Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lost Desktop


  • Please log in to reply
1 reply to this topic

#1 flyni068

flyni068

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 27 April 2005 - 06:35 PM

Hi,

Apologies for not posting to the Spyware forum (I kept getting an error message?).

I recently removed some adware, that installed a warning on my desktop which would take me to the website www.topantispware.com, using the advice from this website.

It worked succesfully, my browser no longer trys to open every 5 mins to display ads and the wee yellow icon has disappeared from the system tray.

However, the advert was still on my desktop, I found the offending file (C:/WINDOWS/Web/desktop.html) by right clicking on the blank screen and choosing properties, and deleted it but am left now with a blank (white) screen.

In addition I found that I could not install any adware removing programs (I tried both Ad Aware and Spy Bot) unless in Safemode. Once installed the program (Ad Aware SE Personal) will only run in Safemode and not in Normal mode. This despite the apparent removal of the offending files.

I am lost as to what to do next, a search of the web didn't reveal possible solutions, any advice would be appreciated.

Thanks
Nick

For completeness I have attached the last 'Hijack This' log file following removal of the adware...

Logfile of HijackThis v1.99.1
Scan saved at 11:05:54 a.m., on 28/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\WINDOWS\System32\cusrvc.exe
C:\MATLAB\webserver\bin\win32\matlabserver.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\Program Files\Novell\ZENworks\wm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\WINDOWS\System32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\vmss\vmss.exe
C:\windows\system32\taskmg.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\Documents and Settings\Nflyger\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.student.otago.ac.nz:3128
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Flash Enhancer - {7CD20E91-1F31-41da-8379-479EA31DF969} - c:\Program Files\XML\XML.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\system32\vmss\vmss.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Xcpy1] "C:\Program Files\Common Files\Java\Xcpy1.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [feorbox] c:\windows\rggjfbu.exe
O4 - HKCU\..\Run: [drhqhrb] c:\windows\rggjfbu.exe
O4 - HKCU\..\Run: [yfvlbke] c:\windows\rggjfbu.exe
O4 - HKCU\..\Run: [pkupjtr] c:\windows\rggjfbu.exe
O4 - HKCU\..\Run: [kxkytcl] c:\windows\rggjfbu.exe
O4 - HKCU\..\Run: [ujrfhiu] c:\windows\rggjfbu.exe
O4 - HKCU\..\Run: [jqrwieu] c:\windows\rggjfbu.exe
O4 - HKCU\..\Run: [frafqco] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [biyhnvg] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [daabyks] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [pgmiwwc] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [vdyiwls] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [klwqlig] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [hhtnbny] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [skgells] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [hvqqeqf] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [aoxrdcg] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [lefwsab] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [egitdle] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [cpfewlq] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [mfqaatl] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [srcuteu] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [guhfjje] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [qemdbih] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [pnnmvli] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [yhplytm] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [rkfvvhv] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [vydrfxj] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [asheidy] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [hfcowmt] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [jfbdala] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ultfynb] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [tjdfvdf] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [yxvmqix] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [bnrrvqg] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [nkfwrmu] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [fdvwdnr] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [vnnwkae] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [xhjenrd] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [nosvkon] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [lxalasf] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [iegthno] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [noqfctl] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [qacdemq] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [fnfcxsw] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [wqspvlo] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [fwqgebk] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [qmukyjo] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [lwfxvog] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [tppxvmw] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ythtsyt] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [yykeicm] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [bqevvwn] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [rfoocvx] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [aelwoqx] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [hclncsw] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [oormrhu] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ojkltqt] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [nseneml] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [llxfxdp] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [uaghssd] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ejlmmkm] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [lntgjlt] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [uhgkfea] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [pgdfmdw] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ucpsvoi] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [yfefaqv] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [grnuoif] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [lyvvgot] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [armyytu] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [hrxeooc] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [qctmsah] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [gtdgwwd] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [gvubkhc] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [jhmfatn] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [sucwxcj] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [xnfxpcc] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ojhmsqw] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [polbhbd] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [pktrxhx] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ewavitt] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ijeogxw] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [jhqoedx] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [mcptnpw] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [cpiftok] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [vabjoew] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [yjjavyg] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ngagfvw] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ybbmvpp] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ftkknyw] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [avnwres] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [htegwvl] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [vsekmvm] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [rwoxqrj] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [jpxuvmu] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [opixrgc] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [gmgtgrx] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [tuwmycn] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [sthnyfp] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ccwkmoo] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [yhjlcfs] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [nqdhpth] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [iaruyri] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [cmrsqwc] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ngmjyut] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [opmrqjr] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [nemkppi] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [cjbsten] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ekmjrle] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [nmtmogv] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [sopafrj] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [oyccfvm] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [hamehho] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [vxqseyk] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [umwdkut] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [quxdban] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [fawjbxi] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ndwncjo] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ypycsro] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [taqwmbn] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [xjsfaam] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [qblfokg] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [kkswjeu] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [jswxsbo] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [rssssni] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [dvqedlj] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [xqiivuq] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [prnjndk] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [vppouie] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [opmrioy] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [qtlpsem] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [bnjtacl] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [hacyvnw] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [qksdfel] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [uloqehj] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [heydioc] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [kugpxcw] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [aybpiks] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [hvytvex] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [qlatfrt] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [nbsqjxi] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [acibfmj] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [keaqlhq] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [bkigvlj] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [vstrkrl] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [cwvfbgw] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [obimksf] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [kviimeb] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [xuknwan] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [wphkmox] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [wbdoqal] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [mpybbuw] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [mawjxbh] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [orgsgsi] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ccdofgq] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [rebjypp] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [yaonrtw] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [rjbpvxj] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [xuwgxst] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [kwkjtid] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [lailxoj] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [wdffgqc] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [baclfhn] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [cryctvn] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [cdpqupm] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ncnxpff] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [pfmerrs] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [qiekumj] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [xvpqmgg] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ingqudp] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [aajgsgh] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [kvxdxnt] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [plpaxmx] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [efinlmh] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [mlmmldn] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [mdytyor] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [akaclmd] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [sumxdnr] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [yploesi] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [rcvnkad] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [wyoamvi] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [dnoloau] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [oxtycik] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ekliynd] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [sjrthgr] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [rhotwnk] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [kpdwcgh] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [dutrglf] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [gljbprn] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ojyqogg] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [hgncmos] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [jlkomfj] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [dcpbhbg] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [mutvdbf] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [icncljt] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [dlskhtl] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [vnorcmu] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ksvapbl] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [plivwfx] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [siudedc] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [evpiiwr] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [fvxrlft] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ahcveql] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [hlwxkqd] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ylrsmgd] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [hxafdlp] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [vqayrnm] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ijngppr] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [tnidbgl] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [lfksvlg] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [jwoloqe] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [mioulmi] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [riaabma] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [lwyxeud] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [uitulwy] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [gsokirk] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [tvgdueo] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [skgguna] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [rqdubyt] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [rnaadoa] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [cbrmqhl] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ybsqeqx] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ufdiaqb] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [yrdnugi] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [biofpgq] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [bhyngkt] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [srflhgf] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [dopwfuw] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [gdqkyed] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [niwtbvc] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [oiyfhem] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [xmjxnwl] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [hfmhfmx] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [iktpnhp] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [qlmpddm] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [hywhiyn] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [fbrajgi] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ngqocod] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [gxkppvb] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [bkniwyk] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [hmynand] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [arjmlrx] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [dnecqgr] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [shkgdoj] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [vxksubu] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [dttheeu] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [lmbngbq] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [fuyvfqv] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [sxsefkp] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [joabjkk] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [hvojbfc] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ictkfvq] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [cqgecrx] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [djoxmhh] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ivpmxgg] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [qwcwuue] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [fdjppti] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [hdpcyld] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [qomoutv] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [dwrqcvl] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [vxnyqus] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [baantua] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [jbirjvx] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [tbkkyen] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ijjitrs] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [lvpgkcm] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [gdblpoi] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ihyhfkp] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [wegcqnr] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [dinxfau] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [olrxqht] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [cqmqwdc] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [psycywy] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [dscbjxd] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ogoliiy] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [kwmbccw] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [ypklyma] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [iggvjhs] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [jolrxca] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [mybgrwq] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [pbhqdlq] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [jjpawuc] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [mwunytg] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [aidbbfu] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [wfrgcwh] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [fkuxiig] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [qivbrqw] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [xkthoky] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [rxeyyda] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [xukkout] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [khvlwqt] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [aeatmwu] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [fttrijv] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [fuksqdd] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [uuhvnnu] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [pklfolo] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [iskftax] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [gqfmkhu] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [eyclnrc] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [kdecrxa] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [prygqdo] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [hcxpgym] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [pkpjhge] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [yhauqmu] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [vqomrws] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [lykivwg] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [arfnora] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [mvthwbn] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [riplrxw] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [gjrypht] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [iuyryhm] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [onkhwux] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [nobhkxk] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [kjwasll] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [qmgivli] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [sadbhpe] c:\windows\ibggaam.exe
O4 - HKCU\..\Run: [xfkbxwu] c:\windows\ulwnpug.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {F1F5F8AA-B54C-40E7-8300-00BD4E755770} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F1F5F8AA-B54C-40E7-8300-00BD4E755770} - (no file) (HKCU)
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB\webserver\bin\win32\matlabserver.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: Workstation Manager (ZFDWM) - Novell, INC. - C:\Program Files\Novell\ZENworks\wm.exe

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:44 PM

Posted 29 April 2005 - 04:26 PM

Hi flyni068 and welcome to the BC forums. Here is what I would like you to do.

It appears that you have an L2M infection. Please do the following:
  • Download l2mfix.exe and save it to your desktop.
  • Double click l2mfix.exe to start the installation.
  • Click the Install button to extract the files and follow the prompts.
  • Open the newly added l2mfix folder on your desktop.
  • Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing the Enter key.
This will scan your computer and it may appear nothing is happening, then, after a minute or 2, Notepad will open with a log. Copy/paste the entire content of that log into this thread and I will review the information when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users