Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need Help


  • Please log in to reply

#1
Angelia

Angelia

    Member

  • Member
  • PipPipPip
  • 556 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:18:17 AM, on 10/11/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\PSSVC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dell.com/search/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: (no name) - {132DEE89-2256-3A21-D249-F02ABD46ECFC} - C:\WINDOWS\Rbenkwjh.dll (file missing)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F1 - win.ini: run=hpfsched
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\PROGRAM FILES\BELLSOUTH\BELLSOUTH INTERNET SECURITY\PKR.DLL (file missing)
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\PROGRAM FILES\BELLSOUTH INTERNET TOOLS\BLSPC.DLL (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL (file missing)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\SYSTEM\5nt.dll (file missing)
O3 - Toolbar: Search - {02BC68EA-4663-7F85-6913-FE8023F5AF77} - C:\WINDOWS\Rbenkwjh.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] c:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Command] C:\WINDOWS\RGVmYXVsdAAA\command.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRAM FILES\BUTTERFLY OASIS SCREENSAVER\BO1HELPER.EXE /partner BO1
O4 - HKLM\..\Run: [blspcloader] "C:\PROGRAM FILES\BELLSOUTH INTERNET TOOLS\BLSLOADER.EXE"
O4 - HKLM\..\Run: [BLUBSTER] C:\PROGRAM FILES\BLUBSTER\BLUBSTER.exe SILENT
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [AutoShutdown] C:\WINDOWS\pssvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm492YYUS
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Dell Home - {9C31CA00-6082-11D3-8607-00C04FCFBDA1} - http://www.dell.com/ (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.co...aploader_v6.cab
O16 - DPF: {3AE9ED90-4B59-47A0-873B-7B71554B3C3E} (JoystickCtl Class) - http://www.radicalpl...ca/joystick.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave...bugs/axhost.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go...GameManager.cab
O18 - Filter: text/html - (no CLSID) - (no file)
  • 0

Advertisements


#2
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hello Angelia

please post an uninstall list for me please :whistling:
  • 0

#3
Angelia

Angelia

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 556 posts
:whistling: Hi Don77.

I know what you mean.I hate to have to add to your work load.

This is what happened.

Come home from work the other night and computer was on but screen was off.

When I turned monitor on there was a black screen stating that a file was missing to load an application.

It's name was freedomti.vxd or something like that.

This screen still comes up every time computer is restarted.

When it finally loaded that night first thing I noticed was Sygate didn't load up.

I looked in add remove programs and it wasn't there.I looked for it and the folder still existed but I couldn't get it to load.


Also noticed in add remove programs all the windows updates was missing.

I installed Outpost immediately and went and downloaded Windows updates again.

Run AVG and come up clean.

Spybot come up with Gator, Gain, My Web Search, Command, Smitfraud-c,(also my desktop wallpaper is gone and haven't been able to get it back)and some other things that I can't remember.


I tried to remove Command from add/remove and get this error

Cannot find script file

C:\Windows\RGV,UXVsdAAA\5BLMS5BXxp8MSU6.vbs


Also cannot open my PL.

I saved them in Word pad and when I open them it asks me to put in Microsoft Works CD.

Which I don't have.

Not sure what happened there.

Also can't play and music because it says can't detect sound device.

Also Out post keeps warning me of a Nuker attack that it's blocked.But have no idea what that means.Did look up the IPS and one was from Andara High Speed Internet and the other is Road Runner Hold Co LLC.

So that's what's going on.I was afraid to do anything without advice and help.

Thanks Don77 and I'm sorry to add to your work load.


Here's uninstall list

3Com NIC Diagnostics
Adaptec Easy CD Creator 4
Adobe Acrobat Reader 3.01
Agnitum Outpost Firewall Pro
AVG Free Edition
BellSouth Internet Security
CleanUp!
Command
Creative PCI Audio Drivers
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Internet Explorer Q916281
J2SE Runtime Environment 5.0 Update 3
Lyra Digital Audio Player
Lyra Personal Audio Player (RD1021/1071/1075)
Macromedia Flash Player 8
MDP3858 PCI Modem
MDP3880 PCI Modem
Microsoft IntelliPoint
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Outlook Express 6
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MSN Messenger Service 2.2
My Kazaa Gold
My MP3 Player MTP Driver nonXP
NetMeeting 3.01
Outlook Express Q837009
The Unzip Wizard
Windows 98 Q823559 Update
Windows Media Player system update (9 Series)
  • 0

#4
Angelia

Angelia

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 556 posts
:whistling: Hi again.


Sorry one more thing I wanted to let you know before I forgot.

Everytime you leave the computer for few minutes them modem is still on and active but the monitor says lost signal and I have to perform a hard boot to start it over again.
  • 0

#5
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
OK Angelia

Lets do a couple things,

I need a silent runners log and run smitrem for me please post the log from it for me here as well


Note : you can not run S!ri"s tool on 98
  • 0

#6
Angelia

Angelia

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 556 posts
:whistling: Hi Don77

Sorry it took so long had a couple of problems.

Couldn't run silentrunners it comes up with error that library is not registered.

I run Smitrem but can't locate the log to post.

I've been on computer for about ten minutes and Outpost has stopped to Nuker attacks.

I'll be waiting for your reply.

Thanks for all your help.
  • 0

#7
Angelia

Angelia

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 556 posts
:whistling: Sorry Don I found it.



smitRem © log file
version 3.2

by noahdfear


Windows 98 [Version 4.10.2222]


Running from
C:\WINDOWS\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="C:\WINDOWS\SYSTEM\BROWSEUI.DLL"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="C:\WINDOWS\SYSTEM\BROWSEUI.DLL"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system folder ~~~



~~~ Icons in system folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~



~~~~ wininet.dll ~~~~

wininet.dll Present!!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Starting registry repairs
Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="C:\WINDOWS\SYSTEM\BROWSEUI.DLL"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="C:\WINDOWS\SYSTEM\BROWSEUI.DLL"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system folder ~~~



~~~ Icons in system folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~





~~~~ wininet.dll ~~~~

wininet.dll Clean!! :blink:
  • 0

#8
Angelia

Angelia

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 556 posts
Hi Don

Quick post before mouse freezes up on me.

New HijackThis log before I have to go to work.


Logfile of HijackThis v1.99.1
Scan saved at 3:34:17 PM, on 10/16/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\PSSVC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OUTPOST.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MYKAZAAGOLD\MYGOLDKAZAA.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MYKAZAAGOLD\GIFT\GIFTL.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: (no name) - {132DEE89-2256-3A21-D249-F02ABD46ECFC} - C:\WINDOWS\Rbenkwjh.dll (file missing)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F1 - win.ini: run=hpfsched
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\PROGRAM FILES\BELLSOUTH\BELLSOUTH INTERNET SECURITY\PKR.DLL (file missing)
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\PROGRAM FILES\BELLSOUTH INTERNET TOOLS\BLSPC.DLL (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL (file missing)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\SYSTEM\5nt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Search - {02BC68EA-4663-7F85-6913-FE8023F5AF77} - C:\WINDOWS\Rbenkwjh.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] c:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Command] C:\WINDOWS\RGVmYXVsdAAA\command.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRAM FILES\BUTTERFLY OASIS SCREENSAVER\BO1HELPER.EXE /partner BO1
O4 - HKLM\..\Run: [blspcloader] "C:\PROGRAM FILES\BELLSOUTH INTERNET TOOLS\BLSLOADER.EXE"
O4 - HKLM\..\Run: [BLUBSTER] C:\PROGRAM FILES\BLUBSTER\BLUBSTER.exe SILENT
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [AutoShutdown] C:\WINDOWS\pssvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\outpost.exe /service
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKCU\..\Run: [My Kazaa Gold] C:\PROGRAM FILES\MYKAZAAGOLD\MYGOLDKAZAA.EXE /hide
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKCU\..\RunServices: [My Kazaa Gold] C:\PROGRAM FILES\MYKAZAAGOLD\MYGOLDKAZAA.EXE /hide
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm492YYUS
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Dell Home - {9C31CA00-6082-11D3-8607-00C04FCFBDA1} - http://www.dell.com/ (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.co...aploader_v6.cab
O16 - DPF: {3AE9ED90-4B59-47A0-873B-7B71554B3C3E} (JoystickCtl Class) - http://www.radicalpl...ca/joystick.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave...bugs/axhost.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go...GameManager.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Filter: text/html - (no CLSID) - (no file)
  • 0

#9
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
OK Angelia lets see if we can't get some of this cleaned up for you,
Now I know I don't have to have the p2p program talk with you correct :whistling:

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {132DEE89-2256-3A21-D249-F02ABD46ECFC} - C:\WINDOWS\Rbenkwjh.dll (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL (file missing)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\SYSTEM\5nt.dll (file missing)
O3 - Toolbar: Search - {02BC68EA-4663-7F85-6913-FE8023F5AF77} - C:\WINDOWS\Rbenkwjh.dll (file missing)
O4 - HKLM\..\Run: [Command] C:\WINDOWS\RGVmYXVsdAAA\command.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKCU\..\RunServices: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm492YYUS
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links –
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O18 - Filter: text/html - (no CLSID) - (no file)


Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Command


Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\PROGRAM FILES\MYWEBSEARCH
C:\WINDOWS\RGVmYXVsdAAA



After that, Reboot Post back a fresh HJT log please.
  • 0

#10
Angelia

Angelia

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 556 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:57:48 PM, on 10/17/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\PSSVC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OUTPOST.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F1 - win.ini: run=hpfsched
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] c:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [BLUBSTER] C:\PROGRAM FILES\BLUBSTER\BLUBSTER.exe SILENT
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [AutoShutdown] C:\WINDOWS\pssvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\outpost.exe /service
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm492YYUS
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Dell Home - {9C31CA00-6082-11D3-8607-00C04FCFBDA1} - http://www.dell.com/ (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
  • 0

Advertisements


#11
Angelia

Angelia

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 556 posts

Now I know I don't have to have the p2p program talk with you correct



No sir you don't.I purchased the program a few years back.I thought it was legit.Since I have to pay if I want to download a song.I've explained to my teenager to scan every song with AVG before opening it.But since she's the only one who has access to this computer.She would be at fault now for messing it up.


I've been trying to get to my PL's with no luck.

When I go to open it a screen opens asking for Microsoft Works 2000 cd.As soon as i click cancel.
Screen comes up saying that internet explorer has caused error and will have to terminate.

Do you think theres any hope there.All my canned speeches are like this to.

Some still have word pad icon and most have Microsoft windows icon.

I also the missing file error is still there at startup.It's called freetdi.vxd.I think this is associated with Sygate, but since Sygate no longer exists in add/remove programs and I can't remove it properly don't know what to do.I did delete the Sygate folder but that didn't help.

Also cursor freezes up alot or just starts moving all over screen without anyone touching it.

Still the problems with modem losing signal and having to hard boot to start over again.

Well I think that's about all my problems with computer for now.

Thank you so very much for all your help Don.
  • 0

#12
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Aye the fun never ends :whistling:

Download winpfind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to scart scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.



By the way lets get rid of this one with HJT

O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm492YYUS
  • 0

#13
Angelia

Angelia

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 556 posts
:whistling: Hi Don77! Hope your doing well today.Heres the Winpfind log you requested.Thanks for all your help.





WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 10/18/06 1:52:55 PM
WinPFind v1.5.0 Folder = C:\WINDOWS\DESKTOP\UNZIPPED FILES\WINPFIND\
Product Name: Windows 98 Version: 4.10.2222
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
abetterinternet.com 3/10/06 5:54:08 PM RH 811040 c:\windows\user.tom ()
web-nex 3/10/06 5:54:08 PM RH 811040 c:\windows\user.tom ()
ad-w-a-r-e.com 3/10/06 5:54:08 PM RH 811040 c:\windows\user.tom ()
qoologic 3/24/06 4:16:46 AM 437387 c:\windows\HOSTS.MVP ()
PTech 3/24/06 4:16:46 AM 437387 c:\windows\HOSTS.MVP ()
SAHAgent 3/24/06 4:16:46 AM 437387 c:\windows\HOSTS.MVP ()
abetterinternet.com 3/24/06 4:16:46 AM 437387 c:\windows\HOSTS.MVP ()
web-nex 3/24/06 4:16:46 AM 437387 c:\windows\HOSTS.MVP ()
ad-w-a-r-e.com 3/24/06 4:16:46 AM 437387 c:\windows\HOSTS.MVP ()
UPX! 10/26/00 9:31:46 PM 181760 c:\windows\temp.exe (Big Fish Games)

Checking %System% folder...
PTech 8/8/00 12:00:00 PM 88571 c:\windows\SYSTEM\MDACRDME.HTM ()

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/17/06 2:56:58 PM H 42949 c:\windows\ttfCache ()
10/18/06 1:53:14 PM RH 6307916 c:\windows\SYSTEM.DAT ()
10/18/06 1:53:14 PM RH 704544 c:\windows\USER.DAT ()
10/17/06 1:48:54 PM H 1006011 c:\windows\ShellIconCache ()
10/12/06 4:29:20 AM H 9793 c:\windows\HELP\windows.GID ()
10/18/06 1:43:50 PM HS 1092 c:\windows\Application Data\Microsoft\Internet Explorer\Desktop.htt ()
10/12/06 4:37:50 AM HS 67 c:\windows\Temporary Internet Files\desktop.ini ()
9/12/06 9:12:16 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\desktop.ini ()
9/12/06 9:12:16 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\49QN8DY3\desktop.ini ()
9/12/06 9:12:16 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\C9YJKLAF\desktop.ini ()
9/12/06 9:12:16 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\GFZM2V4Y\desktop.ini ()
9/12/06 9:12:16 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\XPM0SYU4\desktop.ini ()
9/16/06 6:52:02 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\72CRNXKL\desktop.ini ()
9/16/06 6:52:02 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\O16R4T6B\desktop.ini ()
9/16/06 6:52:02 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\OTI789AN\desktop.ini ()
9/16/06 6:52:02 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\81CVGBSB\desktop.ini ()
9/17/06 1:29:12 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\HIGF39SH\desktop.ini ()
9/17/06 1:29:12 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\0HSPYV0P\desktop.ini ()
9/17/06 1:29:14 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\3N97R54W\desktop.ini ()
9/17/06 1:29:14 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\OBNBQ09P\desktop.ini ()
9/19/06 6:34:44 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\63EZ2XAB\desktop.ini ()
9/19/06 6:34:44 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\65NWPCZ6\desktop.ini ()
9/19/06 6:34:44 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\TRNNDHOE\desktop.ini ()
9/19/06 6:34:44 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\CDUZSTA7\desktop.ini ()
9/24/06 1:20:52 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\Y1OJ2TW5\desktop.ini ()
9/24/06 1:20:52 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\4L2BOPAJ\desktop.ini ()
9/24/06 1:20:52 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\O9QRK92N\desktop.ini ()
9/24/06 1:20:52 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\KHY3GL2Z\desktop.ini ()
10/11/06 5:29:26 AM HS 67 c:\windows\Temporary Internet Files\Content.IE5\H0KBL9S5\desktop.ini ()
10/11/06 5:29:26 AM HS 67 c:\windows\Temporary Internet Files\Content.IE5\WLAJ4DEV\desktop.ini ()
10/11/06 5:29:26 AM HS 67 c:\windows\Temporary Internet Files\Content.IE5\2TCFE1U5\desktop.ini ()
10/11/06 5:29:26 AM HS 67 c:\windows\Temporary Internet Files\Content.IE5\SFBB201X\desktop.ini ()
10/11/06 2:14:14 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\ZYGJJTG9\desktop.ini ()
10/11/06 2:14:14 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\KDWTE349\desktop.ini ()
10/11/06 2:14:14 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\3F1BRX0W\desktop.ini ()
10/11/06 2:14:14 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\WJXNQUZ9\desktop.ini ()
10/18/06 1:43:42 PM H 6 c:\windows\Tasks\SA.DAT ()

Checking for CPL files...
4/23/99 10:22:00 PM 221280 c:\windows\SYSTEM\DESK.CPL (Microsoft Corporation)
8/29/02 292352 c:\windows\SYSTEM\INETCPL.CPL (Microsoft Corporation)
4/23/99 10:22:00 PM 60928 c:\windows\SYSTEM\INTL.CPL (Microsoft Corporation)
4/23/99 10:22:00 PM 420864 c:\windows\SYSTEM\MMSYS.CPL (Microsoft Corporation)
4/23/99 10:22:00 PM 93248 c:\windows\SYSTEM\MODEM.CPL (Microsoft Corporation)
4/23/99 10:22:00 PM 14448 c:\windows\SYSTEM\NETCPL.CPL (Microsoft Corporation)
4/23/99 10:22:00 PM 47104 c:\windows\SYSTEM\PASSWORD.CPL (Microsoft Corporation)
4/23/99 10:22:00 PM 51984 c:\windows\SYSTEM\POWERCFG.CPL (Microsoft Corporation)
10/30/01 8:10:00 AM 442368 c:\windows\SYSTEM\JOY.CPL (Microsoft Corporation)
4/23/99 10:22:00 PM 66048 c:\windows\SYSTEM\ACCESS.CPL (Microsoft Corporation)
4/23/99 10:22:00 PM 72192 c:\windows\SYSTEM\APPWIZ.CPL (Microsoft Corporation)
4/23/99 10:22:00 PM 103424 c:\windows\SYSTEM\MAIN.CPL (Microsoft Corporation)
4/23/99 10:22:00 PM 70656 c:\windows\SYSTEM\STICPL.CPL ()
4/23/99 10:22:00 PM 387072 c:\windows\SYSTEM\SYSDM.CPL (Microsoft Corporation)
4/23/99 10:22:00 PM 14848 c:\windows\SYSTEM\TELEPHON.CPL (Microsoft Corporation)
4/23/99 10:22:00 PM 37376 c:\windows\SYSTEM\TIMEDATE.CPL (Microsoft Corporation)
4/23/99 10:22:00 PM 15360 c:\windows\SYSTEM\THEMES.CPL (Microsoft Corporation)
11/10/05 1:03:50 PM 49265 c:\windows\SYSTEM\jpicpl32.cpl (Sun Microsystems, Inc.)
2/20/03 11:39:50 AM 32768 c:\windows\SYSTEM\odbccp32.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com...ex/qtplugin.cab
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
{32564D57-0000-0010-8000-00AA00389B71} - - CodeBase = http://codecs.micros...i386/wmv8ax.cab
{33564D57-0000-0010-8000-00AA00389B71} - - CodeBase = http://download.micr...922/wmv9VCM.CAB
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/...indows-i586.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoft...free/asinst.cab
{9F1C11AA-197B-4942-BA54-47A8489BB47F} - Update Class - CodeBase = http://v4.windowsupd...B?39002.0159375
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/...indows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object - CodeBase = http://download.macr...ash/swflash.cab
DirectAnimation Java Classes - - CodeBase = file://c:\windows\SYSTEM\dajava.cab
Internet Explorer Classes for Java - - CodeBase = file://c:\windows\SYSTEM\iejava.cab
Microsoft XML Parser for Java - - CodeBase = file://c:\windows\Java\classes\xmldso4.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
4/2/06 12:23:16 PM 376 C:\WINDOWS\Start Menu\Programs\StartUp\SpywareGuard.lnk ()

Checking files in %USERPROFILE%\Application Data folder...
9/6/06 9:00:08 PM 2568 C:\WINDOWS\Application Data\dw.log ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft...p...ER}&ar=home
\\Search Page - http://www.microsoft...amp;ar=iesearch
\\Default_Page_URL - http://www.microsoft...p...&ar=msnhome
\\Default_Search_URL - http://www.microsoft...amp;ar=iesearch
\\Local Page - c:\windows\SYSTEM\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://home.bellsouth.net/
\\Search Bar - http://www.google.com/ie
\\Search Page - http://www.google.com
\\Local Page - C:\WINDOWS\SYSTEM\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn...st/srchcust.htm
\\SearchAssistant - http://ie.search.msn...st/srchasst.htm


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{00A6FAF6-072E-44cf-8957-5838F569A31D} - = ()
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\SYSTEM\SHDOCVW.DLL (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar1.dll (Google Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL (Microsoft Corporation)
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL (Microsoft Corporation)
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,[email protected],&Radio = C:\WINDOWS\SYSTEM\MSDXM.OCX (Microsoft Corporation)
\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = C:\WINDOWS\SYSTEM\BROWSEUI.DLL (Microsoft Corporation)
\ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = C:\WINDOWS\SYSTEM\BROWSEUI.DLL (Microsoft Corporation)
\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = C:\WINDOWS\SYSTEM\BROWSEUI.DLL (Microsoft Corporation)
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = ()
\WebBrowser\\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - = ()
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = C:\WINDOWS\SYSTEM\BROWSEUI.DLL (Microsoft Corporation)
\WebBrowser\\{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,[email protected],&Radio = C:\WINDOWS\SYSTEM\MSDXM.OCX (Microsoft Corporation)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{9C31CA00-6082-11D3-8607-00C04FCFBDA1} - 8192 =
\\NEXTID - 8195
\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} - 8193 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 = MSN Messenger Service

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{BDEADF00-C265-11d0-BCED-00A0C90AB50F} - Web Folders = c:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL ()
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL ()
\\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{BDEADF00-C265-11d0-BCED-00A0C90AB50F} - = c:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL ()


>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL ()
\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B} - = C:\Program Files\BellSouth\BellSouth Internet Security\AVContextR.dll ()
\ASW - {33C9E362-3EDA-4930-8AFE-5DA39A8BB77A} = C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OP_SHELL.DLL (Agnitum Ltd.)
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B} - = C:\Program Files\BellSouth\BellSouth Internet Security\AVContextR.dll ()
\ASW - {33C9E362-3EDA-4930-8AFE-5DA39A8BB77A} = C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OP_SHELL.DLL (Agnitum Ltd.)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B} - = C:\Program Files\BellSouth\BellSouth Internet Security\AVContextR.dll ()
\ASW - {33C9E362-3EDA-4930-8AFE-5DA39A8BB77A} = C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OP_SHELL.DLL (Agnitum Ltd.)
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ScanRegistry - c:\windows\scanregw.exe (Microsoft Corporation)
TaskMonitor - c:\windows\taskmon.exe (Microsoft Corporation)
Disknag - C:\DELL\DISKNAG.EXE (Dell Computer Corporation)
SystemTray - c:\windows\SYSTEM\SysTray.ExE (Microsoft Corporation)
TCASUTIEXE - c:\windows\SYSTEM\TCAUDIAG.EXE (3Com Corporation)
POINTER - C:\PROGRA~1\MSHARD~1\point32.exe ()
LoadPowerProfile - c:\windows\Rundll32.exe (Microsoft Corporation)
WorksFUD - c:\Program Files\Microsoft Works\wkfud.exe ()
Microsoft Works Portfolio - c:\Program Files\Microsoft Works\WksSb.exe ()
Microsoft Works Update Detection - c:\Program Files\Microsoft Works\WkDetect.exe ()
BLUBSTER - C:\PROGRAM FILES\BLUBSTER\BLUBSTER.exe ()
QuickTime Task - C:\WINDOWS\SYSTEM\QTTASK.EXE ()
Outpost Firewall - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe (Agnitum Ltd.)
OutpostFeedBack - C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
AVG7_CC - C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE (GRISOFT, s.r.o.)
AVG7_EMC - C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE (GRISOFT, s.r.o.)
AVG7_AMSVR - C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE (GRISOFT, s.r.o.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
MSFS Installed = 1
MAPI Installed = 1
IMAIL Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
AutoShutdown - C:\WINDOWS\pssvc.exe (Dell Computer Corporation)
LoadPowerProfile - c:\windows\Rundll32.exe (Microsoft Corporation)
SchedulingAgent - c:\windows\SYSTEM\mstask.exe (Microsoft Corporation)
Outpost Firewall - C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\outpost.exe (Agnitum Ltd.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Taskbar Display Controls - RunDLL deskcp16.dll ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\WINDOWS\Start Menu\Programs\StartUp\SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\FunWebProducts -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = C:\WINDOWS\SYSTEM\BROWSEUI.DLL (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = C:\WINDOWS\SYSTEM\BROWSEUI.DLL (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

>>> DNS Name Servers <<<
Adapters:
Dial-Up Adapter
3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)
3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)
Name Server:

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - cc:\windows\SYSTEM\mswsosp.dll ()
\000000000002\\PackedCatalogItem - cc:\windows\SYSTEM\mswsosp.dll ()
\000000000003\\PackedCatalogItem - cc:\windows\SYSTEM\mswsosp.dll ()
\000000000004\\PackedCatalogItem - cc:\windows\SYSTEM\mswsosp.dll ()
\000000000005\\PackedCatalogItem - cc:\windows\SYSTEM\msafd.dll ()
\000000000006\\PackedCatalogItem - cc:\windows\SYSTEM\msafd.dll ()
\000000000007\\PackedCatalogItem - cc:\windows\SYSTEM\msafd.dll ()
\000000000008\\PackedCatalogItem - cc:\windows\SYSTEM\rsvpsp.dll ()
\000000000009\\PackedCatalogItem - cc:\windows\SYSTEM\rsvpsp.dll ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - c:\windows\SYSTEM\rnr20.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\msdaipp - ()
\ipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  • 0

#14
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hello Angelia,

That looks clean still having issues ?
  • 0

#15
Angelia

Angelia

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 556 posts
Yes Sir I'm still having the same issues.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP