Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijackthis log: Please HELP Diagnose


  • Please log in to reply
15 replies to this topic

#1 jlink624

jlink624

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 16 August 2005 - 09:19 AM

Logfile of HijackThis v1.99.1
Scan saved at 10:12:24 AM, on 8/16/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RAMJAR.EXE
C:\WINDOWS\SYSTEM\OJPGBXS.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\ADVANCED SYSTEM OPTIMIZER\ADBLOCK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOSTART.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOJVDIX.EXE
C:\WINDOWS\SYSTEM\HPOMLCH.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\BUDDY.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...=5.5&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE2\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SDWin32 Class - {E4C895BC-B386-4818-B531-9F9FD2168D55} - C:\WINDOWS\SYSTEM\OBHVG.DLL (file missing)
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\SUPDATE.DLL,SHStart
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\ramjar.exe reg_run
O4 - HKLM\..\Run: [ojpgbxs] c:\windows\system\ojpgbxs.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\ETB\POKAPOKA62.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\PROGRAM FILES\ADVANCED SYSTEM OPTIMIZER\ADBLOCK.EXE"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: HP OfficeJet Series 600 StartUp.lnk = C:\Program Files\HP OfficeJet Series 600\bin\HPOstart.exe
O4 - Startup: natk.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:44 PM

Posted 17 August 2005 - 12:53 PM

Hello jlink624 and welcome to the BC HijackThis forum. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.

Step #1

Download CCleaner and install it but do not run it yet.

Download Miekiemoes' lqfix.zip and unzip the contents to your desktop. Do not run it yet.

Step #2

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #3

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
O2 - BHO: SDWin32 Class - {E4C895BC-B386-4818-B531-9F9FD2168D55} - C:\WINDOWS\SYSTEM\OBHVG.DLL (file missing)
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\SUPDATE.DLL,SHStart
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\ramjar.exe reg_run
O4 - HKLM\..\Run: [ojpgbxs] c:\windows\system\ojpgbxs.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\ETB\POKAPOKA62.EXE
O4 - Startup: natk.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Step #4

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Find the following files/folders and delete them (don't worry if they are already gone):C:\WINDOWS\SYSTEM\OBHVG.DLL
C:\WINDOWS\SYSTEM\SUPDATE.DLL
c:\windows\system\ojpgbxs.exe
c:\windows\system\AUNPS2.DLL
C:\WINDOWS\CERES.DLL
C:\WINDOWS\ramjar.exe
C:\WINDOWS\BUDDY.EXE
C:\WINDOWS\ETB\ <--folder

Now do a search of the hard drive for the file below and delete any copies found:natk.exe
Step #5

Locate the LQFix.bat file on your desktop and double-click on it to run it. A DOS window will open and when it is finished a 'Done!' message will appear. Close the DOS window when it is finished.

Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Step #6

Reboot normally and run at least 2 of the following on-line virus scans:Bitdefender <<<Add a check by 'Autoclean'.
RAV <<<Add a check by 'Autoclean', leave everything else as is.
eTrust <<<'Cure' whatever is found, then delete if unsuccessful
Housecall <<<Put on 'Autoclean' and delete what it can't clean.
Panda ActiveScan <<<Accept default settings
If there are any files that cannot be automatically disinfected or quarantined then you will need to delete them manually.

Step #7

If you do not already have Ad-Aware SE 1.06 then follow these download and setup instructions: Ad-Aware SE Setup. Otherwise, just check for updates.

Start Ad-aware SE, click the Start button and choose Perform Full System Scan. Click the Next button and wait for the scan to complete. If anything was found, right-click on the list and choose Select All and remove all it finds.

Step #8

OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

OT

Edited by OldTimer, 17 August 2005 - 12:54 PM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 jlink624

jlink624
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 22 August 2005 - 10:15 AM

Hi OldTimer,
Finally finished all of the instructions you sent. I am still having problems with pop ups. I was able to run RAV and Panda ActiveScan successfully. All others would hang or not delete.

Please let me know what I should do next.
Thanks
Jlink624


Logfile of HijackThis v1.99.1
Scan saved at 11:23:14 AM, on 8/22/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SMVHBM5LIEXPBMNVBG4A\COMMAND.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\WINDOWS\LPDGPL.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\NSVSVC\NSVSVC.EXE
C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\ADVANCED SYSTEM OPTIMIZER\ADBLOCK.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOSTART.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOJVDIX.EXE
C:\WINDOWS\SYSTEM\HPOMLCH.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\WUAUCLT.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...=5.5&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE2\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\DSR.DLL
O2 - BHO: SDWin32 Class - {4A7294A7-D8E9-4EC6-8A07-26308853960C} - C:\WINDOWS\SYSTEM\HPMKK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Command] C:\WINDOWS\SmVhbm5lIExpbmNvbG4A\command.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [hpmkkc] C:\WINDOWS\SYSTEM\hpmkkc.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\lpdgpl.exe reg_run
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\PROGRAM FILES\ADVANCED SYSTEM OPTIMIZER\ADBLOCK.EXE"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: HP OfficeJet Series 600 StartUp.lnk = C:\Program Files\HP OfficeJet Series 600\bin\HPOstart.exe
O4 - Startup: natk.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - ms-its:mhtml:file://c:\nosunex.mht!http://daemonlinks.net/script/ys.chm::/ysb_regular.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosunel.mht!http://daemonlinks.net/script/lc.chm::/bridge-c46.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:44 PM

Posted 22 August 2005 - 12:01 PM

Hi jlink624. It looks like there are about twice as many new infections on here as what we just removed. Since there is no type of protection currently running on this computer we must get an anti-virus program installed and activated before we do anything else.

Here are 3 free anti-virus programs that are available for personal use (I use each of these on various machines and they are all good):Pick one of the above and download it, install it, update it and then run a full system scan.

Before posting back a new HijackThis log we also need to turn off MsConfig. By running msconfig in/auto mode or /reminder mode you may have selectively removed some items in the past from the startup procedure. This can hide malware from us when we are performing a fix, so we would like you to reenable those startup entries by doing the following:

Please click on Start, then Run, and type msconfig and then press Enter. When the window opens you should be on the General tab. Click on the Normal Startup item. Then press ok until you are out of the program. It will ask you to reboot so reboot normally.

Now please create a new Hijackthis Log and post it here as a reply. I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 jlink624

jlink624
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 31 August 2005 - 08:55 AM

Hi OT,
Finally got virus software to run uninterupted. Here is the latest hijacklog with a normal startup:

Logfile of HijackThis v1.99.1
Scan saved at 10:06:22 AM, on 8/31/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SMVHBM5LIEXPBMNVBG4A\COMMAND.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\VERIZON ONLINE\VISUAL IP INSIGHT\IPCLIENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\VERIZON ONLINE\VISUAL IP INSIGHT\IPMON32.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKSSB.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\ADVANCED SYSTEM OPTIMIZER\ADBLOCK.EXE
C:\PROGRAM FILES\AONO\TULT.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOSTART.EXE
C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
C:\PROGRAM FILES\COMMON FILES\WINDOWS\SERVICES32.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOJVDIX.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\BIN\MPBTN.EXE
C:\WINDOWS\SYSTEM\HPOMLCH.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...=5.5&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F1 - win.ini: load=c:\progra~1\hpoffi~1\register\remind.exe c:\progra~1\hpoffi~1\register\remind.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE2\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\DSR.DLL
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Command] C:\WINDOWS\SmVhbm5lIExpbmNvbG4A\command.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUAL IP INSIGHT\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUAL IP INSIGHT\IPMon32.exe"
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [Aluria Security Center] C:\PROGRAM FILES\ALURIA SECURITY CENTER\SecurityCenter.exe /minimize
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\PROGRAM FILES\ADVANCED SYSTEM OPTIMIZER\ADBLOCK.EXE"
O4 - HKCU\..\Run: [Ssmt] C:\Program Files\aono\tult.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000117.exe
O4 - HKCU\..\Run: [OLEWRP] C:\WINDOWS\SYSTEM\OLEWRP.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: HP OfficeJet Series 600 StartUp.lnk = C:\Program Files\HP OfficeJet Series 600\bin\HPOstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: VERIZON ONLINE SUPPORT CENTER.LNK = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Startup: CAMEDIA MASTER.LNK = ?
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - ms-its:mhtml:file://c:\nosunex.mht!http://daemonlinks.net/script/ys.chm::/ysb_regular.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosunel.mht!http://daemonlinks.net/script/lc.chm::/bridge-c46.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:44 PM

Posted 31 August 2005 - 12:32 PM

Hi jlink624. Ok, let's attack this again. Please print these directions and then proceed with the following steps in order.

Step #1

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #2

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\DSR.DLL
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O4 - HKLM\..\Run: [Command] C:\WINDOWS\SmVhbm5lIExpbmNvbG4A\command.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUAL IP INSIGHT\IPClient.exe" -l
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKCU\..\Run: [Ssmt] C:\Program Files\aono\tult.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000117.exe
O4 - HKCU\..\Run: [OLEWRP] C:\WINDOWS\SYSTEM\OLEWRP.exe
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - ms-its:mhtml:file://c:\nosunex.mht!http://daemonlinks.net/script/ys.chm::/ysb_regular.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosunel.mht!http://daemonlinks.net/script/lc.chm::/bridge-c46.cab

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Step #3

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Find the following files/folders and delete them (don't worry if they are already gone):C:\WINDOWS\DSR.DLL
C:\WINDOWS\SmVhbm5lIExpbmNvbG4A\ <--folder
C:\WINDOWS\SYSTEM\AUNPS2.DLL
C:\WINDOWS\SYSTEM\VIDCTRL\ <--folder
C:\WINDOWS\SYSTEM\OLEWRP.exe
C:\Program Files\ISTsvc\ <--folder
C:\PROGRAM FILES\MEDIA ACCESS\ <--folder
C:\Program Files\aono\ <--folder
C:\Program Files\E2G\ <--folder
C:\Program Files\Common Files\Windows\mc-58-12-0000117.exe
C:\PROGRAM FILES\COMMON FILES\WINDOWS\SERVICES32.EXE
c:\nosunex.mht
c:\nosunel.mht

Step #4

Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Step #5

Reboot normally and run at least 2 of the following on-line virus scans:Bitdefender <<<Add a check by 'Autoclean'.
RAV <<<Add a check by 'Autoclean', leave everything else as is.
eTrust <<<'Cure' whatever is found, then delete if unsuccessful
Housecall <<<Put on 'Autoclean' and delete what it can't clean.
Panda ActiveScan <<<Accept default settings
If there are any files that cannot be automatically disinfected or quarantined then you will need to delete them manually.

Step #6

If you do not already have Ad-Aware SE 1.06 then follow these download and setup instructions: Ad-Aware SE Setup. Otherwise, just check for updates.

Start Ad-aware SE, click the Start button and choose Perform Full System Scan. Click the Next button and wait for the scan to complete. If anything was found, right-click on the list and choose Select All and remove all it finds.

Step #7

OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 jlink624

jlink624
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 01 September 2005 - 06:26 PM

Hi Ot,
Here you go...hope this one is better. Seems like nothing seems to work!
Thanks for your time
Jlink624

Logfile of HijackThis v1.99.1
Scan saved at 7:37:20 PM, on 9/1/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\VERIZON ONLINE\VISUAL IP INSIGHT\IPMON32.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKSSB.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ADVANCED SYSTEM OPTIMIZER\ADBLOCK.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOSTART.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOJVDIX.EXE
C:\WINDOWS\SYSTEM\HPOMLCH.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...=5.5&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F1 - win.ini: load=c:\progra~1\hpoffi~1\register\remind.exe c:\progra~1\hpoffi~1\register\remind.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE2\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\VERIZON ONLINE\VISUAL IP INSIGHT\IPMon32.exe"
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [Aluria Security Center] C:\PROGRAM FILES\ALURIA SECURITY CENTER\SecurityCenter.exe /minimize
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\PROGRAM FILES\ADVANCED SYSTEM OPTIMIZER\ADBLOCK.EXE"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: HP OfficeJet Series 600 StartUp.lnk = C:\Program Files\HP OfficeJet Series 600\bin\HPOstart.exe
O4 - Startup: VERIZON ONLINE SUPPORT CENTER.LNK = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Startup: CAMEDIA MASTER.LNK = ?
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:44 PM

Posted 02 September 2005 - 09:40 AM

Hi jlink624. The log is clean. There are no sign's of problems there.

I don't know what you mean by "Seems like nothing seems to work!". Can you give me any specific details?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 jlink624

jlink624
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 07 September 2005 - 01:35 PM

Hi OT,
I'm still having problems with spyware trying to download itself to my computer. I tried to install the latest version of Internet Explorer so that I can block pop ups, but I am getting a system error. My system is still very slow and runs out of memory very quickly. Any other thoughts?
Thanks for your help.
Jlink624

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:44 PM

Posted 08 September 2005 - 06:39 AM

Hi jlink624. Since the latest available version of IE was already installed on this machine I am not quite sure what it was that you were trying to download. Windows ME will only run IE6 SP1 which already shows as being installed. The latest version of IE (IE6 SP2) is only compatible with Windows XP and will not install or run on a machine not running XP.

Perceived speed can be affected by many factors. The amount of physical memory available, hard disk size and speed, the number of programs running (the list goes on). Since there is nothing as far as infections or malware showing in the HijackThis log let's try a different scanner and see if it shows us anything that might not be in a HijackThis log and then go from there.

Download WinPFind.zip and unzip the contents to the C:\ folder.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Locate the c:\winpfind\winpfind.exe file and double-click it to run it. Now click the Start Scan button to begin the scan.

When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here along with a new HijackThis log and I will review the information when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 jlink624

jlink624
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 08 September 2005 - 08:29 PM

Hi OT,
I should also tell you that I have many instances of iexplore running in the background after a reboot. Additionally, my system is only stabe for about 30 minutes before I start to run low on resources.

Thanks
JLINK624
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Windows Millennium Edition Version: 4.90.3000
Internet Explorer Version: 6.0.2800.1106

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 8/23/2005 5:51:40 PM HS 133947392 C:\WINDOWS\VMMHIBER.W9X
FSG! 8/23/2005 5:51:40 PM HS 133947392 C:\WINDOWS\VMMHIBER.W9X
qoologic 8/23/2005 5:51:40 PM HS 133947392 C:\WINDOWS\VMMHIBER.W9X
aspack 8/23/2005 5:51:40 PM HS 133947392 C:\WINDOWS\VMMHIBER.W9X
abetterinternet.com 8/23/2005 5:51:40 PM HS 133947392 C:\WINDOWS\VMMHIBER.W9X
winsync 8/23/2005 5:51:40 PM HS 133947392 C:\WINDOWS\VMMHIBER.W9X
UPX! 8/31/2005 11:35:34 PM 18944 C:\WINDOWS\icont.exe

Items found in C:\WINDOWS\hosts

PECompact2 8/18/2005 2:24:00 PM 15636721 C:\WINDOWS\VPTNFILE.791
qoologic 8/18/2005 2:24:00 PM 15636721 C:\WINDOWS\VPTNFILE.791
SAHAgent 8/18/2005 2:24:00 PM 15636721 C:\WINDOWS\VPTNFILE.791
UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll
UPX! 8/16/2005 10:21:14 AM 189859 C:\WINDOWS\dsr.exe
UPX! 1/10/2005 4:17:24 PM 170053 C:\WINDOWS\tsc.exe
UPX! 8/24/2005 8:55:14 AM 121433 C:\WINDOWS\mc-58-12-0000117.exe
PTech 8/30/2005 3:03:24 PM 5632 C:\WINDOWS\dwlois2.exe
PECompact2 8/18/2005 2:24:00 PM 15636721 C:\WINDOWS\lpt$vpn.791
qoologic 8/18/2005 2:24:00 PM 15636721 C:\WINDOWS\lpt$vpn.791
SAHAgent 8/18/2005 2:24:00 PM 15636721 C:\WINDOWS\lpt$vpn.791
UPX! 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
UPX! 8/27/2005 10:50:48 AM 457504 C:\WINDOWS\ultrasearch.exe

Checking %System% folder...
Umonitor 8/6/2005 7:05:04 PM 405504 C:\WINDOWS\SYSTEM\CXSEQCHK.DLL
PTech 8/8/2000 12:00:00 PM 88571 C:\WINDOWS\SYSTEM\MDACRDME.HTM
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DIKMAINT.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\ONE2.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IMDICDLL.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WUSDMOE.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\OBE2DISP.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\APICAP32.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\RLCLTSCM.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\HWORDD01.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WNOCK32.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\RLASMM.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\ROCRT4.DLL
Umonitor 8/6/2005 7:05:04 PM 405504 C:\WINDOWS\SYSTEM\IEM32.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\LICMP70n.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MDASN1.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WULP32T.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\NFTAPI.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DYIP32.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\UTNP.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MAC42.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MFMIXMGR.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MQXDM.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\OTECLI.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\EM.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DTLAY.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WGPUI.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\CVL3D32.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MDNSSPC.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IAGSHL.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DKMV2CLT.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WWOCK32.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\RECRES.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WE2THK.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DVDIM700.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\HUODOS01.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\JRPL400.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\BAACKBOX.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MRTCP.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\JHVACYPT.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\HZOQPR01.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\SDNSAPI.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IVM32.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\SJORAGE.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MJRSERV.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\SVCUR32.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DBNDI.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\CUBINET.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\LLPCD11N.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\CYUTOA.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\SHDPAPI.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IMCVID.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\SOORAGE.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\SMELL.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\UZLMON.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\Lipng11n.dll
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\OWESVR.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\OTBCCU32.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\QLDWIPES.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IVGSHL.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\rgcrtp.dll
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\OSECLI32.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WX2HELP.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\TLPI32.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\SNMAN32.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WCNALIGN.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\TXP3216S.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MJJINT40.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\RQGWIZC.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\aCmd532.dll
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\NRONN16.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\THPI.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IMFG95.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MUCMS.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\JWT.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\ASTXPRXY.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\NMMODE.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MIUTILSE.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IGDICDLL.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\lfcmgr10.dll
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\hxzrpp04.dll
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DLUSIC.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WSADMOE.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\XLNROLL.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\XJNROLL.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\mhvcr70.dll
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DGDRM.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\AGTXPRXY.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\OSTWA400.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WEDAP32.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\AOVIEW32.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\uticows.dll
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\mxvcp71.dll
UPX! 8/19/2005 1:32:52 PM 25105 C:\WINDOWS\SYSTEM\MTE2NzY6ODoxNg.exe
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\NZDLL.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IVSETUP.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WQDMPS.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\HOZPOM04.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MLCAT32.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\QMV.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WNSTREAM.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\CCMOCX.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IFCVID.DLL
UPX! 7/9/2005 5:03:06 AM 433152 C:\WINDOWS\SYSTEM\aswBoot.exe
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\RGAENH.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MGG4DMOD.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MGVIDEO.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\OSBCBCP.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\snnsapi.dll
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DGKMAINT.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\HXZSTSIN.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WQSDMOE.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\VD5DB.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MDLS31.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IJDICDLL.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\CVFG95.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\lqpsd11n.dll
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MACMS.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IISAPI32.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\ACYCFILT.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\Iuetwh32.dll
UPX! 8/30/2005 3:03:24 PM 68096 C:\WINDOWS\SYSTEM\dbmjte.exe
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\RCRV1032.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MJC42.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\CYET16.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\OKE32.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WTDMPS.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\AVM32.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DGSERIAL.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DZSYNTH.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WDERRENU.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\ROAENH.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WHOCK32.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IISENG.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MUC42.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\haoctk32.dll
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\VS5DB.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\SWELL.DLL
Umonitor 8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IZSETUP.DLL

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/8/2005 5:02:22 PM RH 5619744 C:\WINDOWS\CLASSES.DAT
9/8/2005 5:06:02 PM RH 1507360 C:\WINDOWS\USER.DAT
9/8/2005 5:11:38 PM RH 5283872 C:\WINDOWS\SYSTEM.DAT
8/23/2005 5:51:40 PM HS 133947392 C:\WINDOWS\VMMHIBER.W9X
9/8/2005 4:59:24 PM H 465674 C:\WINDOWS\ShellIconCache
9/8/2005 5:04:42 PM H 32558 C:\WINDOWS\ttfCache
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DIKMAINT.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\ONE2.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IMDICDLL.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WUSDMOE.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\OBE2DISP.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\APICAP32.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\RLCLTSCM.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\HWORDD01.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WNOCK32.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\RLASMM.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\ROCRT4.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\mDpi32.dll
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\LICMP70n.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MDASN1.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WULP32T.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\NFTAPI.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DYIP32.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\UTNP.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MAC42.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MFMIXMGR.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MQXDM.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\OTECLI.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\EM.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DTLAY.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WGPUI.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\CVL3D32.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MDNSSPC.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IAGSHL.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DKMV2CLT.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WWOCK32.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\RECRES.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WE2THK.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DVDIM700.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\HUODOS01.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\JRPL400.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\BAACKBOX.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MRTCP.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\JHVACYPT.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\HZOQPR01.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\SDNSAPI.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IVM32.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\SJORAGE.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MJRSERV.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\SVCUR32.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DBNDI.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\CUBINET.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\LLPCD11N.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\CYUTOA.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\SHDPAPI.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IMCVID.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\SOORAGE.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\SMELL.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\UZLMON.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\Lipng11n.dll
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\OWESVR.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\OTBCCU32.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\QLDWIPES.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IVGSHL.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\rgcrtp.dll
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\OSECLI32.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WX2HELP.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\TLPI32.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\SNMAN32.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WCNALIGN.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\TXP3216S.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MJJINT40.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\RQGWIZC.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\aCmd532.dll
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\NRONN16.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\THPI.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IMFG95.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MUCMS.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\JWT.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\ASTXPRXY.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\NMMODE.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MIUTILSE.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IGDICDLL.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\lfcmgr10.dll
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\hxzrpp04.dll
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DLUSIC.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WSADMOE.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\XLNROLL.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\XJNROLL.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\mhvcr70.dll
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DGDRM.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\AGTXPRXY.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\OSTWA400.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WEDAP32.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\AOVIEW32.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\uticows.dll
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\mxvcp71.dll
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\NZDLL.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IVSETUP.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WQDMPS.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\HOZPOM04.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MLCAT32.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\QMV.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WNSTREAM.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\CCMOCX.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IFCVID.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\RGAENH.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MGG4DMOD.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MGVIDEO.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\OSBCBCP.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\snnsapi.dll
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DGKMAINT.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\HXZSTSIN.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WQSDMOE.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\VD5DB.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MDLS31.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IJDICDLL.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\CVFG95.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\lqpsd11n.dll
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MACMS.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IISAPI32.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\ACYCFILT.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\Iuetwh32.dll
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\RCRV1032.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\MJC42.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\CYET16.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\OKE32.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WTDMPS.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\AVM32.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DGSERIAL.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\DZSYNTH.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WDERRENU.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\ROAENH.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\WHOCK32.DLL
8/6/2005 7:05:04 PM R S 405504 C:\WINDOWS\SYSTEM\IISENG.DLL

Checking for CPL files...

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:44 PM

Posted 09 September 2005 - 08:32 AM

Hi jlink624. It appears that the WinPFind log was not posted completely. This could be due to the length of the log. Open the WinPFind.txt file in Notepad and scroll down to the point where it was cut off in the post ('Checking for CPL files...') and highlight the text from that point to the end of the log and post that information back here. Verify that it gets posted in its entirety and if not the make additional posts as needed to get the entire log completely posted.

Thanks.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 jlink624

jlink624
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 10 September 2005 - 07:09 AM

Hi OT,
The log is not processing past the point that you see posted. I ran it again last night with the same results. It says at the top of the screen that the scan is complete.
JLink624

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:44 PM

Posted 10 September 2005 - 07:01 PM

Hi jlink624. Let's see if we can get the rest of the log.

Start WinPFind and click the Configure Scan Options button, In the Folder Options group, uncheck the 1st 6 items in the group and leave everything else as it is. Click the Apply button and then the Start Scan button and post the results of the rest of the log back here for review.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 jlink624

jlink624
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 11 September 2005 - 08:58 AM

Here you go:

Checking for CPL files...
Eastman Kodak Co. 8/18/1999 1:29:26 PM 69632 C:\WINDOWS\SYSTEM\DC290CPL.CPL
Microsoft Corporation 8/29/2002 7:07:38 AM 292352 C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 62464 C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 104368 C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 41232 C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 61200 C:\WINDOWS\SYSTEM\POWERCFG.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 79872 C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 221280 C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 111616 C:\WINDOWS\SYSTEM\MAIN.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 408576 C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 14448 C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 47104 C:\WINDOWS\SYSTEM\PASSWORD.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 389872 C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 15360 C:\WINDOWS\SYSTEM\TELEPHON.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 36864 C:\WINDOWS\SYSTEM\TIMEDATE.CPL
Microsoft Corporation 9/16/2002 9:37:16 AM 28672 C:\WINDOWS\SYSTEM\WUAUCPL.CPL
Microsoft Corporation 6/8/2000 5:00:00 PM 66560 C:\WINDOWS\SYSTEM\ACCESS.CPL
Creative Technology Ltd. 8/30/1999 1:55:00 AM 228352 C:\WINDOWS\SYSTEM\CTDetect.cpl
Creative Technology Ltd. 3/19/1998 1:00:00 AM 18432 C:\WINDOWS\SYSTEM\Audiohq.cpl
Microsoft Corporation 2/10/1999 11:48:46 AM 40960 C:\WINDOWS\SYSTEM\FINDFAST.CPL
Apple Computer, Inc. 6/20/2001 4:34:36 PM 287232 C:\WINDOWS\SYSTEM\QuickTime.cpl
FotoNation inc. 3/26/1998 2:01:34 PM 27136 C:\WINDOWS\SYSTEM\camcpl.cpl
Microsoft Corporation 5/1/2002 6:51:36 PM 192512 C:\WINDOWS\SYSTEM\JOY.CPL

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
7/3/2005 6:43:10 PM 598 C:\WINDOWS\Start Menu\Programs\StartUp\CAMEDIA MASTER.LNK
4/4/2004 9:54:04 AM 496 C:\WINDOWS\Start Menu\Programs\StartUp\HP OfficeJet Series 600 StartUp.lnk
10/18/2003 9:13:10 AM 560 C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
4/3/2005 10:31:36 AM 585 C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Works Calendar Reminders.lnk
4/4/2004 9:54:00 AM 612 C:\WINDOWS\Start Menu\Programs\StartUp\VERIZON ONLINE SUPPORT CENTER.LNK

Checking files in %USERPROFILE%\Application Data folder...
9/1/2005 8:30:48 AM 12729 C:\WINDOWS\Application Data\dw.log
4/5/2004 10:40:50 AM 75 C:\WINDOWS\Application Data\fusioncache.dat
1/29/2005 2:12:56 PM 79840 C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT
8/8/2005 6:23:08 PM 44 C:\WINDOWS\Application Data\Sskcwrd.dll
8/8/2005 6:22:18 PM 52 C:\WINDOWS\Application Data\Sskdmns.dll
8/8/2005 5:45:20 PM 410645 C:\WINDOWS\Application Data\Sskknwrd.dll
8/8/2005 6:23:08 PM 33 C:\WINDOWS\Application Data\Sskuknwrd.dll

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{FEF10FA2-355E-4e06-9381-9B24D7F7CC88} = C:\WINDOWS\SYSTEM\SHELL32.DLL
{53C74826-AB99-4d33-ACA4-3117F51D3788} = C:\WINDOWS\SYSTEM\SHELL32.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\SharingMenu
{6D78EC20-5AA6-101B-8681-366FBD64CEB9} = msshrui.dll

<<< WARNING! - NOT A VALID WIN98 KEY! (ME is Ok) >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7ab770c7-0e23-4d7a-8aa2-19bfad479829}
= C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINDOWS\SYSTEM\DOCPROP2.DLL

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\PROGRAM FILES\ADOBE2\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC}
ButtonText = Control Pad : C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
MenuText = Uninstall BitDefender Online Scanner v8 :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINDOWS\SYSTEM\SHELL32.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{40D41A8B-D79B-43D7-99A7-9EE0F344C385} = AIM Search : C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SystemTray SysTray.Exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
HPDJ Taskbar Utility C:\WINDOWS\SYSTEM\hpztsb04.exe
TaskMonitor C:\WINDOWS\taskmon.exe
avast! Web Scanner C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
AudioHQ C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
UpdReg C:\WINDOWS\Updreg.exe
Microsoft IntelliType Pro "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
WorksFUD C:\Program Files\Microsoft Works\wkfud.exe
LoadQM loadqm.exe
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
Aluria Security Center C:\PROGRAM FILES\ALURIA SECURITY CENTER\SecurityCenter.exe /minimize
IPInSightMonitor 01 "C:\PROGRAM FILES\VERIZON ONLINE\VISUAL IP INSIGHT\IPMon32.exe"
Speed racer C:\Program Files\Creative\PlayCenter\CTSRReg.exe
Microsoft Works Update Detection C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
WildTangent CDA RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
Motive SmartBridge C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
Microsoft Works Portfolio C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
PCHealth C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
ashMaiSv C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
devldr16.exe C:\WINDOWS\SYSTEM\devldr16.exe
CreateCD C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
MSFS Installed = 1
MAPI Installed = 1
IMAIL Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*StateMgr C:\WINDOWS\System\Restore\StateMgr.exe
KB891711 C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
avast! C:\Program Files\Alwil Software\Avast4\ashServ.exe
MSNIA C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
SchedulingAgent mstask.exe
StillImageMonitor C:\WINDOWS\SYSTEM\STIMON.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Weather C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
Systweak Ad and Popup Blocker "C:\PROGRAM FILES\ADVANCED SYSTEM OPTIMIZER\ADBLOCK.EXE"
msnmsgr "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp
NoRealMode 1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HideSharePwds 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\Web Folders\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun
CDRAutoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
dlgh.exe C:\WINDOWS\SYSTEM\dlgh.exe
OLEWRP C:\WINDOWS\SYSTEM\OLEWRP.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL
AUHook {BCBCD383-3E06-11D3-91A9-00C04F68105C} = C:\WINDOWS\SYSTEM\AUHOOK.DLL


Scan Complete
WinPFind v1.3.5 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/11/2005 10:09:04 AM




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users