Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Throwing in the towel [resolved]

Started by DangerousThing , Mar 29 2005 11:07 AM

  • This topic is locked This topic is locked

#16
didom
Posted 04 April 2005 - 12:32 PM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Your "Output" log shows you are not clean!
Are you sure that this is the last "Output" file!?
  • 0

Advertisements

#17
DangerousThing
Posted 04 April 2005 - 04:30 PM

DangerousThing

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 259 posts
As I mentioned, I had to restart during my internet conection crisis. If I follow your instructions properly, I think I need to repeat the step outlined above, elimimating the items in the output file that you showed me in bold. I di notice that the log was different. That is why I let you know I had re-started.

Please advise. I apologize for the redundancy.

As my name implies, A little knowledge is a Dangerous Thing
  • 0

#18
DangerousThing
Posted 05 April 2005 - 07:30 AM

DangerousThing

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 259 posts
didom,

I have yet again had to re-boot as my machine loced up this AM. If you are able towalk me through the process again, either today or tomorrow, that would be wonderful. I am available for the next three hours today and a good portion of the day tomorrow.

Sorry for all the difficulty.
  • 0

#19
didom
Posted 05 April 2005 - 08:55 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Yes we will do it again!
  • Navigate to the Find It NT-2K-XP folder and double-click on find.bat.
  • A command prompt will open and it will search your computer for malicious files.
  • Once it has finished a Notepad window will pop up with output.txt.
  • Copy the entire contents of output.txt into your next post.
From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the files will have changed and the fix provided will not work.
  • 0

#20
DangerousThing
Posted 05 April 2005 - 10:47 AM

DangerousThing

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 259 posts
Barring further lock-ups, I shal comply ASAP. Thanks
  • 0

#21
DangerousThing
Posted 06 April 2005 - 07:28 AM

DangerousThing

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 259 posts
Here you go. Fresh HJT is second.

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 401E-1AD8
Directory of C:\WINDOWS\SYSTEM

TBPS INI 849 03-20-05 12:32a TBPS.ini
MJVBVM60 DLL 227,104 03-18-05 9:08p Mjvbvm60.dll
NPDLL DLL 227,104 03-18-05 9:08p NPDLL.DLL
RZASETUP DLL 227,104 03-18-05 9:08p RZASETUP.DLL
DCMIGR DLL 227,104 03-18-05 9:08p DCMIGR.DLL
5 file(s) 909,265 bytes
0 dir(s) 20,822.63 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 401E-1AD8
Directory of C:\WINDOWS\SYSTEM

PICSVR <DIR> 03-26-05 8:25p picsvr
NSVSVC <DIR> 03-26-05 8:24p nsvsvc
ATMENUXX GID 10,842 11-10-04 12:48p ATMenuxx.GID
CPAHLENU GID 10,825 02-23-02 8:53p CPAHLENU.GID
FOLDER HTT 13,122 10-04-01 7:35p folder.htt
DESKTOP INI 266 10-04-01 7:35p desktop.ini
4 file(s) 35,055 bytes
2 dir(s) 20,822.59 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{416097EE-FC4A-E167-6011-AF6C211AC428}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
mjvbvm60.dll Fri Mar 18 2005 9:08:46p ..S.R 227,104 221.78 K
tbps.ini Sun Mar 20 2005 12:32:02a ..S.R 849 0.83 K
npdll.dll Fri Mar 18 2005 9:08:46p ..S.R 227,104 221.78 K
rzasetup.dll Fri Mar 18 2005 9:08:46p ..S.R 227,104 221.78 K
dcmigr.dll Fri Mar 18 2005 9:08:46p ..S.R 227,104 221.78 K

5 items found: 5 files, 0 directories.
Total of file sizes: 909,265 bytes 887.95 K

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\installer.exe: e:\Projects\Qoologic\PopupClient\Installer\Release\Installer.pdb
C:\WINDOWS\installer.exe: e:\Projects\Qoologic\PopupClient\FancyUninstall\Release\FancyUninstall.pdb
C:\WINDOWS\unadbeh.exe: e:\Projects\Qoologic\PopupClient\FancyUninstall\Release\FancyUninstall.pdb

-------------- Strings.exe Aspack Results -------------


----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"AtiPTA"="Atiptaxx.exe"
"HPAIO_PrintFolderMgr"="C:\\WINDOWS\\SYSTEM\\hpoopm07.exe"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"YBrowser"="C:\\Program Files\\Yahoo!\\browser\\ybrwicon.exe"
"WinPatrol"="C:\\PROGRAM FILES\\BILLP STUDIOS\\WINPATROL\\winpatrol.exe"
"Symantec Core LC"="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe start"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"




Logfile of HijackThis v1.99.1
Scan saved at 8:22:23 AM, on 4/6/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\HPOOPM07.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\winpatrol.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O10 - Broken Internet access because of LSP provider 'ypclsp.dll' missing
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca05.righ...l/java/RntX.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
  • 0

#22
didom
Posted 06 April 2005 - 10:17 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
  • Click killbox.exe.
  • Select the option Replace on Reboot
  • Check the "Use Dummy" box.
  • Now copy the next bold:
C:\WINDOWS\SYSTEM\mjvbvm60.dll
C:\WINDOWS\SYSTEM\npdll.dll
C:\WINDOWS\SYSTEM\rzasetup.dll
C:\WINDOWS\SYSTEM\dcmigr.dll
  • Open file in the killboxmenu on top and choose Paste from clipboard
  • Now you will see, this is pasted in the "Full Path of File to Delete"-field.
    There's a little arrow (dropdown-arrow) next to that field.
    If you expand it, all these must be there together!
  • Then press the button that looks like a red circle with a white X in it.
  • Killbox will tell you that all listed files will be deleted on next reboot.. Click YES
  • When it asks if you would like to Reboot now, click YES
(if you don't get the prompt: would you like to reboot now, reboot manually!)

Your computer must reboot now.

Ignore the errors you get... this is normal.
  • When rebooted, open killbox again.
  • Choose file on top and select: Delete all dummy files.
  • Choose Tools on top and select: Delete Temp Files.
  • After that please run find.bat again and post a new log (output.txt).
  • Download the new version of HijackThis and post a new log!
Didom
  • 0

#23
DangerousThing
Posted 06 April 2005 - 01:10 PM

DangerousThing

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 259 posts
here they are:

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 401E-1AD8
Directory of C:\WINDOWS\SYSTEM

TBPS INI 849 03-20-05 12:32a TBPS.ini
MJVBVM60 DLL 227,104 03-18-05 9:08p Mjvbvm60.dll
2 file(s) 227,953 bytes
0 dir(s) 20,825.78 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 401E-1AD8
Directory of C:\WINDOWS\SYSTEM

PICSVR <DIR> 03-26-05 8:25p picsvr
NSVSVC <DIR> 03-26-05 8:24p nsvsvc
ATMENUXX GID 10,842 11-10-04 12:48p ATMenuxx.GID
CPAHLENU GID 10,825 02-23-02 8:53p CPAHLENU.GID
FOLDER HTT 13,122 10-04-01 7:35p folder.htt
DESKTOP INI 266 10-04-01 7:35p desktop.ini
4 file(s) 35,055 bytes
2 dir(s) 20,825.75 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{416097EE-FC4A-E167-6011-AF6C211AC428}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
mjvbvm60.dll Fri Mar 18 2005 9:08:46p ..S.R 227,104 221.78 K
tbps.ini Sun Mar 20 2005 12:32:02a ..S.R 849 0.83 K

2 items found: 2 files, 0 directories.
Total of file sizes: 227,953 bytes 222.61 K

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\installer.exe: e:\Projects\Qoologic\PopupClient\Installer\Release\Installer.pdb
C:\WINDOWS\installer.exe: e:\Projects\Qoologic\PopupClient\FancyUninstall\Release\FancyUninstall.pdb
C:\WINDOWS\unadbeh.exe: e:\Projects\Qoologic\PopupClient\FancyUninstall\Release\FancyUninstall.pdb

-------------- Strings.exe Aspack Results -------------


----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"AtiPTA"="Atiptaxx.exe"
"HPAIO_PrintFolderMgr"="C:\\WINDOWS\\SYSTEM\\hpoopm07.exe"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"YBrowser"="C:\\Program Files\\Yahoo!\\browser\\ybrwicon.exe"
"WinPatrol"="C:\\PROGRAM FILES\\BILLP STUDIOS\\WINPATROL\\winpatrol.exe"
"Symantec Core LC"="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe start"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"



Logfile of HijackThis v1.99.1
Scan saved at 2:06:16 PM, on 4/6/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\HPOOPM07.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\winpatrol.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O10 - Broken Internet access because of LSP provider 'ypclsp.dll' missing
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca05.righ...l/java/RntX.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab



THANKS
  • 0

#24
didom
Posted 07 April 2005 - 01:38 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
  • Start Killbox
  • Click "Replace on Reboot" and check the "Use Dummy" box.
  • Paste the following into the top "Full Path of File to Delete" box.
C:\WINDOWS\SYSTEM\mjvbvm60.dll
  • Click the "Delete File" button which looks like a stop sign.
  • Click "Yes" at the Replace on Reboot prompt.
  • Click "Yes" at the Pending Operations prompt.
  • When your computer reboots, please run FindIt again and post the new log here.

  • 0

#25
DangerousThing
Posted 07 April 2005 - 02:10 PM

DangerousThing

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 259 posts
I am embarrased to tell you that once again, the machine froze and had to be re-started. It required a hard boot.....

sorry, I'm not normally so difficult. The machine just keeps freezing after the broweser tries to open over and over and over, even after it is already open in Yahoo.
  • 0

Advertisements

#26
didom
Posted 07 April 2005 - 03:08 PM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts

I am embarrased to tell you that once again, the machine froze and had to be re-started. It required a hard boot.....

sorry, I'm not normally so difficult. The machine just keeps freezing after the broweser tries to open over and over and over, even after it is already open in Yahoo.

View Post

LOL :tazz:

Please run find.bat again and post the log!

Didom
  • 0

#27
DangerousThing
Posted 07 April 2005 - 04:18 PM

DangerousThing

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 259 posts
:tazz: Thanks for having a sense of humour.
  • 0

#28
DangerousThing
Posted 08 April 2005 - 07:26 AM

DangerousThing

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 259 posts
Didom:

Things are once again a true mess. Multiple new search icons, new search bar, difficulty connecting to internet, etc.......here are the logs you requested. Let's hope I don't have to re-boot during the process, (again) :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 8:01:34 AM, on 4/8/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\HPOOPM07.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET K SERIES\BIN\HPODEV07.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET K SERIES\BIN\HPOEVM07.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET K SERIES\BIN\HPOSTS07.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET K SERIES\BIN\HPOFXM07.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\winpatrol.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O10 - Broken Internet access because of LSP provider 'ypclsp.dll' missing
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca05.righ...l/java/RntX.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll




Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 401E-1AD8
Directory of C:\WINDOWS\SYSTEM

TBPS INI 849 03-20-05 12:32a TBPS.ini
MJVBVM60 DLL 227,104 03-18-05 9:08p Mjvbvm60.dll
AAFSIPC DLL 227,104 03-18-05 9:08p aafsipc.dll
DCNHUPNP DLL 227,104 03-18-05 9:08p dcnhupnp.dll
LCRT DLL 227,104 03-18-05 9:08p LCRT.DLL
LVTWN11N DLL 227,104 03-18-05 9:08p LVTWN11N.DLL
6 file(s) 1,136,369 bytes
0 dir(s) 20,795.16 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 401E-1AD8
Directory of C:\WINDOWS\SYSTEM

NSVSVC <DIR> 04-07-05 7:03p nsvsvc
PICSVR <DIR> 03-26-05 8:25p picsvr
ATMENUXX GID 10,842 11-10-04 12:48p ATMenuxx.GID
CPAHLENU GID 10,825 02-23-02 8:53p CPAHLENU.GID
FOLDER HTT 13,122 10-04-01 7:35p folder.htt
DESKTOP INI 266 10-04-01 7:35p desktop.ini
4 file(s) 35,055 bytes
2 dir(s) 20,795.13 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{416097EE-FC4A-E167-6011-AF6C211AC428}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
mjvbvm60.dll Fri Mar 18 2005 9:08:46p ..S.R 227,104 221.78 K
tbps.ini Sun Mar 20 2005 12:32:02a ..S.R 849 0.83 K
aafsipc.dll Fri Mar 18 2005 9:08:46p ..S.R 227,104 221.78 K
dcnhupnp.dll Fri Mar 18 2005 9:08:46p ..S.R 227,104 221.78 K
lcrt.dll Fri Mar 18 2005 9:08:46p ..S.R 227,104 221.78 K
lvtwn11n.dll Fri Mar 18 2005 9:08:46p ..S.R 227,104 221.78 K

6 items found: 6 files, 0 directories.
Total of file sizes: 1,136,369 bytes 1.08 M

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\installer.exe: c:\Projects\Gozo\Qoologic\PopupClient\Installer\Release\Installer.pdb
C:\WINDOWS\installer.exe: c:\Projects\Gozo\Qoologic\PopupClient\FancyUninstall\Release\FancyUninstall.pdb
C:\WINDOWS\unadbeh.exe: c:\Projects\Gozo\Qoologic\PopupClient\FancyUninstall\Release\FancyUninstall.pdb

-------------- Strings.exe Aspack Results -------------


----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"AtiPTA"="Atiptaxx.exe"
"HPAIO_PrintFolderMgr"="C:\\WINDOWS\\SYSTEM\\hpoopm07.exe"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"YBrowser"="C:\\Program Files\\Yahoo!\\browser\\ybrwicon.exe"
"WinPatrol"="C:\\PROGRAM FILES\\BILLP STUDIOS\\WINPATROL\\winpatrol.exe"
"Symantec Core LC"="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe start"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"



  • 0

#29
didom
Posted 08 April 2005 - 09:10 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
  • Please Download LSPFix from: LSP-Fix

    Disconnect from the Internet and close all Internet Explorer windows. Run then program, check the "I know what I'm doing" button and place all listings of

    'ypclsp.dll'

    into the remove section by clicking on the button that points to the right. Do not remove any others. When all instances of this dll are in the Remove section. Press the Finish button.
  • Scan again with HijackThis and check the following items:

    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca05.righ...l/java/RntX.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab

    After checking these items, close all browser windows except HijackThis and click "Fix checked".

  • Click killbox.exe.
  • Select the option Replace on Reboot
  • Check the "Use Dummy" box.
  • Check the "End Explorer Shell While Killing File" box
  • Now copy the next bold:
C:\WINDOWS\SYSTEM\mjvbvm60.dll
C:\WINDOWS\SYSTEM\aafsipc.dll
C:\WINDOWS\SYSTEM\dcnhupnp.dll
C:\WINDOWS\SYSTEM\lcrt.dll
C:\WINDOWS\SYSTEM\lvtwn11n.dll
C:\WINDOWS\unadbeh.exe
C:\Projects\Gozo\Qoologic
  • Open file in the killboxmenu on top and choose Paste from clipboard
  • Now you will see, this is pasted in the "Full Path of File to Delete"-field.
    There's a little arrow (dropdown-arrow) next to that field.
    If you expand it, all these must be there together!
  • Then press the button that looks like a red circle with a white X in it.
  • Killbox will tell you that all listed files will be deleted on next reboot.. Click YES
  • When it asks if you would like to Reboot now, click YES
(if you don't get the prompt: would you like to reboot now, reboot manually!)

Your computer must reboot now.

Ignore the errors you get... this is normal.
  • When rebooted, open killbox again.
  • Choose file on top and select: Delete all dummy files.
  • Choose Tools on top and select: Delete Temp Files.
  • After that please run find.bat again and post a new log (output.txt).
  • Download the new version of HijackThis and post a new log!
Didom

Edited by didom, 08 April 2005 - 09:31 AM.

  • 0

#30
DangerousThing
Posted 08 April 2005 - 09:13 AM

DangerousThing

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 259 posts
got it.....please ignore my previous PM
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP