Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

prositefinder windows 98


  • Please log in to reply
17 replies to this topic

#1 geneveve2

geneveve2

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 21 September 2005 - 10:49 AM

I ran the search and destroy program (that I found on this site through google) and ened up having to delete everything that I had done BECAUSE it killed my windows. I had to reinstall windows. I can not get rid of prositefinder at all. I have been fighting this thing for months. Please help! I appreciate it. I don't know hat all the (below) stuff means and really appreciate a slow, well described way of cleaning up my PC. It crashes a lot. (BSOD) and the prositefinder thing is on my registry twice.

Logfile of HijackThis v1.99.1
Scan saved at 9:49:57 AM, on 9/21/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDMCON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\VSSERV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDNAGENT.EXE
C:\PROGRAM FILES\LEXMARKX73\ACMONITOR_X73.EXE
C:\PROGRAM FILES\LEXMARKX73\ACBTNMGR_X73.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOTASKBARICON.EXE
C:\PROGRAM FILES\BELKIN WIRELESS\BELKIN WIRELESS KEYBOARD\MAGICKEY.EXE
C:\PROGRAM FILES\BELKIN WIRELESS\BELKIN WIRELESS MOUSE\MOUSEAP.EXE
C:\PROGRAM FILES\PROSITEFINDER\PROSITEFINDER.EXE
C:\PROGRAM FILES\BELKIN WIRELESS\BELKIN WIRELESS KEYBOARD\OSD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://iwon.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRAM FILES\WYOMING.COM EXTREME INTERNET\PRPL_IEPOPUPBLOCKER.DLL
O2 - BHO: (no name) - {800DD540-2817-11DA-A7E1-F63156A62229} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender8\\bdmcon.exe
O4 - HKLM\..\Run: [BitDefender Virus Shield] C:\Program Files\Softwin\BitDefender8\\vsserv.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender8\\bdnagent.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Media Gateway] C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PROSITEFINDER] \Progra~1\PROSITEFINDER\prositefinder.exe
O4 - HKLM\..\RunServices: [BitDefender Live! Init] C:\Program Files\Softwin\BitDefender8\\bdinit.exe
O4 - HKLM\..\RunServices: [BitDefender Scan Server] C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [BitDefender Communicator] C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: Enable Belkin Wireless Keyboard Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
O4 - Startup: Enable Belkin Wireless Mouse Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
O4 - Startup: Exif Launcher.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{01001201-823E-46CD-A70E-BEE818F97169}\ENCSCICO.EXE
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {4EE301F2-2A6A-4BE0-9FBD-97CDAA40E3E4} (iWon Installer Start) - http://i1img.com/images/nocache/copilot/i1...etup1.0.0.5.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://getdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/WYO_CWDL_DownLoad.CAB
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...bridge-c356.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002952.cab

Edited by geneveve2, 21 September 2005 - 11:01 AM.


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:36 AM

Posted 26 September 2005 - 09:55 AM

Hello geneveve2 and welcome to the BC HijackThis forum. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.

Step #1

Download CCleaner and install it but do not run it yet.

Step #2

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #3

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://iwon.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: (no name) - {800DD540-2817-11DA-A7E1-F63156A62229} - (no file)
O4 - HKLM\..\Run: [Media Gateway] C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
O4 - HKLM\..\Run: [PROSITEFINDER] \Progra~1\PROSITEFINDER\prositefinder.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {4EE301F2-2A6A-4BE0-9FBD-97CDAA40E3E4} (iWon Installer Start) - http://i1img.com/images/nocache/copilot/i1...etup1.0.0.5.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...bridge-c356.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002952.cab

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Step #4

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Find the following files/folders and delete them (don't worry if they are already gone):C:\PROGRAM FILES\MEDIA GATEWAY\ <--folder
C:\PROGRAM FILES\PROSITEFINDER\ <--folder

Step #5

Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Step #6

Reboot normally and run at least 2 of the following on-line virus scans:Bitdefender <<<Add a check by 'Autoclean'.
RAV <<<Add a check by 'Autoclean', leave everything else as is.
eTrust <<<'Cure' whatever is found, then delete if unsuccessful
Housecall <<<Put on 'Autoclean' and delete what it can't clean.
Panda ActiveScan <<<Accept default settings
If there are any files that cannot be automatically disinfected or quarantined then you will need to delete them manually.

Step #7

If you do not already have Ad-Aware SE 1.06 then follow these download and setup instructions: Ad-Aware SE Setup. Otherwise, just check for updates.

Start Ad-aware SE, click the Start button and choose Perform Full System Scan. Click the Next button and wait for the scan to complete. If anything was found, right-click on the list and choose Select All and remove all it finds.

Step #8

OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 geneveve2

geneveve2
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 26 September 2005 - 06:55 PM

First thank you for your repsonse and your help.
I attempted to do exactly what you said.
1. Downloaed the CC cleaner.
2. started in Safe mode
3. Started hijack this and clicked on all but RO-HKCU\Software\Microsoft\IE\Main, start page =http:iwon.com (couldn't find)
ALSO: did not locate---> R1 HKCU\Software\Microsoft\IE\SearchURL, (default)=
Clicked fix check
4. Clicked my computer, Tools, Folders options, Veiw, Selected Show hidden files, Unchecked hide file extensions for knowen types. DID NOT find box to uncheck Hide protected operating system files (recommended) option.
5. Found files, folders for media gateway and prositefinder...deleted them.
6. Started CC cleaner and ran it
7. Tried clicking on the bit defender link in your message. Window opens but DOES not load. In order to go to that, I have to stop the window that is trying to open and hit refresh. Every link I have tried since the previous steps have been that way. Something haywire here.
Could not download Bit defender (it stopped and said "update failed" tried each one in your message and either the update failed or I could not get windown to open (load)
so, I used my installed bit defender to check and clean.
Could not (again) open link for Ad-Aware SE 1.06. I have AdAware Alert so used that to check for parasites. It found several, I deleted them.
8. I rebooted my PC.
9. I had to go redownload hijack this because I could not find it anywhre.
(again, when I clicked on Hijack this link, it opens a new window but it just will not load. I have to hit stop the window trying to load and then hit refresh) This is very discouraging. I hope we can fix this part. I am attempting to get the hijack report to you.
Logfile of HijackThis v1.99.1
Scan saved at 5:56:43 PM, on 9/26/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDMCON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\VSSERV.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDNAGENT.EXE
C:\PROGRAM FILES\BELKIN WIRELESS\BELKIN WIRELESS KEYBOARD\MAGICKEY.EXE
C:\PROGRAM FILES\BELKIN WIRELESS\BELKIN WIRELESS MOUSE\MOUSEAP.EXE
C:\PROGRAM FILES\BELKIN WIRELESS\BELKIN WIRELESS KEYBOARD\OSD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WYOMING.COM EXTREME INTERNET\PROPELAC.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\4TA30LUJ\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRAM FILES\WYOMING.COM EXTREME INTERNET\PRPL_IEPOPUPBLOCKER.DLL
O2 - BHO: (no name) - {800DD540-2817-11DA-A7E1-F63156A62229} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Popup Killer - {2D58DD23-2759-4C7B-9351-D68AF7D0D868} - C:\PROGRA~1\POPUP\POPUP.DLL
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender8\\bdmcon.exe
O4 - HKLM\..\Run: [BitDefender Virus Shield] C:\Program Files\Softwin\BitDefender8\\vsserv.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\bdnagent.exe"
O4 - HKLM\..\RunServices: [BitDefender Live! Init] C:\Program Files\Softwin\BitDefender8\\bdinit.exe
O4 - HKLM\..\RunServices: [BitDefender Scan Server] C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [BitDefender Communicator] C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Enable Belkin Wireless Keyboard Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
O4 - Startup: Enable Belkin Wireless Mouse Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
O4 - Startup: Exif Launcher.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{01001201-823E-46CD-A70E-BEE818F97169}\ENCSCICO.EXE
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Wyoming.com Extreme Internet\pac-addwl.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Wyoming.com Extreme Internet\pac-image.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://getdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/WYO_CWDL_DownLoad.CAB
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {4EE301F2-2A6A-4BE0-9FBD-97CDAA40E3E4} -
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

NOTE: the prositefinder is not on the registry anymore. But my IE is not acting correctly. (The not opening a new window thing)
Thanks....geneveve2

#4 geneveve2

geneveve2
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 27 September 2005 - 07:36 AM

Hi! Just a note...(about opening a new page) (I don't know if this helps or not) The gray box on the bottom of my screen (the new page) always says "Microsoft Internet Explorer". It simply will not open no matter how long I let the little earth twirl on the top right hand corner. Thank you for any help and all you have done thus far Old Timer.
geneveve2

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:36 AM

Posted 27 September 2005 - 08:02 AM

Hi geneveve2. The log looks better but there still might be something hanging around in there. As far as AdAware Alert, it is considered a rougue application and not recommended for use due to producing false positives as a goad to purchase the program. I would recommend removing it and using a legitimate program.

Let's try a different scanner and see what it shows us. Download WinPFind.zip and unzip the contents to the C:\ folder.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Locate the c:\winpfind\winpfind.exe file and double-click it to run it. Now click the Start Scan button to begin the scan.

When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here along with a new HijackThis log and I will review the information when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 geneveve2

geneveve2
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 27 September 2005 - 06:50 PM

Dear OT,
well....
I clicked on the link "winpfind" that you provided. Of course, the page did not open. I had to push stop and refresh, then the dowload box (only) came up. I clicked open. It started to load the a warning box popped up during this and stated: access to the specified device, path or file denied.
I tried twice.
Is this what is keeping me from opening new windows from links too?
I removed the adware and asked for my money back as you requested. I will try and retrieve a new hijack to you.
I am at a complete loss. Please continue to help as I am reliant on my PC daily.
NOTE: The winpfind.zip did go to my desktop but a warning box pops up and says it is not a valid WIN 32 application (whatever in the heck that means)
geneveve2
here is the latest hijack (I am getting better at getting this)
Logfile of HijackThis v1.99.1
Scan saved at 6:06:12 PM, on 9/27/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDMCON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\VSSERV.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDNAGENT.EXE
C:\PROGRAM FILES\BELKIN WIRELESS\BELKIN WIRELESS KEYBOARD\MAGICKEY.EXE
C:\PROGRAM FILES\BELKIN WIRELESS\BELKIN WIRELESS MOUSE\MOUSEAP.EXE
C:\PROGRAM FILES\BELKIN WIRELESS\BELKIN WIRELESS KEYBOARD\OSD.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wyoming.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRAM FILES\WYOMING.COM EXTREME INTERNET\PRPL_IEPOPUPBLOCKER.DLL
O2 - BHO: (no name) - {800DD540-2817-11DA-A7E1-F63156A62229} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Popup Killer - {2D58DD23-2759-4C7B-9351-D68AF7D0D868} - C:\PROGRA~1\POPUP\POPUP.DLL
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender8\\bdmcon.exe
O4 - HKLM\..\Run: [BitDefender Virus Shield] C:\Program Files\Softwin\BitDefender8\\vsserv.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\bdnagent.exe"
O4 - HKLM\..\RunServices: [BitDefender Live! Init] C:\Program Files\Softwin\BitDefender8\\bdinit.exe
O4 - HKLM\..\RunServices: [BitDefender Scan Server] C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [BitDefender Communicator] C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - Startup: Enable Belkin Wireless Keyboard Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
O4 - Startup: Enable Belkin Wireless Mouse Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
O4 - Startup: Exif Launcher.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{01001201-823E-46CD-A70E-BEE818F97169}\ENCSCICO.EXE
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://getdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/WYO_CWDL_DownLoad.CAB
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {4EE301F2-2A6A-4BE0-9FBD-97CDAA40E3E4} -
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
NOTE: To try and fix the (not opening new window problem) I used suggestions from Microsoft. I found problems with Shell32.dll I have tried to run regsvr32 shell32.dll, but the following error message appears :-
shell32.dll was loaded, but the dllregisterserver entry point was not found.
Dllregisterserver may not be exported, or a corrupt version of shell32.dll may be in memory. Consider using pview to detect and remove it. I do not know what the pview is!

Thank you. I'll keep checking back with you.

Edited by geneveve2, 27 September 2005 - 07:38 PM.


#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:36 AM

Posted 28 September 2005 - 06:37 AM

Hi geneveve2. The WinPFind.zip file must have the files extracted to run the program. To do this you need an unzip program like WinZip or Zip Central (both free). If you do not have an unzip prgram then you will need to obtain one. Here are a couple of links for the programs (I use Zip Central):

Zip Central

WinZip

Install either one and then double-click on the WinPFind.zip file to extract the files. If you extract the files to C:\ then there should be a new folder named C:\WinPFind with all of the appropriate files in it. Go to that folder and double-click on the WinPFind.exe file and follow the previous directions to create the log and post it back here.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 geneveve2

geneveve2
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 28 September 2005 - 10:58 AM

Dear OT,
Following is a new hijackthis log and then the WinPFind.txt (hopefully). It took my computer FOREVER to scan on the winfind. Thank you for your assistance.
Gen

-------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:54:58 AM, on 9/28/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDMCON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\VSSERV.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDNAGENT.EXE
C:\PROGRAM FILES\BELKIN WIRELESS\BELKIN WIRELESS KEYBOARD\MAGICKEY.EXE
C:\PROGRAM FILES\BELKIN WIRELESS\BELKIN WIRELESS MOUSE\MOUSEAP.EXE
C:\PROGRAM FILES\BELKIN WIRELESS\BELKIN WIRELESS KEYBOARD\OSD.EXE
C:\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wyoming.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRAM FILES\WYOMING.COM EXTREME INTERNET\PRPL_IEPOPUPBLOCKER.DLL
O2 - BHO: (no name) - {800DD540-2817-11DA-A7E1-F63156A62229} - (no file)
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Popup Killer - {2D58DD23-2759-4C7B-9351-D68AF7D0D868} - C:\PROGRA~1\POPUP\POPUP.DLL
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender8\\bdmcon.exe
O4 - HKLM\..\Run: [BitDefender Virus Shield] C:\Program Files\Softwin\BitDefender8\\vsserv.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\bdnagent.exe"
O4 - HKLM\..\Run: [sais] c:\program files\180searchassistant\sais.exe
O4 - HKLM\..\RunServices: [BitDefender Live! Init] C:\Program Files\Softwin\BitDefender8\\bdinit.exe
O4 - HKLM\..\RunServices: [BitDefender Scan Server] C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [BitDefender Communicator] C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - Startup: Enable Belkin Wireless Keyboard Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
O4 - Startup: Enable Belkin Wireless Mouse Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
O4 - Startup: Exif Launcher.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{01001201-823E-46CD-A70E-BEE818F97169}\ENCSCICO.EXE
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://getdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/WYO_CWDL_DownLoad.CAB
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {4EE301F2-2A6A-4BE0-9FBD-97CDAA40E3E4} -
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Windows 98 Version: 4.10.2222
Internet Explorer Version: 6.0.2800.1106

Checking Selected Standard Folders

Checking %SystemDrive% folder...
UPX! 8/5/05 1:16:24 PM RH 138745783 C:\W98UNDO.DAT
UPX! 2/16/05 11:06:16 AM 218112 C:\HijackThis.exe

Checking %ProgramFilesDir% folder...
UPX! 4/18/05 11:08:24 PM 66048 C:\Program Files\Antibagle-EN.exe

Checking %WinDir% folder...
UPX! 3/24/04 7:41:12 AM 966144 C:\WINDOWS\vsapi32.dll
aspack 3/24/04 7:41:12 AM 966144 C:\WINDOWS\vsapi32.dll
SAHAgent 6/8/05 4:16:02 AM 50176 C:\WINDOWS\odflipr1.exe

Checking %System% folder...
SAHAgent 7/28/05 9:22:48 AM 3569 C:\WINDOWS\SYSTEM\qi4gj15t.ini
SAHAgent 5/11/05 9:33:50 AM 30720 C:\WINDOWS\SYSTEM\o4bvn5bk.exe
SAHAgent 7/28/05 9:20:36 AM 35 C:\WINDOWS\SYSTEM\o4bvn5bk.ini
SAHAgent 6/17/05 9:21:42 AM 204288 C:\WINDOWS\SYSTEM\qi4gj15t.exe
SAHAgent 7/28/05 9:20:36 AM 35 C:\WINDOWS\SYSTEM\odflipr1.ini

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/18/05 10:04:36 AM RH 389152 C:\WINDOWS\HWINFO.DAT
9/28/05 8:02:06 AM RH 7950376 C:\WINDOWS\SYSTEM.DAT
9/28/05 9:26:12 AM RH 1450016 C:\WINDOWS\USER.DAT
9/23/05 9:52:22 AM RH 10182688 C:\WINDOWS\SYSTEM.~~R
9/18/05 10:04:06 AM H 13122 C:\WINDOWS\folder.htt
9/18/05 10:04:06 AM H 266 C:\WINDOWS\desktop.ini
9/28/05 7:37:00 AM H 739387 C:\WINDOWS\ShellIconCache
9/23/05 9:51:52 AM RH 1335328 C:\WINDOWS\USER.~~R
8/1/05 4:10:30 PM RH 720896 C:\WINDOWS\DefaultStore_59R.bin
8/1/05 4:10:36 PM RH 1114112 C:\WINDOWS\UserMigratedStore_59R.bin
9/18/05 4:52:00 PM H 31140 C:\WINDOWS\ttfCache
9/18/05 9:01:30 AM RH 7835688 C:\WINDOWS\system.tom
9/18/05 9:01:30 AM RH 1388576 C:\WINDOWS\user.tom
9/18/05 10:04:06 AM H 13122 C:\WINDOWS\SYSTEM\folder.htt
9/18/05 10:04:06 AM H 266 C:\WINDOWS\SYSTEM\desktop.ini
9/10/05 10:49:24 AM H 17991 C:\WINDOWS\SYSTEM\LxAR9xdh.GID
8/18/05 11:55:34 AM RH 8192 C:\WINDOWS\SYSTEM\RATINGS.POL
8/1/05 8:34:58 AM H 8628 C:\WINDOWS\HELP\SECAUTH.GID
9/18/05 10:03:26 AM H 9793 C:\WINDOWS\HELP\windows.GID
9/18/05 10:04:06 AM H 13122 C:\WINDOWS\SYSTEM32\folder.htt
9/18/05 10:04:06 AM H 266 C:\WINDOWS\SYSTEM32\desktop.ini
9/18/05 10:04:06 AM H 19600 C:\WINDOWS\WEB\WVLOGO.GIF
9/18/05 10:04:06 AM H 4204 C:\WINDOWS\WEB\CONTROLP.HTT
9/18/05 10:04:06 AM H 11530 C:\WINDOWS\WEB\FOLDER.HTT
9/18/05 10:04:06 AM H 4988 C:\WINDOWS\WEB\MYCOMP.HTT
9/18/05 10:04:06 AM H 5044 C:\WINDOWS\WEB\PRINTERS.HTT
9/18/05 10:04:06 AM H 14258 C:\WINDOWS\WEB\default.htt
9/18/05 10:04:06 AM H 5403 C:\WINDOWS\WEB\nethood.htt
9/18/05 10:04:06 AM H 8088 C:\WINDOWS\WEB\recycle.htt
9/18/05 10:04:06 AM H 5495 C:\WINDOWS\WEB\schedule.htt
9/18/05 10:04:06 AM H 5521 C:\WINDOWS\WEB\dialup.htt
9/18/05 10:04:06 AM H 44686 C:\WINDOWS\WEB\wvleft.bmp
9/18/05 10:04:06 AM H 840 C:\WINDOWS\WEB\wvline.gif
9/18/05 10:04:06 AM H 855 C:\WINDOWS\WEB\webview.css
9/28/05 7:30:04 AM HS 1159 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
9/28/05 7:30:04 AM HS 94 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Pattern.bmp
12/6/06 10:14:50 AM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
12/6/06 10:15:02 AM H 156 C:\WINDOWS\Favorites\desktop.ini
9/27/05 6:05:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\desktop.ini
9/27/05 6:05:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
9/27/05 6:05:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\KT23KDQV\desktop.ini
9/27/05 6:05:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\QLYNCV8L\desktop.ini
9/27/05 6:05:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\4PEZ0M0G\desktop.ini
9/27/05 6:05:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\ODQFST67\desktop.ini
12/6/06 10:16:22 AM HS 113 C:\WINDOWS\History\desktop.ini
12/6/06 10:16:22 AM HS 113 C:\WINDOWS\History\History.IE5\desktop.ini
9/28/05 5:08:38 AM H 6 C:\WINDOWS\Tasks\SA.DAT
8/5/05 2:13:52 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini

Checking for CPL files...
Microsoft Corporation 4/23/99 10:22:00 PM 60928 C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 103424 C:\WINDOWS\SYSTEM\MAIN.CPL
Microsoft Corporation 8/29/02 292352 C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 138752 C:\WINDOWS\SYSTEM\JOY.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 93248 C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 14448 C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 7952 C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 420864 C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 47104 C:\WINDOWS\SYSTEM\PASSWORD.CPL
4/23/99 10:22:00 PM 70656 C:\WINDOWS\SYSTEM\STICPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 51984 C:\WINDOWS\SYSTEM\POWERCFG.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 72192 C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 221280 C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 387072 C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 37376 C:\WINDOWS\SYSTEM\TIMEDATE.CPL
2/28/02 2:41:32 PM 183808 C:\WINDOWS\SYSTEM\bdeadmin.cpl
Microsoft Corporation 6/18/00 2:03:10 PM 106544 C:\WINDOWS\SYSTEM\TWEAKUI.CPL
Apple Computer, Inc. 10/10/02 7:17:02 PM 295936 C:\WINDOWS\SYSTEM\QuickTime.cpl
Sun Microsystems 2/20/03 4:42:34 PM 229487 C:\WINDOWS\SYSTEM\jpicpl32.cpl
Microsoft Corporation 4/23/99 10:22:00 PM 66048 C:\WINDOWS\SYSTEM\ACCESS.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 14848 C:\WINDOWS\SYSTEM\TELEPHON.CPL

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
4/4/05 6:51:16 AM 517 C:\WINDOWS\Start Menu\Programs\StartUp\Enable Belkin Wireless Keyboard Driver.lnk
4/4/05 6:51:18 AM 504 C:\WINDOWS\Start Menu\Programs\StartUp\Enable Belkin Wireless Mouse Driver.lnk
9/18/05 9:40:40 AM 705 C:\WINDOWS\Start Menu\Programs\StartUp\Exif Launcher.lnk

Checking files in %USERPROFILE%\Application Data folder...
8/18/05 3:10:58 PM 639 C:\WINDOWS\Application Data\dw.log
12/14/04 11:17:44 AM 79928 C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT
4/5/04 6:35:50 AM 12358 C:\WINDOWS\Application Data\PFP100JCM.{PB
4/5/04 6:35:50 AM 61678 C:\WINDOWS\Application Data\PFP100JPR.{PB

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
www.minibqm.com =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BitDefender Antivirus v8
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDSHELXT.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Norton WipeInfo
{30424D42-5946-11D2-B8E5-006097C9C6FF} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BitDefender Antivirus v8
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDSHELXT.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}
= C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{656EC4B7-072B-4698-B504-2A414C1F0037}
IE_PopupBlocker Class = C:\PROGRAM FILES\WYOMING.COM EXTREME INTERNET\PRPL_IEPOPUPBLOCKER.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{800DD540-2817-11DA-A7E1-F63156A62229}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
CSABHO Object = C:\PROGRAM FILES\180SEARCHASSISTANT\SAISHOOK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{724d43a0-0d85-11d4-9908-00400523e39a} = &RoboForm : C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
{2D58DD23-2759-4C7B-9351-D68AF7D0D868} = Popup Killer : C:\PROGRA~1\POPUP\POPUP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{724d43aa-0d85-11d4-9908-00400523e39a}
ButtonText = RoboForm :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F46}
ButtonText = Fill Forms :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F49}
ButtonText = Save :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
MenuText = Uninstall BitDefender Online Scanner v8 :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EDC4193F-34AD-4D07-AA87-E3FDB89E3E76}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{724D43A0-0D85-11D4-9908-00400523E39A} = &RoboForm : C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} = :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
BDMCon C:\Program Files\Softwin\BitDefender8\\bdmcon.exe
BitDefender Virus Shield C:\Program Files\Softwin\BitDefender8\\vsserv.exe
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
BDNewsAgent "C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\bdnagent.exe"
sais c:\program files\180searchassistant\sais.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
BitDefender Live! Init C:\Program Files\Softwin\BitDefender8\\bdinit.exe
BitDefender Scan Server C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe
KB891711 C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
BitDefender Communicator C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent C:\WINDOWS\SYSTEM\mstask.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
TaskMonitor C:\WINDOWS\taskmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
Windows Registry Repair Pro C:\PROGRAM FILES\3B SOFTWARE\WINDOWS REGISTRY REPAIR PRO\REGISTRYREPAIRPRO.EXE 3
msnmsgr "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
SpybotSD TeaTimer C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key $4Li6+{u
Hint MY PC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoCDBurning 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun
CDRAutoRun
ClearRecentDocsOnExit 
NoDrives $4Li6+{u

NoFavoritesMenu 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL

<<< WARNING! - NOT A VALID WIN98*Grinler KEY! >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit =
Shell =
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
<<< WARNING! - NOT A VALID WIN98*Grinler KEY! >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/28/05 9:30:50 AM

Edited by geneveve2, 28 September 2005 - 11:00 AM.


#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:36 AM

Posted 29 September 2005 - 07:30 AM

Hi geneveve2. Ok, let's see if we can clean some of this up. Please print these directions and then proceed with the following steps in order.

Download the Pocket Killbox and unzip the contents of KillBox.zip to your desktop.
  • Open Notepad and copy/paste the text in the quotebox below into the new document

REGEDIT4

[-HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{800DD540-2817-11DA-A7E1-F63156A62229}]
[-HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sais"=-

  • Save the document to your desktop as fixreg.reg and close Notepad.
  • Locate the fixreg.reg file on your desktop and right-click on it
  • Choose Merge from the popup menu and answer Yes or Ok to any further prompts. You should get a message that the file was merged successfully.
  • Double-click on KillBox.exe to launch the program.
  • Highlight the files in bold below and press the Ctrl key and the C key at the same time to copy them to the clipboard
    • C:\WINDOWS\odflipr1.exe
      C:\WINDOWS\SYSTEM\qi4gj15t.ini
      C:\WINDOWS\SYSTEM\o4bvn5bk.exe
      C:\WINDOWS\SYSTEM\o4bvn5bk.ini
      C:\WINDOWS\SYSTEM\qi4gj15t.exe
      C:\WINDOWS\SYSTEM\odflipr1.ini
      C:\PROGRAM FILES\180SEARCHASSISTANT\SAISHOOK.DLL
      c:\program files\180searchassistant\sais.exe
  • In Killbox click on the File menu and then the Paste from Clipboard item
  • In the Full Path of File to Delete field drop down the arrow and make sure that all of the files are listed
  • Click the option to Delete on Reboot
  • If not greyed out click the checkbox for Unregister .dll Before Deleting
  • Now click on the red button with a white 'X' in the middle to delete the files
  • Click Yes when it says all files will be deleted on the next reboot
  • Click Yes when it asks if you want to reboot now
  • If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just reboot manually
  • After the system reboots, start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM
    O16 - DPF: {4EE301F2-2A6A-4BE0-9FBD-97CDAA40E3E4} -
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
  • Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.
  • Locate the following folder and delete it:C:\PROGRAM FILES\180SEARCHASSISTANT\ <--folder
  • Reboot and post a new HijackThis log along with a new WinPFind log
I will review the new information when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 geneveve2

geneveve2
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 29 September 2005 - 09:07 AM

OT,
Well, this is frustrating. I am doubling up the Xanex dosage these past few days ...ha!
I clicked on Pocket Killbox in your reply. Window opened but nothing loaded (as has been happening for several days now) Clicked stop, refresh and a download box did open. I clicked open. A pop up box came up that said, "PROGRAM NOT FOUND" This program is needed for opening files of type zip files. i tried desktop. I tried C:, nothing. It still says program not found. Repeated everything and clicked save this time. It saved in desktop.
However, after all this...It downloaded killbox.zip to desktop. There is an icon there. I Clicked on it (on my desktop) It causes a pop up box that says "PROGRAM NOT FOUND" This progran is needed for opening files of type zip files. Then it has a box (to type in ) that has a C:
It also has three buttons to click....
OK
Cancel
Locate
I clicked locate
I clicked desktop...pop up box says,
"Cannot find file C:\WINDOWS\Desktop\PROGRAM. exe
I click C: (to find) POP up box says, "cannot find file C:\PROGRAM.exe.
I gave up and came crawling back here to you.....
Questions (besides all that above) How do I unzip the contents of Killbox.zip to my desktop? The farthest I got with your last instuctions were...copy these directions. Is there a way we can fix my PC so it opens links normally and not have to push stop, refresh only to display the following:
Action canceled
Internet Explorer was unable to link to the Web page you requested. The page might be temporarily unavailable.

--------------------------------------------------------------------------------

Please try the following:

Click the Refresh button, or try again later.

If you have visited this page previously and you want to view what has been stored on your computer, click File, and then click Work Offline.

For information about offline browsing with Internet Explorer, click the Help menu, and then click Contents and Index.

Thank you for your patience....GEN

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:36 AM

Posted 30 September 2005 - 05:34 AM

Hi geneveve2. Killbox.zip is a zip file. It will need to be unzipped with the same program that was used for unzipping WinPFind.zip. Which of the zip programs was downloaded (WinZip or Zip Central)? Is that still installed? If so then open that program and manually open the Killbox.zip file and extract the Killbox.exe file to the desktop and run the Killbox.exe file. There is no installation and Killbox.exe can be run directly once it is extracted.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 geneveve2

geneveve2
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 30 September 2005 - 10:37 AM

greetings OT,
I could not locate the C:\180searchassistant to delete it. Here is the hijack log. I could not get the winpfind log while online. It froze my computer. so I will try and get it and come back with it.
ALSO: two of the files that you wanted me to copy and give to killbox did not show up. (The last two) (the 180 searchassistant ones.)
HIJACK LOG:
Logfile of HijackThis v1.99.1
Scan saved at 9:35:56 AM, on 9/30/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDMCON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\VSSERV.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDNAGENT.EXE
C:\PROGRAM FILES\BELKIN WIRELESS\BELKIN WIRELESS KEYBOARD\MAGICKEY.EXE
C:\PROGRAM FILES\BELKIN WIRELESS\BELKIN WIRELESS MOUSE\MOUSEAP.EXE
C:\PROGRAM FILES\BELKIN WIRELESS\BELKIN WIRELESS KEYBOARD\OSD.EXE
C:\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wyoming.com/
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRAM FILES\WYOMING.COM EXTREME INTERNET\PRPL_IEPOPUPBLOCKER.DLL
O2 - BHO: (no name) - {800DD540-2817-11DA-A7E1-F63156A62229} - (no file)
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Popup Killer - {2D58DD23-2759-4C7B-9351-D68AF7D0D868} - C:\PROGRA~1\POPUP\POPUP.DLL
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender8\\bdmcon.exe
O4 - HKLM\..\Run: [BitDefender Virus Shield] C:\Program Files\Softwin\BitDefender8\\vsserv.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\bdnagent.exe"
O4 - HKLM\..\Run: [sais] c:\program files\180searchassistant\sais.exe
O4 - HKLM\..\RunServices: [BitDefender Live! Init] C:\Program Files\Softwin\BitDefender8\\bdinit.exe
O4 - HKLM\..\RunServices: [BitDefender Scan Server] C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [BitDefender Communicator] C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: Enable Belkin Wireless Keyboard Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
O4 - Startup: Enable Belkin Wireless Mouse Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
O4 - Startup: Exif Launcher.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{01001201-823E-46CD-A70E-BEE818F97169}\ENCSCICO.EXE
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://getdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/WYO_CWDL_DownLoad.CAB
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

I will go back and try and retreive the WinPFind log.
Thank you.
GEN

#13 geneveve2

geneveve2
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 30 September 2005 - 12:38 PM

WinPFind LOG submitted 9/30/05 by geneveve2
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Windows 98 Version: 4.10.2222
Internet Explorer Version: 6.0.2800.1106

Checking Selected Standard Folders

Checking %SystemDrive% folder...
UPX! 8/5/05 1:16:24 PM RH 138745783 C:\W98UNDO.DAT
UPX! 2/16/05 11:06:16 AM 218112 C:\HijackThis.exe

Checking %ProgramFilesDir% folder...
UPX! 4/18/05 11:08:24 PM 66048 C:\Program Files\Antibagle-EN.exe

Checking %WinDir% folder...
UPX! 3/24/04 7:41:12 AM 966144 C:\WINDOWS\vsapi32.dll
aspack 3/24/04 7:41:12 AM 966144 C:\WINDOWS\vsapi32.dll

Checking %System% folder...

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/18/05 10:04:36 AM RH 389152 C:\WINDOWS\HWINFO.DAT
9/30/05 9:50:08 AM RH 7950376 C:\WINDOWS\SYSTEM.DAT
9/30/05 9:51:50 AM RH 1450016 C:\WINDOWS\USER.DAT
9/23/05 9:52:22 AM RH 10182688 C:\WINDOWS\SYSTEM.~~R
9/18/05 10:04:06 AM H 13122 C:\WINDOWS\folder.htt
9/18/05 10:04:06 AM H 266 C:\WINDOWS\desktop.ini
9/30/05 9:46:54 AM H 916835 C:\WINDOWS\ShellIconCache
9/23/05 9:51:52 AM RH 1335328 C:\WINDOWS\USER.~~R
8/1/05 4:10:30 PM RH 720896 C:\WINDOWS\DefaultStore_59R.bin
8/1/05 4:10:36 PM RH 1114112 C:\WINDOWS\UserMigratedStore_59R.bin
9/18/05 4:52:00 PM H 31140 C:\WINDOWS\ttfCache
9/18/05 9:01:30 AM RH 7835688 C:\WINDOWS\system.tom
9/18/05 9:01:30 AM RH 1388576 C:\WINDOWS\user.tom
9/18/05 10:04:06 AM H 13122 C:\WINDOWS\SYSTEM\folder.htt
9/18/05 10:04:06 AM H 266 C:\WINDOWS\SYSTEM\desktop.ini
9/10/05 10:49:24 AM H 17991 C:\WINDOWS\SYSTEM\LxAR9xdh.GID
8/18/05 11:55:34 AM RH 8192 C:\WINDOWS\SYSTEM\RATINGS.POL
9/18/05 10:03:26 AM H 9793 C:\WINDOWS\HELP\windows.GID
9/18/05 10:04:06 AM H 13122 C:\WINDOWS\SYSTEM32\folder.htt
9/18/05 10:04:06 AM H 266 C:\WINDOWS\SYSTEM32\desktop.ini
9/18/05 10:04:06 AM H 19600 C:\WINDOWS\WEB\WVLOGO.GIF
9/18/05 10:04:06 AM H 4204 C:\WINDOWS\WEB\CONTROLP.HTT
9/18/05 10:04:06 AM H 11530 C:\WINDOWS\WEB\FOLDER.HTT
9/18/05 10:04:06 AM H 4988 C:\WINDOWS\WEB\MYCOMP.HTT
9/18/05 10:04:06 AM H 5044 C:\WINDOWS\WEB\PRINTERS.HTT
9/18/05 10:04:06 AM H 14258 C:\WINDOWS\WEB\default.htt
9/18/05 10:04:06 AM H 5403 C:\WINDOWS\WEB\nethood.htt
9/18/05 10:04:06 AM H 8088 C:\WINDOWS\WEB\recycle.htt
9/18/05 10:04:06 AM H 5495 C:\WINDOWS\WEB\schedule.htt
9/18/05 10:04:06 AM H 5521 C:\WINDOWS\WEB\dialup.htt
9/18/05 10:04:06 AM H 44686 C:\WINDOWS\WEB\wvleft.bmp
9/18/05 10:04:06 AM H 840 C:\WINDOWS\WEB\wvline.gif
9/18/05 10:04:06 AM H 855 C:\WINDOWS\WEB\webview.css
9/30/05 9:35:22 AM HS 1159 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
9/30/05 9:35:22 AM HS 94 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Pattern.bmp
12/6/06 10:14:50 AM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
12/6/06 10:15:02 AM H 156 C:\WINDOWS\Favorites\desktop.ini
9/27/05 6:05:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\desktop.ini
9/27/05 6:05:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
9/27/05 6:05:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\KT23KDQV\desktop.ini
9/27/05 6:05:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\QLYNCV8L\desktop.ini
9/27/05 6:05:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\4PEZ0M0G\desktop.ini
9/27/05 6:05:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\ODQFST67\desktop.ini
9/28/05 5:35:24 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\3JPDPHTU\desktop.ini
9/28/05 5:35:24 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\N3DAAE3R\desktop.ini
9/28/05 5:35:24 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\BUXJ55KM\desktop.ini
9/28/05 5:35:24 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\ENSDA5U1\desktop.ini
12/6/06 10:16:22 AM HS 113 C:\WINDOWS\History\desktop.ini
12/6/06 10:16:22 AM HS 113 C:\WINDOWS\History\History.IE5\desktop.ini
9/30/05 9:35:18 AM H 6 C:\WINDOWS\Tasks\SA.DAT
8/5/05 2:13:52 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini

Checking for CPL files...
Microsoft Corporation 4/23/99 10:22:00 PM 60928 C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 103424 C:\WINDOWS\SYSTEM\MAIN.CPL
Microsoft Corporation 8/29/02 292352 C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 138752 C:\WINDOWS\SYSTEM\JOY.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 93248 C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 14448 C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 7952 C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 420864 C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 47104 C:\WINDOWS\SYSTEM\PASSWORD.CPL
4/23/99 10:22:00 PM 70656 C:\WINDOWS\SYSTEM\STICPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 51984 C:\WINDOWS\SYSTEM\POWERCFG.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 72192 C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 221280 C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 387072 C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 37376 C:\WINDOWS\SYSTEM\TIMEDATE.CPL
2/28/02 2:41:32 PM 183808 C:\WINDOWS\SYSTEM\bdeadmin.cpl
Microsoft Corporation 6/18/00 2:03:10 PM 106544 C:\WINDOWS\SYSTEM\TWEAKUI.CPL
Apple Computer, Inc. 10/10/02 7:17:02 PM 295936 C:\WINDOWS\SYSTEM\QuickTime.cpl
Sun Microsystems 2/20/03 4:42:34 PM 229487 C:\WINDOWS\SYSTEM\jpicpl32.cpl
Microsoft Corporation 4/23/99 10:22:00 PM 66048 C:\WINDOWS\SYSTEM\ACCESS.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 14848 C:\WINDOWS\SYSTEM\TELEPHON.CPL

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
4/4/05 6:51:16 AM 517 C:\WINDOWS\Start Menu\Programs\StartUp\Enable Belkin Wireless Keyboard Driver.lnk
4/4/05 6:51:18 AM 504 C:\WINDOWS\Start Menu\Programs\StartUp\Enable Belkin Wireless Mouse Driver.lnk
9/18/05 9:40:40 AM 705 C:\WINDOWS\Start Menu\Programs\StartUp\Exif Launcher.lnk

Checking files in %USERPROFILE%\Application Data folder...
8/18/05 3:10:58 PM 639 C:\WINDOWS\Application Data\dw.log
12/14/04 11:17:44 AM 79928 C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT
4/5/04 6:35:50 AM 12358 C:\WINDOWS\Application Data\PFP100JCM.{PB
4/5/04 6:35:50 AM 61678 C:\WINDOWS\Application Data\PFP100JPR.{PB

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
www.minibqm.com =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BitDefender Antivirus v8
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDSHELXT.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZipCentral
{40E85620-3DCB-11D3-8A0D-0060080C1EFA} = C:\Program Files\ZipCentral\zccm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Norton WipeInfo
{30424D42-5946-11D2-B8E5-006097C9C6FF} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BitDefender Antivirus v8
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDSHELXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ZipCentral
{40E85620-3DCB-11D3-8A0D-0060080C1EFA} = C:\Program Files\ZipCentral\zccm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZipCentral
{40E85620-3DCB-11D3-8A0D-0060080C1EFA} = C:\Program Files\ZipCentral\zccm.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}
= C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{656EC4B7-072B-4698-B504-2A414C1F0037}
IE_PopupBlocker Class = C:\PROGRAM FILES\WYOMING.COM EXTREME INTERNET\PRPL_IEPOPUPBLOCKER.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{800DD540-2817-11DA-A7E1-F63156A62229}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{724d43a0-0d85-11d4-9908-00400523e39a} = &RoboForm : C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
{2D58DD23-2759-4C7B-9351-D68AF7D0D868} = Popup Killer : C:\PROGRA~1\POPUP\POPUP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{724d43aa-0d85-11d4-9908-00400523e39a}
ButtonText = RoboForm :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F46}
ButtonText = Fill Forms :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F49}
ButtonText = Save :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
MenuText = Uninstall BitDefender Online Scanner v8 :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EDC4193F-34AD-4D07-AA87-E3FDB89E3E76}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{724D43A0-0D85-11D4-9908-00400523E39A} = &RoboForm : C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} = :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
BDMCon C:\Program Files\Softwin\BitDefender8\\bdmcon.exe
BitDefender Virus Shield C:\Program Files\Softwin\BitDefender8\\vsserv.exe
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
BDNewsAgent "C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\bdnagent.exe"
sais c:\program files\180searchassistant\sais.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
BitDefender Live! Init C:\Program Files\Softwin\BitDefender8\\bdinit.exe
BitDefender Scan Server C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe
KB891711 C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
BitDefender Communicator C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent C:\WINDOWS\SYSTEM\mstask.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Microsoft Works Update Detection C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
TaskMonitor C:\WINDOWS\taskmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
Windows Registry Repair Pro C:\PROGRAM FILES\3B SOFTWARE\WINDOWS REGISTRY REPAIR PRO\REGISTRYREPAIRPRO.EXE 3
msnmsgr "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
SpybotSD TeaTimer C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key $4Li6+{u
Hint MY PC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoCDBurning 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun
CDRAutoRun
ClearRecentDocsOnExit 
NoDrives $4Li6+{u

NoFavoritesMenu 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL

<<< WARNING! - NOT A VALID WIN98*Grinler KEY! >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit =
Shell =
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
<<< WARNING! - NOT A VALID WIN98*Grinler KEY! >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/30/05 11:27:53 AM
OT: I am still unable to open a new window correctly since we srated this venture. any suggestions on this?

#14 geneveve2

geneveve2
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 30 September 2005 - 12:40 PM

WinPFind LOG submitted 9/30/05 by geneveve2
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Windows 98 Version: 4.10.2222
Internet Explorer Version: 6.0.2800.1106

Checking Selected Standard Folders

Checking %SystemDrive% folder...
UPX! 8/5/05 1:16:24 PM RH 138745783 C:\W98UNDO.DAT
UPX! 2/16/05 11:06:16 AM 218112 C:\HijackThis.exe

Checking %ProgramFilesDir% folder...
UPX! 4/18/05 11:08:24 PM 66048 C:\Program Files\Antibagle-EN.exe

Checking %WinDir% folder...
UPX! 3/24/04 7:41:12 AM 966144 C:\WINDOWS\vsapi32.dll
aspack 3/24/04 7:41:12 AM 966144 C:\WINDOWS\vsapi32.dll

Checking %System% folder...

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/18/05 10:04:36 AM RH 389152 C:\WINDOWS\HWINFO.DAT
9/30/05 9:50:08 AM RH 7950376 C:\WINDOWS\SYSTEM.DAT
9/30/05 9:51:50 AM RH 1450016 C:\WINDOWS\USER.DAT
9/23/05 9:52:22 AM RH 10182688 C:\WINDOWS\SYSTEM.~~R
9/18/05 10:04:06 AM H 13122 C:\WINDOWS\folder.htt
9/18/05 10:04:06 AM H 266 C:\WINDOWS\desktop.ini
9/30/05 9:46:54 AM H 916835 C:\WINDOWS\ShellIconCache
9/23/05 9:51:52 AM RH 1335328 C:\WINDOWS\USER.~~R
8/1/05 4:10:30 PM RH 720896 C:\WINDOWS\DefaultStore_59R.bin
8/1/05 4:10:36 PM RH 1114112 C:\WINDOWS\UserMigratedStore_59R.bin
9/18/05 4:52:00 PM H 31140 C:\WINDOWS\ttfCache
9/18/05 9:01:30 AM RH 7835688 C:\WINDOWS\system.tom
9/18/05 9:01:30 AM RH 1388576 C:\WINDOWS\user.tom
9/18/05 10:04:06 AM H 13122 C:\WINDOWS\SYSTEM\folder.htt
9/18/05 10:04:06 AM H 266 C:\WINDOWS\SYSTEM\desktop.ini
9/10/05 10:49:24 AM H 17991 C:\WINDOWS\SYSTEM\LxAR9xdh.GID
8/18/05 11:55:34 AM RH 8192 C:\WINDOWS\SYSTEM\RATINGS.POL
9/18/05 10:03:26 AM H 9793 C:\WINDOWS\HELP\windows.GID
9/18/05 10:04:06 AM H 13122 C:\WINDOWS\SYSTEM32\folder.htt
9/18/05 10:04:06 AM H 266 C:\WINDOWS\SYSTEM32\desktop.ini
9/18/05 10:04:06 AM H 19600 C:\WINDOWS\WEB\WVLOGO.GIF
9/18/05 10:04:06 AM H 4204 C:\WINDOWS\WEB\CONTROLP.HTT
9/18/05 10:04:06 AM H 11530 C:\WINDOWS\WEB\FOLDER.HTT
9/18/05 10:04:06 AM H 4988 C:\WINDOWS\WEB\MYCOMP.HTT
9/18/05 10:04:06 AM H 5044 C:\WINDOWS\WEB\PRINTERS.HTT
9/18/05 10:04:06 AM H 14258 C:\WINDOWS\WEB\default.htt
9/18/05 10:04:06 AM H 5403 C:\WINDOWS\WEB\nethood.htt
9/18/05 10:04:06 AM H 8088 C:\WINDOWS\WEB\recycle.htt
9/18/05 10:04:06 AM H 5495 C:\WINDOWS\WEB\schedule.htt
9/18/05 10:04:06 AM H 5521 C:\WINDOWS\WEB\dialup.htt
9/18/05 10:04:06 AM H 44686 C:\WINDOWS\WEB\wvleft.bmp
9/18/05 10:04:06 AM H 840 C:\WINDOWS\WEB\wvline.gif
9/18/05 10:04:06 AM H 855 C:\WINDOWS\WEB\webview.css
9/30/05 9:35:22 AM HS 1159 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
9/30/05 9:35:22 AM HS 94 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Pattern.bmp
12/6/06 10:14:50 AM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
12/6/06 10:15:02 AM H 156 C:\WINDOWS\Favorites\desktop.ini
9/27/05 6:05:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\desktop.ini
9/27/05 6:05:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
9/27/05 6:05:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\KT23KDQV\desktop.ini
9/27/05 6:05:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\QLYNCV8L\desktop.ini
9/27/05 6:05:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\4PEZ0M0G\desktop.ini
9/27/05 6:05:12 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\ODQFST67\desktop.ini
9/28/05 5:35:24 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\3JPDPHTU\desktop.ini
9/28/05 5:35:24 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\N3DAAE3R\desktop.ini
9/28/05 5:35:24 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\BUXJ55KM\desktop.ini
9/28/05 5:35:24 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\ENSDA5U1\desktop.ini
12/6/06 10:16:22 AM HS 113 C:\WINDOWS\History\desktop.ini
12/6/06 10:16:22 AM HS 113 C:\WINDOWS\History\History.IE5\desktop.ini
9/30/05 9:35:18 AM H 6 C:\WINDOWS\Tasks\SA.DAT
8/5/05 2:13:52 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini

Checking for CPL files...
Microsoft Corporation 4/23/99 10:22:00 PM 60928 C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 103424 C:\WINDOWS\SYSTEM\MAIN.CPL
Microsoft Corporation 8/29/02 292352 C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 138752 C:\WINDOWS\SYSTEM\JOY.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 93248 C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 14448 C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 7952 C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 420864 C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 47104 C:\WINDOWS\SYSTEM\PASSWORD.CPL
4/23/99 10:22:00 PM 70656 C:\WINDOWS\SYSTEM\STICPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 51984 C:\WINDOWS\SYSTEM\POWERCFG.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 72192 C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 221280 C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 387072 C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 37376 C:\WINDOWS\SYSTEM\TIMEDATE.CPL
2/28/02 2:41:32 PM 183808 C:\WINDOWS\SYSTEM\bdeadmin.cpl
Microsoft Corporation 6/18/00 2:03:10 PM 106544 C:\WINDOWS\SYSTEM\TWEAKUI.CPL
Apple Computer, Inc. 10/10/02 7:17:02 PM 295936 C:\WINDOWS\SYSTEM\QuickTime.cpl
Sun Microsystems 2/20/03 4:42:34 PM 229487 C:\WINDOWS\SYSTEM\jpicpl32.cpl
Microsoft Corporation 4/23/99 10:22:00 PM 66048 C:\WINDOWS\SYSTEM\ACCESS.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 14848 C:\WINDOWS\SYSTEM\TELEPHON.CPL

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
4/4/05 6:51:16 AM 517 C:\WINDOWS\Start Menu\Programs\StartUp\Enable Belkin Wireless Keyboard Driver.lnk
4/4/05 6:51:18 AM 504 C:\WINDOWS\Start Menu\Programs\StartUp\Enable Belkin Wireless Mouse Driver.lnk
9/18/05 9:40:40 AM 705 C:\WINDOWS\Start Menu\Programs\StartUp\Exif Launcher.lnk

Checking files in %USERPROFILE%\Application Data folder...
8/18/05 3:10:58 PM 639 C:\WINDOWS\Application Data\dw.log
12/14/04 11:17:44 AM 79928 C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT
4/5/04 6:35:50 AM 12358 C:\WINDOWS\Application Data\PFP100JCM.{PB
4/5/04 6:35:50 AM 61678 C:\WINDOWS\Application Data\PFP100JPR.{PB

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
www.minibqm.com =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BitDefender Antivirus v8
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDSHELXT.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZipCentral
{40E85620-3DCB-11D3-8A0D-0060080C1EFA} = C:\Program Files\ZipCentral\zccm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Norton WipeInfo
{30424D42-5946-11D2-B8E5-006097C9C6FF} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BitDefender Antivirus v8
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDSHELXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ZipCentral
{40E85620-3DCB-11D3-8A0D-0060080C1EFA} = C:\Program Files\ZipCentral\zccm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZipCentral
{40E85620-3DCB-11D3-8A0D-0060080C1EFA} = C:\Program Files\ZipCentral\zccm.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}
= C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{656EC4B7-072B-4698-B504-2A414C1F0037}
IE_PopupBlocker Class = C:\PROGRAM FILES\WYOMING.COM EXTREME INTERNET\PRPL_IEPOPUPBLOCKER.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{800DD540-2817-11DA-A7E1-F63156A62229}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{724d43a0-0d85-11d4-9908-00400523e39a} = &RoboForm : C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
{2D58DD23-2759-4C7B-9351-D68AF7D0D868} = Popup Killer : C:\PROGRA~1\POPUP\POPUP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{724d43aa-0d85-11d4-9908-00400523e39a}
ButtonText = RoboForm :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F46}
ButtonText = Fill Forms :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F49}
ButtonText = Save :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
MenuText = Uninstall BitDefender Online Scanner v8 :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EDC4193F-34AD-4D07-AA87-E3FDB89E3E76}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{724D43A0-0D85-11D4-9908-00400523E39A} = &RoboForm : C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} = :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
BDMCon C:\Program Files\Softwin\BitDefender8\\bdmcon.exe
BitDefender Virus Shield C:\Program Files\Softwin\BitDefender8\\vsserv.exe
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
BDNewsAgent "C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\bdnagent.exe"
sais c:\program files\180searchassistant\sais.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
BitDefender Live! Init C:\Program Files\Softwin\BitDefender8\\bdinit.exe
BitDefender Scan Server C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe
KB891711 C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
BitDefender Communicator C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent C:\WINDOWS\SYSTEM\mstask.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Microsoft Works Update Detection C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
TaskMonitor C:\WINDOWS\taskmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
Windows Registry Repair Pro C:\PROGRAM FILES\3B SOFTWARE\WINDOWS REGISTRY REPAIR PRO\REGISTRYREPAIRPRO.EXE 3
msnmsgr "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
SpybotSD TeaTimer C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key $4Li6+{u
Hint MY PC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoCDBurning 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun
CDRAutoRun
ClearRecentDocsOnExit 
NoDrives $4Li6+{u

NoFavoritesMenu 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL

<<< WARNING! - NOT A VALID WIN98*Grinler KEY! >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit =
Shell =
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
<<< WARNING! - NOT A VALID WIN98*Grinler KEY! >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/30/05 11:27:53 AM
OT: I am still unable to open a new window correctly since we started this venture. any suggestions on this? Thank you. GEN

#15 geneveve2

geneveve2
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 30 September 2005 - 12:41 PM

NOTE: I did the WinPFind log in Safe mode. Was this correct?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users