Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
     
2 Pages V   1 2 >  
 Closed TopicStart new topic
Windows ME Constant gambling pop-up windows [RESOLVED], Can't get rid of pop-up ads
spiritoh
post Jul 23 2005, 09:53 AM
Post #1


Member
**
Posts: 14
From: OH
OS: Windows XP
Hi, can anyone please help me get rid of whatever malware or spyware on this Windows ME system. I keep getting pop-ups and I've tried Adware Se and all the virus software I can find to get rid of these things and they still keep coming back.

Here's my HiJack this log:
Logfile of HijackThis v1.99.1
Scan saved at 11:40:48 AM, on 7/23/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\ARPRBL.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\CHANNEL 3 WEATHER WIZARD\TRUEWEATHER.EXE
C:\WINDOWS\WEBSHOTS.SCR
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\arprbl.exe reg_run
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: pkrk.exe
O4 - Global Startup: Channel 3 Weather Wizard.lnk = C:\Program Files\Common Files\Channel 3 Weather Wizard\TrueWeather.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
Go to the top of the page
 
+Quote Post
tampabelle
post Jul 23 2005, 10:03 AM
Post #2


Member 5k
Group Icon
Posts: 6,363
OS: Windows XP
Please Download the following tools to assist us in removing this infection!
  • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!
  • Download Track qoo
    • Save it somewhere you will remember like the Desktop
Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
    1. Go to the WinPFind folder
    2. Locate WinPFind.txt
    3. Place those results in the next post!
Reboot back to Normal Mode!

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!
Go to the top of the page
 
+Quote Post
spiritoh
post Jul 23 2005, 10:41 AM
Post #3


Member
**
Posts: 14
From: OH
OS: Windows XP
I ran the PFind but could download the other "Track qoo.vbs"
, the post wasn't found.

Here's the WpFind data:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
urllogic 3/24/2005 11:07:56 PM 6959136 C:\SYSTEM.1ST
urllogic 3/24/2005 11:07:56 PM 6959136 C:\SYSTEM.1ST
KavSvc 3/24/2005 11:07:56 PM 6959136 C:\SYSTEM.1ST

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
urllogic 7/23/2005 12:16:12 PM 6492192 C:\WINDOWS\SYSTEM.DAT
urllogic 7/23/2005 12:16:12 PM 6492192 C:\WINDOWS\SYSTEM.DAT
KavSvc 7/23/2005 12:16:12 PM 6492192 C:\WINDOWS\SYSTEM.DAT
winsync 7/23/2005 12:16:12 PM 6492192 C:\WINDOWS\SYSTEM.DAT
PECompact2 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\VPTNFILE.741
qoologic 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\VPTNFILE.741
SAHAgent 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\VPTNFILE.741
KavSvc 3/24/2005 11:21:04 PM 303136 C:\WINDOWS\HWINFO.DAT
qoologic 7/23/2005 12:15:34 PM 3173 C:\WINDOWS\hosts
urllogic 7/23/2005 12:15:34 PM 3173 C:\WINDOWS\hosts
urllogic 7/23/2005 12:15:34 PM 3173 C:\WINDOWS\hosts
UPX! 3/31/2005 11:15:10 AM 23272 C:\WINDOWS\icont.exe
69.59.186.63 7/13/2005 10:07:08 PM 26624 C:\WINDOWS\jgkghww.dll
209.66.67.134 7/13/2005 10:07:08 PM 26624 C:\WINDOWS\jgkghww.dll
web-nex 7/13/2005 10:07:08 PM 26624 C:\WINDOWS\jgkghww.dll
winsync 7/13/2005 10:07:08 PM 26624 C:\WINDOWS\jgkghww.dll
PECompact2 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\lpt$vpn.741
qoologic 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\lpt$vpn.741
SAHAgent 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\lpt$vpn.741
UPX! 7/23/2005 11:59:46 AM 1044560 C:\WINDOWS\vsapi32.dll
aspack 7/23/2005 11:59:46 AM 1044560 C:\WINDOWS\vsapi32.dll
UPX! 7/23/2005 11:59:46 AM 170053 C:\WINDOWS\tsc.exe

Checking %System% folder...
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\WOCTHUNK.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\ARIFIL32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\SFLWAPI.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\XKILEXR.OLD
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MPHTMLER.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\GMI32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MOACM32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\NCTPLWIZ.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\DHNMPNTW.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\JNEG1X32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DXVVOX.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\OPE32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DNNMPNTW.DLL
PTech 10/29/2000 8:52:52 PM 391696 C:\WINDOWS\SYSTEM\FUSION16.DRV
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\SRSCLASS.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\WXPLOC.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\WOLP32T.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DVGSIG.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\SAC.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\SQC.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\OJPRT400.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MNNET32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\NUSWAN16.DLL
UPX! 8/2/2004 9:53:02 PM 6463843 C:\WINDOWS\SYSTEM\pav.sig
qoologic 8/2/2004 9:53:02 PM 6463843 C:\WINDOWS\SYSTEM\pav.sig
aspack 8/2/2004 9:53:02 PM 6463843 C:\WINDOWS\SYSTEM\pav.sig
SAHAgent 8/2/2004 9:53:02 PM 6463843 C:\WINDOWS\SYSTEM\pav.sig
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MLCUIW32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\OLTWA400.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\STLFX.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\IEETCFG.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\IKGSHL.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\IK50_32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\WVBVW.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\mmcrlrev.dll
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DWDRM.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MBDVDOPT.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MVAFD.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\CEYPTDLG.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\FYSRCH.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\NKture.dll
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\AEIDDC.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\RCCHED20.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DJMSSPXN.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\JJEG1X32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\WVICORE.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\NKTPLWIZ.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MHRATELC.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MWTCP.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\SATUPX32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MAANG.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\IQETCFG.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\UFDM32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\SQCUR32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\EHTIER2.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\dhdmoprp.dll
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\KGRNEL32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\GXU32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DLSTYLE.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DGD3D01.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\RTAENH.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\HWOIMN07.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MAVCRT.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MUIMRT16.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MBCI.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MJEXCH40.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\IDM32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\ICSS.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\HKOPCL07.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DQICM.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\OLMDSPIF.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\CORDS.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DVVOICE.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\IDFRARED.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MRUTILSE.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DGVVOX.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\mdident.dll
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\mrident.dll
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\PXPARSE.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\IVMUPG.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\SUCUR32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DFMSTOR.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\DPEML.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\CKUSALGO.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\DCCPCSVC.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\DYVENUM.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\MAAFD.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\MMAFD.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\JLDW400.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\DTMSVINN.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\QPV.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\UYER32.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\CRM.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\dNd8.dll
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\DLUSIC16.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\OSUI400.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\pfdrv.dll
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\QJDWIPES.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\OJMREG.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\ZCORT4AS.dll
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\SWMAN32.DLL
UPX! 6/2/2005 3:32:08 PM 18432 C:\WINDOWS\SYSTEM\supdate.dll
KavSvc 6/2/2005 3:32:08 PM 18432 C:\WINDOWS\SYSTEM\supdate.dll
yourkey 6/2/2005 3:32:08 PM 18432 C:\WINDOWS\SYSTEM\supdate.dll
ad-w-a-r-e.com 7/11/2005 6:06:44 PM 227104 C:\WINDOWS\SYSTEM\DLMSTOR.DLL
ad-w-a-r-e.com 7/11/2005 6:06:44 PM 227104 C:\WINDOWS\SYSTEM\FXSION32.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\MXG4DMOD.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\AAIV16XX.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\izengine.dll
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\MBHTMLED.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\Jxngle.dll
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\dadiagn.dll
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\MVIMRT.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\IOET16.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\maxml4a.dll
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\GFIDE2X.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\LPOUSE32.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\WK5INF32.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\IASENG.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\CPRDS.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\SQNCUI.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\EFTIER2.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\IYWPHBK.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\MCRD2X40.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\DAMSVINN.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\ATIFIL32.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\DRMSVINN.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\SCNDMAIL.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\GUI32.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\CXMNCTR.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\HNOIMG07.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\MD3216.DLL
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\IXMUPG.DLL
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\SSSCRAP.DLL
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\SPHANNEL.DLL
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\CERDS.DLL
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\MXRATING.DLL
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\mzoeacct.dll
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\DD32GT.DLL
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\SOGE.DLL
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\WIVCORE.DLL
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\MIUTILSE.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\MXDVDOPT.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\MSNDEX.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\SRPDLL.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\WFDMLOG.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\NTTPLWIZ.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\QJIM32.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\OXGFS400.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\CHSEQCHK.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\MHHTMLED.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\DA32GT.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\MQAFD.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\MYRTEDIT.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\RIAENH.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\AKIICDXX.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\NHWDEV.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\RYRC32.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\WPASHEXT.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\LROUSE16.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\SLLFX.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\WAPLOC.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\RNCLTSCM.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\CVM.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\DZVVOX.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\WTADEFUI.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\AFIICDXX.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\BDOWSELC.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\IVM32.DLL
ad-w-a-r-e.com 7/11/2005 6:06:44 PM 227104 C:\WINDOWS\SYSTEM\DQVENUM.DLL
ad-w-a-r-e.com 7/11/2005 6:06:44 PM 227104 C:\WINDOWS\SYSTEM\SRSINV.DLL
ad-w-a-r-e.com 7/11/2005 6:06:44 PM 227104 C:\WINDOWS\SYSTEM\8E55INDI.DLL
ad-w-a-r-e.com 7/11/2005 6:06:44 PM 227104 C:\WINDOWS\SYSTEM\MDDOCS.DLL
ad-w-a-r-e.com 7/11/2005 6:06:44 PM 227104 C:\WINDOWS\SYSTEM\NJWDEV.DLL
ad-w-a-r-e.com 7/11/2005 6:06:44 PM 227104 C:\WINDOWS\SYSTEM\VEDX16.DLL
ad-w-a-r-e.com 7/11/2005 6:06:44 PM 227104 C:\WINDOWS\SYSTEM\CPUTOA.DLL
ad-w-a-r-e.com 7/11/2005 6:06:44 PM 227104 C:\WINDOWS\SYSTEM\MGR2C.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\OAESVR.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\dhnet.dll
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\ITHLPAPI.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\JGVAEE.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\MYTCP.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\MBINCP16.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\DDNDI.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\MYCI.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\chmnew.dll
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\ACIPDLXX.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\SBCUR32.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\WRICORE.DLL
ad-w-a-r-e.com 7/23/2005 9:59:02 AM 226080 C:\WINDOWS\SYSTEM\CKUTOA.DLL
ad-w-a-r-e.com 7/23/2005 9:59:02 AM 226080 C:\WINDOWS\SYSTEM\DWMM.DLL

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder for system and hidden files within the last 60 days...
7/23/2005 12:16:12 PM 6492192 C:\WINDOWS\SYSTEM.DAT
7/23/2005 12:23:58 PM 1134624 C:\WINDOWS\USER.DAT
7/23/2005 12:13:42 PM 4341792 C:\WINDOWS\CLASSES.DAT
7/23/2005 12:14:36 PM 1110310 C:\WINDOWS\ShellIconCache
6/8/2005 11:33:54 PM 54156 C:\WINDOWS\QTFont.qfn
7/23/2005 10:35:50 AM 10796 C:\WINDOWS\ttfCache
7/23/2005 10:01:58 AM 5 C:\WINDOWS\SYSTEM\AuxDrv32ds_k.ods
7/23/2005 12:15:34 PM 668 C:\WINDOWS\PCHEALTH\HELPCTR\Database\HelpSessionHistory.stream
7/23/2005 11:50:28 AM 68 C:\WINDOWS\TEMP\ffastlog.txt
6/15/2005 10:02:20 AM 3584 C:\WINDOWS\DRM\drmv2.sst
6/15/2005 10:02:36 AM 400 C:\WINDOWS\DRM\v2ks002.bla
6/15/2005 10:02:36 AM 234176 C:\WINDOWS\DRM\Indiv002.key
7/19/2005 9:35:46 PM 2344 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
7/19/2005 9:36:12 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata00.sqm
6/15/2005 11:47:44 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata01.sqm
6/16/2005 12:47:30 PM 1204 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata02.sqm
6/16/2005 12:47:30 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata03.sqm
6/17/2005 10:39:04 AM 1548 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata04.sqm
6/17/2005 10:39:04 AM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata05.sqm
6/17/2005 8:29:34 PM 1132 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata06.sqm
6/17/2005 8:29:34 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata07.sqm
6/17/2005 8:52:40 PM 1300 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata08.sqm
6/17/2005 8:53:00 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata09.sqm
6/18/2005 11:10:36 PM 1132 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata10.sqm
6/18/2005 11:10:36 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata11.sqm
6/24/2005 12:21:52 PM 1192 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata12.sqm
6/24/2005 12:21:52 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata13.sqm
6/24/2005 9:34:22 PM 1144 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata14.sqm
6/24/2005 9:34:22 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata15.sqm
6/25/2005 12:34:50 AM 1132 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata16.sqm
6/25/2005 12:34:50 AM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata17.sqm
6/27/2005 2:59:08 PM 1156 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata18.sqm
6/27/2005 2:59:28 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata19.sqm
6/27/2005 7:01:48 PM 92 C:\WINDOWS\NetHood\updates on Main\Desktop.ini
6/25/2005 9:13:36 PM 92 C:\WINDOWS\NetHood\shareddocs on Main\Desktop.ini
6/30/2005 11:15:28 AM 92 C:\WINDOWS\NetHood\backup on Main\Desktop.ini
7/2/2005 11:44:02 PM 92 C:\WINDOWS\NetHood\als document on Als\Desktop.ini
7/2/2005 11:44:02 PM 92 C:\WINDOWS\NetHood\c on Als\Desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
4/3/2005 3:15:52 PM 575 C:\WINDOWS\All Users\Start Menu\Programs\StartUp\Channel 3 Weather Wizard.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
4/3/2005 3:15:54 PM 568 C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
4/3/2005 3:15:54 PM 443 C:\WINDOWS\Start Menu\Programs\StartUp\Webshots.lnk

Checking files in %USERPROFILE%\Application Data folder...
7/31/2004 11:33:52 PM 0 C:\WINDOWS\Application Data\dm.ini
3/23/2005 11:27:10 PM 926 C:\WINDOWS\Application Data\dw.log
3/23/2005 11:28:12 PM 28 C:\WINDOWS\Application Data\Sskcwrd.dll
3/23/2005 10:49:54 PM 272735 C:\WINDOWS\Application Data\Sskknwrd.dll
3/23/2005 11:31:02 PM 38 C:\WINDOWS\Application Data\Sskuknwrd.dll

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\{9C54FCA2-6FE5-2DE1-0EE4-1FF3732C0713}
=

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\SHELLEX.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\WEBROOT\SPYSWE~1\SSCTXMNU.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\SHELLEX.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
TaskMonitor C:\WINDOWS\taskmon.exe
PCHealth C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray SysTray.Exe
Logitech Utility Logi_MwX.Exe
LoadQM loadqm.exe
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
msnappau "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
winsync C:\WINDOWS\arprbl.exe reg_run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
MSFS
MAPI
IMAIL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp
NoRealMode 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}
= C:\PROGRA~1\COMMON~1\MICROS~1\Web Folders\MSONSEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.2.3 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Go to the top of the page
 
+Quote Post
spiritoh
post Jul 23 2005, 10:42 AM
Post #4


Member
**
Posts: 14
From: OH
OS: Windows XP
I meant to say I could NOT find the Track qoo.vbs the link you gave to me to download it, came back saying that it was not found
Go to the top of the page
 
+Quote Post
spiritoh
post Jul 23 2005, 11:05 AM
Post #5


Member
**
Posts: 14
From: OH
OS: Windows XP
found the Track qoo file and downloaded and ran the script here's the results:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s"
"SystemTray"="SysTray.Exe"
"Logitech Utility"="Logi_MwX.Exe"
"LoadQM"="loadqm.exe"
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"msnappau"="\"C:\\Program Files\\MSN Apps\\Updater\\01.03.0000.1005\\en-us\\msnappau.exe\""
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"winsync"="C:\\WINDOWS\\arprbl.exe reg_run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D}
syncui.dll

Subkey --- Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5}
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\SHELLEX.DLL

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- {7ab770c7-0e23-4d7a-8aa2-19bfad479829}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
C:\WINDOWS\SYSTEM\DOCPROP2.DLL

==============================
C:\WINDOWS\All Users\Start Menu\Programs\StartUp

Channel 3 Weather Wizard.lnk
==============================
C:\WINDOWS\Start Menu\Programs\StartUp

Channel 3 Weather Wizard.lnk
Webshots.lnk
Microsoft Office.lnk
==============================
C:\WINDOWS\SYSTEM cpl files


INETCPL.CPL Microsoft Corporation
INTL.CPL Microsoft Corporation
MODEM.CPL Microsoft Corporation
ODBCCP32.CPL Microsoft Corporation
POWERCFG.CPL Microsoft Corporation
APPWIZ.CPL Microsoft Corporation
DESK.CPL Microsoft Corporation
JOY.CPL Microsoft Corporation
MMSYS.CPL Microsoft Corporation
NETCPL.CPL Microsoft Corporation
PASSWORD.CPL Microsoft Corporation
SYSDM.CPL Microsoft Corporation
TELEPHON.CPL Microsoft Corporation
WUAUCPL.CPL Microsoft Corporation
QTW32.CPL Apple Computer, Inc.
ACCESS.CPL Microsoft Corporation
THEMES.CPL Microsoft Corporation
FINDFAST.CPL Microsoft Corporation
CtDetect.cpl Creative Technology Ltd.
AUDIOHQ.CPL Creative Technology Ltd.
MAIN.CPL Microsoft Corporation
TIMEDATE.CPL Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
plugincpl131_04.cpl Sun Microsystems
jpicpl32.cpl Sun Microsystems, Inc.
Go to the top of the page
 
+Quote Post
tampabelle
post Jul 23 2005, 11:41 AM
Post #6


Member 5k
Group Icon
Posts: 6,363
OS: Windows XP
Please download FindQoologic from here:
Find_Qoologic2.zip
Save it to the desktop and extract files from it. Run Find-Qoologic2.bat. This will generate a log file; please post the entire contents of the log file here for me to see.
Go to the top of the page
 
+Quote Post
spiritoh
post Jul 23 2005, 01:33 PM
Post #7


Member
**
Posts: 14
From: OH
OS: Windows XP
The file isn't found on this site.

Please download FindQoologic from here:


Find_Qoologic2.zip
Save it to the desktop and extract files from it. Run Find-Qoologic2.bat. This will generate a log file; please post the entire contents of the log file here for me to see.
Go to the top of the page
 
+Quote Post
tampabelle
post Jul 23 2005, 01:39 PM
Post #8


Member 5k
Group Icon
Posts: 6,363
OS: Windows XP
Please download the attachment
Go to the top of the page
 
+Quote Post
spiritoh
post Jul 23 2005, 04:46 PM
Post #9


Member
**
Posts: 14
From: OH
OS: Windows XP
Hopefully this is the correct file:

"Find activesetup", version1, launched at: 18:45
Operating System: Windows Millennium


HKLM\Software\Microsoft\Active Setup\Installed Components\
"PerUser_CVT_Inis\(Default)" = "Windows Setup - FAT32 Converter"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf" [MS]
"{44BBA842-CC51-11CF-AAFA-00AA00B6015C}\(Default)" = "NetMeeting 3.01"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.W95" [MS]
"PerUser_DCC_Inis\(Default)" = "Windows Setup - Direct Cable Connection"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis_remove 64 C:\WINDOWS\INF\rna.inf" [MS]
Go to the top of the page
 
+Quote Post
tampabelle
post Jul 23 2005, 06:36 PM
Post #10


Member 5k
Group Icon
Posts: 6,363
OS: Windows XP
Hi Spiritoh,

The number of files thrown up by these logs are huge and I am trying to check on each and every file.

I need some help from you.

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
Go to the top of the page
 
+Quote Post
spiritoh
post Jul 23 2005, 07:24 PM
Post #11


Member
**
Posts: 14
From: OH
OS: Windows XP
when I run the l2mfix.bat I recieve the following error right away, and command window state "syntax error"

contents not.txt
Not compatible with 9x or windows nt
Go to the top of the page
 
+Quote Post
tampabelle
post Jul 23 2005, 07:41 PM
Post #12


Member 5k
Group Icon
Posts: 6,363
OS: Windows XP
Hi Spiritoh,


My bad !!!!!

Guess I was looking for an easy solution !!! That tool only works on Windows 2000 and Windows XP. We will need to work out this the hard way


Download Findit9xME and save it.

Unzip the file and save the files in a new folder - VX2 on your desktop. Amongst the files extracted is a file - Findit9XME.bat. Double click on the file. It will generate a log file.

Post this log file back here
Go to the top of the page
 
+Quote Post
spiritoh
post Jul 24 2005, 09:44 AM
Post #13


Member
**
Posts: 14
From: OH
OS: Windows XP
Thanks for helpinh on this...I tried to do it the eas