Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log


  • This topic is locked This topic is locked
7 replies to this topic

#1 Sarcastikus

Sarcastikus

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 22 August 2005 - 04:29 PM

Hello,

The pop-ups have been coming fast and furious lately :thumbsup: , primarily searc-h.com, adopt.hotbar, icannnews, and pacimedia.

Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 04:16:53 PM, on 08-22-2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\PRIVACY CRUSADER FULL\PRIVACYCRUSADERFULL.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\POP-UP FREE PC FULL\POP-UPFREEPCFULL.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [PRIVACYCRUSADERFULL] C:\PROGRAM FILES\PRIVACY CRUSADER FULL\PRIVACYCRUSADERFULL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Pop-Up Free PC] C:\PROGRAM FILES\POP-UP FREE PC FULL\POP-UPFREEPCFULL.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [ccleaner] "C:\WINDOWS\DESKTOP\CCLEANER\CCLEANER.exe" /AUTO
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion.../ICSScanner.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {AA218328-0EA8-4D70-8972-E987A9190FF4} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab


The NoAdware scan found:
DyFuCA
1800SearchAssistant
eXactAdvertising
ISTbar
Bubba.wintools or Adware.Win Tools
TrojanDownloader.Win32.Agent.al

I've run Ad-AwareSE and Spybot Search and Destroy and got rid of what they found.

Thanks in advance for analysis and advice!
I'd be more apathetic if I wasn't so lethargic.

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:55 PM

Posted 24 August 2005 - 12:40 PM

Hello Sarcastikus and welcome to the BC HijackThis forum. I do not see any problems in this HijackThis log. It is clean.

There are 2 programs that I can't find any information on. If you are absolutely certain that they are goo programs then do what you want with them, otherwise delete them:Pop-Up Free PC
PRIVACYCRUSADERFULL

Whatever they are they are not mainstream programs that have any information about them.

Now let's try another scanner to see if it shows anything.

Download WinPFind.zip and unzip the contents to the C:\ folder.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Locate the c:\winpfind\winpfind.exe file and double-click it to run it. Now click the Start Scan button to begin the scan.

When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here along with a new HijackThis log and I will review the information when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Sarcastikus

Sarcastikus
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 24 August 2005 - 09:18 PM

Hello OldTimer!

I found Privacy Crusader and PopUp Free PC at http://www.egeosoftware.com/ and generally do a good job.

Below is what the WinPFind scan found:


Windows OS and Versions
Product Name: Windows 98 Version: 4.10.2222
Internet Explorer Version: 6.0.2800.1106

Checking Selected Standard Folders

Checking %SystemDrive% folder...
Umonitor 08-24-2005 03:37:30 PM 104857600 C:\WIN386.SWP
qoologic 08-24-2005 03:37:30 PM 104857600 C:\WIN386.SWP
aspack 08-24-2005 03:37:30 PM 104857600 C:\WIN386.SWP
PTech 08-24-2005 03:37:30 PM 104857600 C:\WIN386.SWP
ad-beh 08-24-2005 03:37:30 PM 104857600 C:\WIN386.SWP
_rtneg3 08-24-2005 03:37:30 PM 104857600 C:\WIN386.SWP
SAHAgent 08-24-2005 03:37:30 PM 104857600 C:\WIN386.SWP
buddy.exe 08-24-2005 03:37:30 PM 104857600 C:\WIN386.SWP
ZepMon 08-24-2005 03:37:30 PM 104857600 C:\WIN386.SWP
66.63.167.77 08-24-2005 03:37:30 PM 104857600 C:\WIN386.SWP
abetterinternet.com 08-24-2005 03:37:30 PM 104857600 C:\WIN386.SWP
8B!7F\(T 08-24-2005 03:37:30 PM 104857600 C:\WIN386.SWP
testpopup 08-24-2005 03:37:30 PM 104857600 C:\WIN386.SWP
web-nex 08-24-2005 03:37:30 PM 104857600 C:\WIN386.SWP
yourkey 08-24-2005 03:37:30 PM 104857600 C:\WIN386.SWP
winsync 08-24-2005 03:37:30 PM 104857600 C:\WIN386.SWP
rec2_run 08-24-2005 03:37:30 PM 104857600 C:\WIN386.SWP
WinShutDown 08-24-2005 03:37:30 PM 104857600 C:\WIN386.SWP
ad-w-a-r-e.com 08-24-2005 03:37:30 PM 104857600 C:\WIN386.SWP

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Items found in C:\WINDOWS\hosts

UPX! 01-10-2005 04:17:24 PM 170053 C:\WINDOWS\tsc.exe
UPX! 02-18-2005 06:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 02-18-2005 06:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\DFCVW_32.DLL
Umonitor 07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\MIACM.DLL
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\aiidl.dll
Umonitor 07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\ccbw32.dll
Umonitor 07-18-2005 02:24:12 PM 405504 C:\WINDOWS\SYSTEM\iter.dll
Umonitor 07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\ivqd.dll
Umonitor 07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\aulcw32.dll
Umonitor 07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\aklek.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\ihpu32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\skkwe.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\wmnce.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\jXvaox32.dll
qoologic 12-17-2004 06:36:34 AM 7523512 C:\WINDOWS\SYSTEM\pav.sig
aspack 12-17-2004 06:36:34 AM 7523512 C:\WINDOWS\SYSTEM\pav.sig
SAHAgent 12-17-2004 06:36:34 AM 7523512 C:\WINDOWS\SYSTEM\pav.sig
winsync 12-17-2004 06:36:34 AM 7523512 C:\WINDOWS\SYSTEM\pav.sig
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\micuu.dll
Umonitor 07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\dImk.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\injb.dll
Umonitor 07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\nqtmm.dll
Umonitor 07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\agifn.dll
Umonitor 07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\amdfr.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\wnnqq.dll
Umonitor 07-21-2005 04:09:54 PM 405504 C:\WINDOWS\SYSTEM\srklh32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\wqnjg.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\scszo.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\nedu.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\mmckh.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\wzngh.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\dYob32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\njtpr32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\jSvajw.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\mocdt.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\mscws32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\aedjn.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\cnvd32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\sfsny.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\wknit.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\dDhv32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\sqszw.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\acpbz.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\nathn32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\nors32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\aclfi32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\iuze32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\dOix.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\mwbn.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\axlhy.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\ciap.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\sekrg.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\jGvacn.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\cnrf.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\dLqm.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\dMwx.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\afpyg.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\ngtvc.dll
PTech 07-12-2005 05:50:44 PM 520456 C:\WINDOWS\SYSTEM\LegitCheckControl.DLL
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\DYWSOCK.DLL
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\mhcaq.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\dXeq32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\iovw32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\moccp32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\jZvayg32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\ntthe32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\mgss32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\aslny.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\aalsh32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\ahl.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\shsqm.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\avlqi32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\aldcx32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\ckwj.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\mbcwx.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\aalzn.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\jOvasi32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\ixyu32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\mscqd.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\slkol32.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\jZvanq.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\aaizp.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\igmx.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\amdek.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\sosog.dll
Umonitor 07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\ardkk.dll
Umonitor 07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\iyqa.dll
Umonitor 07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\wzncn.dll
Umonitor 07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\axlcv32.dll
Umonitor 07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\nbel.dll
Umonitor 07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\nytoz.dll
Umonitor 07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\ajdfw.dll
Umonitor 07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\nvtvn.dll

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
08-24-2005 03:38:52 PM RH 7553056 C:\WINDOWS\SYSTEM.DAT
08-15-2005 05:05:50 PM RH 397344 C:\WINDOWS\HWINFO.DAT
08-24-2005 05:48:06 PM RH 651296 C:\WINDOWS\USER.DAT
08-19-2005 02:53:44 PM H 54156 C:\WINDOWS\QTFont.qfn
08-22-2005 09:34:14 PM H 13167 C:\WINDOWS\ttfCache
08-24-2005 03:37:06 PM H 462463 C:\WINDOWS\ShellIconCache
08-18-2005 09:39:54 PM RH 8192 C:\WINDOWS\SYSTEM\RATINGS.POL
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\DFCVW_32.DLL
07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\MIACM.DLL
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\aiidl.dll
07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\ccbw32.dll
07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\ivqd.dll
07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\aulcw32.dll
07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\aklek.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\ihpu32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\skkwe.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\wmnce.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\jXvaox32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\micuu.dll
07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\dImk.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\injb.dll
08-24-2005 03:35:38 PM H 1741 C:\WINDOWS\SYSTEM\vsconfig.xml
07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\nqtmm.dll
07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\agifn.dll
07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\amdfr.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\wnnqq.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\wqnjg.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\scszo.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\nedu.dll
08-17-2005 03:02:34 PM H 4212 C:\WINDOWS\SYSTEM\zllictbl.dat
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\mmckh.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\wzngh.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\dYob32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\njtpr32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\jSvajw.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\mocdt.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\mscws32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\aedjn.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\cnvd32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\sfsny.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\wknit.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\dDhv32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\sqszw.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\acpbz.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\nathn32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\nors32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\aclfi32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\iuze32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\dOix.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\mwbn.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\axlhy.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\ciap.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\sekrg.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\jGvacn.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\cnrf.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\dLqm.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\dMwx.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\afpyg.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\ngtvc.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\DYWSOCK.DLL
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\mhcaq.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\dXeq32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\iovw32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\moccp32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\jZvayg32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\ntthe32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\mgss32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\aslny.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\aalsh32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\ahl.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\shsqm.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\avlqi32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\aldcx32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\ckwj.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\mbcwx.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\aalzn.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\jOvasi32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\ixyu32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\mscqd.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\slkol32.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\jZvanq.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\aaizp.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\igmx.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\amdek.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\sosog.dll
07-21-2005 04:09:54 PM R S 405504 C:\WINDOWS\SYSTEM\ardkk.dll
07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\iyqa.dll
07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\wzncn.dll
07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\axlcv32.dll
07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\nbel.dll
07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\nytoz.dll
07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\ajdfw.dll
07-18-2005 02:24:12 PM R S 405504 C:\WINDOWS\SYSTEM\nvtvn.dll
08-24-2005 03:37:00 PM HS 67 C:\WINDOWS\Temporary Internet Files\desktop.ini
08-24-2005 03:37:00 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
08-22-2005 02:40:06 PM H 6 C:\WINDOWS\Tasks\SA.DAT
08-22-2005 02:40:48 PM HS 188 C:\WINDOWS\Tasks\RUTASK.job
07-15-2005 07:59:22 PM RH 471072 C:\WINDOWS\Profiles\Taneya\USER.BAK
07-22-2005 05:41:14 PM RH 471072 C:\WINDOWS\Profiles\Taneya\USER.DAT
07-30-2005 11:26:12 AM RH 471072 C:\WINDOWS\Profiles\Taneya\USER.PAK
07-17-2005 04:44:22 PM RH 1765408 C:\WINDOWS\Profiles\gary\USER.BAK
08-24-2005 03:37:18 PM RH 1998880 C:\WINDOWS\Profiles\gary\USER.DAT
07-30-2005 11:26:14 AM RH 1773600 C:\WINDOWS\Profiles\gary\USER.PAK
07-23-2005 05:49:50 PM HS 1092 C:\WINDOWS\Profiles\gary\Application Data\Microsoft\Internet Explorer\Desktop.htt

Checking for CPL files...
Microsoft Corporation 04-23-1999 10:22:00 PM 221280 C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation 08-29-2002 292352 C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 60928 C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 420864 C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 93248 C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 14448 C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 47104 C:\WINDOWS\SYSTEM\PASSWORD.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 51984 C:\WINDOWS\SYSTEM\POWERCFG.CPL
Microsoft Corporation 10-30-2001 08:10:00 AM 442368 C:\WINDOWS\SYSTEM\JOY.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 66048 C:\WINDOWS\SYSTEM\ACCESS.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 72192 C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 103424 C:\WINDOWS\SYSTEM\MAIN.CPL
04-23-1999 10:22:00 PM 70656 C:\WINDOWS\SYSTEM\STICPL.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 387072 C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 14848 C:\WINDOWS\SYSTEM\TELEPHON.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 37376 C:\WINDOWS\SYSTEM\TIMEDATE.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 15360 C:\WINDOWS\SYSTEM\THEMES.CPL
ATI Technologies Inc. 08-18-1999 04:35:18 PM 18432 C:\WINDOWS\SYSTEM\MMCpl.cpl
Microsoft Corporation 02-20-2003 12:39:50 PM 32768 C:\WINDOWS\SYSTEM\odbccp32.cpl
Sun Microsystems, Inc. 06-03-2005 03:52:54 AM 49265 C:\WINDOWS\SYSTEM\jpicpl32.cpl
Adobe Systems, Inc. 08-24-2000 03:46:38 PM 266240 C:\WINDOWS\SYSTEM\Adobe Gamma.cpl
Apple Computer, Inc. 04-08-2004 02:12:42 PM 323072 C:\WINDOWS\SYSTEM\QuickTime.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
05-31-2005 11:42:00 AM 109 C:\WINDOWS\Application Data\dw.log

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Norton WipeInfo
{30424D42-5946-11D2-B8E5-006097C9C6FF} = C:\PROGRAM FILES\NORTON UTILITIES\WFSHELEX.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Erasext
{8BE13461-936F-11D1-A87D-444553540000} = C:\Program Files\Eraser\erasext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SharingMenu
{6D78EC20-5AA6-101B-8681-366FBD64CEB9} = msshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Norton WipeInfo
{30424D42-5946-11D2-B8E5-006097C9C6FF} = C:\PROGRAM FILES\NORTON UTILITIES\WFSHELEX.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Erasext
{8BE13461-936F-11D1-A87D-444553540000} = C:\Program Files\Eraser\erasext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\SYSTEM\Shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{44627E97-789B-40d4-B5C2-58BD171129A1}
ButtonText = Browser Adjustment :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
ButtonText = Spyware Doctor :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
PRIVACYCRUSADERFULL C:\PROGRAM FILES\PRIVACY CRUSADER FULL\PRIVACYCRUSADERFULL
AVG7_CC C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
AVG7_EMC C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
AVG7_AMSVR C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
Pop-Up Free PC C:\PROGRAM FILES\POP-UP FREE PC FULL\POP-UPFREEPCFULL.exe
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
TrueVector C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HideSharePwds 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoWindowsUpdate 0
NoRecentDocsMenu 1
NoFavoritesMenu 0
NoSMMyDocs 0
NoSMMyPictures 0
NoStartMenuMyMusic 0
NoRecentDocsHistory 1
NoRecentDocsNetHood 0
NoSMHelp 0
NoRun 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun
CDRAutoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate
DisableWindowsUpdateAccess 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL

<<< WARNING! - NOT A VALID WIN98*Grinler KEY! >>>
Shell =
System =
I'd be more apathetic if I wasn't so lethargic.

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:55 PM

Posted 25 August 2005 - 05:16 PM

Hi Sarcastikus. Wow, looks like we hit the motherload. Let's do this.

It looks like we have an L2M infection here. Please do the following:
  • Download l2m9xfix.exe and save it to your desktop.
  • Locate the l2m9xfix.exe file on your desktop and double-click on it to extract the files.
  • Click on the Install button when prompted. It will create a folder on the desktop named l2m9xfix and extract the files into it.
  • Open the l2m9xfix folder on the desktop and double-click the file RunThis.bat.
  • A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.
  • Now restart your computer, and post the following logs back here:The log.txt file from the l2m9xfix folder
    A new HijackThis log
    A new WinPFind log
I will review the new information when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 Sarcastikus

Sarcastikus
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 26 August 2005 - 03:04 PM

Hi OldTimer,

Here are the logs you requested:

Log of L2M9XFix v1

************

Running from directory:
C:\WINDOWS\Desktop\l2m9xfix

************

Files found:

C:\WINDOWS\system\aaizp.dll
C:\WINDOWS\system\aaizp.dll
C:\WINDOWS\system\aaizp.dll
C:\WINDOWS\system\aaizp.dll
C:\WINDOWS\system\aalsh32.dll
C:\WINDOWS\system\aalsh32.dll
C:\WINDOWS\system\aalsh32.dll
C:\WINDOWS\system\aalsh32.dll
C:\WINDOWS\system\aalzn.dll
C:\WINDOWS\system\aalzn.dll
C:\WINDOWS\system\aalzn.dll
C:\WINDOWS\system\aalzn.dll
C:\WINDOWS\system\aclfi32.dll
C:\WINDOWS\system\aclfi32.dll
C:\WINDOWS\system\aclfi32.dll
C:\WINDOWS\system\aclfi32.dll
C:\WINDOWS\system\acpbz.dll
C:\WINDOWS\system\acpbz.dll
C:\WINDOWS\system\acpbz.dll
C:\WINDOWS\system\acpbz.dll
C:\WINDOWS\system\aedjn.dll
C:\WINDOWS\system\aedjn.dll
C:\WINDOWS\system\aedjn.dll
C:\WINDOWS\system\aedjn.dll
C:\WINDOWS\system\afpyg.dll
C:\WINDOWS\system\afpyg.dll
C:\WINDOWS\system\afpyg.dll
C:\WINDOWS\system\afpyg.dll
C:\WINDOWS\system\agifn.dll
C:\WINDOWS\system\agifn.dll
C:\WINDOWS\system\agifn.dll
C:\WINDOWS\system\agifn.dll
C:\WINDOWS\system\ahl.dll
C:\WINDOWS\system\ahl.dll
C:\WINDOWS\system\ahl.dll
C:\WINDOWS\system\ahl.dll
C:\WINDOWS\system\aiidl.dll
C:\WINDOWS\system\aiidl.dll
C:\WINDOWS\system\aiidl.dll
C:\WINDOWS\system\aiidl.dll
C:\WINDOWS\system\ajdfw.dll
C:\WINDOWS\system\ajdfw.dll
C:\WINDOWS\system\ajdfw.dll
C:\WINDOWS\system\ajdfw.dll
C:\WINDOWS\system\aklek.dll
C:\WINDOWS\system\aklek.dll
C:\WINDOWS\system\aklek.dll
C:\WINDOWS\system\aklek.dll
C:\WINDOWS\system\aldcx32.dll
C:\WINDOWS\system\aldcx32.dll
C:\WINDOWS\system\aldcx32.dll
C:\WINDOWS\system\aldcx32.dll
C:\WINDOWS\system\amdek.dll
C:\WINDOWS\system\amdek.dll
C:\WINDOWS\system\amdek.dll
C:\WINDOWS\system\amdek.dll
C:\WINDOWS\system\amdfr.dll
C:\WINDOWS\system\amdfr.dll
C:\WINDOWS\system\amdfr.dll
C:\WINDOWS\system\amdfr.dll
C:\WINDOWS\system\ardkk.dll
C:\WINDOWS\system\ardkk.dll
C:\WINDOWS\system\ardkk.dll
C:\WINDOWS\system\ardkk.dll
C:\WINDOWS\system\aslny.dll
C:\WINDOWS\system\aslny.dll
C:\WINDOWS\system\aslny.dll
C:\WINDOWS\system\aslny.dll
C:\WINDOWS\system\aulcw32.dll
C:\WINDOWS\system\aulcw32.dll
C:\WINDOWS\system\aulcw32.dll
C:\WINDOWS\system\aulcw32.dll
C:\WINDOWS\system\avlqi32.dll
C:\WINDOWS\system\avlqi32.dll
C:\WINDOWS\system\avlqi32.dll
C:\WINDOWS\system\avlqi32.dll
C:\WINDOWS\system\axlcv32.dll
C:\WINDOWS\system\axlcv32.dll
C:\WINDOWS\system\axlcv32.dll
C:\WINDOWS\system\axlcv32.dll
C:\WINDOWS\system\axlhy.dll
C:\WINDOWS\system\axlhy.dll
C:\WINDOWS\system\axlhy.dll
C:\WINDOWS\system\axlhy.dll
C:\WINDOWS\system\ccbw32.dll
C:\WINDOWS\system\ccbw32.dll
C:\WINDOWS\system\ccbw32.dll
C:\WINDOWS\system\ccbw32.dll
C:\WINDOWS\system\ciap.dll
C:\WINDOWS\system\ciap.dll
C:\WINDOWS\system\ciap.dll
C:\WINDOWS\system\ciap.dll
C:\WINDOWS\system\ckwj.dll
C:\WINDOWS\system\ckwj.dll
C:\WINDOWS\system\ckwj.dll
C:\WINDOWS\system\ckwj.dll
C:\WINDOWS\system\cnrf.dll
C:\WINDOWS\system\cnrf.dll
C:\WINDOWS\system\cnrf.dll
C:\WINDOWS\system\cnrf.dll
C:\WINDOWS\system\cnvd32.dll
C:\WINDOWS\system\cnvd32.dll
C:\WINDOWS\system\cnvd32.dll
C:\WINDOWS\system\cnvd32.dll
C:\WINDOWS\system\dDhv32.dll
C:\WINDOWS\system\dDhv32.dll
C:\WINDOWS\system\dDhv32.dll
C:\WINDOWS\system\dDhv32.dll
C:\WINDOWS\system\DFCVW_32.DLL
C:\WINDOWS\system\DFCVW_32.DLL
C:\WINDOWS\system\DFCVW_32.DLL
C:\WINDOWS\system\DFCVW_32.DLL
C:\WINDOWS\system\dImk.dll
C:\WINDOWS\system\dImk.dll
C:\WINDOWS\system\dImk.dll
C:\WINDOWS\system\dImk.dll
C:\WINDOWS\system\dLqm.dll
C:\WINDOWS\system\dLqm.dll
C:\WINDOWS\system\dLqm.dll
C:\WINDOWS\system\dLqm.dll
C:\WINDOWS\system\dMwx.dll
C:\WINDOWS\system\dMwx.dll
C:\WINDOWS\system\dMwx.dll
C:\WINDOWS\system\dMwx.dll
C:\WINDOWS\system\dOix.dll
C:\WINDOWS\system\dOix.dll
C:\WINDOWS\system\dOix.dll
C:\WINDOWS\system\dOix.dll
C:\WINDOWS\system\dXeq32.dll
C:\WINDOWS\system\dXeq32.dll
C:\WINDOWS\system\dXeq32.dll
C:\WINDOWS\system\dXeq32.dll
C:\WINDOWS\system\dYob32.dll
C:\WINDOWS\system\dYob32.dll
C:\WINDOWS\system\dYob32.dll
C:\WINDOWS\system\dYob32.dll
C:\WINDOWS\system\DYWSOCK.DLL
C:\WINDOWS\system\DYWSOCK.DLL
C:\WINDOWS\system\DYWSOCK.DLL
C:\WINDOWS\system\DYWSOCK.DLL
C:\WINDOWS\system\igmx.dll
C:\WINDOWS\system\igmx.dll
C:\WINDOWS\system\igmx.dll
C:\WINDOWS\system\igmx.dll
C:\WINDOWS\system\ihpu32.dll
C:\WINDOWS\system\ihpu32.dll
C:\WINDOWS\system\ihpu32.dll
C:\WINDOWS\system\ihpu32.dll
C:\WINDOWS\system\injb.dll
C:\WINDOWS\system\injb.dll
C:\WINDOWS\system\injb.dll
C:\WINDOWS\system\injb.dll
C:\WINDOWS\system\iovw32.dll
C:\WINDOWS\system\iovw32.dll
C:\WINDOWS\system\iovw32.dll
C:\WINDOWS\system\iovw32.dll
C:\WINDOWS\system\iter.dll
C:\WINDOWS\system\iter.dll
C:\WINDOWS\system\iter.dll
C:\WINDOWS\system\iter.dll
C:\WINDOWS\system\iuze32.dll
C:\WINDOWS\system\iuze32.dll
C:\WINDOWS\system\iuze32.dll
C:\WINDOWS\system\iuze32.dll
C:\WINDOWS\system\ivqd.dll
C:\WINDOWS\system\ivqd.dll
C:\WINDOWS\system\ivqd.dll
C:\WINDOWS\system\ivqd.dll
C:\WINDOWS\system\ixyu32.dll
C:\WINDOWS\system\ixyu32.dll
C:\WINDOWS\system\ixyu32.dll
C:\WINDOWS\system\ixyu32.dll
C:\WINDOWS\system\iyqa.dll
C:\WINDOWS\system\iyqa.dll
C:\WINDOWS\system\iyqa.dll
C:\WINDOWS\system\iyqa.dll
C:\WINDOWS\system\jGvacn.dll
C:\WINDOWS\system\jGvacn.dll
C:\WINDOWS\system\jGvacn.dll
C:\WINDOWS\system\jGvacn.dll
C:\WINDOWS\system\jOvasi32.dll
C:\WINDOWS\system\jOvasi32.dll
C:\WINDOWS\system\jOvasi32.dll
C:\WINDOWS\system\jOvasi32.dll
C:\WINDOWS\system\jSvajw.dll
C:\WINDOWS\system\jSvajw.dll
C:\WINDOWS\system\jSvajw.dll
C:\WINDOWS\system\jSvajw.dll
C:\WINDOWS\system\jXvaox32.dll
C:\WINDOWS\system\jXvaox32.dll
C:\WINDOWS\system\jXvaox32.dll
C:\WINDOWS\system\jXvaox32.dll
C:\WINDOWS\system\jZvanq.dll
C:\WINDOWS\system\jZvanq.dll
C:\WINDOWS\system\jZvanq.dll
C:\WINDOWS\system\jZvanq.dll
C:\WINDOWS\system\jZvayg32.dll
C:\WINDOWS\system\jZvayg32.dll
C:\WINDOWS\system\jZvayg32.dll
C:\WINDOWS\system\jZvayg32.dll
C:\WINDOWS\system\mbcwx.dll
C:\WINDOWS\system\mbcwx.dll
C:\WINDOWS\system\mbcwx.dll
C:\WINDOWS\system\mbcwx.dll
C:\WINDOWS\system\mgss32.dll
C:\WINDOWS\system\mgss32.dll
C:\WINDOWS\system\mgss32.dll
C:\WINDOWS\system\mgss32.dll
C:\WINDOWS\system\mhcaq.dll
C:\WINDOWS\system\mhcaq.dll
C:\WINDOWS\system\mhcaq.dll
C:\WINDOWS\system\mhcaq.dll
C:\WINDOWS\system\MIACM.DLL
C:\WINDOWS\system\MIACM.DLL
C:\WINDOWS\system\MIACM.DLL
C:\WINDOWS\system\MIACM.DLL
C:\WINDOWS\system\micuu.dll
C:\WINDOWS\system\micuu.dll
C:\WINDOWS\system\micuu.dll
C:\WINDOWS\system\micuu.dll
C:\WINDOWS\system\mmckh.dll
C:\WINDOWS\system\mmckh.dll
C:\WINDOWS\system\mmckh.dll
C:\WINDOWS\system\mmckh.dll
C:\WINDOWS\system\moccp32.dll
C:\WINDOWS\system\moccp32.dll
C:\WINDOWS\system\moccp32.dll
C:\WINDOWS\system\moccp32.dll
C:\WINDOWS\system\mocdt.dll
C:\WINDOWS\system\mocdt.dll
C:\WINDOWS\system\mocdt.dll
C:\WINDOWS\system\mocdt.dll
C:\WINDOWS\system\mscqd.dll
C:\WINDOWS\system\mscqd.dll
C:\WINDOWS\system\mscqd.dll
C:\WINDOWS\system\mscqd.dll
C:\WINDOWS\system\mscws32.dll
C:\WINDOWS\system\mscws32.dll
C:\WINDOWS\system\mscws32.dll
C:\WINDOWS\system\mscws32.dll
C:\WINDOWS\system\mwbn.dll
C:\WINDOWS\system\mwbn.dll
C:\WINDOWS\system\mwbn.dll
C:\WINDOWS\system\mwbn.dll
C:\WINDOWS\system\nathn32.dll
C:\WINDOWS\system\nathn32.dll
C:\WINDOWS\system\nathn32.dll
C:\WINDOWS\system\nathn32.dll
C:\WINDOWS\system\nbel.dll
C:\WINDOWS\system\nbel.dll
C:\WINDOWS\system\nbel.dll
C:\WINDOWS\system\nbel.dll
C:\WINDOWS\system\nedu.dll
C:\WINDOWS\system\nedu.dll
C:\WINDOWS\system\nedu.dll
C:\WINDOWS\system\nedu.dll
C:\WINDOWS\system\ngtvc.dll
C:\WINDOWS\system\ngtvc.dll
C:\WINDOWS\system\ngtvc.dll
C:\WINDOWS\system\ngtvc.dll
C:\WINDOWS\system\njtpr32.dll
C:\WINDOWS\system\njtpr32.dll
C:\WINDOWS\system\njtpr32.dll
C:\WINDOWS\system\njtpr32.dll
C:\WINDOWS\system\nors32.dll
C:\WINDOWS\system\nors32.dll
C:\WINDOWS\system\nors32.dll
C:\WINDOWS\system\nors32.dll
C:\WINDOWS\system\nqtmm.dll
C:\WINDOWS\system\nqtmm.dll
C:\WINDOWS\system\nqtmm.dll
C:\WINDOWS\system\nqtmm.dll
C:\WINDOWS\system\ntthe32.dll
C:\WINDOWS\system\ntthe32.dll
C:\WINDOWS\system\ntthe32.dll
C:\WINDOWS\system\ntthe32.dll
C:\WINDOWS\system\nvtvn.dll
C:\WINDOWS\system\nvtvn.dll
C:\WINDOWS\system\nvtvn.dll
C:\WINDOWS\system\nvtvn.dll
C:\WINDOWS\system\nytoz.dll
C:\WINDOWS\system\nytoz.dll
C:\WINDOWS\system\nytoz.dll
C:\WINDOWS\system\nytoz.dll
C:\WINDOWS\system\scszo.dll
C:\WINDOWS\system\scszo.dll
C:\WINDOWS\system\scszo.dll
C:\WINDOWS\system\scszo.dll
C:\WINDOWS\system\sekrg.dll
C:\WINDOWS\system\sekrg.dll
C:\WINDOWS\system\sekrg.dll
C:\WINDOWS\system\sekrg.dll
C:\WINDOWS\system\sfsny.dll
C:\WINDOWS\system\sfsny.dll
C:\WINDOWS\system\sfsny.dll
C:\WINDOWS\system\sfsny.dll
C:\WINDOWS\system\shsqm.dll
C:\WINDOWS\system\shsqm.dll
C:\WINDOWS\system\shsqm.dll
C:\WINDOWS\system\shsqm.dll
C:\WINDOWS\system\skkwe.dll
C:\WINDOWS\system\skkwe.dll
C:\WINDOWS\system\skkwe.dll
C:\WINDOWS\system\skkwe.dll
C:\WINDOWS\system\SlartSubClass.dll
C:\WINDOWS\system\SlartSubClass.dll
C:\WINDOWS\system\SlartSubClass.dll
C:\WINDOWS\system\SlartSubClass.dll
C:\WINDOWS\system\slkol32.dll
C:\WINDOWS\system\slkol32.dll
C:\WINDOWS\system\slkol32.dll
C:\WINDOWS\system\slkol32.dll
C:\WINDOWS\system\sosog.dll
C:\WINDOWS\system\sosog.dll
C:\WINDOWS\system\sosog.dll
C:\WINDOWS\system\sosog.dll
C:\WINDOWS\system\sqszw.dll
C:\WINDOWS\system\sqszw.dll
C:\WINDOWS\system\sqszw.dll
C:\WINDOWS\system\sqszw.dll
C:\WINDOWS\system\srklh32.dll
C:\WINDOWS\system\srklh32.dll
C:\WINDOWS\system\srklh32.dll
C:\WINDOWS\system\srklh32.dll
C:\WINDOWS\system\wknit.dll
C:\WINDOWS\system\wknit.dll
C:\WINDOWS\system\wknit.dll
C:\WINDOWS\system\wknit.dll
C:\WINDOWS\system\wmnce.dll
C:\WINDOWS\system\wmnce.dll
C:\WINDOWS\system\wmnce.dll
C:\WINDOWS\system\wmnce.dll
C:\WINDOWS\system\wnnqq.dll
C:\WINDOWS\system\wnnqq.dll
C:\WINDOWS\system\wnnqq.dll
C:\WINDOWS\system\wnnqq.dll
C:\WINDOWS\system\wqnjg.dll
C:\WINDOWS\system\wqnjg.dll
C:\WINDOWS\system\wqnjg.dll
C:\WINDOWS\system\wqnjg.dll
C:\WINDOWS\system\wzncn.dll
C:\WINDOWS\system\wzncn.dll
C:\WINDOWS\system\wzncn.dll
C:\WINDOWS\system\wzncn.dll
C:\WINDOWS\system\wzngh.dll
C:\WINDOWS\system\wzngh.dll
C:\WINDOWS\system\wzngh.dll
C:\WINDOWS\system\wzngh.dll

************

Registry entries found:

[HKEY_CLASSES_ROOT\CLSID\{9AA0EBA0-F797-11D9-97A6-00E07D95EBEC}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\WNNQQ.DLL"
[HKEY_CLASSES_ROOT\CLSID\{9AA0EBA0-F797-11D9-97A6-00E07D95EBEC}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\WNNQQ.DLL"
[HKEY_CLASSES_ROOT\CLSID\{9AA0EBA0-F797-11D9-97A6-00E07D95EBEC}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\WNNQQ.DLL"
[HKEY_CLASSES_ROOT\CLSID\{9AA0EBA0-F797-11D9-97A6-00E07D95EBEC}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\WNNQQ.DLL"


************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!

-----------------------------

Logfile of HijackThis v1.99.1
Scan saved at 09:40:57 PM, on 08-25-2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\PRIVACY CRUSADER FULL\PRIVACYCRUSADERFULL.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\POP-UP FREE PC FULL\POP-UPFREEPCFULL.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [PRIVACYCRUSADERFULL] C:\PROGRAM FILES\PRIVACY CRUSADER FULL\PRIVACYCRUSADERFULL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Pop-Up Free PC] C:\PROGRAM FILES\POP-UP FREE PC FULL\POP-UPFREEPCFULL.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [ccleaner] "C:\WINDOWS\DESKTOP\CCLEANER\CCLEANER.exe" /AUTO
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion.../ICSScanner.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {AA218328-0EA8-4D70-8972-E987A9190FF4} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab

---------------------


Windows OS and Versions
Product Name: Windows 98 Version: 4.10.2222
Internet Explorer Version: 6.0.2800.1106

Checking Selected Standard Folders

Checking %SystemDrive% folder...
PEC2 08-25-2005 09:49:44 PM 138412032 C:\WIN386.SWP
Umonitor 08-25-2005 09:49:44 PM 138412032 C:\WIN386.SWP
qoologic 08-25-2005 09:49:44 PM 138412032 C:\WIN386.SWP
aspack 08-25-2005 09:49:44 PM 138412032 C:\WIN386.SWP
SAHAgent 08-25-2005 09:49:44 PM 138412032 C:\WIN386.SWP
buddy.exe 08-25-2005 09:49:44 PM 138412032 C:\WIN386.SWP
abetterinternet.com 08-25-2005 09:49:44 PM 138412032 C:\WIN386.SWP

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Items found in C:\WINDOWS\hosts

UPX! 01-10-2005 04:17:24 PM 170053 C:\WINDOWS\tsc.exe
UPX! 02-18-2005 06:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 02-18-2005 06:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
qoologic 12-17-2004 06:36:34 AM 7523512 C:\WINDOWS\SYSTEM\pav.sig
aspack 12-17-2004 06:36:34 AM 7523512 C:\WINDOWS\SYSTEM\pav.sig
SAHAgent 12-17-2004 06:36:34 AM 7523512 C:\WINDOWS\SYSTEM\pav.sig
winsync 12-17-2004 06:36:34 AM 7523512 C:\WINDOWS\SYSTEM\pav.sig
PTech 07-12-2005 05:50:44 PM 520456 C:\WINDOWS\SYSTEM\LegitCheckControl.DLL

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
08-25-2005 09:51:40 PM RH 7553056 C:\WINDOWS\SYSTEM.DAT
08-15-2005 05:05:50 PM RH 397344 C:\WINDOWS\HWINFO.DAT
08-25-2005 09:51:40 PM RH 651296 C:\WINDOWS\USER.DAT
08-19-2005 02:53:44 PM H 54156 C:\WINDOWS\QTFont.qfn
08-24-2005 09:53:22 PM H 13167 C:\WINDOWS\ttfCache
08-25-2005 09:49:08 PM H 224025 C:\WINDOWS\ShellIconCache
08-18-2005 09:39:54 PM RH 8192 C:\WINDOWS\SYSTEM\RATINGS.POL
08-25-2005 09:36:22 PM H 1741 C:\WINDOWS\SYSTEM\vsconfig.xml
08-17-2005 03:02:34 PM H 4212 C:\WINDOWS\SYSTEM\zllictbl.dat
08-25-2005 09:42:34 PM HS 67 C:\WINDOWS\Temporary Internet Files\desktop.ini
08-25-2005 09:42:34 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
08-25-2005 09:50:42 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\XY20AN0M\desktop.ini
08-25-2005 09:50:42 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\4TAO4AR8\desktop.ini
08-25-2005 09:50:42 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\780JBLM5\desktop.ini
08-25-2005 09:50:42 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\CROV67Q5\desktop.ini
08-22-2005 02:40:06 PM H 6 C:\WINDOWS\Tasks\SA.DAT
08-22-2005 02:40:48 PM HS 188 C:\WINDOWS\Tasks\RUTASK.job
07-15-2005 07:59:22 PM RH 471072 C:\WINDOWS\Profiles\Taneya\USER.BAK
07-22-2005 05:41:14 PM RH 471072 C:\WINDOWS\Profiles\Taneya\USER.DAT
07-30-2005 11:26:12 AM RH 471072 C:\WINDOWS\Profiles\Taneya\USER.PAK
07-17-2005 04:44:22 PM RH 1765408 C:\WINDOWS\Profiles\gary\USER.BAK
08-25-2005 09:49:28 PM RH 1998880 C:\WINDOWS\Profiles\gary\USER.DAT
07-30-2005 11:26:14 AM RH 1773600 C:\WINDOWS\Profiles\gary\USER.PAK
07-23-2005 05:49:50 PM HS 1092 C:\WINDOWS\Profiles\gary\Application Data\Microsoft\Internet Explorer\Desktop.htt

Checking for CPL files...
Microsoft Corporation 04-23-1999 10:22:00 PM 221280 C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation 08-29-2002 292352 C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 60928 C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 420864 C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 93248 C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 14448 C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 47104 C:\WINDOWS\SYSTEM\PASSWORD.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 51984 C:\WINDOWS\SYSTEM\POWERCFG.CPL
Microsoft Corporation 10-30-2001 08:10:00 AM 442368 C:\WINDOWS\SYSTEM\JOY.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 66048 C:\WINDOWS\SYSTEM\ACCESS.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 72192 C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 103424 C:\WINDOWS\SYSTEM\MAIN.CPL
04-23-1999 10:22:00 PM 70656 C:\WINDOWS\SYSTEM\STICPL.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 387072 C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 14848 C:\WINDOWS\SYSTEM\TELEPHON.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 37376 C:\WINDOWS\SYSTEM\TIMEDATE.CPL
Microsoft Corporation 04-23-1999 10:22:00 PM 15360 C:\WINDOWS\SYSTEM\THEMES.CPL
ATI Technologies Inc. 08-18-1999 04:35:18 PM 18432 C:\WINDOWS\SYSTEM\MMCpl.cpl
Microsoft Corporation 02-20-2003 12:39:50 PM 32768 C:\WINDOWS\SYSTEM\odbccp32.cpl
Sun Microsystems, Inc. 06-03-2005 03:52:54 AM 49265 C:\WINDOWS\SYSTEM\jpicpl32.cpl
Adobe Systems, Inc. 08-24-2000 03:46:38 PM 266240 C:\WINDOWS\SYSTEM\Adobe Gamma.cpl
Apple Computer, Inc. 04-08-2004 02:12:42 PM 323072 C:\WINDOWS\SYSTEM\QuickTime.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
05-31-2005 11:42:00 AM 109 C:\WINDOWS\Application Data\dw.log

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Norton WipeInfo
{30424D42-5946-11D2-B8E5-006097C9C6FF} = C:\PROGRAM FILES\NORTON UTILITIES\WFSHELEX.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Erasext
{8BE13461-936F-11D1-A87D-444553540000} = C:\Program Files\Eraser\erasext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SharingMenu
{6D78EC20-5AA6-101B-8681-366FBD64CEB9} = msshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Norton WipeInfo
{30424D42-5946-11D2-B8E5-006097C9C6FF} = C:\PROGRAM FILES\NORTON UTILITIES\WFSHELEX.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Erasext
{8BE13461-936F-11D1-A87D-444553540000} = C:\Program Files\Eraser\erasext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\SYSTEM\Shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{44627E97-789B-40d4-B5C2-58BD171129A1}
ButtonText = Browser Adjustment :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
ButtonText = Spyware Doctor :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
PRIVACYCRUSADERFULL C:\PROGRAM FILES\PRIVACY CRUSADER FULL\PRIVACYCRUSADERFULL
AVG7_CC C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
AVG7_EMC C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
AVG7_AMSVR C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
Pop-Up Free PC C:\PROGRAM FILES\POP-UP FREE PC FULL\POP-UPFREEPCFULL.exe
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
TrueVector C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HideSharePwds 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoWindowsUpdate 0
NoRecentDocsMenu 1
NoFavoritesMenu 0
NoSMMyDocs 0
NoSMMyPictures 0
NoStartMenuMyMusic 0
NoRecentDocsHistory 1
NoRecentDocsNetHood 0
NoSMHelp 0
NoRun 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun
CDRAutoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate
DisableWindowsUpdateAccess 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL

<<< WARNING! - NOT A VALID WIN98*Grinler KEY! >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\SYSTEM\Userinit.exe
Shell =
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
<<< WARNING! - NOT A VALID WIN98*Grinler KEY! >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.3.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 08-26-2005 04:29:28 AM
I'd be more apathetic if I wasn't so lethargic.

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:55 PM

Posted 27 August 2005 - 01:20 PM

Hi Sarcastikus. Those logs look great. Good job. how are things running? Any more problems?

We have 1 file to delete yet and then we can wrap this up.

We need to make sure all hidden files are showing so please:
  • Open My Computer.
  • Select the View menu and click Folder Options.
  • Select the View tab.
  • In the Hidden files section select Show all files.
  • Click OK.
Find the following files/folders and delete them (don't worry if they are already gone):C:\WINDOWS\Tasks\RUTASK.job
We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
  • Open My Computer.
  • Select the View menu and click Folder Options.
  • Select the View tab.
  • In the Hidden files section unselect Show all files.
  • Click OK.
Now that you are clean, to help protect your computer in the future I recommend the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You already have a good firewall and a good antivirus application intalled and running. It is important to have both to protect your system, and to keep them updated.

To keep your operating system up to date visit Microsoft Windows Update monthly. Microsoft puts out new updates on the 2nd Tuesday of every month so be sure to check regularly.

And to keep your system clean be aware of what emails you open, what websites you visit, and update and run these free malware scanners once a week:To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 Sarcastikus

Sarcastikus
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 27 August 2005 - 04:13 PM

Thanks OldTimer! :thumbsup:

I've had no problems for several days except for one odd pop-up of unknown origin last night.

RUTASK.job wasn't found when I did a search.

I run AdAware SE and Spybot S&D several times per week, as well as AVG anti-virus and Privacy Crusader. (I guess I've become paranoid about all of the crapware out there!)

I'll look into your program suggestions.

Thanks! once again.

- Sarcastikus

Edited by Sarcastikus, 27 August 2005 - 04:18 PM.

I'd be more apathetic if I wasn't so lethargic.

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:55 PM

Posted 27 August 2005 - 08:36 PM

You're very welcome Sarcastikus. I'm glad that we could help.

Now that your malware issues have been resolved I will close this topic. If you need it reopened for this same issue then please PM me. If you have any new issues in the future then please start a new topic.

Cheers.

Keep on computing!

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users