Tech Support Forum banner
Cancel

Windows Me with issues

Jump to Latest Follow
Status
Not open for further replies.
1 - 12 of 12 Posts
N

· Registered
Joined
·
7 Posts
Discussion Starter · #1 ·
I've been trying for a few days to get this cleaned up, but I'm missing something - please help!!

Logfile of HijackThis v1.99.1
Scan saved at 2:45:28 PM, on 8/14/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\ZSPOOL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\LOGI_MWX.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LYR209.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\OCKUPD.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTUIT\QUICKBOOKS\COMPONENTS\QBAGENT\QBDAGENT2001.EXE
C:\COREL\GRAPHICS8\PROGRAMS\MFINDEXER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\WINDOWS\TEMP\TD_0005.DIR\HIJACKTHIS.EXE
C:\WINDOWS\TEMP\TD_0007.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=searchbar&LC=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.ne2.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ne2.attbb.net;localhost
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\PROGRAM FILES\SURFSIDEKICK 3\SSKBHO.DLL (file missing)
F1 - win.ini: load=C:\TOOLS_95\REGISTER\remind.exe ZSpool32
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\DSR.DLL
O2 - BHO: (no name) - {35ED5141-E8F4-C155-82FE-C06934FDD099} - C:\WINDOWS\SYSTEM\OTR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\CFGMGR52.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [OEMCLEANUP] C:\WINDOWS\OPTIONS\oemreset.exe /o
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,[email protected]
O4 - HKLM\..\Run: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [o8EX37e] LYR209.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - HKCU\..\Run: [Lmzlm] \ockupd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Reoe] C:\Program Files\bhat\tbar.exe
O4 - HKCU\..\RunServices: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [LDM] \Program\
O4 - HKCU\..\RunServices: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\RunServices: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - HKCU\..\RunServices: [Lmzlm] \ockupd.exe
O4 - HKCU\..\RunServices: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunServices: [Reoe] C:\Program Files\bhat\tbar.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Startup: Compaq Knowledge Center.lnk = C:\Program Files\Compaq Knowledge Center\bin\silent.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2001.exe
O4 - Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&LC=0409 (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O18 - Protocol: offline-8876480 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0 - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0s - {261C2BFA-2A68-4636-81F6-CF4C990A172B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\GAPLUGPROTOCOL-8876480.DLL

KRC HijackThis Analyzer Log:

Scan saved at 1:29:14 PM, on 8/16/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\ZSPOOL32.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\INTUIT\QUICKBOOKS\COMPONENTS\QBAGENT\QBDAGENT2001.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGW.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.ne2.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ne2.attbb.net;localhost
F1 - win.ini: load=ZSpool32
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)
O4 - HKLM\..\Run: [OEMCLEANUP] C:\WINDOWS\OPTIONS\oemreset.exe /o
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKCU\..\Run: [Reoe] C:\Program Files\bhat\tbar.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: Compaq Knowledge Center.lnk = C:\Program Files\Compaq Knowledge Center\bin\silent.exe
O4 - Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2001.exe
O4 - Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll


End of KRC HijackThis Analyzer Log.
 
MicroBell

· TSF Security Team, Emeritus
Joined
·
6,969 Posts
#2 ·
Hi and Welcome to TSF

Please DISABLE spybot's teatimer and LEAVE IT OFF until this fix is complete!

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)


Please print out or copy this page to Notepad . Make sure to work through the steps in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fix.
  • Download DSRFIX from HERE onto your Desktop.
    • Unzip and EXTRACT the files to your Desktop.
    • The program creates and names the new folder to house the files.
    • DO NOT RUN IT YET

  • Download Cleanup from Here (Alternate site if the above is not working Go Here)
    • A window will open and choose SAVE, then DESKTOP as the destination.
    • On your Desktop, click on Cleanup40.exe icon.
    • Then, click RUN and place a checkmark beside "I Agree"
    • Then click NEXT followed by START and OK.
    • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
    • Click OK
    • DO NOT RUN IT YET

  • CLOSE INTERNET EXPLORER, if it is open


  • Open the folder dsrfix
    • Double click on the dsrfix batch file( the one with the little gear in it )
    • Once dsrfix has completed it will close on its own

  • Run Cleanup
    • Click on the "Cleanup" button and let it run.
    • Once its done, close the program.

  • REBOOT your system.


  • Please restart HJT and post back a fresh HJT log for review.
 
Save Share
N

· Registered
Joined
·
7 Posts
Discussion Starter · #3 ·
Here's the latest log, after disabling teatimer, running adaware, spybot, cwshredder, dsrfix.bat and cleanup, in that order, rebooting, and running HJT from C:\HJT:

Logfile of HijackThis v1.99.1
Scan saved at 9:06:46 AM, on 8/17/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\ZSPOOL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\LOGI_MWX.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\OCKUPD.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\INTUIT\QUICKBOOKS\COMPONENTS\QBAGENT\QBDAGENT2001.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\COREL\GRAPHICS8\PROGRAMS\MFINDEXER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\WINDOWS\TEMP\!UPDATE.EXE
C:\PROGRAM FILES\BHAT\TBAR.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F1 - win.ini: load=ZSpool32
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [OEMCLEANUP] C:\WINDOWS\OPTIONS\oemreset.exe /o
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,[email protected]
O4 - HKLM\..\Run: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - HKCU\..\Run: [Lmzlm] \ockupd.exe
O4 - HKCU\..\Run: [Reoe] C:\Program Files\bhat\tbar.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Compaq Knowledge Center.lnk = C:\Program Files\Compaq Knowledge Center\bin\silent.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2001.exe
O4 - Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

I also noticed OIN in add/remove programs, if that helps...

Thanks.
 
MicroBell

· TSF Security Team, Emeritus
Joined
·
6,969 Posts
#4 ·
Next round....

Open My Computer>>Tools>>Folder Options>>View>> Hidden files and folders>> select show hidden files and folders. Uncheck the Hide protected operating system files.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove the following IF listed.

SurfSideKick 3
Blowsearchtoolbar

Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one IF they are still listed (they shouldn't be but make sure)

C:\OCKUPD.EXE
C:\WINDOWS\TEMP\!UPDATE.EXE
C:\PROGRAM FILES\BHAT\TBAR.EXE

Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,[email protected]
O4 - HKLM\..\Run: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - HKCU\..\Run: [Lmzlm] \ockupd.exe
O4 - HKCU\..\Run: [Reoe] C:\Program Files\bhat\tbar.exe

Delete the following Files/Folders in RED (delete folders if no filename is specified or if they are highlighted in RED) according to their directory (If you can't find them...do a search for them…make sure you have search hidden files, folders, sub directory’s ect enabled if it apply’s to your OS)

C:\OCKUPD.EXE
C:\PROGRAM FILES\BHAT\TBAR.EXE
C:\WINDOWS\CFGMGR52.DLL
C:\WINDOWS\SYSTEM\exp.exe
C:\WINDOWS\SYSTEM\wintask.exe
C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
AUNPS2.DLL<--locate and delete that file.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
    [X]Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Once back to normal windows....

Please run an online scan at http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Once it has finished save the activescan log. Then post that log in your next post along with a new hijackthis log.
 
Save Share
N

· Registered
Joined
·
7 Posts
Discussion Starter · #5 ·
I followed all the directions, and removed most of the files, but couldn't find exp.exe anywhere. Explorer started crashing, so I had to use a command prompt to delete some of the files, and I searched through both c:/windows/ and c:/windows/system for the exp.exe file. After rebooting, I ran the Panda scan, but popups kept popping, and ad destroyer installed itself. I repeated all the steps twice more, including the initial spybot, adaware cwshredder scans, cleanup etc, and then re-ran the Panda scan:

Incident Status Location

Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
Adware:Adware/PurityScan No disinfected C:\Program Files\bhat\tbar.exe
Spyware:spyware/surfsidekick No disinfected C:\WINDOWS\Application Data\Sskknwrd.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MVVCRT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UXP10.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DZSPEX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\msg209.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DJCNDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DERAW16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MCWIZ.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\BFOWSEWM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IFMUI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DEKMAINT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OQETHK32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IT41_QC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IQS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CVBVIEW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SBRIALUI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WMNMM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DDOUND.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\doimg.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CDYPTNET.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DQRAW16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CAM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MXVCP60.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QKV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ophlp30t.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\lo_meta.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\JTDW400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LBUICOM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WONINET.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DF16GT.DLL
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Adware:Adware/PurityScan No disinfected C:\WINDOWS\TEMP\!update.exe
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Renamed C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Adware:Adware/PurityScan No disinfected C:\WINDOWS\TEMP\pav80C4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav1324.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav2003.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav2355.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav2360.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav2364.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav2371.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav2373.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav2380.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav2383.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav2390.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav2393.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav23A2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav23A3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav23B0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav23B2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav23B4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3001.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3003.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3010.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3042.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3061.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3065.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3071.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3073.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3080.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3090.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav3093.TMP
Adware:Adware/PurityScan No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\0169AB0V\!update-2464[1].0000
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\dpwtzurn.exe
Adware:Adware/EnhSrch No disinfected C:\WINDOWS\dsr.dll
Adware:Adware/Midaddle No disinfected C:\WINDOWS\ru.exe
Adware:Adware/Look2Me No disinfected C:\temp\Installer.exe
Logfile of HijackThis v1.99.1
Scan saved at 3:08:47 PM, on 8/18/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\ZSPOOL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\LOGI_MWX.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\INTUIT\QUICKBOOKS\COMPONENTS\QBAGENT\QBDAGENT2001.EXE
C:\COREL\GRAPHICS8\PROGRAMS\MFINDEXER.EXE
C:\PROGRAM FILES\BHAT\TBAR.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F1 - win.ini: load=ZSpool32
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [OEMCLEANUP] C:\WINDOWS\OPTIONS\oemreset.exe /o
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Reoe] C:\Program Files\bhat\tbar.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Compaq Knowledge Center.lnk = C:\Program Files\Compaq Knowledge Center\bin\silent.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2001.exe
O4 - Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab

I used cleanup to delete most of the files listed in the temp directories, but I'm still having issues.

Thanks.
 
MicroBell

· TSF Security Team, Emeritus
Joined
·
6,969 Posts
#6 ·
Yes I know. As you can see in the logs you have the Look2me infection..which is tough to remove. There's a tool in testing but it fails every now and then. We will try it first...and then remove this manully if need be.

Download KillBox http://www.bleepingcomputer.com/files/spyware/KillBox.zip


Please download L2m9xfix here:
http://www.geekstogo.com/downloads/l2m9xfix.exe

Save it to the desktop and run it. Extract the files, and then open the l2m9xfix folder it just created and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed. Once it's complete...run the Cleanup utility and reboot/logoff when prompted.

Then reboot back to safe mode.
C:\WINDOWS\TEMP <--delete ALL files in that folder!!

Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

C:\WINDOWS\SYSTEM\QBUninstaller.exe
C:\Program Files\bhat\tbar.exe
C:\WINDOWS\Application Data\Sskknwrd.dll
C:\WINDOWS\dpwtzurn.exe
C:\WINDOWS\dsr.dll
C:\WINDOWS\ru.exe


Once back to normal windows... post a new Panda log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.
 
Save Share
N

· Registered
Joined
·
7 Posts
Discussion Starter · #7 ·
OK, I think we're getting somewhere - I've had this thing on the 'net for over an hour and no popups yet. Here's the updated logs:

Incident Status Location

Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\BFOWSEWM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\CAM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\CDYPTNET.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\CVBVIEW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\DDOUND.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\DEKMAINT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\DERAW16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\DF16GT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\DJCNDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\doimg.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\DQRAW16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\DZSPEX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\hkpta2.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\IFMUI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\IQS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\IT41_QC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\JTDW400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\LBUICOM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\lo_meta.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\MCWIZ.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\msg209.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\MVVCRT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\MXVCP60.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\OQETHK32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\QKV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\SBRIALUI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\UXP10.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\WMNMM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\WONINET.DLL
Adware:Adware/Midaddle No disinfected C:\WINDOWS\SYSTEM\tbar.exe
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Renamed C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Adware:Adware/Midaddle No disinfected C:\WINDOWS\TEMP\pavD363.TMP
Adware:Adware/Look2Me No disinfected C:\temp\Installer.exe

Log of L2M9XFix v1

************

Running from directory:
C:\WINDOWS\Desktop\l2m9xfix

************

Files found:

C:\WINDOWS\system\BFOWSEWM.DLL
C:\WINDOWS\system\BFOWSEWM.DLL
C:\WINDOWS\system\BFOWSEWM.DLL
C:\WINDOWS\system\BFOWSEWM.DLL
C:\WINDOWS\system\CAM.DLL
C:\WINDOWS\system\CAM.DLL
C:\WINDOWS\system\CAM.DLL
C:\WINDOWS\system\CAM.DLL
C:\WINDOWS\system\CDYPTNET.DLL
C:\WINDOWS\system\CDYPTNET.DLL
C:\WINDOWS\system\CDYPTNET.DLL
C:\WINDOWS\system\CDYPTNET.DLL
C:\WINDOWS\system\CVBVIEW.DLL
C:\WINDOWS\system\CVBVIEW.DLL
C:\WINDOWS\system\CVBVIEW.DLL
C:\WINDOWS\system\CVBVIEW.DLL
C:\WINDOWS\system\DDOUND.DLL
C:\WINDOWS\system\DDOUND.DLL
C:\WINDOWS\system\DDOUND.DLL
C:\WINDOWS\system\DDOUND.DLL
C:\WINDOWS\system\DEKMAINT.DLL
C:\WINDOWS\system\DEKMAINT.DLL
C:\WINDOWS\system\DEKMAINT.DLL
C:\WINDOWS\system\DEKMAINT.DLL
C:\WINDOWS\system\DERAW16.DLL
C:\WINDOWS\system\DERAW16.DLL
C:\WINDOWS\system\DERAW16.DLL
C:\WINDOWS\system\DERAW16.DLL
C:\WINDOWS\system\DF16GT.DLL
C:\WINDOWS\system\DF16GT.DLL
C:\WINDOWS\system\DF16GT.DLL
C:\WINDOWS\system\DF16GT.DLL
C:\WINDOWS\system\DJCNDI.DLL
C:\WINDOWS\system\DJCNDI.DLL
C:\WINDOWS\system\DJCNDI.DLL
C:\WINDOWS\system\DJCNDI.DLL
C:\WINDOWS\system\doimg.dll
C:\WINDOWS\system\doimg.dll
C:\WINDOWS\system\doimg.dll
C:\WINDOWS\system\doimg.dll
C:\WINDOWS\system\DQRAW16.DLL
C:\WINDOWS\system\DQRAW16.DLL
C:\WINDOWS\system\DQRAW16.DLL
C:\WINDOWS\system\DQRAW16.DLL
C:\WINDOWS\system\DZSPEX.DLL
C:\WINDOWS\system\DZSPEX.DLL
C:\WINDOWS\system\DZSPEX.DLL
C:\WINDOWS\system\DZSPEX.DLL
C:\WINDOWS\system\hkpta2.dll
C:\WINDOWS\system\hkpta2.dll
C:\WINDOWS\system\hkpta2.dll
C:\WINDOWS\system\hkpta2.dll
C:\WINDOWS\system\IFMUI.DLL
C:\WINDOWS\system\IFMUI.DLL
C:\WINDOWS\system\IFMUI.DLL
C:\WINDOWS\system\IFMUI.DLL
C:\WINDOWS\system\IQS.DLL
C:\WINDOWS\system\IQS.DLL
C:\WINDOWS\system\IQS.DLL
C:\WINDOWS\system\IQS.DLL
C:\WINDOWS\system\IT41_QC.DLL
C:\WINDOWS\system\IT41_QC.DLL
C:\WINDOWS\system\IT41_QC.DLL
C:\WINDOWS\system\IT41_QC.DLL
C:\WINDOWS\system\JTDW400.DLL
C:\WINDOWS\system\JTDW400.DLL
C:\WINDOWS\system\JTDW400.DLL
C:\WINDOWS\system\JTDW400.DLL
C:\WINDOWS\system\LBUICOM.DLL
C:\WINDOWS\system\LBUICOM.DLL
C:\WINDOWS\system\LBUICOM.DLL
C:\WINDOWS\system\LBUICOM.DLL
C:\WINDOWS\system\lo_meta.dll
C:\WINDOWS\system\lo_meta.dll
C:\WINDOWS\system\lo_meta.dll
C:\WINDOWS\system\lo_meta.dll
C:\WINDOWS\system\MCWIZ.DLL
C:\WINDOWS\system\MCWIZ.DLL
C:\WINDOWS\system\MCWIZ.DLL
C:\WINDOWS\system\MCWIZ.DLL
C:\WINDOWS\system\msg209.dll
C:\WINDOWS\system\msg209.dll
C:\WINDOWS\system\msg209.dll
C:\WINDOWS\system\msg209.dll
C:\WINDOWS\system\MVVCRT.DLL
C:\WINDOWS\system\MVVCRT.DLL
C:\WINDOWS\system\MVVCRT.DLL
C:\WINDOWS\system\MVVCRT.DLL
C:\WINDOWS\system\MXVCP60.DLL
C:\WINDOWS\system\MXVCP60.DLL
C:\WINDOWS\system\MXVCP60.DLL
C:\WINDOWS\system\MXVCP60.DLL
C:\WINDOWS\system\OQETHK32.DLL
C:\WINDOWS\system\OQETHK32.DLL
C:\WINDOWS\system\OQETHK32.DLL
C:\WINDOWS\system\OQETHK32.DLL
C:\WINDOWS\system\QKV.DLL
C:\WINDOWS\system\QKV.DLL
C:\WINDOWS\system\QKV.DLL
C:\WINDOWS\system\QKV.DLL
C:\WINDOWS\system\SBRIALUI.DLL
C:\WINDOWS\system\SBRIALUI.DLL
C:\WINDOWS\system\SBRIALUI.DLL
C:\WINDOWS\system\SBRIALUI.DLL
C:\WINDOWS\system\UXP10.DLL
C:\WINDOWS\system\UXP10.DLL
C:\WINDOWS\system\UXP10.DLL
C:\WINDOWS\system\UXP10.DLL
C:\WINDOWS\system\WMNMM.DLL
C:\WINDOWS\system\WMNMM.DLL
C:\WINDOWS\system\WMNMM.DLL
C:\WINDOWS\system\WMNMM.DLL
C:\WINDOWS\system\WONINET.DLL
C:\WINDOWS\system\WONINET.DLL
C:\WINDOWS\system\WONINET.DLL
C:\WINDOWS\system\WONINET.DLL

************

Registry entries found:

[HKEY_CLASSES_ROOT\CLSID\{C07AD3C7-C481-4362-AA1A-66DE7C5BF51A}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\DJCNDI.DLL"
[HKEY_CLASSES_ROOT\CLSID\{C07AD3C7-C481-4362-AA1A-66DE7C5BF51A}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\DJCNDI.DLL"
[HKEY_CLASSES_ROOT\CLSID\{C07AD3C7-C481-4362-AA1A-66DE7C5BF51A}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\DJCNDI.DLL"
[HKEY_CLASSES_ROOT\CLSID\{C07AD3C7-C481-4362-AA1A-66DE7C5BF51A}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\DJCNDI.DLL"

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{E5ADE2F4-0BC3-06B2-9B01-A01088F07FA6}"=""


************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!


A few more rounds, and this thing will be a contender!
 
POADB

· Registered
Joined
·
6,580 Posts
#8 ·
did you empty this folder:

C:\WINDOWS\TEMP\

The Temp directory neds to be cleared. You can run Cleanup or empty the folder manually. Either way - ensure the folder is empty.

We'll need a new HJT log and a new Panda scan when you have completed the above.
 
N

· Registered
Joined
·
7 Posts
Discussion Starter · #9 ·
Sorry for the delay in response - I caught a virus over the weekend! I did deleted the contents of the C:\Windows\Temp directory the first time through, but I've gone through all the steps twice more with the same results. The .vir files return on reboot each time, and I've run the AVG scan, the panda scan twice, and ad-aware. Here's the results:

Logfile of HijackThis v1.99.1
Scan saved at 12:32:45 PM, on 8/22/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\ZSPOOL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\LOGI_MWX.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\INTUIT\QUICKBOOKS\COMPONENTS\QBAGENT\QBDAGENT2001.EXE
C:\COREL\GRAPHICS8\PROGRAMS\MFINDEXER.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F1 - win.ini: load=ZSpool32
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [OEMCLEANUP] C:\WINDOWS\OPTIONS\oemreset.exe /o
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Reoe] C:\Program Files\bhat\tbar.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Compaq Knowledge Center.lnk = C:\Program Files\Compaq Knowledge Center\bin\silent.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2001.exe
O4 - Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab


Incident Status Location

Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\BFOWSEWM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\CAM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\CDYPTNET.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\CVBVIEW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\DDOUND.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\DEKMAINT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\DERAW16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\DF16GT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\DJCNDI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\doimg.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\DQRAW16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\DZSPEX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\hkpta2.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\IFMUI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\IQS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\IT41_QC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\JTDW400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\LBUICOM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\lo_meta.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\MCWIZ.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\msg209.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\MVVCRT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\MXVCP60.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\OQETHK32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\QKV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\SBRIALUI.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\UXP10.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\WMNMM.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Desktop\l2m9xfix\backups\WONINET.DLL
Adware:Adware/Midaddle No disinfected C:\WINDOWS\SYSTEM\tbar.exe
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Renamed C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir.vir
Adware:Adware/Midaddle No disinfected C:\WINDOWS\TEMP\pav93F4.TMP
Adware:Adware/Look2Me No disinfected C:\temp\Installer.exe
 
POADB

· Registered
Joined
·
6,580 Posts
#10 ·
Download L2MFix - Double click L2mfix.exe & answer Yes when prompted. Then click the Install button to extract the files to a newly created folder named - L2mfix

Reboot to Safe Mode

Close all open programs
Double click L2mfix.bat
Select option #2 - Run Fix - by typing 2
Press any key to reboot your computer.
After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, you will be presented with a log. Copy the contents of that log and paste it here, along with a new HJT log.

Please Do NOT run any other files in the l2mfix folder until you are told to
 
POADB

· Registered
Joined
·
6,580 Posts
#12 ·
My mistake.

So you have all ready run a Look2Me scan...and by the looks of the above log - it cleaned it out and is holding the files in a backup folder.

Reboot to Safe Mode.

Now empty: C:\WINDOWS\TEMP\

Return to Normal Mode - return us a new Scan report.
 
1 - 12 of 12 Posts
Status
Not open for further replies.
About this Discussion
11 Replies
3 Participants
Last post:
POADB
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top