOWS\system\VGHELPER.DLL
C:\WINDOWS\system\vmregexp.dll
C:\WINDOWS\system\VV4EN16.DLL
C:\WINDOWS\system\vwinit.dll
C:\WINDOWS\system\WACTHUNK.DLL
C:\WINDOWS\system\WALP32T.DLL
C:\WINDOWS\system\WAPDINFO.DLL
C:\WINDOWS\system\WBW32.DLL
C:\WINDOWS\system\WCW32.DLL
C:\WINDOWS\system\WCWIZDLL.DLL
C:\WINDOWS\system\WELDLB32.DLL
C:\WINDOWS\system\WHN32S16.DLL
C:\WINDOWS\system\WIICORE.DLL
C:\WINDOWS\system\WJBVW.DLL
C:\WINDOWS\system\WJNNET16.DLL
C:\WINDOWS\system\WJW32.DLL
C:\WINDOWS\system\WLN32S16.DLL
C:\WINDOWS\system\WMLP32T.DLL
C:\WINDOWS\system\WPNALIGN.DLL
C:\WINDOWS\system\WTLP32T.DLL
C:\WINDOWS\system\wuasf.dll
C:\WINDOWS\system\wwidx.dll
C:\WINDOWS\system\wwvdmoe2.dll
C:\WINDOWS\system\WXHEXT.DLL
C:\WINDOWS\system\WYLP32T.DLL
C:\WINDOWS\system\WZBVW.DLL
C:\WINDOWS\system\xi_x263dec.dll
C:\WINDOWS\system\zxcommdb.dll

************

Registry entries found:

[HKEY_CLASSES_ROOT\CLSID\{38F15000-0E8C-11DA-A337-00045A8DBF9F}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\PFPD32.DLL"

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{36C50963-120E-7DAF-B075-E13DB202738D}"=""


************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!
  • 0

#10
geodava

geodava

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Now here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:19:26 PM, on 10/6/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\0h9nhowi.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\0h9nhowi.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: Dell Home - {66742CE0-4F3F-11D3-A2FD-E07146C1C6A0} - http://www.dell.com/ (file missing) (HKCU)
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
O12 - Plugin for .com/ovftpdfs/IDNJHKPFHBBGAK00D/fs013/ovft/live/gv003/00022707/00022707-200207000-00006: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppdf32.dll
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: bumc.bu.edu
O15 - Trusted Zone: *.bu.edu
O15 - Trusted Zone: *.bmc.org
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} - http://client2.tvton...6/TVTStage1.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.thinaboom...ts/tdserver.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
  • 0

#11
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi geodava

Hopefully look2me is gone. Now let's take care of the other files Panda found.

Please first save these directions to the desktop as a text file, because you will need to copy and paste part of them later, once we are in Safe Mode.

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\SYSTEM\Searchx.htm
C:\WINDOWS\DOWNLOADED PROGRAM FILES\MediaPassX.dll
C:\WINDOWS\DOWNLOADED PROGRAM FILES\sex.exe
C:\WINDOWS\icont.exe
C:\WINDOWS\games.exe
C:\WINDOWS\cfgmgr52.ini
C:\WINDOWS\thin-143-1-x-x.exe
C:\WINDOWS\unstall.exe
C:\WINDOWS\SYSTEM\IEHost30.exe
C:\WINDOWS\SYSTEM\IEDll300.dll
C:\WINDOWS\SYSTEM\uninstal.exe
C:\WINDOWS\SYSTEM\pinstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\all.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\MediaTicketsInstaller.INF
C:\WINDOWS\Downloaded Program Files\MediaPassX.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\MediaTicketsInstaller.INF
C:\WINDOWS\Downloaded Program Files\ParisVoyeur.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1015.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\MediaTicketsInstaller.INF
C:\WINDOWS\Downloaded Program Files\all.exe
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll
C:\WINDOWS\bgwmnupa.exe

6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click Yes at the Do You Want To Reboot Now prompt.

8) Reboot back to safe mode.

9) Open Killbox once again. Select Delete on Reboot. Copy and paste the filepath below into the Full Path of File to delete box.

C:\WINDOWS\ALL USERS\APPLICATION DATA\nsv

10) Put a check to the Deltree box.

11) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click NO at the Do You Want To Reboot Now prompt.

12) Copy and paste the filepath below into the Full Path of File to delete box.

C:\WINDOWS\ALL USERS\APPLICATION DATA\picsvr

13) Put a check to the Deltree box.

14)Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click Yes at the Do You Want To Reboot Now prompt.

Reboot back to normal mode. How is the computer running now? Any popups? Any other problems?
  • 0

#12
geodava

geodava

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
OK, things are looking a lot better.... thank you so much for all of your help- my fingers are crossed that my problems are over- but either way things have greatly improved.

Thank you!!!!

-GDA
  • 0

#13
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Please take the following into consideration to maintain a clean computer.

Visit Windows Update regularly to get the latest security updates. Your antivirus software and antispyware programs should also be updated regularly. Make a habit of running scans on a timely basis. Be careful about what you download, scan every file before clicking on it.

Additional programs to consider:

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restricts the actions of potentially unwanted sites in Internet Explorer.
Spywareguard An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
IE/Spyad
Adds a list of malicious sites to your Restricted Sites Zone.
Firefox An alternate browser safer than IE

A good article to read:
So how did I get infected in the first place?

Regards,

Armodeluxe
  • 0

#14
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP