Author Topic: Lavasoft, cws shredder, or spybots&d wont work (Read 1600 times)

meelox · « **on:** January 05, 2005, 10:26:05 PM »

Please someone help me. I have downloaded several copies from different sites of Lavasofts Ad-aware se personal. I can not get it to work. I downloaded the latest version of Cws (several times) and I get an error message.
I am very near crying! I have tried for two weeks to rid this machine of something my son or hubby got from an adult site (ads have taken over). Over the Christmas holidays, while I was out helping the needy, they were at home killing my computer.
I know part of it is Malware ...I can see it in the registrty. I have tried manually taking some things out of it but as soon as reboot its all right back again.
I have tried using firefox instead of IE but nothing helps. I have read everything I can find on how to help. Nothing seems to be working.
Ad-aware loads the definitions but then i get an explorer error ( i close the explorer box ) my desktop reloads while ad-aware is still running then it hangs up at delete.
CWS (old version runs) but the new updated will not I get a explorer error there too.

tonight I took out the Microsoft java and put in the Sun java ....
somebody please advise me ...
I am running windows 98

here is my hijack this file .... (when I delete with this, and then close the program and run it agian the delete items are back )

Logfile of HijackThis v1.97.7
Scan saved at 9:20:24 PM, on 1/5/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 SP1 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\E_S4I2G1.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\KALVXNL32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cg...k=sbar1_srchbtn
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\SYSTEM\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O5 "LPT1:" /M "Stylus CX5400"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [kalvsys] C:\WINDOWS\SYSTEM\KALVXNL32.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

all help is appreciated!

meelox · « **Reply #1 on:** January 05, 2005, 10:42:05 PM »

this is what CWS says:
CWSHREDDER caused an invalid page fault in
module CWSHREDDER.EXE at 0167:00403373.
Registers:
EAX=00000004 CS=0167 EIP=00403373 EFLGS=00010246
EBX=01000030 SS=016f ESP=01b8fe48 EBP=01b8fea4
ECX=01000010 DS=016f ESI=00000000 FS=13b7
EDX=00000006 ES=016f EDI=0046145c GS=0000
Bytes at CS:EIP:
8b 00 56 57 8b f9 8b 37 8d 48 f0 83 ee 10 3b ce
Stack dump:
0042efec 00000004 bff55836 006af98c 0040471d 00000000 00000004 00000096 bff92d08 006af98c 00000001 00000001 00000001 01000014 00000001 00443b14

I cant tell you what ad-aware se says because when the error comes up It stalls everything and I have to manually turn to pc off and back on .

guestolo · « **Reply #2 on:** January 05, 2005, 11:01:25 PM »

Can you try this for me Meelox
First let's make a backup of your registry, something to fall back on
Not to worry, we have saved one to this point if we need it
Go to START>>RUN>>type in scanregw and hit OK
You should get a prompt to backup, click YES and then OK

We need a few tools to identify the Nasties on your computer
Download and Unzip to a folder
findit.zip
Open the folder and double click on the Find.bat file
Ignore any File not found messages
It runs for a minute or longer, give this time, and produces a log
Please copy and paste the log on your next response.

Can you Download DLLCompare

Start the Program and click the Run Locate.com

Let it complete the SCAN, which won't take long
Click the Compare button to start the next process.This will take a bit longer.

When it's done click the Make a log of what was found button and post it back here

One last request
Download and save to desktop
VX2 Finder
Open it and click the "Click to Find VX2.betterinternet"
When it's done scanning click the Make log and post it back here

One last request
Download and save to your desktop
LSPfix.exe from this link
http://www.cexx.org/lspfix.htm

Open LSP fix and let me know what you see on the KEEP side, also let me know what you see on the REMOVE side
Exit out of there for now using the X to close out

Could you also update your version of Hijackthis
Open Hijackthis>>Config>>Misc Tools>>Check for updates Online
If for some reason it won't update
Download the latest version from CLICK HERE or CLICK HERE
Save it to a Permanent folder
I'm suspicious if the latest version will run, if not could you download Hijackthis 1.98.2 instead from this link, Unzip it to a permanent folder Hijackthis 1.98.2
But please try to get the latest first
Scan and post a new log

Please don't try and reboot your computer until we have tried some fixes

guestolo · « **Reply #3 on:** January 05, 2005, 11:32:36 PM »

Can you also let me know what you mean by this

Quote

I have tried using firefox instead of IE but nothing helps

meelox · « **Reply #4 on:** January 05, 2005, 11:54:11 PM »

well I tried the findit.zip, open the folder and click on the find.bat , got the dos screen and the message to "ignore any file not found" and let run for about 10 minutes and nothing happened.

log file:DLLCOMPARE
* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM\qgenut16.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\mwrd2x40.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\lwpdf13n.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\nddll.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\exres16.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\sormdll.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\hpsetup.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\mbcms.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\ewres16.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\qqnbc16.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\dfusic32.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\dsiman32.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\lcraw12n.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\hap95en.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\daime.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\ajycfilt.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\mcexch40.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\lgsmp13n.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\eth27uiw.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\mtimg32.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\svi_ci32.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\lwiff13n.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\szbd6w95.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\ljsmp13n.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
C:\WINDOWS\SYSTEM\maimsg.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
________________________________________________

1,011 items found: 1,011 files (25 H/S), 0 directories.
Total of file sizes: 192,274,503 bytes 183.37 M

--------------------End log---------------------

LOGFILE OF VX2 FINDER:
Log for VX2.BetterInternet File Finder (ver126)

Files Found---

User Agent String---
{21A21720-5D09-11D9-B700-B4AC6A7A4D1F}

what to keep on LSP fix:
rnr20.dll DNS namespace provider
AKLSP.DLL [protocol handler]
mswsosp.dll [protocol handler]
masfd.dll [protocol handler]
rsvpsp.dll [protocol handler]

new hijack this log from new download :
Logfile of HijackThis v1.99.0
Scan saved at 10:36:38 PM, on 1/5/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 SP1 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\E_S4I2G1.EXE
C:\WINDOWS\SYSTEM\KALVXNL32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\DESKTOP\LSPFIX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cg...k=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cg...look=stmpl1&fw=
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\SYSTEM\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O5 "LPT1:" /M "Stylus CX5400"
O4 - HKLM\..\Run: [kalvsys] C:\WINDOWS\SYSTEM\KALVXNL32.EXE
O4 - Startup: STRINGS.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -

thanks for the help

meelox · « **Reply #5 on:** January 05, 2005, 11:58:49 PM »

I was so sick of Internet Explorer that I typed in my search box ....
Something to replace IE with and I read some things about using FIREFOX as my browser ... so i tried it and it worked great for about 30 minutes then that search bar was taken over too .... all I get is redirections, pop-ups one after another , I thought Fire fox was the way to go but it is not ...however I am still using it.

guestolo · « **Reply #6 on:** January 06, 2005, 12:47:36 AM »

We'll try some cleanup with the information you supplied

Download the Pocket Killbox
2.Unzip the contents of KillBox.zip to a convenient location.

Download Hoster by Toadbee
Unzip it to it's own folder

Please save this to a Notepad file and leave it on your desktop and then Disconnect completely from the Internet
Open these instructions and leave them open until we have restarted your computer

Open your task manager (Ctrl+Alt+Del)
End task on this
KALVXNL32.EXE

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cg...k=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cg...look=stmpl1&fw=
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 auto.search.msn.com

O4 - HKLM\..\Run: [kalvsys] C:\WINDOWS\SYSTEM\KALVXNL32.EXE

After you have ticked the above entries, close All other open windows, including this one>>>except for the saved notepad file
Leave Hijackthis open and click FIX CHECKED
YES and exit Hijackthis

Run Pocket KillBox
click on Tools --> Select Delete Temp Files. Click OK.
At the bottom right of the main screen, click on the down arrow to the left of the yellow triangle.
Select the following entry if running rundll32.exe
Now click the yellow triangle to End Task
There may be more than one running, end task on all of them

Do the same thing for explorer.exe
Your Desktop and Icons will disappear, don't let it worry you
OK it

Again, in Killbox
At the main screen of Pocket Killbox, select the option: Delete on Reboot

In the Full Path of File to Delete box, copy and paste this entry:

C:\WINDOWS\SYSTEM\qgenut16.dll

Press the button with a red circle and a white X (Delete File)
When asked if you would like to Reboot, select No.

Do the same for all these:

C:\WINDOWS\SYSTEM\mwrd2x40.dll

C:\WINDOWS\SYSTEM\lwpdf13n.dll

C:\WINDOWS\SYSTEM\nddll.dll

C:\WINDOWS\SYSTEM\exres16.dll

C:\WINDOWS\SYSTEM\sormdll.dll

C:\WINDOWS\SYSTEM\hpsetup.dll

C:\WINDOWS\SYSTEM\mbcms.dll

C:\WINDOWS\SYSTEM\ewres16.dll

C:\WINDOWS\SYSTEM\qqnbc16.dll

C:\WINDOWS\SYSTEM\dfusic32.dll

C:\WINDOWS\SYSTEM\dsiman32.dll

C:\WINDOWS\SYSTEM\lcraw12n.dll

C:\WINDOWS\SYSTEM\hap95en.dll

C:\WINDOWS\SYSTEM\daime.dll

C:\WINDOWS\SYSTEM\ajycfilt.dll

C:\WINDOWS\SYSTEM\mcexch40.dll

C:\WINDOWS\SYSTEM\lgsmp13n.dll

C:\WINDOWS\SYSTEM\eth27uiw.dll

C:\WINDOWS\SYSTEM\mtimg32.dll

C:\WINDOWS\SYSTEM\svi_ci32.dll

C:\WINDOWS\SYSTEM\lwiff13n.dll

C:\WINDOWS\SYSTEM\szbd6w95.dll

C:\WINDOWS\SYSTEM\ljsmp13n.dll

C:\WINDOWS\SYSTEM\maimsg.dll

Finally, in Full Path of File to Delete, copy and paste the following:

C:\WINDOWS\SYSTEM\KALVXNL32.EXE

Press the button with a red circle and a white X.
When asked to Reboot, select Yes!!

Your computer should restart
When back in Windows

Open Hoster and let it create a new host file

Please try to let Find.bat produce a log, I know it may take a long time, but it's been known to take up to 15 minutes or so on Win 98 or ME
Post back the log if you can

Post back a new log from DLLCompare

Post back a Fresh Hijackthis log

If, at any time you lose Internet connection
close out all windows,--Double click to run Lsp fix--
Check "I know what I'm doing".
Then select all occurances of AKLSP.DLL (and nothing else) in the left pane,
click the arrow button to have them moved into the right hand panel.(The Removal Pane)
Click Finish

Restart your computer

If above problem doesn't occur don't worry about the LSP fix at this time

Can you not try and reboot your computer again until we have tried some more fixes
please, or some final cleanup
This nasty may take a few attempts to rid you of it, stick with it

Guest · « **Reply #7 on:** January 06, 2005, 12:50:29 AM »

After running the findit.bat for about 20 minutes I finally go this :
------- System Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 2435-13D6
Directory of C:\WINDOWS\SYSTEM

QGENUT16 DLL 217,088 12-13-04 7:52p QGENUT16.DLL
MWRD2X40 DLL 217,088 12-13-04 7:52p MWRD2X40.DLL
LWPDF13N DLL 217,088 12-13-04 7:52p lwpdf13n.dll
NDDLL DLL 217,088 12-13-04 7:52p NDDLL.DLL
EXRES16 DLL 217,088 12-13-04 7:52p EXRES16.DLL
SORMDLL DLL 217,088 12-13-04 7:52p sormdll.dll
HPSETUP DLL 217,088 12-13-04 7:52p hpsetup.dll
MBCMS DLL 217,088 12-13-04 7:52p MBCMS.DLL
EWRES16 DLL 217,088 12-13-04 7:52p EWRES16.DLL
QQNBC16 DLL 217,088 12-13-04 7:52p QQNBC16.DLL
DFUSIC32 DLL 217,088 12-13-04 7:52p DFUSIC32.DLL
DSIMAN32 DLL 217,088 12-13-04 7:52p DSIMAN32.DLL
LCRAW12N DLL 217,088 12-13-04 7:52p LCRAW12N.DLL
HAP95EN DLL 217,088 12-13-04 7:52p HAP95EN.DLL
DAIME DLL 217,088 12-13-04 7:52p DAIME.DLL
AJYCFILT DLL 217,088 12-13-04 7:52p AJYCFILT.DLL
MCEXCH40 DLL 217,088 12-13-04 7:52p MCEXCH40.DLL
LGSMP13N DLL 217,088 12-13-04 7:52p LGSMP13n.dll
ETH27UIW DLL 217,088 12-13-04 7:52p ETH27UIW.DLL
MTIMG32 DLL 217,088 12-13-04 7:52p MTIMG32.DLL
SVI_CI32 DLL 217,088 12-13-04 7:52p SVI_CI32.DLL
LWIFF13N DLL 217,088 12-13-04 7:52p lwiff13n.dll
SZBD6W95 DLL 217,088 12-13-04 7:52p Szbd6w95.dll
LJSMP13N DLL 217,088 12-13-04 7:52p LJSMP13n.dll
MAIMSG DLL 217,088 12-13-04 7:52p maimsg.dll
HPLOFHAS EXE 385,024 11-04-04 6:27p hplofhas.exe
26 file(s) 5,812,224 bytes
0 dir(s) 8,641.80 MB free

------- System Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 2435-13D6
Directory of C:\WINDOWS\SYSTEM

QGENUT16 DLL 217,088 12-13-04 7:52p QGENUT16.DLL
MWRD2X40 DLL 217,088 12-13-04 7:52p MWRD2X40.DLL
LWPDF13N DLL 217,088 12-13-04 7:52p lwpdf13n.dll
NDDLL DLL 217,088 12-13-04 7:52p NDDLL.DLL
EXRES16 DLL 217,088 12-13-04 7:52p EXRES16.DLL
SORMDLL DLL 217,088 12-13-04 7:52p sormdll.dll
HPSETUP DLL 217,088 12-13-04 7:52p hpsetup.dll
MBCMS DLL 217,088 12-13-04 7:52p MBCMS.DLL
EWRES16 DLL 217,088 12-13-04 7:52p EWRES16.DLL
QQNBC16 DLL 217,088 12-13-04 7:52p QQNBC16.DLL
DFUSIC32 DLL 217,088 12-13-04 7:52p DFUSIC32.DLL
DSIMAN32 DLL 217,088 12-13-04 7:52p DSIMAN32.DLL
LCRAW12N DLL 217,088 12-13-04 7:52p LCRAW12N.DLL
HAP95EN DLL 217,088 12-13-04 7:52p HAP95EN.DLL
DAIME DLL 217,088 12-13-04 7:52p DAIME.DLL
AJYCFILT DLL 217,088 12-13-04 7:52p AJYCFILT.DLL
MCEXCH40 DLL 217,088 12-13-04 7:52p MCEXCH40.DLL
LGSMP13N DLL 217,088 12-13-04 7:52p LGSMP13n.dll
ETH27UIW DLL 217,088 12-13-04 7:52p ETH27UIW.DLL
MTIMG32 DLL 217,088 12-13-04 7:52p MTIMG32.DLL
SVI_CI32 DLL 217,088 12-13-04 7:52p SVI_CI32.DLL
LWIFF13N DLL 217,088 12-13-04 7:52p lwiff13n.dll
SZBD6W95 DLL 217,088 12-13-04 7:52p Szbd6w95.dll
LJSMP13N DLL 217,088 12-13-04 7:52p LJSMP13n.dll
MAIMSG DLL 217,088 12-13-04 7:52p maimsg.dll
HPLOFHAS EXE 385,024 11-04-04 6:27p hplofhas.exe
26 file(s) 5,812,224 bytes
0 dir(s) 8,571.80 MB free

------- System Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 2435-13D6
Directory of C:\WINDOWS\SYSTEM

QGENUT16 DLL 217,088 12-13-04 7:52p QGENUT16.DLL
MWRD2X40 DLL 217,088 12-13-04 7:52p MWRD2X40.DLL
LWPDF13N DLL 217,088 12-13-04 7:52p lwpdf13n.dll
NDDLL DLL 217,088 12-13-04 7:52p NDDLL.DLL
EXRES16 DLL 217,088 12-13-04 7:52p EXRES16.DLL
SORMDLL DLL 217,088 12-13-04 7:52p sormdll.dll
HPSETUP DLL 217,088 12-13-04 7:52p hpsetup.dll
MBCMS DLL 217,088 12-13-04 7:52p MBCMS.DLL
EWRES16 DLL 217,088 12-13-04 7:52p EWRES16.DLL
QQNBC16 DLL 217,088 12-13-04 7:52p QQNBC16.DLL
DFUSIC32 DLL 217,088 12-13-04 7:52p DFUSIC32.DLL
DSIMAN32 DLL 217,088 12-13-04 7:52p DSIMAN32.DLL
LCRAW12N DLL 217,088 12-13-04 7:52p LCRAW12N.DLL
HAP95EN DLL 217,088 12-13-04 7:52p HAP95EN.DLL
DAIME DLL 217,088 12-13-04 7:52p DAIME.DLL
AJYCFILT DLL 217,088 12-13-04 7:52p AJYCFILT.DLL
MCEXCH40 DLL 217,088 12-13-04 7:52p MCEXCH40.DLL
LGSMP13N DLL 217,088 12-13-04 7:52p LGSMP13n.dll
ETH27UIW DLL 217,088 12-13-04 7:52p ETH27UIW.DLL
MTIMG32 DLL 217,088 12-13-04 7:52p MTIMG32.DLL
SVI_CI32 DLL 217,088 12-13-04 7:52p SVI_CI32.DLL
LWIFF13N DLL 217,088 12-13-04 7:52p lwiff13n.dll
SZBD6W95 DLL 217,088 12-13-04 7:52p Szbd6w95.dll
LJSMP13N DLL 217,088 12-13-04 7:52p LJSMP13n.dll
MAIMSG DLL 217,088 12-13-04 7:52p maimsg.dll
HPLOFHAS EXE 385,024 11-04-04 6:27p hplofhas.exe
26 file(s) 5,812,224 bytes
0 dir(s) 8,359.05 MB free

------- Hidden Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 2435-13D6
Directory of C:\WINDOWS\SYSTEM

FOLDER HTT 13,122 12-26-04 5:32p folder.htt
DESKTOP INI 266 12-26-04 5:32p desktop.ini
E_QI021E GID 8,628 12-03-04 11:24p E_QI021E.GID
HPLOFHAS EXE 385,024 11-04-04 6:27p hplofhas.exe
CTF <DIR> 08-31-04 2:08p CTF
HPHIPCL GID 30,367 05-22-04 2:46p hphipcl.GID
HPFUIH05 GID 8,628 02-12-04 12:12a hpfuih05.GID
6 file(s) 446,035 bytes
1 dir(s) 8,641.78 MB free

---------------- User Agent ------------

------- Hidden Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 2435-13D6
Directory of C:\WINDOWS\SYSTEM

FOLDER HTT 13,122 12-26-04 5:32p folder.htt
DESKTOP INI 266 12-26-04 5:32p desktop.ini
E_QI021E GID 8,628 12-03-04 11:24p E_QI021E.GID
HPLOFHAS EXE 385,024 11-04-04 6:27p hplofhas.exe
CTF <DIR> 08-31-04 2:08p CTF
HPHIPCL GID 30,367 05-22-04 2:46p hphipcl.GID
HPFUIH05 GID 8,628 02-12-04 12:12a hpfuih05.GID
6 file(s) 446,035 bytes
1 dir(s) 8,571.80 MB free

---------------- User Agent ------------

------- Hidden Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 2435-13D6
Directory of C:\WINDOWS\SYSTEM

FOLDER HTT 13,122 12-26-04 5:32p folder.htt
DESKTOP INI 266 12-26-04 5:32p desktop.ini
E_QI021E GID 8,628 12-03-04 11:24p E_QI021E.GID
HPLOFHAS EXE 385,024 11-04-04 6:27p hplofhas.exe
CTF <DIR> 08-31-04 2:08p CTF
HPHIPCL GID 30,367 05-22-04 2:46p hphipcl.GID
HPFUIH05 GID 8,628 02-12-04 12:12a hpfuih05.GID
6 file(s) 446,035 bytes
1 dir(s) 8,359.05 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{21A21720-5D09-11D9-B700-B4AC6A7A4D1F}"=""

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
qgenut16.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
mwrd2x40.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
lwpdf13n.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
nddll.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
exres16.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
sormdll.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
hpsetup.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
mbcms.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
ewres16.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
qqnbc16.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
dfusic32.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
dsiman32.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
lcraw12n.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
folder.htt Sun Dec 26 2004 5:32:30p ...H. 13,122 12.81 K
hap95en.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
daime.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
ajycfilt.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
desktop.ini Sun Dec 26 2004 5:32:30p ...H. 266 0.26 K
mcexch40.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
e_qi021e.gid Fri Dec 3 2004 11:24:28p A..H. 8,628 8.43 K
lgsmp13n.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
eth27uiw.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
hplofhas.exe Thu Nov 4 2004 6:27:16p ..SHR 385,024 376.00 K
mtimg32.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
svi_ci32.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
lwiff13n.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
szbd6w95.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
ljsmp13n.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
maimsg.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K

29 items found: 29 files, 0 directories.
Total of file sizes: 5,834,240 bytes 5.56 M

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
qgenut16.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
mwrd2x40.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
lwpdf13n.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
nddll.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
exres16.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
sormdll.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
hpsetup.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
mbcms.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
ewres16.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
qqnbc16.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
dfusic32.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
dsiman32.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
lcraw12n.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
folder.htt Sun Dec 26 2004 5:32:30p ...H. 13,122 12.81 K
hap95en.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
daime.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
ajycfilt.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
desktop.ini Sun Dec 26 2004 5:32:30p ...H. 266 0.26 K
mcexch40.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
e_qi021e.gid Fri Dec 3 2004 11:24:28p A..H. 8,628 8.43 K
lgsmp13n.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
eth27uiw.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
hplofhas.exe Thu Nov 4 2004 6:27:16p ..SHR 385,024 376.00 K
mtimg32.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
svi_ci32.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
lwiff13n.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
szbd6w95.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
ljsmp13n.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
maimsg.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K

29 items found: 29 files, 0 directories.
Total of file sizes: 5,834,240 bytes 5.56 M

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
qgenut16.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
mwrd2x40.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
lwpdf13n.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
nddll.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
exres16.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
sormdll.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
hpsetup.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
mbcms.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
ewres16.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
qqnbc16.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
dfusic32.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
dsiman32.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
lcraw12n.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
folder.htt Sun Dec 26 2004 5:32:30p ...H. 13,122 12.81 K
hap95en.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
daime.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
ajycfilt.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
desktop.ini Sun Dec 26 2004 5:32:30p ...H. 266 0.26 K
mcexch40.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
e_qi021e.gid Fri Dec 3 2004 11:24:28p A..H. 8,628 8.43 K
lgsmp13n.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
eth27uiw.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
hplofhas.exe Thu Nov 4 2004 6:27:16p ..SHR 385,024 376.00 K
mtimg32.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
svi_ci32.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
lwiff13n.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
szbd6w95.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
ljsmp13n.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K
maimsg.dll Mon Dec 13 2004 7:52:54p ..S.R 217,088 212.00 K

29 items found: 29 files, 0 directories.
Total of file sizes: 5,834,240 bytes 5.56 M

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\ncoget.dll: excl_urls=adsv2.delfinproject.com,popup.msn.com,i.emarketresearchgroup.com,u.clk
optimizer.com,ezula.com,ads2.revenue.net,banners.pennyweb.com,counters.honesty.c
o
m,ads.bidclix.com,oz.valueclick.com,radio.launch.yahoo.com,zone.msn.com,sr.adwav
e
.com,xlime.offeroptimizer.com,clickit.go2net.com,us.update.companion.yahoo.com,k
i
ll-pop-ups.com,qksrv.net,clickspring.net,cdn-aimtoday.Email Removed,search200.com,servedby.adscpm.com,xanga.com,count.exitexchange.com,jnict
ech.cjt1.net,xadsq.offeroptimizer.com,paypopup.com,popuptraffic.com,cdn-cf.Email Removed,allaboutsearching.com,Email Removed.msn.com,adfarm.mediaplex.com,by.optimost.com,amch.questionmarket.com,aka
pp.whenu.com,newupdates.lzio.com,cfg.mywebsearch.com,searcheffect.com,ads.delfin
p
roject.com,master.mx-targeting.com,Email Removed.com,ctl.twain-tech.com,mail.yahoo.com,m2.doubleclick.net,insider.msg.yahoo.com,focusin.ads.tar
getnet.com,e.rn11.com,jmnad1.com,topicks.com,ad.doubleclick.net,m3.doubleclick.n
e
t,as.casalemedia.com,pgq.yahoo.com,webpdp.gator.com,stopzilla.com,ayb.lop.com,xa
d
so.offeroptimizer.com,download.smileycentral.com,mm.delfinproject.com,view.atdmt
.
com,delfinproject.com,jbns2.cydoor.com,bannerfarm.ace.advertising.com,as.adwave.
c
om,popuppers.com,look2me.com,wisapidata.weatherbug.com,ads.addynamix.com,ar.atwo
l
a.com,ad.trafficmp.com,updates.qoologic.com,ads1.revenue.net,weatherbug.com,jicm
e
dia.cjt1.net,games.yahoo.com,adsrv.qoologic.com,servedby.advertising.com,ww2.wea
t
herbug.com,rightmedia.net,bannerserver.gator.com,www4.yesadvertising.com,mmm.med
i
a-motor.net,hop.clickbank.net,media76.fastclick.net,websearch.com,isapi60.weatherb
ug.com,web.tickle.com,messenger.zango.com,wwp.icq.com,smileycentral.com,adserv1.
g
ruvmedia.com,cdn.icq.com,s.clkoptimizer.com,tv.180solutions.com,pops.browseraid.
c
om,download.abetterinternet.com,adserv.internetfuel.com,messenger.msn.com,sr.web
s
earch.com,top-banners.com,advert.runescape.com,join1.winhundred.com,odysseusmarketing.com,v4.w
indowsupdate.microsoft.com,adverts.lzio.com,windowsupdate.microsoft.com,filter.b
e
lkin.com,comcast.net,sc.musicmatch.com,license.hotbar.com,trk.pcsecurityshield.c
o
m,web.icq.com,whenusearch.com,jbigpops.cjt1.net,isg05.casalemedia.com,yahoo.com,
E
mail Removed,anrdoezrs.net,microsoft.com,target.com,aim-charts.pf.Email Removed,download.websearch.com,actualdeals.com,images.trafficmp.com,mydailyhoros
cope.net,couponage.com,c5.zedo.com,ekmas.com,ads.mydailyhoroscope.net,creativeby
.
viewpoint.com,affiliates.4lowrates.com,hits.clickandtrack.net,jcontent.bns1.net,
c
lickserve.cc-dt.com,popups.ad-logics.com,adlog2.lzio.com,host239.ipowerweb.com,bv.channel.Email Removed,img2.mailpostdirect.com,dw.dailywinner.net,toprebates.com,trk.bestmagsdi
rect.com,ads.clickagents.com,a.websponsors.com,sandboxer.com,media.fastclick.net
,
click2.containsitall.com,ads234.com,http300.edge.ru4.com,adlog.com.com,rs.websea
r
ch.com,ads.com.com,server.iad.liveperson.net,
C:\WINDOWS\opnabu.dll: updates.qoologic.com
C:\WINDOWS\yuqpoz.dll: updates.qoologic.com
C:\WINDOWS\zuaqwm.exe: updates.qoologic.com
------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\ncoget.dll: excl_urls=adsv2.delfinproject.com,popup.msn.com,i.emarketresearchgroup.com,u.clk
optimizer.com,ezula.com,ads2.revenue.net,banners.pennyweb.com,counters.honesty.c
o
m,ads.bidclix.com,oz.valueclick.com,radio.launch.yahoo.com,zone.msn.com,sr.adwav
e
.com,xlime.offeroptimizer.com,clickit.go2net.com,us.update.companion.yahoo.com,k
i
ll-pop-ups.com,qksrv.net,clickspring.net,cdn-aimtoday.Email Removed,search200.com,servedby.adscpm.com,xanga.com,count.exitexchange.com,jnict
ech.cjt1.net,xadsq.offeroptimizer.com,paypopup.com,popuptraffic.com,cdn-cf.Email Removed,allaboutsearching.com,Email Removed.msn.com,adfarm.mediaplex.com,by.optimost.com,amch.questionmarket.com,aka
pp.whenu.com,newupdates.lzio.com,cfg.mywebsearch.com,searcheffect.com,ads.delfin
p
roject.com,master.mx-targeting.com,Email Removed.com,ctl.twain-tech.com,mail.yahoo.com,m2.doubleclick.net,insider.msg.yahoo.com,focusin.ads.tar
getnet.com,e.rn11.com,jmnad1.com,topicks.com,ad.doubleclick.net,m3.doubleclick.n
e
t,as.casalemedia.com,pgq.yahoo.com,webpdp.gator.com,stopzilla.com,ayb.lop.com,xa
d
so.offeroptimizer.com,download.smileycentral.com,mm.delfinproject.com,view.atdmt
.
com,delfinproject.com,jbns2.cydoor.com,bannerfarm.ace.advertising.com,as.adwave.
c
om,popuppers.com,look2me.com,wisapidata.weatherbug.com,ads.addynamix.com,ar.atwo
l
a.com,ad.trafficmp.com,updates.qoologic.com,ads1.revenue.net,weatherbug.com,jicm
e
dia.cjt1.net,games.yahoo.com,adsrv.qoologic.com,servedby.advertising.com,ww2.wea
t
herbug.com,rightmedia.net,bannerserver.gator.com,www4.yesadvertising.com,mmm.med
i
a-motor.net,hop.clickbank.net,media76.fastclick.net,websearch.com,isapi60.weatherb
ug.com,web.tickle.com,messenger.zango.com,wwp.icq.com,smileycentral.com,adserv1.
g
ruvmedia.com,cdn.icq.com,s.clkoptimizer.com,tv.180solutions.com,pops.browseraid.
c
om,download.abetterinternet.com,adserv.internetfuel.com,messenger.msn.com,sr.web
s
earch.com,top-banners.com,advert.runescape.com,join1.winhundred.com,odysseusmarketing.com,v4.w
indowsupdate.microsoft.com,adverts.lzio.com,windowsupdate.microsoft.com,filter.b
e
lkin.com,comcast.net,sc.musicmatch.com,license.hotbar.com,trk.pcsecurityshield.c
o
m,web.icq.com,whenusearch.com,jbigpops.cjt1.net,isg05.casalemedia.com,yahoo.com,
E
mail Removed,anrdoezrs.net,microsoft.com,target.com,aim-charts.pf.Email Removed,download.websearch.com,actualdeals.com,images.trafficmp.com,mydailyhoros
cope.net,couponage.com,c5.zedo.com,ekmas.com,ads.mydailyhoroscope.net,creativeby
.
viewpoint.com,affiliates.4lowrates.com,hits.clickandtrack.net,jcontent.bns1.net,
c
lickserve.cc-dt.com,popups.ad-logics.com,adlog2.lzio.com,host239.ipowerweb.com,bv.channel.Email Removed,img2.mailpostdirect.com,dw.dailywinner.net,toprebates.com,trk.bestmagsdi
rect.com,ads.clickagents.com,a.websponsors.com,sandboxer.com,media.fastclick.net
,
click2.containsitall.com,ads234.com,http300.edge.ru4.com,adlog.com.com,rs.websea
r
ch.com,ads.com.com,server.iad.liveperson.net,
C:\WINDOWS\opnabu.dll: updates.qoologic.com
C:\WINDOWS\yuqpoz.dll: updates.qoologic.com
C:\WINDOWS\zuaqwm.exe: updates.qoologic.com

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\aukvby.dat: .aspack

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\QGENUT16.DLL: UMonitor
C:\WINDOWS\SYSTEM\MWRD2X40.DLL: UMonitor
C:\WINDOWS\SYSTEM\lwpdf13n.dll: UMonitor
C:\WINDOWS\SYSTEM\NDDLL.DLL: UMonitor
C:\WINDOWS\SYSTEM\EXRES16.DLL: UMonitor
C:\WINDOWS\SYSTEM\sormdll.dll: UMonitor
C:\WINDOWS\SYSTEM\hpsetup.dll: UMonitor
C:\WINDOWS\SYSTEM\MBCMS.DLL: UMonitor
C:\WINDOWS\SYSTEM\EWRES16.DLL: UMonitor
C:\WINDOWS\SYSTEM\QQNBC16.DLL: UMonitor
C:\WINDOWS\SYSTEM\DFUSIC32.DLL: UMonitor
C:\WINDOWS\SYSTEM\DSIMAN32.DLL: UMonitor
C:\WINDOWS\SYSTEM\LCRAW12N.DLL: UMonitor
C:\WINDOWS\SYSTEM\HAP95EN.DLL: UMonitor
C:\WINDOWS\SYSTEM\DAIME.DLL: UMonitor
C:\WINDOWS\SYSTEM\AJYCFILT.DLL: UMonitor
C:\WINDOWS\SYSTEM\ipebase11.dll: ??0ECalMonitor@@QAE@PAUMONITOR_CAL@@@Z
C:\WINDOWS\SYSTEM\MCEXCH40.DLL: UMonitor
C:\WINDOWS\SYSTEM\LGSMP13n.dll: UMonitor
C:\WINDOWS\SYSTEM\ETH27UIW.DLL: UMonitor
C:\WINDOWS\SYSTEM\MTIMG32.DLL: UMonitor
C:\WINDOWS\SYSTEM\SVI_CI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\lwiff13n.dll: UMonitor
C:\WINDOWS\SYSTEM\Szbd6w95.dll: UMonitor
C:\WINDOWS\SYSTEM\LJSMP13n.dll: UMonitor
C:\WINDOWS\SYSTEM\maimsg.dll: UMonitor

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\QGENUT16.DLL: UMonitor
C:\WINDOWS\SYSTEM\MWRD2X40.DLL: UMonitor
C:\WINDOWS\SYSTEM\lwpdf13n.dll: UMonitor
C:\WINDOWS\SYSTEM\NDDLL.DLL: UMonitor
-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\QGENUT16.DLL: UMonitor
C:\WINDOWS\SYSTEM\MWRD2X40.DLL: UMonitor
C:\WINDOWS\SYSTEM\lwpdf13n.dll: UMonitor
C:\WINDOWS\SYSTEM\NDDLL.DLL: UMonitor
C:\WINDOWS\SYSTEM\EXRES16.DLL: UMonitor
C:\WINDOWS\SYSTEM\sormdll.dll: UMonitor
C:\WINDOWS\SYSTEM\hpsetup.dll: UMonitor
C:\WINDOWS\SYSTEM\MBCMS.DLL: UMonitor
C:\WINDOWS\SYSTEM\EWRES16.DLL: UMonitor
C:\WINDOWS\SYSTEM\QQNBC16.DLL: UMonitor
C:\WINDOWS\SYSTEM\DFUSIC32.DLL: UMonitor
C:\WINDOWS\SYSTEM\DSIMAN32.DLL: UMonitor
C:\WINDOWS\SYSTEM\LCRAW12N.DLL: UMonitor
C:\WINDOWS\SYSTEM\HAP95EN.DLL: UMonitor
C:\WINDOWS\SYSTEM\DAIME.DLL: UMonitor
C:\WINDOWS\SYSTEM\AJYCFILT.DLL: UMonitor
C:\WINDOWS\SYSTEM\ipebase11.dll: ??0ECalMonitor@@QAE@PAUMONITOR_CAL@@@Z
C:\WINDOWS\SYSTEM\MCEXCH40.DLL: UMonitor
C:\WINDOWS\SYSTEM\LGSMP13n.dll: UMonitor
C:\WINDOWS\SYSTEM\ETH27UIW.DLL: UMonitor
C:\WINDOWS\SYSTEM\MTIMG32.DLL: UMonitor
C:\WINDOWS\SYSTEM\SVI_CI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\lwiff13n.dll: UMonitor
C:\WINDOWS\SYSTEM\Szbd6w95.dll: UMonitor
C:\WINDOWS\SYSTEM\LJSMP13n.dll: UMonitor
C:\WINDOWS\SYSTEM\maimsg.dll: UMonitor

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"SystemTray"="SysTray.Exe"
"EnsoniqMixer"="starter.exe"
"EPSON Stylus CX5400"="C:\\WINDOWS\\SYSTEM\\E_S4I2G1.EXE /P19 \"EPSON Stylus CX5400\" /O5 \"LPT1:\" /M \"Stylus CX5400\""
"kalvsys"="C:\\WINDOWS\\SYSTEM\\KALVXNL32.EXE"

guestolo · « **Reply #8 on:** January 06, 2005, 12:52:19 AM »

Hold tight, let me see if I have to make any changes in my last reply

guestolo · « **Reply #9 on:** January 06, 2005, 01:03:47 AM »

Go ahead and follow my previous instructions

If your having a hard time copying them to a Notepad file because of the width
of this thread
Let me know I we will start a new post and post the instructions again
You didn't LOG IN before posting

Which means I can't get you to Edit your last post and remove some entries that would
Decrease the width of this Thread

As mentioned>>When you post back after doing the following could you start a new post
This will make it easier to follow along
Normally, I would stick with one thread but I can't bear the width of this one

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Remember to Log In in case we have to edit anything in your reply
I can't do it from my end

This topic is Continued HERE

TheTechGuide Forum

News:

Author Topic: Lavasoft, cws shredder, or spybots&d wont work (Read 1600 times)

meelox

Lavasoft, cws shredder, or spybots&d wont work

meelox

Lavasoft, cws shredder, or spybots&d wont work

guestolo

Lavasoft, cws shredder, or spybots&d wont work

guestolo

Lavasoft, cws shredder, or spybots&d wont work

meelox

Lavasoft, cws shredder, or spybots&d wont work

meelox

Lavasoft, cws shredder, or spybots&d wont work

guestolo

Lavasoft, cws shredder, or spybots&d wont work

Guest

Lavasoft, cws shredder, or spybots&d wont work

guestolo

Lavasoft, cws shredder, or spybots&d wont work

guestolo

Lavasoft, cws shredder, or spybots&d wont work