Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log - Geoff777


  • Please log in to reply
54 replies to this topic

#1 Geoff777

Geoff777

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:06:57 PM

Posted 26 January 2005 - 12:46 PM

//Mod edit: This post was split off from original topic located in Windows 95/98*Grinler Forum here.

http://www.bleepingcomputer.com/forums/ind...wtopic=9948&hl= //



It occurs to me that if you went to that site with your computer then you will have at least the dialers on both and CoolWebSearch also on your sons if you did not see those warnings as it installs silently. On your computer be sure to run a virus scan, AdAware and Spybot and empty your Temporary Internet Files before rebooting.

Hi Leurgy, checked my own computer and everything is ok, here is a copy of hijack on son's puter running 98 sec.edit. I tried to attach earlier on previous message.
Hope you can offer some advice.
Regards Geoff


Logfile of HijackThis v1.99.0
Scan saved at 14:37:49, on 26/01/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 SP1 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\PROGRAM FILES\SURFSIDEKICK 2\SSKBHO.DLL (file missing)
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Program Files\MGI\MGI PhotoSuite III SE\Temp\MGI00000.html
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system\aklsp.dll' missing
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://iframedollars.biz/tb/loader2.ocx
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL

Edited by KoanYorel, 26 January 2005 - 02:01 PM.

Geoff

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:57 PM

Posted 26 January 2005 - 11:25 PM

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

#3 Geoff777

Geoff777
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:06:57 PM

Posted 27 January 2005 - 03:24 AM

Hi Grinler,
followed ur instructions, but when i double click on 12mfix.bat i get syntax error in msdos window, followed by a notepad window telling me;
Not compatible with9x or windows nt.

The os is win 98 sec.edition.

many thanks Geoff.
Geoff

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:57 PM

Posted 27 January 2005 - 08:45 AM

Download the following file:

http://castlecops.com/zx/Zupe/FindIt9xME.zip


and unzip the contents to a folder. When it has unzipped, open that folder and double click on Find.bat. It will run for a while, so be patient, and then produce a log (ignore any File not found messages on the screen, it should continue anyway).

Please copy and paste that log here.

From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the files will have changed and the fix provided will not work.

#5 Geoff777

Geoff777
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:06:57 PM

Posted 27 January 2005 - 09:17 AM

HI Grinler,
copy of log as requested,
on the screen now i have notepad with log displayed,
and ms dos window which says:
after copying and pasting your logfile press a key.
Press any key to continue.

Many thanks Geoff


Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 2824-18F1
Directory of C:\WINDOWS\SYSTEM

RPGWIZC DLL 217,088 12-29-04 5:26p RPGWIZC.DLL
HXINK DLL 217,088 12-29-04 5:26p HXINK.DLL
JRVART DLL 217,088 12-29-04 5:26p JRVART.DLL
IP50_32 DLL 217,088 12-29-04 5:26p IP50_32.DLL
OHBCJI32 DLL 217,088 12-29-04 5:26p OHBCJI32.DLL
NMTBIOS DLL 217,088 12-29-04 5:26p NMTBIOS.DLL
PYTOREC DLL 217,088 12-29-04 5:26p PYTOREC.DLL
OCESVR DLL 217,088 12-29-04 5:26p OCESVR.DLL
QQVD DLL 217,088 12-29-04 5:26p QQVD.DLL
MMRCLR40 DLL 217,088 12-29-04 5:26p MMRCLR40.DLL
WAI DLL 217,088 12-29-04 5:26p WAI.DLL
MLVCP60 DLL 217,088 12-29-04 5:26p mlvcp60.dll
QRARTZ DLL 217,088 12-29-04 5:26p QRARTZ.DLL
MAVFW32 DLL 217,088 12-29-04 5:26p MAVFW32.DLL
SELWID DLL 217,088 12-29-04 5:26p SELWID.DLL
PWTOREC DLL 217,088 12-29-04 5:26p PWTOREC.DLL
MMBSYNC DLL 217,088 12-29-04 5:26p mmbsync.dll
MODMO DLL 217,088 12-29-04 5:26p modmo.dll
MGBE DLL 217,088 12-29-04 5:26p mgbe.dll
EAAPI2 DLL 217,088 12-29-04 5:26p EAAPI2.dll
SZRMDLL DLL 217,088 12-29-04 5:26p szrmdll.dll
OKBC32GT DLL 217,088 12-29-04 5:26p okbc32gt.dll
MHCRLREV DLL 217,088 12-29-04 5:26p mhcrlrev.dll
23 file(s) 4,993,024 bytes
0 dir(s) 17,237.41 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 2824-18F1
Directory of C:\WINDOWS\SYSTEM

VX0 NLS 8,192 12-29-04 5:26p VX0.NLS
VX3X NLS 8,192 12-29-04 5:26p VX3X.NLS
VX3 NLS 8,192 12-29-04 5:26p VX3.NLS
VX1X NLS 8,192 12-29-04 5:26p VX1X.NLS
VX1 NLS 8,192 12-29-04 5:26p VX1.NLS
RATINGS POL 8,192 02-10-04 3:43p RATINGS.POL
E_QI021E GID 8,628 11-02-03 3:33p E_QI021E.GID
EPIUIE6V GID 10,839 04-30-03 7:27p EPIUIE6V.GID
FOLDER HTT 13,122 03-19-03 9:11a folder.htt
DESKTOP INI 266 03-19-03 9:11a desktop.ini
10 file(s) 82,007 bytes
0 dir(s) 17,237.39 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{CF030F80-5B17-11D9-A9B7-0040CA284C82}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
rpgwizc.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
vx1x.nls Wed Dec 29 2004 5:26:02p ...HR 8,192 8.00 K
vx1.nls Wed Dec 29 2004 5:26:02p ...HR 8,192 8.00 K
vx3x.nls Wed Dec 29 2004 5:26:06p ...HR 8,192 8.00 K
vx3.nls Wed Dec 29 2004 5:26:06p ...HR 8,192 8.00 K
vx0.nls Wed Dec 29 2004 5:26:08p ...HR 8,192 8.00 K
hxink.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
jrvart.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
ip50_32.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
ohbcji32.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
nmtbios.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
pytorec.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
ocesvr.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
qqvd.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mmrclr40.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
wai.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mlvcp60.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
qrartz.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mavfw32.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
selwid.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
pwtorec.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mmbsync.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
modmo.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mgbe.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
eaapi2.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
szrmdll.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
okbc32gt.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mhcrlrev.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K

28 items found: 28 files, 0 directories.
Total of file sizes: 5,033,984 bytes 4.80 M

------------ Strings.exe Qoologic Results ------------


-------------- Strings.exe Aspack Results -------------


----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\RPGWIZC.DLL: UMonitor
C:\WINDOWS\SYSTEM\HXINK.DLL: UMonitor
C:\WINDOWS\SYSTEM\JRVART.DLL: UMonitor
C:\WINDOWS\SYSTEM\IP50_32.DLL: UMonitor
C:\WINDOWS\SYSTEM\OHBCJI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\NMTBIOS.DLL: UMonitor
C:\WINDOWS\SYSTEM\PYTOREC.DLL: UMonitor
C:\WINDOWS\SYSTEM\OCESVR.DLL: UMonitor
C:\WINDOWS\SYSTEM\QQVD.DLL: UMonitor
C:\WINDOWS\SYSTEM\MMRCLR40.DLL: UMonitor
C:\WINDOWS\SYSTEM\WAI.DLL: UMonitor
C:\WINDOWS\SYSTEM\mlvcp60.dll: UMonitor
C:\WINDOWS\SYSTEM\QRARTZ.DLL: UMonitor
C:\WINDOWS\SYSTEM\MAVFW32.DLL: UMonitor
C:\WINDOWS\SYSTEM\SELWID.DLL: UMonitor
C:\WINDOWS\SYSTEM\PWTOREC.DLL: UMonitor
C:\WINDOWS\SYSTEM\mmbsync.dll: UMonitor
C:\WINDOWS\SYSTEM\modmo.dll: UMonitor
C:\WINDOWS\SYSTEM\mgbe.dll: UMonitor
C:\WINDOWS\SYSTEM\EAAPI2.dll: UMonitor
C:\WINDOWS\SYSTEM\mvdmo.dll: UMonitor
C:\WINDOWS\SYSTEM\szrmdll.dll: UMonitor
C:\WINDOWS\SYSTEM\okbc32gt.dll: UMonitor
C:\WINDOWS\SYSTEM\mhcrlrev.dll: UMonitor

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"



Geoff

#6 Geoff777

Geoff777
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:06:57 PM

Posted 27 January 2005 - 12:39 PM

Download the following file:

http://castlecops.com/zx/Zupe/FindIt9xME.zip


and unzip the contents to a folder.  When it has unzipped, open that folder and double click on Find.bat. It will run for a while, so be patient, and then produce a log (ignore any File not found messages on the screen, it should continue anyway).

Please copy and paste that log here.


Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 2824-18F1
Directory of C:\WINDOWS\SYSTEM

RPGWIZC DLL 217,088 12-29-04 5:26p RPGWIZC.DLL
HXINK DLL 217,088 12-29-04 5:26p HXINK.DLL
JRVART DLL 217,088 12-29-04 5:26p JRVART.DLL
IP50_32 DLL 217,088 12-29-04 5:26p IP50_32.DLL
OHBCJI32 DLL 217,088 12-29-04 5:26p OHBCJI32.DLL
NMTBIOS DLL 217,088 12-29-04 5:26p NMTBIOS.DLL
PYTOREC DLL 217,088 12-29-04 5:26p PYTOREC.DLL
OCESVR DLL 217,088 12-29-04 5:26p OCESVR.DLL
QQVD DLL 217,088 12-29-04 5:26p QQVD.DLL
MMRCLR40 DLL 217,088 12-29-04 5:26p MMRCLR40.DLL
WAI DLL 217,088 12-29-04 5:26p WAI.DLL
MLVCP60 DLL 217,088 12-29-04 5:26p mlvcp60.dll
QRARTZ DLL 217,088 12-29-04 5:26p QRARTZ.DLL
MAVFW32 DLL 217,088 12-29-04 5:26p MAVFW32.DLL
SELWID DLL 217,088 12-29-04 5:26p SELWID.DLL
PWTOREC DLL 217,088 12-29-04 5:26p PWTOREC.DLL
MMBSYNC DLL 217,088 12-29-04 5:26p mmbsync.dll
MODMO DLL 217,088 12-29-04 5:26p modmo.dll
MGBE DLL 217,088 12-29-04 5:26p mgbe.dll
EAAPI2 DLL 217,088 12-29-04 5:26p EAAPI2.dll
SZRMDLL DLL 217,088 12-29-04 5:26p szrmdll.dll
OKBC32GT DLL 217,088 12-29-04 5:26p okbc32gt.dll
MHCRLREV DLL 217,088 12-29-04 5:26p mhcrlrev.dll
23 file(s) 4,993,024 bytes
0 dir(s) 17,237.41 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 2824-18F1
Directory of C:\WINDOWS\SYSTEM

VX0 NLS 8,192 12-29-04 5:26p VX0.NLS
VX3X NLS 8,192 12-29-04 5:26p VX3X.NLS
VX3 NLS 8,192 12-29-04 5:26p VX3.NLS
VX1X NLS 8,192 12-29-04 5:26p VX1X.NLS
VX1 NLS 8,192 12-29-04 5:26p VX1.NLS
RATINGS POL 8,192 02-10-04 3:43p RATINGS.POL
E_QI021E GID 8,628 11-02-03 3:33p E_QI021E.GID
EPIUIE6V GID 10,839 04-30-03 7:27p EPIUIE6V.GID
FOLDER HTT 13,122 03-19-03 9:11a folder.htt
DESKTOP INI 266 03-19-03 9:11a desktop.ini
10 file(s) 82,007 bytes
0 dir(s) 17,237.39 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{CF030F80-5B17-11D9-A9B7-0040CA284C82}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
rpgwizc.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
vx1x.nls Wed Dec 29 2004 5:26:02p ...HR 8,192 8.00 K
vx1.nls Wed Dec 29 2004 5:26:02p ...HR 8,192 8.00 K
vx3x.nls Wed Dec 29 2004 5:26:06p ...HR 8,192 8.00 K
vx3.nls Wed Dec 29 2004 5:26:06p ...HR 8,192 8.00 K
vx0.nls Wed Dec 29 2004 5:26:08p ...HR 8,192 8.00 K
hxink.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
jrvart.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
ip50_32.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
ohbcji32.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
nmtbios.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
pytorec.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
ocesvr.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
qqvd.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mmrclr40.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
wai.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mlvcp60.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
qrartz.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mavfw32.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
selwid.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
pwtorec.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mmbsync.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
modmo.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mgbe.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
eaapi2.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
szrmdll.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
okbc32gt.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mhcrlrev.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K

28 items found: 28 files, 0 directories.
Total of file sizes: 5,033,984 bytes 4.80 M

------------ Strings.exe Qoologic Results ------------


-------------- Strings.exe Aspack Results -------------


----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\RPGWIZC.DLL: UMonitor
C:\WINDOWS\SYSTEM\HXINK.DLL: UMonitor
C:\WINDOWS\SYSTEM\JRVART.DLL: UMonitor
C:\WINDOWS\SYSTEM\IP50_32.DLL: UMonitor
C:\WINDOWS\SYSTEM\OHBCJI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\NMTBIOS.DLL: UMonitor
C:\WINDOWS\SYSTEM\PYTOREC.DLL: UMonitor
C:\WINDOWS\SYSTEM\OCESVR.DLL: UMonitor
C:\WINDOWS\SYSTEM\QQVD.DLL: UMonitor
C:\WINDOWS\SYSTEM\MMRCLR40.DLL: UMonitor
C:\WINDOWS\SYSTEM\WAI.DLL: UMonitor
C:\WINDOWS\SYSTEM\mlvcp60.dll: UMonitor
C:\WINDOWS\SYSTEM\QRARTZ.DLL: UMonitor
C:\WINDOWS\SYSTEM\MAVFW32.DLL: UMonitor
C:\WINDOWS\SYSTEM\SELWID.DLL: UMonitor
C:\WINDOWS\SYSTEM\PWTOREC.DLL: UMonitor
C:\WINDOWS\SYSTEM\mmbsync.dll: UMonitor
C:\WINDOWS\SYSTEM\modmo.dll: UMonitor
C:\WINDOWS\SYSTEM\mgbe.dll: UMonitor
C:\WINDOWS\SYSTEM\EAAPI2.dll: UMonitor
C:\WINDOWS\SYSTEM\mvdmo.dll: UMonitor
C:\WINDOWS\SYSTEM\szrmdll.dll: UMonitor
C:\WINDOWS\SYSTEM\okbc32gt.dll: UMonitor
C:\WINDOWS\SYSTEM\mhcrlrev.dll: UMonitor

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"




From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the files will have changed and the fix provided will not work.

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 2824-18F1
Directory of C:\WINDOWS\SYSTEM

RPGWIZC DLL 217,088 12-29-04 5:26p RPGWIZC.DLL
HXINK DLL 217,088 12-29-04 5:26p HXINK.DLL
JRVART DLL 217,088 12-29-04 5:26p JRVART.DLL
IP50_32 DLL 217,088 12-29-04 5:26p IP50_32.DLL
OHBCJI32 DLL 217,088 12-29-04 5:26p OHBCJI32.DLL
NMTBIOS DLL 217,088 12-29-04 5:26p NMTBIOS.DLL
PYTOREC DLL 217,088 12-29-04 5:26p PYTOREC.DLL
OCESVR DLL 217,088 12-29-04 5:26p OCESVR.DLL
QQVD DLL 217,088 12-29-04 5:26p QQVD.DLL
MMRCLR40 DLL 217,088 12-29-04 5:26p MMRCLR40.DLL
WAI DLL 217,088 12-29-04 5:26p WAI.DLL
MLVCP60 DLL 217,088 12-29-04 5:26p mlvcp60.dll
QRARTZ DLL 217,088 12-29-04 5:26p QRARTZ.DLL
MAVFW32 DLL 217,088 12-29-04 5:26p MAVFW32.DLL
SELWID DLL 217,088 12-29-04 5:26p SELWID.DLL
PWTOREC DLL 217,088 12-29-04 5:26p PWTOREC.DLL
MMBSYNC DLL 217,088 12-29-04 5:26p mmbsync.dll
MODMO DLL 217,088 12-29-04 5:26p modmo.dll
MGBE DLL 217,088 12-29-04 5:26p mgbe.dll
EAAPI2 DLL 217,088 12-29-04 5:26p EAAPI2.dll
SZRMDLL DLL 217,088 12-29-04 5:26p szrmdll.dll
OKBC32GT DLL 217,088 12-29-04 5:26p okbc32gt.dll
MHCRLREV DLL 217,088 12-29-04 5:26p mhcrlrev.dll
23 file(s) 4,993,024 bytes
0 dir(s) 17,237.41 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 2824-18F1
Directory of C:\WINDOWS\SYSTEM

VX0 NLS 8,192 12-29-04 5:26p VX0.NLS
VX3X NLS 8,192 12-29-04 5:26p VX3X.NLS
VX3 NLS 8,192 12-29-04 5:26p VX3.NLS
VX1X NLS 8,192 12-29-04 5:26p VX1X.NLS
VX1 NLS 8,192 12-29-04 5:26p VX1.NLS
RATINGS POL 8,192 02-10-04 3:43p RATINGS.POL
E_QI021E GID 8,628 11-02-03 3:33p E_QI021E.GID
EPIUIE6V GID 10,839 04-30-03 7:27p EPIUIE6V.GID
FOLDER HTT 13,122 03-19-03 9:11a folder.htt
DESKTOP INI 266 03-19-03 9:11a desktop.ini
10 file(s) 82,007 bytes
0 dir(s) 17,237.39 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{CF030F80-5B17-11D9-A9B7-0040CA284C82}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
rpgwizc.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
vx1x.nls Wed Dec 29 2004 5:26:02p ...HR 8,192 8.00 K
vx1.nls Wed Dec 29 2004 5:26:02p ...HR 8,192 8.00 K
vx3x.nls Wed Dec 29 2004 5:26:06p ...HR 8,192 8.00 K
vx3.nls Wed Dec 29 2004 5:26:06p ...HR 8,192 8.00 K
vx0.nls Wed Dec 29 2004 5:26:08p ...HR 8,192 8.00 K
hxink.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
jrvart.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
ip50_32.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
ohbcji32.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
nmtbios.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
pytorec.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
ocesvr.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
qqvd.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mmrclr40.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
wai.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mlvcp60.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
qrartz.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mavfw32.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
selwid.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
pwtorec.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mmbsync.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
modmo.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mgbe.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
eaapi2.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
szrmdll.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
okbc32gt.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mhcrlrev.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K

28 items found: 28 files, 0 directories.
Total of file sizes: 5,033,984 bytes 4.80 M

------------ Strings.exe Qoologic Results ------------


-------------- Strings.exe Aspack Results -------------


----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\RPGWIZC.DLL: UMonitor
C:\WINDOWS\SYSTEM\HXINK.DLL: UMonitor
C:\WINDOWS\SYSTEM\JRVART.DLL: UMonitor
C:\WINDOWS\SYSTEM\IP50_32.DLL: UMonitor
C:\WINDOWS\SYSTEM\OHBCJI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\NMTBIOS.DLL: UMonitor
C:\WINDOWS\SYSTEM\PYTOREC.DLL: UMonitor
C:\WINDOWS\SYSTEM\OCESVR.DLL: UMonitor
C:\WINDOWS\SYSTEM\QQVD.DLL: UMonitor
C:\WINDOWS\SYSTEM\MMRCLR40.DLL: UMonitor
C:\WINDOWS\SYSTEM\WAI.DLL: UMonitor
C:\WINDOWS\SYSTEM\mlvcp60.dll: UMonitor
C:\WINDOWS\SYSTEM\QRARTZ.DLL: UMonitor
C:\WINDOWS\SYSTEM\MAVFW32.DLL: UMonitor
C:\WINDOWS\SYSTEM\SELWID.DLL: UMonitor
C:\WINDOWS\SYSTEM\PWTOREC.DLL: UMonitor
C:\WINDOWS\SYSTEM\mmbsync.dll: UMonitor
C:\WINDOWS\SYSTEM\modmo.dll: UMonitor
C:\WINDOWS\SYSTEM\mgbe.dll: UMonitor
C:\WINDOWS\SYSTEM\EAAPI2.dll: UMonitor
C:\WINDOWS\SYSTEM\mvdmo.dll: UMonitor
C:\WINDOWS\SYSTEM\szrmdll.dll: UMonitor
C:\WINDOWS\SYSTEM\okbc32gt.dll: UMonitor
C:\WINDOWS\SYSTEM\mhcrlrev.dll: UMonitor

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"



Geoff

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:57 PM

Posted 27 January 2005 - 01:28 PM

Please print out these instructions as you will be required to reboot your computer at times. Please read these directions before you proceed so that you understand what you will be doing.

Step 1:

Download the Killbox.

Unzip the contents of KillBox.zip to a convenient location and then double-click on KillBox.exe to launch the program.
  • Select the Replace on Reboot option and put a checkmark in the Use Dummy checkbox if it is not checked. Make sure the Use Dummy checkbox is checked as it clears each time you do these steps.

  • Paste this file into the top Full Path of File to Delete field.

    c:\windows\system32\RPGWIZC.DLL

  • Click the Delete File button which looks like a stop sign.

  • Click Yes at the Replace on Reboot prompt.

  • Click No at the Pending Operations prompt.
Repeat step 1 through 5 above for each of the following files. The only difference is that you will be substituting the file listed in step 2 with each of the files below.

c:\windows\system32\HXINK.DLL
c:\windows\system32\JRVART.DLL
c:\windows\system32\IP50_32.DLL
c:\windows\system32\OHBCJI32.DLL
c:\windows\system32\NMTBIOS.DLL
c:\windows\system32\PYTOREC.DLL
c:\windows\system32\OCESVR.DLL
c:\windows\system32\QQVD.DLL
c:\windows\system32\MMRCLR40.DLL
c:\windows\system32\WAI.DLL
c:\windows\system32\mlvcp60.dll
c:\windows\system32\QRARTZ.DLL
c:\windows\system32\MAVFW32.DLL
c:\windows\system32\SELWID.DLL
c:\windows\system32\PWTOREC.DLL
c:\windows\system32\mmbsync.dll
c:\windows\system32\modmo.dll
c:\windows\system32\mgbe.dll
c:\windows\system32\EAAPI2.dll
c:\windows\system32\szrmdll.dll
c:\windows\system32\okbc32gt.dll
c:\windows\system32\mhcrlrev.dll

After you add the last file, Guard.tmp, and it prompts to reboot, you should press the Yes button to allow it to do so.


Do not reboot more than once as the Guard.tmp will probably recreate on reboot but will be an easy kill this time.


Step 2:


Please run Findit again and post the resulting log. Remember it may take quite a bit of time before the log appears. So be patient.

#8 Geoff777

Geoff777
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:06:57 PM

Posted 28 January 2005 - 01:13 AM

Hi Grinler,
tried to access KillBox but received the following error:

Page Not Found

404 ERROR: Page Not Found!
The requested page http://www.bleepingcomputer.com/files/KillBox.php
could not be found on this server

Are you able to send killbox to me via email if there is no other alternative?



regards Geoff

Edited by Geoff777, 28 January 2005 - 01:17 AM.

Geoff

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:57 PM

Posted 28 January 2005 - 07:21 AM

Use this link instead:

http://www.bleepingcomputer.com/files/killbox.php

#10 Geoff777

Geoff777
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:06:57 PM

Posted 28 January 2005 - 09:45 AM

Hi Grinler log as requested after running Killbox.
Mank thanks
Geoff


Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 2824-18F1
Directory of C:\WINDOWS\SYSTEM

RPGWIZC DLL 217,088 12-29-04 5:26p RPGWIZC.DLL
HXINK DLL 217,088 12-29-04 5:26p HXINK.DLL
JRVART DLL 217,088 12-29-04 5:26p JRVART.DLL
IP50_32 DLL 217,088 12-29-04 5:26p IP50_32.DLL
OHBCJI32 DLL 217,088 12-29-04 5:26p OHBCJI32.DLL
NMTBIOS DLL 217,088 12-29-04 5:26p NMTBIOS.DLL
PYTOREC DLL 217,088 12-29-04 5:26p PYTOREC.DLL
OCESVR DLL 217,088 12-29-04 5:26p OCESVR.DLL
QQVD DLL 217,088 12-29-04 5:26p QQVD.DLL
MMRCLR40 DLL 217,088 12-29-04 5:26p MMRCLR40.DLL
WAI DLL 217,088 12-29-04 5:26p WAI.DLL
MLVCP60 DLL 217,088 12-29-04 5:26p mlvcp60.dll
QRARTZ DLL 217,088 12-29-04 5:26p QRARTZ.DLL
MAVFW32 DLL 217,088 12-29-04 5:26p MAVFW32.DLL
SELWID DLL 217,088 12-29-04 5:26p SELWID.DLL
PWTOREC DLL 217,088 12-29-04 5:26p PWTOREC.DLL
MMBSYNC DLL 217,088 12-29-04 5:26p mmbsync.dll
MODMO DLL 217,088 12-29-04 5:26p modmo.dll
MGBE DLL 217,088 12-29-04 5:26p mgbe.dll
EAAPI2 DLL 217,088 12-29-04 5:26p EAAPI2.dll
SZRMDLL DLL 217,088 12-29-04 5:26p szrmdll.dll
OKBC32GT DLL 217,088 12-29-04 5:26p okbc32gt.dll
MHCRLREV DLL 217,088 12-29-04 5:26p mhcrlrev.dll
23 file(s) 4,993,024 bytes
0 dir(s) 17,237.39 MB free

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 2824-18F1
Directory of C:\WINDOWS\SYSTEM

RPGWIZC DLL 217,088 12-29-04 5:26p RPGWIZC.DLL
HXINK DLL 217,088 12-29-04 5:26p HXINK.DLL
JRVART DLL 217,088 12-29-04 5:26p JRVART.DLL
IP50_32 DLL 217,088 12-29-04 5:26p IP50_32.DLL
OHBCJI32 DLL 217,088 12-29-04 5:26p OHBCJI32.DLL
NMTBIOS DLL 217,088 12-29-04 5:26p NMTBIOS.DLL
PYTOREC DLL 217,088 12-29-04 5:26p PYTOREC.DLL
OCESVR DLL 217,088 12-29-04 5:26p OCESVR.DLL
QQVD DLL 217,088 12-29-04 5:26p QQVD.DLL
MMRCLR40 DLL 217,088 12-29-04 5:26p MMRCLR40.DLL
WAI DLL 217,088 12-29-04 5:26p WAI.DLL
MLVCP60 DLL 217,088 12-29-04 5:26p mlvcp60.dll
QRARTZ DLL 217,088 12-29-04 5:26p QRARTZ.DLL
MAVFW32 DLL 217,088 12-29-04 5:26p MAVFW32.DLL
OWMREG DLL 217,088 12-29-04 5:26p OWMREG.DLL
PWTOREC DLL 217,088 12-29-04 5:26p PWTOREC.DLL
MMBSYNC DLL 217,088 12-29-04 5:26p mmbsync.dll
MODMO DLL 217,088 12-29-04 5:26p modmo.dll
MGBE DLL 217,088 12-29-04 5:26p mgbe.dll
EAAPI2 DLL 217,088 12-29-04 5:26p EAAPI2.dll
SZRMDLL DLL 217,088 12-29-04 5:26p szrmdll.dll
OKBC32GT DLL 217,088 12-29-04 5:26p okbc32gt.dll
MHCRLREV DLL 217,088 12-29-04 5:26p mhcrlrev.dll
23 file(s) 4,993,024 bytes
0 dir(s) 17,207.28 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 2824-18F1
Directory of C:\WINDOWS\SYSTEM

VX0 NLS 8,192 12-29-04 5:26p VX0.NLS
VX3X NLS 8,192 12-29-04 5:26p VX3X.NLS
VX3 NLS 8,192 12-29-04 5:26p VX3.NLS
VX1X NLS 8,192 12-29-04 5:26p VX1X.NLS
VX1 NLS 8,192 12-29-04 5:26p VX1.NLS
RATINGS POL 8,192 02-10-04 3:43p RATINGS.POL
E_QI021E GID 8,628 11-02-03 3:33p E_QI021E.GID
EPIUIE6V GID 10,839 04-30-03 7:27p EPIUIE6V.GID
FOLDER HTT 13,122 03-19-03 9:11a folder.htt
DESKTOP INI 266 03-19-03 9:11a desktop.ini
10 file(s) 82,007 bytes
0 dir(s) 17,237.38 MB free

---------------- User Agent ------------

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 2824-18F1
Directory of C:\WINDOWS\SYSTEM

VX0 NLS 8,192 12-29-04 5:26p VX0.NLS
VX3X NLS 8,192 12-29-04 5:26p VX3X.NLS
VX3 NLS 8,192 12-29-04 5:26p VX3.NLS
VX1X NLS 8,192 12-29-04 5:26p VX1X.NLS
VX1 NLS 8,192 12-29-04 5:26p VX1.NLS
RATINGS POL 8,192 02-10-04 3:43p RATINGS.POL
E_QI021E GID 8,628 11-02-03 3:33p E_QI021E.GID
EPIUIE6V GID 10,839 04-30-03 7:27p EPIUIE6V.GID
FOLDER HTT 13,122 03-19-03 9:11a folder.htt
DESKTOP INI 266 03-19-03 9:11a desktop.ini
10 file(s) 82,007 bytes
0 dir(s) 17,207.28 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{CF030F80-5B17-11D9-A9B7-0040CA284C82}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
rpgwizc.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
vx1x.nls Wed Dec 29 2004 5:26:02p ...HR 8,192 8.00 K
vx1.nls Wed Dec 29 2004 5:26:02p ...HR 8,192 8.00 K
vx3x.nls Wed Dec 29 2004 5:26:06p ...HR 8,192 8.00 K
vx3.nls Wed Dec 29 2004 5:26:06p ...HR 8,192 8.00 K
vx0.nls Wed Dec 29 2004 5:26:08p ...HR 8,192 8.00 K
hxink.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
jrvart.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
ip50_32.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
ohbcji32.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
nmtbios.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
pytorec.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
ocesvr.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
qqvd.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mmrclr40.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
wai.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mlvcp60.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
qrartz.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mavfw32.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
selwid.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
pwtorec.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mmbsync.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
modmo.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mgbe.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
eaapi2.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
szrmdll.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
okbc32gt.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mhcrlrev.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K

28 items found: 28 files, 0 directories.
Total of file sizes: 5,033,984 bytes 4.80 M

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
rpgwizc.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
vx1x.nls Wed Dec 29 2004 5:26:02p ...HR 8,192 8.00 K
vx1.nls Wed Dec 29 2004 5:26:02p ...HR 8,192 8.00 K
vx3x.nls Wed Dec 29 2004 5:26:06p ...HR 8,192 8.00 K
vx3.nls Wed Dec 29 2004 5:26:06p ...HR 8,192 8.00 K
vx0.nls Wed Dec 29 2004 5:26:08p ...HR 8,192 8.00 K
hxink.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
jrvart.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
ip50_32.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
ohbcji32.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
nmtbios.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
pytorec.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
ocesvr.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
qqvd.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mmrclr40.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
wai.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mlvcp60.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
qrartz.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mavfw32.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
owmreg.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
pwtorec.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mmbsync.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
modmo.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mgbe.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
eaapi2.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
szrmdll.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
okbc32gt.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mhcrlrev.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K

28 items found: 28 files, 0 directories.
Total of file sizes: 5,033,984 bytes 4.80 M

------------ Strings.exe Qoologic Results ------------


-------------- Strings.exe Aspack Results -------------


----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\RPGWIZC.DLL: UMonitor
C:\WINDOWS\SYSTEM\HXINK.DLL: UMonitor
C:\WINDOWS\SYSTEM\JRVART.DLL: UMonitor
C:\WINDOWS\SYSTEM\IP50_32.DLL: UMonitor
C:\WINDOWS\SYSTEM\OHBCJI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\NMTBIOS.DLL: UMonitor
C:\WINDOWS\SYSTEM\PYTOREC.DLL: UMonitor
C:\WINDOWS\SYSTEM\OCESVR.DLL: UMonitor
C:\WINDOWS\SYSTEM\QQVD.DLL: UMonitor
C:\WINDOWS\SYSTEM\MMRCLR40.DLL: UMonitor
C:\WINDOWS\SYSTEM\WAI.DLL: UMonitor
C:\WINDOWS\SYSTEM\mlvcp60.dll: UMonitor
C:\WINDOWS\SYSTEM\QRARTZ.DLL: UMonitor
C:\WINDOWS\SYSTEM\MAVFW32.DLL: UMonitor
C:\WINDOWS\SYSTEM\OWMREG.DLL: UMonitor
C:\WINDOWS\SYSTEM\PWTOREC.DLL: UMonitor
C:\WINDOWS\SYSTEM\mmbsync.dll: UMonitor
C:\WINDOWS\SYSTEM\modmo.dll: UMonitor
C:\WINDOWS\SYSTEM\mgbe.dll: UMonitor
C:\WINDOWS\SYSTEM\EAAPI2.dll: UMonitor
C:\WINDOWS\SYSTEM\mvdmo.dll: UMonitor
C:\WINDOWS\SYSTEM\szrmdll.dll: UMonitor
C:\WINDOWS\SYSTEM\okbc32gt.dll: UMonitor
C:\WINDOWS\SYSTEM\mhcrlrev.dll: UMonitor

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


Geoff

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:57 PM

Posted 28 January 2005 - 06:58 PM

Killbox all of these files also.

RPGWIZC.DLL
HXINK.DLL
JRVART.DLL
IP50_32.DLL
OHBCJI32.DLL
NMTBIOS.DLL
PYTOREC.DLL
OCESVR.DLL
QQVD.DLL
MMRCLR40.DLL
WAI.DLL
mlvcp60.dll
QRARTZ.DLL
MAVFW32.DLL
SELWID.DLL
PWTOREC.DLL
mmbsync.dll
modmo.dll
mgbe.dll
EAAPI2.dll
szrmdll.dll
okbc32gt.dll
mhcrlrev.dll

Then give me a new log. Do not reboot after you give another log until you hear back from me

#12 Geoff777

Geoff777
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:06:57 PM

Posted 29 January 2005 - 01:33 AM

Hi Grinler, log as requested, after second Killbox run.

Many thanks
Geoff



Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 2824-18F1
Directory of C:\WINDOWS\SYSTEM

RPGWIZC DLL 217,088 12-29-04 5:26p RPGWIZC.DLL
HXINK DLL 217,088 12-29-04 5:26p HXINK.DLL
JRVART DLL 217,088 12-29-04 5:26p JRVART.DLL
IP50_32 DLL 217,088 12-29-04 5:26p IP50_32.DLL
OHBCJI32 DLL 217,088 12-29-04 5:26p OHBCJI32.DLL
NMTBIOS DLL 217,088 12-29-04 5:26p NMTBIOS.DLL
PYTOREC DLL 217,088 12-29-04 5:26p PYTOREC.DLL
OCESVR DLL 217,088 12-29-04 5:26p OCESVR.DLL
QQVD DLL 217,088 12-29-04 5:26p QQVD.DLL
MMRCLR40 DLL 217,088 12-29-04 5:26p MMRCLR40.DLL
WAI DLL 217,088 12-29-04 5:26p WAI.DLL
MLVCP60 DLL 217,088 12-29-04 5:26p mlvcp60.dll
QRARTZ DLL 217,088 12-29-04 5:26p QRARTZ.DLL
MAVFW32 DLL 217,088 12-29-04 5:26p MAVFW32.DLL
MMR2CENU DLL 217,088 12-29-04 5:26p MMR2CENU.DLL
PWTOREC DLL 217,088 12-29-04 5:26p PWTOREC.DLL
MMBSYNC DLL 217,088 12-29-04 5:26p mmbsync.dll
MODMO DLL 217,088 12-29-04 5:26p modmo.dll
MGBE DLL 217,088 12-29-04 5:26p mgbe.dll
EAAPI2 DLL 217,088 12-29-04 5:26p EAAPI2.dll
SZRMDLL DLL 217,088 12-29-04 5:26p szrmdll.dll
OKBC32GT DLL 217,088 12-29-04 5:26p okbc32gt.dll
MHCRLREV DLL 217,088 12-29-04 5:26p mhcrlrev.dll
23 file(s) 4,993,024 bytes
0 dir(s) 17,206.95 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 2824-18F1
Directory of C:\WINDOWS\SYSTEM

VX0 NLS 8,192 12-29-04 5:26p VX0.NLS
VX3X NLS 8,192 12-29-04 5:26p VX3X.NLS
VX3 NLS 8,192 12-29-04 5:26p VX3.NLS
VX1X NLS 8,192 12-29-04 5:26p VX1X.NLS
VX1 NLS 8,192 12-29-04 5:26p VX1.NLS
RATINGS POL 8,192 02-10-04 3:43p RATINGS.POL
E_QI021E GID 8,628 11-02-03 3:33p E_QI021E.GID
EPIUIE6V GID 10,839 04-30-03 7:27p EPIUIE6V.GID
FOLDER HTT 13,122 03-19-03 9:11a folder.htt
DESKTOP INI 266 03-19-03 9:11a desktop.ini
10 file(s) 82,007 bytes
0 dir(s) 17,206.94 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{CF030F80-5B17-11D9-A9B7-0040CA284C82}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
rpgwizc.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
vx1x.nls Wed Dec 29 2004 5:26:02p ...HR 8,192 8.00 K
vx1.nls Wed Dec 29 2004 5:26:02p ...HR 8,192 8.00 K
vx3x.nls Wed Dec 29 2004 5:26:06p ...HR 8,192 8.00 K
vx3.nls Wed Dec 29 2004 5:26:06p ...HR 8,192 8.00 K
vx0.nls Wed Dec 29 2004 5:26:08p ...HR 8,192 8.00 K
hxink.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
jrvart.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
ip50_32.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
ohbcji32.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
nmtbios.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
pytorec.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
ocesvr.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
qqvd.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mmrclr40.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
wai.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mlvcp60.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
qrartz.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mavfw32.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mmr2cenu.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
pwtorec.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mmbsync.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
modmo.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mgbe.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
eaapi2.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
szrmdll.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
okbc32gt.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mhcrlrev.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K

28 items found: 28 files, 0 directories.
Total of file sizes: 5,033,984 bytes 4.80 M

------------ Strings.exe Qoologic Results ------------


-------------- Strings.exe Aspack Results -------------


----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\RPGWIZC.DLL: UMonitor
C:\WINDOWS\SYSTEM\HXINK.DLL: UMonitor
C:\WINDOWS\SYSTEM\JRVART.DLL: UMonitor
C:\WINDOWS\SYSTEM\IP50_32.DLL: UMonitor
C:\WINDOWS\SYSTEM\OHBCJI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\NMTBIOS.DLL: UMonitor
C:\WINDOWS\SYSTEM\PYTOREC.DLL: UMonitor
C:\WINDOWS\SYSTEM\OCESVR.DLL: UMonitor
C:\WINDOWS\SYSTEM\QQVD.DLL: UMonitor
C:\WINDOWS\SYSTEM\MMRCLR40.DLL: UMonitor
C:\WINDOWS\SYSTEM\WAI.DLL: UMonitor
C:\WINDOWS\SYSTEM\mlvcp60.dll: UMonitor
C:\WINDOWS\SYSTEM\QRARTZ.DLL: UMonitor
C:\WINDOWS\SYSTEM\MAVFW32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MMR2CENU.DLL: UMonitor
C:\WINDOWS\SYSTEM\PWTOREC.DLL: UMonitor
C:\WINDOWS\SYSTEM\mmbsync.dll: UMonitor
C:\WINDOWS\SYSTEM\modmo.dll: UMonitor
C:\WINDOWS\SYSTEM\mgbe.dll: UMonitor
C:\WINDOWS\SYSTEM\EAAPI2.dll: UMonitor
C:\WINDOWS\SYSTEM\mvdmo.dll: UMonitor
C:\WINDOWS\SYSTEM\szrmdll.dll: UMonitor
C:\WINDOWS\SYSTEM\okbc32gt.dll: UMonitor
C:\WINDOWS\SYSTEM\mhcrlrev.dll: UMonitor

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"



Geoff

#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:57 PM

Posted 29 January 2005 - 12:09 PM

Please print out these instructions as you will be required to reboot your computer at times. Please read these directions before you proceed so that you understand what you will be doing.

Step 1:

Download the Killbox.

Unzip the contents of KillBox.zip to a convenient location and then double-click on KillBox.exe to launch the program.
  • Select the Replace on Reboot option and put a checkmark in the Use Dummy checkbox if it is not checked. Make sure the Use Dummy checkbox is checked as it clears each time you do these steps.

  • Paste this file into the top Full Path of File to Delete field.

    c:\windows\system\RPGWIZC.DLL
  • Click the Delete File button which looks like a stop sign.

  • Click Yes at the Replace on Reboot prompt.

  • Click No at the Pending Operations prompt.
Repeat step 1 through 5 above for each of the following files. The only difference is that you will be substituting the file listed in step 2 with each of the files below.

c:\windows\system\HXINK.DLL
c:\windows\system\JRVART.DLL
c:\windows\system\IP50_32.DLL
c:\windows\system\OHBCJI32.DLL
c:\windows\system\NMTBIOS.DLL
c:\windows\system\PYTOREC.DLL
c:\windows\system\OCESVR.DLL
c:\windows\system\QQVD.DLL
c:\windows\system\MMRCLR40.DLL
c:\windows\system\WAI.DLL
c:\windows\system\mlvcp60.dll
c:\windows\system\QRARTZ.DLL
c:\windows\system\MAVFW32.DLL
c:\windows\system\MMR2CENU.DLL
c:\windows\system\PWTOREC.DLL
c:\windows\system\mmbsync.dll
c:\windows\system\modmo.dll
c:\windows\system\mgbe.dll
c:\windows\system\EAAPI2.dll
c:\windows\system\szrmdll.dll
c:\windows\system\okbc32gt.dll
c:\windows\system\mhcrlrev.dll

After you add the last file, Guard.tmp, and it prompts to reboot, you should press the Yes button to allow it to do so.


Do not reboot more than once as the Guard.tmp will probably recreate on reboot but will be an easy kill this time.


Step 2:


Please run Findit again and post the resulting log. Remember it may take quite a bit of time before the log appears. So be patient.

#14 Geoff777

Geoff777
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:06:57 PM

Posted 29 January 2005 - 03:52 PM

Hi Grinler, log as requested after third killbox run,
many thanks
Geoff


Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 2824-18F1
Directory of C:\WINDOWS\SYSTEM

RPGWIZC DLL 217,088 12-29-04 5:26p RPGWIZC.DLL
MLVCP60 DLL 217,088 12-29-04 5:26p mlvcp60.dll
MWDMO DLL 217,088 12-29-04 5:26p mwdmo.dll
EAAPI2 DLL 217,088 12-29-04 5:26p EAAPI2.dll
MHCRLREV DLL 217,088 12-29-04 5:26p mhcrlrev.dll
5 file(s) 1,085,440 bytes
0 dir(s) 17,206.53 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 2824-18F1
Directory of C:\WINDOWS\SYSTEM

VX0 NLS 8,192 12-29-04 5:26p VX0.NLS
VX3X NLS 8,192 12-29-04 5:26p VX3X.NLS
VX3 NLS 8,192 12-29-04 5:26p VX3.NLS
VX1X NLS 8,192 12-29-04 5:26p VX1X.NLS
VX1 NLS 8,192 12-29-04 5:26p VX1.NLS
RATINGS POL 8,192 02-10-04 3:43p RATINGS.POL
E_QI021E GID 8,628 11-02-03 3:33p E_QI021E.GID
EPIUIE6V GID 10,839 04-30-03 7:27p EPIUIE6V.GID
FOLDER HTT 13,122 03-19-03 9:11a folder.htt
DESKTOP INI 266 03-19-03 9:11a desktop.ini
10 file(s) 82,007 bytes
0 dir(s) 17,206.52 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{CF030F80-5B17-11D9-A9B7-0040CA284C82}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
rpgwizc.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
vx1x.nls Wed Dec 29 2004 5:26:02p ...HR 8,192 8.00 K
vx1.nls Wed Dec 29 2004 5:26:02p ...HR 8,192 8.00 K
vx3x.nls Wed Dec 29 2004 5:26:06p ...HR 8,192 8.00 K
vx3.nls Wed Dec 29 2004 5:26:06p ...HR 8,192 8.00 K
vx0.nls Wed Dec 29 2004 5:26:08p ...HR 8,192 8.00 K
mlvcp60.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mwdmo.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
eaapi2.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K
mhcrlrev.dll Wed Dec 29 2004 5:26:38p ..S.R 217,088 212.00 K

10 items found: 10 files, 0 directories.
Total of file sizes: 1,126,400 bytes 1.07 M

------------ Strings.exe Qoologic Results ------------


-------------- Strings.exe Aspack Results -------------


----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\RPGWIZC.DLL: UMonitor
C:\WINDOWS\SYSTEM\HXINK.DLL: UMonitor
C:\WINDOWS\SYSTEM\JRVART.DLL: UMonitor
C:\WINDOWS\SYSTEM\IP50_32.DLL: UMonitor
C:\WINDOWS\SYSTEM\OHBCJI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\NMTBIOS.DLL: UMonitor
C:\WINDOWS\SYSTEM\PYTOREC.DLL: UMonitor
C:\WINDOWS\SYSTEM\OCESVR.DLL: UMonitor
C:\WINDOWS\SYSTEM\QQVD.DLL: UMonitor
C:\WINDOWS\SYSTEM\MMRCLR40.DLL: UMonitor
C:\WINDOWS\SYSTEM\WAI.DLL: UMonitor
C:\WINDOWS\SYSTEM\mlvcp60.dll: UMonitor
C:\WINDOWS\SYSTEM\QRARTZ.DLL: UMonitor
C:\WINDOWS\SYSTEM\MAVFW32.DLL: UMonitor
C:\WINDOWS\SYSTEM\PWTOREC.DLL: UMonitor
C:\WINDOWS\SYSTEM\mwdmo.dll: UMonitor
C:\WINDOWS\SYSTEM\mmbsync.dll: UMonitor
C:\WINDOWS\SYSTEM\modmo.dll: UMonitor
C:\WINDOWS\SYSTEM\mgbe.dll: UMonitor
C:\WINDOWS\SYSTEM\EAAPI2.dll: UMonitor
C:\WINDOWS\SYSTEM\mvdmo.dll: UMonitor
C:\WINDOWS\SYSTEM\szrmdll.dll: UMonitor
C:\WINDOWS\SYSTEM\okbc32gt.dll: UMonitor
C:\WINDOWS\SYSTEM\mhcrlrev.dll: UMonitor

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"



Geoff

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:57 PM

Posted 29 January 2005 - 05:54 PM

We are making headway:

C:\WINDOWS\SYSTEM\RPGWIZC.DLL
C:\WINDOWS\SYSTEM\HXINK.DLL
C:\WINDOWS\SYSTEM\JRVART.DLL
C:\WINDOWS\SYSTEM\IP50_32.DLL
C:\WINDOWS\SYSTEM\OHBCJI32.DLL
C:\WINDOWS\SYSTEM\NMTBIOS.DLL
C:\WINDOWS\SYSTEM\PYTOREC.DLL
C:\WINDOWS\SYSTEM\OCESVR.DLL
C:\WINDOWS\SYSTEM\QQVD.DLL
C:\WINDOWS\SYSTEM\MMRCLR40.DLL
C:\WINDOWS\SYSTEM\WAI.DLL
C:\WINDOWS\SYSTEM\mlvcp60.dll
C:\WINDOWS\SYSTEM\QRARTZ.DLL
C:\WINDOWS\SYSTEM\MAVFW32.DLL
C:\WINDOWS\SYSTEM\PWTOREC.DLL
C:\WINDOWS\SYSTEM\mwdmo.dll
C:\WINDOWS\SYSTEM\mmbsync.dll
C:\WINDOWS\SYSTEM\modmo.dll
C:\WINDOWS\SYSTEM\mgbe.dll
C:\WINDOWS\SYSTEM\EAAPI2.dll
C:\WINDOWS\SYSTEM\mvdmo.dll
C:\WINDOWS\SYSTEM\szrmdll.dll
C:\WINDOWS\SYSTEM\okbc32gt.dll
C:\WINDOWS\SYSTEM\mhcrlrev.dll




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users