Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

web nexus network pop ups [RESOLVED]


  • This topic is locked This topic is locked

#1
CeePlus

CeePlus

    Member

  • Member
  • PipPip
  • 11 posts
Hey here is my Hijack this log. I want to get rid of the web nexus network popups and doing some research on this board i saw that it would be better to ask you guys rather that clicking on the link that says to unistall. I've gone through the steps you guys have provided and by using the AVG antivirus software was able to remove some trojan virus'. Thanks in advanced.

Logfile of HijackThis v1.99.1
Scan saved at 12:38:49 AM, on 10/11/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTPSPD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKDETECT.EXE
C:\WINDOWS\MCBIN\AV\RT\MGAVRTCL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\D4SSDK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\WT\WCMDMGR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\WINLOG.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AMERICA ONLINE 9.0E\WAOL.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\MCBIN\AV\RT\MGAVRTE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\GEEKSTOGO\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0E\SHELLMON.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://cwshredder.ne...php?target=tmas
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\d4ssdk.exe reg_run
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O4 - HKCU\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRAM FILES\AMERICA ONLINE 9.0E\AOL.EXE" -b
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Startup: cprr.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
  • 0

Advertisements


#2
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi CeePlus, welcome to GeeksToGo

You have a qoologic infection. We'll run a special tool for that.

Please download QooFix9x and save it to your desktop. Do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click QooFix9x.exe and unzip it to the desktop. Open the QooFix9x folder on your desktop and run RunThis.bat. If you get a warning about running MS-DOS programs in Safe Mode, please just click OK to continue. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the QooFix9x folder.
  • 0

#3
CeePlus

CeePlus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hey Armodeluxe,
thanks for the reply and most of all the help. here is the hijackthis log after i did what you told me. thanks again.

Logfile of HijackThis v1.99.1
Scan saved at 8:30:30 PM, on 10/16/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTPSPD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\WINDOWS\MCBIN\AV\RT\MGAVRTCL.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\WT\WCMDMGR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AMERICA ONLINE 9.0E\WAOL.EXE
C:\WINDOWS\MCBIN\AV\RT\MGAVRTE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DESKTOP\GEEKSTOGO\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0E\SHELLMON.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://cwshredder.ne...php?target=tmas
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O4 - HKCU\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRAM FILES\AMERICA ONLINE 9.0E\AOL.EXE" -b
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
  • 0

#4
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Looks clean to me :tazz: Are the popups gone now?

but you didn't post the log.txt, I'd like to see it to make sure it cleaned the infection completely..so please post it, you'll find it in the Qoofix9x folder..

Also let's run an online scan:

Go here to make an online scan:

http://www.pandasoft.../activescan.htm

- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Then post that report and also the log.txt
  • 0

#5
CeePlus

CeePlus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
yeah i'm not getting anymore popups thanks. sorry about the log heres the log for the QooFix9x

Log of QooFix9x v1

************

Running from directory:
C:\WINDOWS\Desktop\QooFix9x

************

Files found:

c:\windows\dkffgdk.dll
c:\windows\koeeb.dll
c:\windows\system\bcbmm.dll
c:\windows\system\borlndmm.dll
c:\windows\system\cc3250mt.dll
c:\windows\system\delphimm.dll
c:\windows\startm~1\programs\startup\cprr.exe
c:\windows\d4ssdk.exe
c:\windows\qrddocr.exe
c:\windows\system\bfc42.dll
c:\windows\system\bfc42d.dll
c:\windows\system\cc3250.dll

************

Deleting files:

Deletion of c:\windows\dkffgdk.dll succeeded!
Deletion of c:\windows\koeeb.dll succeeded!
Deletion of c:\windows\system\bcbmm.dll succeeded!
Deletion of c:\windows\system\borlndmm.dll succeeded!
Deletion of c:\windows\system\cc3250mt.dll succeeded!
Deletion of c:\windows\system\delphimm.dll succeeded!
Deletion of c:\windows\startm~1\programs\startup\cprr.exe succeeded!
Deletion of c:\windows\d4ssdk.exe succeeded!
Deletion of c:\windows\qrddocr.exe succeeded!
Deletion of c:\windows\system\bfc42.dll succeeded!
Deletion of c:\windows\system\bfc42d.dll succeeded!
Deletion of c:\windows\system\cc3250.dll succeeded!

************

Removing registry entries:

Done!
Backing up files:

Done!

Finished!

Here is the ActiveScan Log


Incident Status Location

Adware:Adware/PurityScan No disinfected C:\WINDOWS\TEMP\!update.exe
Spyware:Spyware/ClearSearch No disinfected C:\WINDOWS\SYSTEM\td01.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\muikbdfr.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RHCLTCCM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IIJPEG32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IQSAPI32.DLL
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM\Xcite.dll
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM\tlnkdbd.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM\SHAgentNew.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MJMIXMGR.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RKGWIZC.DLL
Adware:Adware/WindowEnhancer No disinfected C:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM\ezStub3.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DGBENG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WDDBT32I.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MOACM32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CMUSALGO.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IJGUTIL.DLL
Adware:adware/portalscan No disinfected C:\WINDOWS\SYSTEM\winupdt.bin
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Cache\Installer.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DQIMAN.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\awv05w9x.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NHTPLWIZ.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DR3J.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MMSTDFMT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RUSAPI32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CQUSALGO.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ASCODC32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AJIFILE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\TRPI32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WOERRENU.DLL

Adware:Adware/ClkOptimizer No disinfected
C:\WINDOWS\Desktop\QooFix9x\backups\backups.zip[DKFFGDK.DLL]

Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\Desktop\QooFix9x\backups\backups.zip[koeeb.dll]

Adware:Adware/QoolAid No disinfected C:\WINDOWS\Desktop\QooFix9x\backups\backups.zip[cprr.exe]

Adware:Adware/QoolAid No disinfected C:\WINDOWS\Desktop\QooFix9x\backups\backups.zip[d4ssdk.exe]

Adware:Adware/QoolAid No disinfected C:\WINDOWS\Desktop\QooFix9x\backups\backups.zip[qrddocr.exe]

Adware:Adware/WinAD No disinfected
C:\WINDOWS\Temporary Internet Files\Content.IE5\OPQ34HU7\lca[2].chm[bridge-c18.cab]

Adware:Adware/WinAD No disinfected
C:\WINDOWS\Temporary Internet Files\Content.IE5\OPQ34HU7\lca[2].chm[bridge-c18.cab][MediaPassX.dll]

Adware:Adware/PurityScan No disinfected
C:\WINDOWS\Temporary Internet Files\Content.IE5\8LIJC563\!update-2524[1].0000

Adware:Adware/QoolAid No disinfected C:\WINDOWS\ybwwv.dat
Adware:Adware/Favadd No disinfected C:\WINDOWS\cworld.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\MTE2NzY6ODoxNg.exe
Hacktool:HackTool/ProcLog.A No disinfected C:\HP\bin\ProcessLogger.exe
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\WINLOG.0
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\A0019107.CPY
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\A0019110.CPY
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\TEMP\A0019111.CPY
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\TEMP\A0019112.CPY
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\WINLOG.1
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\TEMP\A0019526.CPY
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\TEMP\A0019528.CPY
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\A0019538.CPY
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\A0019540.CPY
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\A0019542.CPY
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\TEMP\A0019559.CPY
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\TEMP\A0019560.CPY
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\A0019565.CPY
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\A0019566.CPY
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\A0019567.CPY
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\A0017334.CPY
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\TEMP\A0017335.CPY
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\TEMP\A0017336.CPY
Virus:Trj/Downloader.CJX Disinfected C:\_RESTORE\TEMP\A0021554.CPY
Virus:Trj/Reboot.F Disinfected C:\_RESTORE\TEMP\A0021561.CPY

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS36.CAB[A0005484.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS36.CAB[A0005486.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS36.CAB[A0005487.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS36.CAB[A0005488.CPY]

Virus:Trj/Downloader.BJG No disinfected
C:\_RESTORE\ARCHIVE\FS36.CAB[A0005520.CPY]

Virus:Trj/Downloader.AYV No disinfected
C:\_RESTORE\ARCHIVE\FS36.CAB[A0005524.CPY]

Spyware:Spyware/SurfSideKick No disinfected
C:\_RESTORE\ARCHIVE\FS36.CAB[A0005526.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS10.CAB[W0001050.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS9.CAB[A0001033.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS9.CAB[A0001034.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS9.CAB[A0001035.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS21.CAB[A0003175.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS21.CAB[A0003176.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS21.CAB[A0003177.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS19.CAB[A0003060.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS19.CAB[A0003061.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS19.CAB[A0003063.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS16.CAB[W0002050.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS6.CAB[W0001005.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS11.CAB[A0001057.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS11.CAB[A0001058.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS11.CAB[A0001059.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS11.CAB[A0001125.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS8.CAB[W0001028.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS1.CAB[A0000010.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS1.CAB[A0000017.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS1.CAB[A0000018.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS1.CAB[A0000019.CPY]

Adware:Adware/PurityScan No disinfected
C:\_RESTORE\ARCHIVE\FS2.CAB[A0000162.CPY]

Adware:Adware/PurityScan No disinfected
C:\_RESTORE\ARCHIVE\FS2.CAB[A0000230.CPY]

Adware:Adware/Midaddle No disinfected
C:\_RESTORE\ARCHIVE\FS2.CAB[A0000231.CPY]

Adware:Adware/KeenValue No disinfected
C:\_RESTORE\ARCHIVE\FS2.CAB[A0000232.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS18.CAB[W0003050.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS38.CAB[A0006481.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS38.CAB[A0006483.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS38.CAB[A0006484.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS38.CAB[A0006485.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS42.CAB[A0006787.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS42.CAB[A0006789.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS42.CAB[A0006790.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS42.CAB[A0006791.CPY]
Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS17.CAB[A0002051.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS17.CAB[A0002060.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS17.CAB[A0002061.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS17.CAB[A0002062.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS20.CAB[W0003177.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS7.CAB[A0001012.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS7.CAB[A0001013.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS7.CAB[A0001014.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS22.CAB[W0004177.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS49.CAB[A0007329.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS49.CAB[A0007331.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS49.CAB[A0007332.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS49.CAB[A0007333.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS104.CAB[A0012877.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS104.CAB[A0012879.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS104.CAB[A0012880.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS104.CAB[A0012881.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS109.CAB[A0013277.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS109.CAB[A0013279.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS109.CAB[A0013280.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS109.CAB[A0013283.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS35.CAB[W0008920.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS37.CAB[W0009920.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS41.CAB[W0010240.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS48.CAB[W0010802.CPY]

Adware:Adware/QoolShown No disinfected
C:\_RESTORE\ARCHIVE\FS55.CAB[A0008003.CPY]

Adware:Adware/Qoologic No disinfected
C:\_RESTORE\ARCHIVE\FS55.CAB[A0008005.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS58.CAB[W0011693.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS143.CAB[A0016523.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS143.CAB[A0016525.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS143.CAB[A0016526.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS143.CAB[A0016527.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS123.CAB[A0014524.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS123.CAB[A0014526.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS123.CAB[A0014527.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS123.CAB[A0014528.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS86.CAB[A0011187.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS86.CAB[A0011189.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS86.CAB[A0011190.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS86.CAB[A0011192.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS85.CAB[W0014693.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS59.CAB[A0008195.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS59.CAB[A0008197.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS59.CAB[A0008198.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS59.CAB[A0008199.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS23.CAB[A0004179.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS23.CAB[A0004180.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS23.CAB[A0004181.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS103.CAB[W0016412.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS108.CAB[W0016824.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS122.CAB[W0018076.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS142.CAB[W0020076.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS151.CAB[W0020891.CPY]

Adware:Adware/PurityScan No disinfected C:\Program Files\uthm\area.exe

Adware:Adware/SAHAgent No disinfected
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\55288301.asw

Adware:Adware/MBKWBar No disinfected C:\Program Files\MBKWBar\MBKWBar.exe
Adware:Adware/MBKWBar No disinfected C:\Program Files\MBKWBar\IEToolBar.dll

Thats the Active scan log I tried to make it as readable as i could. thanks again for the help :tazz:
  • 0

#6
CeePlus

CeePlus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
yeah i'm not getting anymore popups thanks. sorry about the log heres the log for the QooFix9x

Log of QooFix9x v1

************

Running from directory:
C:\WINDOWS\Desktop\QooFix9x

************

Files found:

c:\windows\dkffgdk.dll
c:\windows\koeeb.dll
c:\windows\system\bcbmm.dll
c:\windows\system\borlndmm.dll
c:\windows\system\cc3250mt.dll
c:\windows\system\delphimm.dll
c:\windows\startm~1\programs\startup\cprr.exe
c:\windows\d4ssdk.exe
c:\windows\qrddocr.exe
c:\windows\system\bfc42.dll
c:\windows\system\bfc42d.dll
c:\windows\system\cc3250.dll

************

Deleting files:

Deletion of c:\windows\dkffgdk.dll succeeded!
Deletion of c:\windows\koeeb.dll succeeded!
Deletion of c:\windows\system\bcbmm.dll succeeded!
Deletion of c:\windows\system\borlndmm.dll succeeded!
Deletion of c:\windows\system\cc3250mt.dll succeeded!
Deletion of c:\windows\system\delphimm.dll succeeded!
Deletion of c:\windows\startm~1\programs\startup\cprr.exe succeeded!
Deletion of c:\windows\d4ssdk.exe succeeded!
Deletion of c:\windows\qrddocr.exe succeeded!
Deletion of c:\windows\system\bfc42.dll succeeded!
Deletion of c:\windows\system\bfc42d.dll succeeded!
Deletion of c:\windows\system\cc3250.dll succeeded!

************

Removing registry entries:

Done!
Backing up files:

Done!

Finished!

Here is the ActiveScan Log


Incident Status Location

Adware:Adware/PurityScan No disinfected C:\WINDOWS\TEMP\!update.exe
Spyware:Spyware/ClearSearch No disinfected C:\WINDOWS\SYSTEM\td01.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\muikbdfr.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RHCLTCCM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IIJPEG32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IQSAPI32.DLL
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM\Xcite.dll
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM\tlnkdbd.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM\SHAgentNew.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MJMIXMGR.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RKGWIZC.DLL
Adware:Adware/WindowEnhancer No disinfected C:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM\ezStub3.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DGBENG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WDDBT32I.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MOACM32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CMUSALGO.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IJGUTIL.DLL
Adware:adware/portalscan No disinfected C:\WINDOWS\SYSTEM\winupdt.bin
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Cache\Installer.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DQIMAN.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\awv05w9x.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NHTPLWIZ.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DR3J.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MMSTDFMT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\RUSAPI32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CQUSALGO.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ASCODC32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\AJIFILE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\TRPI32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WOERRENU.DLL

Adware:Adware/ClkOptimizer No disinfected
C:\WINDOWS\Desktop\QooFix9x\backups\backups.zip[DKFFGDK.DLL]

Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\Desktop\QooFix9x\backups\backups.zip[koeeb.dll]

Adware:Adware/QoolAid No disinfected C:\WINDOWS\Desktop\QooFix9x\backups\backups.zip[cprr.exe]

Adware:Adware/QoolAid No disinfected C:\WINDOWS\Desktop\QooFix9x\backups\backups.zip[d4ssdk.exe]

Adware:Adware/QoolAid No disinfected C:\WINDOWS\Desktop\QooFix9x\backups\backups.zip[qrddocr.exe]

Adware:Adware/WinAD No disinfected
C:\WINDOWS\Temporary Internet Files\Content.IE5\OPQ34HU7\lca[2].chm[bridge-c18.cab]

Adware:Adware/WinAD No disinfected
C:\WINDOWS\Temporary Internet Files\Content.IE5\OPQ34HU7\lca[2].chm[bridge-c18.cab][MediaPassX.dll]

Adware:Adware/PurityScan No disinfected
C:\WINDOWS\Temporary Internet Files\Content.IE5\8LIJC563\!update-2524[1].0000

Adware:Adware/QoolAid No disinfected C:\WINDOWS\ybwwv.dat
Adware:Adware/Favadd No disinfected C:\WINDOWS\cworld.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\MTE2NzY6ODoxNg.exe
Hacktool:HackTool/ProcLog.A No disinfected C:\HP\bin\ProcessLogger.exe
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\WINLOG.0
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\A0019107.CPY
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\A0019110.CPY
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\TEMP\A0019111.CPY
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\TEMP\A0019112.CPY
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\WINLOG.1
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\TEMP\A0019526.CPY
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\TEMP\A0019528.CPY
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\A0019538.CPY
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\A0019540.CPY
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\A0019542.CPY
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\TEMP\A0019559.CPY
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\TEMP\A0019560.CPY
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\A0019565.CPY
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\A0019566.CPY
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\A0019567.CPY
Adware:Adware/QoolAid No disinfected C:\_RESTORE\TEMP\A0017334.CPY
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\TEMP\A0017335.CPY
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\TEMP\A0017336.CPY
Virus:Trj/Downloader.CJX Disinfected C:\_RESTORE\TEMP\A0021554.CPY
Virus:Trj/Reboot.F Disinfected C:\_RESTORE\TEMP\A0021561.CPY

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS36.CAB[A0005484.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS36.CAB[A0005486.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS36.CAB[A0005487.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS36.CAB[A0005488.CPY]

Virus:Trj/Downloader.BJG No disinfected
C:\_RESTORE\ARCHIVE\FS36.CAB[A0005520.CPY]

Virus:Trj/Downloader.AYV No disinfected
C:\_RESTORE\ARCHIVE\FS36.CAB[A0005524.CPY]

Spyware:Spyware/SurfSideKick No disinfected
C:\_RESTORE\ARCHIVE\FS36.CAB[A0005526.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS10.CAB[W0001050.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS9.CAB[A0001033.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS9.CAB[A0001034.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS9.CAB[A0001035.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS21.CAB[A0003175.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS21.CAB[A0003176.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS21.CAB[A0003177.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS19.CAB[A0003060.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS19.CAB[A0003061.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS19.CAB[A0003063.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS16.CAB[W0002050.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS6.CAB[W0001005.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS11.CAB[A0001057.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS11.CAB[A0001058.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS11.CAB[A0001059.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS11.CAB[A0001125.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS8.CAB[W0001028.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS1.CAB[A0000010.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS1.CAB[A0000017.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS1.CAB[A0000018.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS1.CAB[A0000019.CPY]

Adware:Adware/PurityScan No disinfected
C:\_RESTORE\ARCHIVE\FS2.CAB[A0000162.CPY]

Adware:Adware/PurityScan No disinfected
C:\_RESTORE\ARCHIVE\FS2.CAB[A0000230.CPY]

Adware:Adware/Midaddle No disinfected
C:\_RESTORE\ARCHIVE\FS2.CAB[A0000231.CPY]

Adware:Adware/KeenValue No disinfected
C:\_RESTORE\ARCHIVE\FS2.CAB[A0000232.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS18.CAB[W0003050.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS38.CAB[A0006481.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS38.CAB[A0006483.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS38.CAB[A0006484.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS38.CAB[A0006485.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS42.CAB[A0006787.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS42.CAB[A0006789.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS42.CAB[A0006790.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS42.CAB[A0006791.CPY]
Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS17.CAB[A0002051.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS17.CAB[A0002060.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS17.CAB[A0002061.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS17.CAB[A0002062.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS20.CAB[W0003177.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS7.CAB[A0001012.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS7.CAB[A0001013.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS7.CAB[A0001014.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS22.CAB[W0004177.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS49.CAB[A0007329.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS49.CAB[A0007331.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS49.CAB[A0007332.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS49.CAB[A0007333.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS104.CAB[A0012877.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS104.CAB[A0012879.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS104.CAB[A0012880.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS104.CAB[A0012881.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS109.CAB[A0013277.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS109.CAB[A0013279.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS109.CAB[A0013280.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS109.CAB[A0013283.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS35.CAB[W0008920.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS37.CAB[W0009920.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS41.CAB[W0010240.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS48.CAB[W0010802.CPY]

Adware:Adware/QoolShown No disinfected
C:\_RESTORE\ARCHIVE\FS55.CAB[A0008003.CPY]

Adware:Adware/Qoologic No disinfected
C:\_RESTORE\ARCHIVE\FS55.CAB[A0008005.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS58.CAB[W0011693.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS143.CAB[A0016523.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS143.CAB[A0016525.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS143.CAB[A0016526.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS143.CAB[A0016527.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS123.CAB[A0014524.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS123.CAB[A0014526.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS123.CAB[A0014527.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS123.CAB[A0014528.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS86.CAB[A0011187.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS86.CAB[A0011189.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS86.CAB[A0011190.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS86.CAB[A0011192.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS85.CAB[W0014693.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS59.CAB[A0008195.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS59.CAB[A0008197.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS59.CAB[A0008198.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS59.CAB[A0008199.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS23.CAB[A0004179.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS23.CAB[A0004180.CPY]

Adware:Adware/ClkOptimizer No disinfected
C:\_RESTORE\ARCHIVE\FS23.CAB[A0004181.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS103.CAB[W0016412.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS108.CAB[W0016824.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS122.CAB[W0018076.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS142.CAB[W0020076.CPY]

Adware:Adware/QoolAid No disinfected
C:\_RESTORE\ARCHIVE\FS151.CAB[W0020891.CPY]

Adware:Adware/PurityScan No disinfected C:\Program Files\uthm\area.exe

Adware:Adware/SAHAgent No disinfected
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\55288301.asw

Adware:Adware/MBKWBar No disinfected C:\Program Files\MBKWBar\MBKWBar.exe
Adware:Adware/MBKWBar No disinfected C:\Program Files\MBKWBar\IEToolBar.dll

Thats the Active scan log I tried to make it as readable as i could. thanks again for the help :tazz:
  • 0

#7
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
You also have a look2me infection...first let's delete the other files Panda found and then let's deal with look2me..

Please first save these directions to the desktop as a text file, because you will need to copy and paste part of them later, once we are in Safe Mode.

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

Go to Control Panel Add/Remove Programs and uninstall if found:

MBKWBar

Then delete these folders:

C:\Program Files\MBKWBar
C:\Program Files\uthm

Then delete the complete contents of these folders: (everything in them, not the folders)

C:\WINDOWS\TEMP
C:\WINDOWS\Temporary Internet Files

3) Then please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\SYSTEM\td01.dll
C:\WINDOWS\SYSTEM\Xcite.dll
C:\WINDOWS\SYSTEM\tlnkdbd.dll
C:\WINDOWS\SYSTEM\SHAgentNew.dll
C:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll
C:\WINDOWS\SYSTEM\ezStub3.dll
C:\WINDOWS\SYSTEM\winupdt.bin
C:\WINDOWS\ybwwv.dat
C:\WINDOWS\cworld.exe
C:\WINDOWS\MTE2NzY6ODoxNg.exe


6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" at the Do you want to reboot now prompt. Reboot back to normal mode.

Please download L2m9xfix here:
http://swandog46.gee...om/l2m9xfix.exe

Save it to the desktop and run it. Extract the files, and then open the l2m9xfix folder you just created and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer and run a new Panda scan. Save the report.

Finally, please post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat and the Panda report.
  • 0

#8
CeePlus

CeePlus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I downloaded killbox and restarted in safe mode, but when i went to the control panel Add/Remove Programs i didnt find MBKWBar. What step do proceed to?
  • 0

#9
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Just skip that and continue with the rest..delete the folders and go on..
  • 0

#10
CeePlus

CeePlus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I performed all the steps. I was able to find the MBKWBar in the program files and deleted that folder. Here are the Logs. Thanks again for your help.

Logfile of HijackThis v1.99.1
Scan saved at 9:41:14 PM, on 10/18/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTPSPD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\WT\WCMDMGR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AMERICA ONLINE 9.0E\WAOL.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0E\SHELLMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\WINDOWS\DESKTOP\GEEKSTOGO\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://cwshredder.ne...php?target=tmas
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O4 - HKCU\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRAM FILES\AMERICA ONLINE 9.0E\AOL.EXE" -b
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcaf...can/mcasupd.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net


Here is the Panda Active Scan

Incident Status Location

Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\Cache\Installer.exe

Adware:adware/portalscan No disinfected C:\WINDOWS\SYSTEM\winupdt.008

Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\Desktop\GeeksToGo\QooFix9x\backups\backups.zip[DKFFGDK.DLL]

Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\Desktop\GeeksToGo\QooFix9x\backups\backups.zip[koeeb.dll]

Adware:Adware/QoolAid No disinfected C:\WINDOWS\Desktop\GeeksToGo\QooFix9x\backups\backups.zip[cprr.exe]

Adware:Adware/QoolAid No disinfected C:\WINDOWS\Desktop\GeeksToGo\QooFix9x\backups\backups.zip[d4ssdk.exe]

Adware:Adware/QoolAid No disinfected C:\WINDOWS\Desktop\GeeksToGo\QooFix9x\backups\backups.zip[qrddocr.exe]

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\AJIFILE.DLL

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\ASCODC32.DLL

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\awv05w9x.dll

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\CMUSALGO.DLL

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\CQUSALGO.DLL

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\DGBENG.DLL

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\DQIMAN.DLL

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\DR3J.DLL

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\IIJPEG32.DLL

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\IJGUTIL.DLL

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\IQSAPI32.DLL

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\MJMIXMGR.DLL

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\MMSTDFMT.DLL

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\MOACM32.DLL

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\muikbdfr.dll

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\NHTPLWIZ.DLL

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\RHCLTCCM.DLL

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\RKGWIZC.DLL

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\RUSAPI32.DLL

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\SUC.DLL

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\TRPI32.DLL

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\WDDBT32I.DLL

Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\WOERRENU.DLL

Hacktool:HackTool/ProcLog.A No disinfected C:\HP\bin\ProcessLogger.exe
Spyware:Spyware/ClearSearch No disinfected C:\_RESTORE\TEMP\TD01.0
Adware:Adware/nCase No disinfected C:\_RESTORE\TEMP\XCITE.0
Adware:Adware/PurityScan No disinfected C:\_RESTORE\TEMP\TLNKDBD.0
Adware:Adware/SAHAgent No disinfected C:\_RESTORE\TEMP\SHAGEN~2.0
Adware:Adware/WindowEnhancer No disinfected C:\_RESTORE\TEMP\SBWEBCTL.0
Adware:Adware/nCase No disinfected C:\_RESTORE\TEMP\EZSTUB3.0
Adware:Adware/Favadd No disinfected C:\_RESTORE\TEMP\CWORLD.0
Adware:Adware/ISearch No disinfected C:\_RESTORE\TEMP\MTE2NZ~1.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024562.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024564.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024566.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024568.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024570.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024572.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024574.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024576.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024578.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024580.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024582.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024584.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024586.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024588.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024590.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024592.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024594.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024596.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024598.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024600.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024602.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024604.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\A0024606.CPY
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS36.CAB[A0005484.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS36.CAB[A0005486.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS36.CAB[A0005487.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS36.CAB[A0005488.CPY]
Virus:Trj/Downloader.BJG No disinfected C:\_RESTORE\ARCHIVE\FS36.CAB[A0005520.CPY]
Adware:Adware/AdBehavior No disinfected C:\_RESTORE\ARCHIVE\FS36.CAB[A0005522.CPY]
Virus:Trj/Downloader.AYV No disinfected C:\_RESTORE\ARCHIVE\FS36.CAB[A0005524.CPY]
Spyware:Spyware/SurfSideKick No disinfected C:\_RESTORE\ARCHIVE\FS36.CAB[A0005526.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS10.CAB[W0001050.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS9.CAB[A0001033.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS9.CAB[A0001034.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS9.CAB[A0001035.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS21.CAB[A0003175.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS21.CAB[A0003176.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS21.CAB[A0003177.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS19.CAB[A0003060.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS19.CAB[A0003061.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS19.CAB[A0003063.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS16.CAB[W0002050.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS6.CAB[W0001005.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS11.CAB[A0001057.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS11.CAB[A0001058.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS11.CAB[A0001059.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS11.CAB[A0001125.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS8.CAB[W0001028.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000010.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000017.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000018.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000019.CPY]
Adware:Adware/PurityScan No disinfected C:\_RESTORE\ARCHIVE\FS2.CAB[A0000162.CPY]
Adware:Adware/PurityScan No disinfected C:\_RESTORE\ARCHIVE\FS2.CAB[A0000230.CPY]
Adware:Adware/Midaddle No disinfected C:\_RESTORE\ARCHIVE\FS2.CAB[A0000231.CPY]
Adware:Adware/KeenValue No disinfected C:\_RESTORE\ARCHIVE\FS2.CAB[A0000232.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS18.CAB[W0003050.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS38.CAB[A0006481.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS38.CAB[A0006483.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS38.CAB[A0006484.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS38.CAB[A0006485.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS42.CAB[A0006787.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS42.CAB[A0006789.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS42.CAB[A0006790.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS42.CAB[A0006791.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS17.CAB[A0002051.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS17.CAB[A0002060.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS17.CAB[A0002061.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS17.CAB[A0002062.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS20.CAB[W0003177.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS7.CAB[A0001012.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS7.CAB[A0001013.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS7.CAB[A0001014.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS22.CAB[W0004177.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS49.CAB[A0007329.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS49.CAB[A0007331.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS49.CAB[A0007332.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS49.CAB[A0007333.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS104.CAB[A0012877.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS104.CAB[A0012879.CPY]

Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS104.CAB[A0012880.CPY]

Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS104.CAB[A0012881.CPY]

Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS109.CAB[A0013277.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS109.CAB[A0013279.CPY]

Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS109.CAB[A0013280.CPY]

Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS109.CAB[A0013283.CPY]

Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS176.CAB[A0019526.CPY]

Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS176.CAB[A0019528.CPY]

Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS176.CAB[A0019538.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS176.CAB[A0019540.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS176.CAB[A0019542.CPY]

Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS176.CAB[A0019559.CPY]

Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS176.CAB[A0019560.CPY]

Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS176.CAB[A0019565.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS176.CAB[A0019566.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS176.CAB[A0019567.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS35.CAB[W0008920.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS37.CAB[W0009920.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS41.CAB[W0010240.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS48.CAB[W0010802.CPY]
Adware:Adware/QoolShown No disinfected C:\_RESTORE\ARCHIVE\FS55.CAB[A0008003.CPY]
Adware:Adware/Qoologic No disinfected C:\_RESTORE\ARCHIVE\FS55.CAB[A0008005.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS58.CAB[W0011693.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS143.CAB[A0016523.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS143.CAB[A0016525.CPY]

Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS143.CAB[A0016526.CPY]

Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS143.CAB[A0016527.CPY]

Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS123.CAB[A0014524.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS123.CAB[A0014526.CPY]

Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS123.CAB[A0014527.CPY]

Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS123.CAB[A0014528.CPY]

Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS86.CAB[A0011187.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS86.CAB[A0011189.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS86.CAB[A0011190.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS86.CAB[A0011192.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS85.CAB[W0014693.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS59.CAB[A0008195.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS59.CAB[A0008197.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS59.CAB[A0008198.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS59.CAB[A0008199.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS23.CAB[A0004179.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS23.CAB[A0004180.CPY]
Adware:Adware/ClkOptimizer No disinfected C:\_RESTORE\ARCHIVE\FS23.CAB[A0004181.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS103.CAB[W0016412.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS108.CAB[W0016824.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS122.CAB[W0018076.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS142.CAB[W0020076.CPY]
Adware:Adware/QoolAid No disinfected C:\_RESTORE\ARCHIVE\FS151.CAB[W0020891.CPY]
  • 0

Advertisements


#11
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Please post the log.txt file which should be in the l2m9xfix folder.
  • 0

#12
CeePlus

CeePlus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
heres the file, sorry.

Log of L2M9XFix v1.01a

************

Running from directory:
C:\WINDOWS\Desktop\l2m9xfix

************

Files found:

C:\WINDOWS\system\AJIFILE.DLL
C:\WINDOWS\system\ASCODC32.DLL
C:\WINDOWS\system\awv05w9x.dll
C:\WINDOWS\system\CMUSALGO.DLL
C:\WINDOWS\system\CQUSALGO.DLL
C:\WINDOWS\system\DGBENG.DLL
C:\WINDOWS\system\DQIMAN.DLL
C:\WINDOWS\system\DR3J.DLL
C:\WINDOWS\system\IIJPEG32.DLL
C:\WINDOWS\system\IJGUTIL.DLL
C:\WINDOWS\system\IQSAPI32.DLL
C:\WINDOWS\system\MJMIXMGR.DLL
C:\WINDOWS\system\MMSTDFMT.DLL
C:\WINDOWS\system\MOACM32.DLL
C:\WINDOWS\system\muikbdfr.dll
C:\WINDOWS\system\NHTPLWIZ.DLL
C:\WINDOWS\system\RHCLTCCM.DLL
C:\WINDOWS\system\RKGWIZC.DLL
C:\WINDOWS\system\RUSAPI32.DLL
C:\WINDOWS\system\SUC.DLL
C:\WINDOWS\system\TRPI32.DLL
C:\WINDOWS\system\WDDBT32I.DLL
C:\WINDOWS\system\WOERRENU.DLL

************

Registry entries found:


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!
  • 0

#13
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
1) Please run Killbox.

2) Select "Delete on Reboot".

3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\SYSTEM\Cache\Installer.exe
C:\WINDOWS\SYSTEM\winupdt.008


4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

5) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" at the Do you want to reboot now prompt. Reboot back to normal mode.

Next, let's purge your system restore points. (first disable and then enable) See this page on how to do that on Windows ME:
http://service1.syma...src=sec_doc_nam

After that, I'd like to make sure Panda didn't miss any files. Let's run a different scan this time:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#14
CeePlus

CeePlus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here's the Kaspersky scan. Thank you
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, October 21, 2005 00:59:32
Operating System: Microsoft Windows Millennium Edition
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 21/10/2005
Kaspersky Anti-Virus database records: 155349
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
a:\
c:\
m:\
n:\

Scan Statistics:
Total number of scanned objects: 32999
Number of viruses found: 27
Number of infected objects: 76
Number of suspicious objects: 0
Duration of the scan process: 4213 sec

Infected Object Name - Virus Name
c:\WINDOWS\SYSTEM\KVIF_7.dll/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval
c:\WINDOWS\SYSTEM\KVIF_7.dll/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval
c:\WINDOWS\SYSTEM\KVIF_7.dll/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval
c:\WINDOWS\SYSTEM\KVIF_7.dll/data0002 Infected: Trojan-Downloader.Win32.Keenval
c:\WINDOWS\SYSTEM\KVIF_7.dll/data0008 Infected: Trojan-Downloader.Win32.Keenval.e
c:\WINDOWS\SYSTEM\KVIF_7.dll/data0009 Infected: Trojan-Downloader.Win32.Keenval.e
c:\WINDOWS\SYSTEM\KVIF_7.dll Infected: Trojan-Downloader.Win32.Keenval.e
c:\WINDOWS\SYSTEM\BO2802040113.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.d
c:\WINDOWS\SYSTEM\a_i_037.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.iu
c:\WINDOWS\SYSTEM\a_i_037.exe Infected: Trojan-Downloader.Win32.IstBar.iu
c:\WINDOWS\Desktop\GeeksToGo\QooFix9x\backups\backups.zip/backups/qrddocr.exe Infected: Trojan-Downloader.Win32.Qoologic.ai
c:\WINDOWS\Desktop\GeeksToGo\QooFix9x\backups\backups.zip Infected: Trojan-Downloader.Win32.Qoologic.ai
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\AJIFILE.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\ASCODC32.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\awv05w9x.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\CMUSALGO.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\CQUSALGO.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\DGBENG.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\DQIMAN.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\DR3J.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\IIJPEG32.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\IJGUTIL.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\IQSAPI32.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\MJMIXMGR.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\MMSTDFMT.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\MOACM32.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\muikbdfr.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\NHTPLWIZ.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\RHCLTCCM.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\RKGWIZC.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\RUSAPI32.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\SUC.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\TRPI32.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\WDDBT32I.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\Desktop\GeeksToGo\l2m9xfix\backups\WOERRENU.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag
c:\WINDOWS\thin-175-1-x-x.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.a
c:\WINDOWS\bookedspacekvm_bsvb-eginwl52.exe/data0003 Infected: not-a-virus:AdWare.Win32.BookedSpace.e
c:\WINDOWS\bookedspacekvm_bsvb-eginwl52.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.e
c:\WINDOWS\package_MARKETING49.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
c:\WINDOWS\package_MARKETING49.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
c:\WINDOWS\package_MARKETING49.exe/stream/data0004/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
c:\WINDOWS\package_MARKETING49.exe/stream/data0004/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.aa
c:\WINDOWS\package_MARKETING49.exe/stream/data0004/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
c:\WINDOWS\package_MARKETING49.exe/stream/data0004/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
c:\WINDOWS\package_MARKETING49.exe/stream/data0004/stream/data0008 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
c:\WINDOWS\package_MARKETING49.exe/stream/data0004/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
c:\WINDOWS\package_MARKETING49.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
c:\WINDOWS\package_MARKETING49.exe/stream/data0005/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
c:\WINDOWS\package_MARKETING49.exe/stream/data0005/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
c:\WINDOWS\package_MARKETING49.exe/stream/data0005/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
c:\WINDOWS\package_MARKETING49.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
c:\WINDOWS\package_MARKETING49.exe/stream/data0006/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l
c:\WINDOWS\package_MARKETING49.exe/stream/data0006/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
c:\WINDOWS\package_MARKETING49.exe/stream/data0006/stream/data0007 Infected: not-a-virus:AdWare.Win32.CashBack.b
c:\WINDOWS\package_MARKETING49.exe/stream/data0006/stream/data0008 Infected: not-a-virus:AdWare.Win32.CashBack.d
c:\WINDOWS\package_MARKETING49.exe/stream/data0006/stream Infected: not-a-virus:AdWare.Win32.CashBack.d
c:\WINDOWS\package_MARKETING49.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.CashBack.d
c:\WINDOWS\package_MARKETING49.exe/stream Infected: not-a-virus:AdWare.Win32.CashBack.d
c:\WINDOWS\package_MARKETING49.exe Infected: not-a-virus:AdWare.Win32.CashBack.d
c:\WINDOWS\IHUxMDI4\asappsrv.dll Infected: not-a-virus:AdWare.Win32.CommAd.a
c:\Recycled\Dc21.exe/data0002 Infected: not-a-virus:AdWare.Win32.MBKWBar.a
c:\Recycled\Dc21.exe Infected: not-a-virus:AdWare.Win32.MBKWBar.a
c:\Recycled\Dc22.dll Infected: not-a-virus:AdWare.Win32.MBKWBar.a
c:\Recycled\Dc24\area.exe Infected: Trojan-Downloader.Win32.PurityScan.an
c:\Recycled\Dc44.exe Infected: Trojan-Downloader.Win32.PurityScan.an
c:\Program Files\Common Files\SYSTEM\Mapi\1033\95\Osaka.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.w
c:\Program Files\Common Files\SYSTEM\Mapi\1033\95\Osaka.exe Infected: not-a-virus:AdWare.Win32.PurityScan.w
c:\Program Files\Mozilla Firefox\plugins\npzango.dll Infected: not-a-virus:AdWare.Win32.WinAD.aw
c:\!KillBox\MTE2NzY6ODoxNg.exe Infected: not-a-virus:AdWare.Win32.ISearch.d
c:\!KillBox\cworld.exe Infected: Trojan.Win32.Favadd.o
c:\!KillBox\ezStub3.dll Infected: not-a-virus:AdWare.Win32.EZula.a
c:\!KillBox\SBWebCtl.dll Infected: not-a-virus:AdWare.Win32.WindowEnhancer.c
c:\!KillBox\SHAgentNew.dll Infected: not-a-virus:AdWare.Win32.Sahat.g
c:\!KillBox\tlnkdbd.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
c:\!KillBox\Xcite.dll Infected: not-a-virus:AdWare.Win32.MyWay.i
c:\!KillBox\Installer.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ag

Scan process completed.
  • 0

#15
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Once again.. :tazz:

1) Please run Killbox.

2) Select "Delete on Reboot".

3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:

c:\WINDOWS\SYSTEM\KVIF_7.dll
c:\WINDOWS\SYSTEM\BO2802040113.dll
c:\WINDOWS\SYSTEM\a_i_037.exe
c:\WINDOWS\thin-175-1-x-x.exe
c:\WINDOWS\bookedspacekvm_bsvb-eginwl52.exe
c:\WINDOWS\package_MARKETING49.exe
c:\WINDOWS\IHUxMDI4\asappsrv.dll
c:\Program Files\Common Files\SYSTEM\Mapi\1033\95\Osaka.exe
c:\Program Files\Mozilla Firefox\plugins\npzango.dll



4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

5) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" at the Do you want to reboot now prompt. Reboot back to normal mode.

Then delete this folder:

c:\WINDOWS\IHUxMDI4

How is the computer running now, any problems left?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP