Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Lots of pop-ups[RESOLVED]


  • This topic is locked This topic is locked

#1
Trippster

Trippster

    Member

  • Member
  • PipPipPip
  • 356 posts
Well i dont know whats wrong but i get like 20pop-ups in like 30mins.

I have bearshare but i get them whether its installed or not. Most are loadingwebsite.com heres my hjt log


Logfile of HijackThis v1.99.1
Scan saved at 7:52:59 PM, on 5/26/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\VERIZON ONLINE\WINPOET\WINPPPOVERETHERNET.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\PC\LUKE\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Verizon Online\WinPoET\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Verizon Online\WinPoET\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 69.50.166.12 www.go.com
O1 - Hosts: 69.50.166.12 go.com
O1 - Hosts: 69.50.166.13 astalavista.com
O1 - Hosts: 69.50.166.13 www.astalavista.com
O1 - Hosts: 69.50.166.13 astalavista.box.sk
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....007/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15008/CTPID.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab

Edited by Trippster, 26 May 2005 - 06:00 PM.

  • 0

Advertisements


#2
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Trippster,

Hello, and welcome to the GeekstoGo Forums. My name is Jfcap,and I will be helping you clean your system. I would like to start off by apologizing in the delay in our response time. we try not to let posts slip through the cracks, but things do happen due the the ammount of posts on our website, so again I apologize.

You may wish to print out a copy of these instructions, for reference, in case we need to restart your system.

Your HiJackThis log does not look to bad, but we will see what we can do about the popups.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Verizon Online\WinPoET\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Verizon Online\WinPoET\blank.htm

Now close all windows other than HiJackThis, then click Fix Checked.
After that, Reboot.

Then, please post a new HiJackThis log for me to look at.
  • 0

#3
Trippster

Trippster

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 356 posts
Ok did that here you go.


Logfile of HijackThis v1.99.1
Scan saved at 10:39:48 PM, on 5/31/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\VERIZON ONLINE\WINPOET\WINPPPOVERETHERNET.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\PC\LUKE\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 69.50.166.12 www.go.com
O1 - Hosts: 69.50.166.12 go.com
O1 - Hosts: 69.50.166.13 astalavista.com
O1 - Hosts: 69.50.166.13 www.astalavista.com
O1 - Hosts: 69.50.166.13 astalavista.box.sk
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....007/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15008/CTPID.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
  • 0

#4
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Your log looks better.

How are the pop ups now?
  • 0

#5
Trippster

Trippster

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 356 posts
Still coming, ive done ad-aware scans, housecall, spybot, but they arent seeming to do much.
  • 0

#6
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Trippster,

Open HiJackThis and scan you computer.

Place a check mark next to the following

O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab


Now close all windows except HiJackThis and select Fix Checked.

Now reboot.

Open up control panel, and then Add/Remove Programs.

Look through the list of programs and tell me if you see any programs that you do not know what they do, or if the names look suspicious.
  • 0

#7
Trippster

Trippster

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 356 posts
Ok did that, now heres the programs i dont know what they do or look suspicious.


-BullGuard
-IMwire
-Shizmoo Web Games (Uproar)
-Secure Delivery
  • 0

#8
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Trippster,

Do you by any chance have Kazaa installed on your computer?

The programs you listed below are nothing super bad, but two I would consider removing.

IMwire - This is a safesurfer parasite variant, which is bacially a keylogger.
BullGuard - This is an antivirus software, firewall and p2p client in one. It comes with certain versions of Kazaa.

The above programs are up to you in terms of uninstalling. I am not sure that they will remove your popups.

Kazaa is known to plant some spyware on your system, so if you have it, I would consider removing it from your system.
  • 0

#9
Trippster

Trippster

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 356 posts
No i do not have kazaa on my pc. I have bearshare, but ive had pop-ups before i got it. idk what causes loadingwebsite.com pop-ups but those come up very often.
  • 0

#10
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
  • 0

Advertisements


#11
Trippster

Trippster

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 356 posts
I have windows 98se so i cant use it.
  • 0

#12
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Ahh crap your right sorry.

Give me a bit and ill get another fix up for you.
  • 0

#13
Trippster

Trippster

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 356 posts
heh no problem.
  • 0

#14
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Download the following file:

http://castlecops.co.../FindIt9xME.zip

and unzip the contents to a folder. When it has unzipped, open that folder and double click on Find.bat. It will run for a while, so be patient, and then produce a log (ignore any File not found messages on the screen, it should continue anyway).

Please copy and paste that log here.

From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the files will have changed and the fix provided will not work.
  • 0

#15
Trippster

Trippster

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 356 posts
Ok here you go.




------- System Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3939-1903
Directory of C:\WINDOWS\SYSTEM

DHIMAN32 DLL 226,592 05-10-05 5:14p DHIMAN32.DLL
JLPROXY DLL 226,592 05-10-05 5:14p jlproxy.dll
WQHCON DLL 226,592 05-10-05 5:14p wqhcon.dll
TKAPI DLL 226,592 05-10-05 5:14p TKAPI.DLL
PJD DLL 226,592 05-10-05 5:14p PJD.DLL
QXDIT DLL 226,592 05-10-05 5:14p qxdit.dll
OHSLB400 DLL 226,592 05-10-05 5:14p OHSLB400.DLL
QKDIT DLL 226,592 05-10-05 5:14p qkdit.dll
WFNMM DLL 226,592 05-10-05 5:14p WFNMM.DLL
CORDS DLL 226,592 05-10-05 5:14p CORDS.DLL
RAOCURS DLL 226,592 05-10-05 5:14p RAOCURS.DLL
MSR DLL 226,592 05-10-05 5:14p MSR.DLL
PGBASE DLL 227,104 04-23-05 10:34p PGBASE.DLL
DADPMESH DLL 227,104 04-23-05 10:34p DADPMESH.DLL
AK3API DLL 227,104 04-23-05 10:34p AK3API.DLL
WIBCHECK DLL 227,104 04-23-05 10:34p WIBCHECK.DLL
OPE2 DLL 227,104 04-23-05 10:34p OPE2.DLL
VVRSION DLL 227,104 04-23-05 10:34p VVRSION.DLL
DIDIM DLL 227,104 04-23-05 10:34p DIDIM.DLL
PYPWPROP DLL 227,104 04-23-05 10:34p PYPWPROP.DLL
MJC71 DLL 227,104 04-23-05 10:34p mjc71.dll
CBRTC DLL 227,104 04-23-05 10:34p cbrtc.dll
EEENU DLL 227,104 04-23-05 10:34p eeenu.dll
CTMMCTRL DLL 227,104 04-23-05 10:34p CTMMCTRL.DLL
MVLS2 DLL 227,104 04-23-05 10:34p mvls2.dll
MASIP32 DLL 227,104 04-23-05 10:34p MASIP32.DLL
MVVIDC32 DLL 227,104 04-23-05 10:34p MVVIDC32.DLL
SLELL DLL 227,104 04-23-05 10:34p SLELL.DLL
KGYGAAVL SYS 1,682 11-24-04 3:00a KGyGaAvL.sys
D55526~1 SYS 56 11-24-04 3:00a D55526893A.sys
30 file(s) 6,354,506 bytes
0 dir(s) 11,812.95 MB free

------- Hidden Files in System Directory -------


Volume in drive C has no label
Volume Serial Number is 3939-1903
Directory of C:\WINDOWS\SYSTEM

KGYGAAVL SYS 1,682 11-24-04 3:00a KGyGaAvL.sys
D55526~1 SYS 56 11-24-04 3:00a D55526893A.sys
FOLDER HTT 13,122 10-12-04 6:08p folder.htt
DESKTOP INI 266 10-12-04 6:08p desktop.ini
4 file(s) 15,126 bytes
0 dir(s) 11,812.94 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{979865C0-8385-F0C1-472E-63B48B96D6B5}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
pgbase.dll Sat Apr 23 2005 10:34:24p ..S.R 227,104 221.78 K
dadpmesh.dll Sat Apr 23 2005 10:34:24p ..S.R 227,104 221.78 K
ak3api.dll Sat Apr 23 2005 10:34:24p ..S.R 227,104 221.78 K
wibcheck.dll Sat Apr 23 2005 10:34:24p ..S.R 227,104 221.78 K
ope2.dll Sat Apr 23 2005 10:34:24p ..S.R 227,104 221.78 K
vvrsion.dll Sat Apr 23 2005 10:34:24p ..S.R 227,104 221.78 K
didim.dll Sat Apr 23 2005 10:34:24p ..S.R 227,104 221.78 K
pypwprop.dll Sat Apr 23 2005 10:34:24p ..S.R 227,104 221.78 K
dhiman32.dll Tue May 10 2005 5:14:00p ..S.R 226,592 221.28 K
mjc71.dll Sat Apr 23 2005 10:34:24p ..S.R 227,104 221.78 K
cbrtc.dll Sat Apr 23 2005 10:34:24p ..S.R 227,104 221.78 K
eeenu.dll Sat Apr 23 2005 10:34:24p ..S.R 227,104 221.78 K
jlproxy.dll Tue May 10 2005 5:14:00p ..S.R 226,592 221.28 K
wqhcon.dll Tue May 10 2005 5:14:00p ..S.R 226,592 221.28 K
tkapi.dll Tue May 10 2005 5:14:00p ..S.R 226,592 221.28 K
pjd.dll Tue May 10 2005 5:14:00p ..S.R 226,592 221.28 K
qxdit.dll Tue May 10 2005 5:14:00p ..S.R 226,592 221.28 K
ctmmctrl.dll Sat Apr 23 2005 10:34:24p ..S.R 227,104 221.78 K
mvls2.dll Sat Apr 23 2005 10:34:24p ..S.R 227,104 221.78 K
masip32.dll Sat Apr 23 2005 10:34:24p ..S.R 227,104 221.78 K
mvvidc32.dll Sat Apr 23 2005 10:34:24p ..S.R 227,104 221.78 K
slell.dll Sat Apr 23 2005 10:34:24p ..S.R 227,104 221.78 K
ohslb400.dll Tue May 10 2005 5:14:00p ..S.R 226,592 221.28 K
qkdit.dll Tue May 10 2005 5:14:00p ..S.R 226,592 221.28 K
wfnmm.dll Tue May 10 2005 5:14:00p ..S.R 226,592 221.28 K
cords.dll Tue May 10 2005 5:14:00p ..S.R 226,592 221.28 K
raocurs.dll Tue May 10 2005 5:14:00p ..S.R 226,592 221.28 K
msr.dll Tue May 10 2005 5:14:00p ..S.R 226,592 221.28 K

28 items found: 28 files, 0 directories.
Total of file sizes: 6,352,768 bytes 6.05 M

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\VPTNFILE.637: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.637: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.637: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.637: TROJ_QOOLOGIC.A
C:\WINDOWS\LPT$VPN.637: TROJ_QOOLOGIC.G
C:\WINDOWS\LPT$VPN.637: TROJ_QOOLOGIC.C
C:\WINDOWS\LPT$VPN.637: TROJ_QOOLOGIC.B
C:\WINDOWS\LPT$VPN.637: TROJ_QOOLOGIC.A
C:\WINDOWS\hosts: 127.0.0.1 www.qoologic.com

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime"
"a-winpoet-service"="\"C:\\Program Files\\Verizon Online\\WinPoET\\winpppoverethernet.exe\""
"POINTER"="C:\\Program Files\\Microsoft Hardware\\Mouse\\point32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP