Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aurora Aftermath -- Remnants Remain Pls Help [RESOLVED]


  • This topic is locked This topic is locked

#31
Mike S.

Mike S.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
One more thing to ponder :tazz:
On startup I do not get any start buttons or systray or desktop icons. It boots straight into the My Documents folder. My desktop sky backround is there, however.

Then I get this message: in a Run DLL Blue Box
An exception occurred while trying to run C:\windows\System32\whhbth.dll", Dllgetusers

One more P.S. - As I said above, this is a kids computer with nothing that can't be lost on it really. So if doing a whol start from scratch is the best option it really is not that big a deal. But I'd need instructions of that too!

Thanks.
  • 0

Advertisements


#32
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Download pv.zip, and unzip it to your desktop.
It will not work if you run it from inside the zip.
Open the pv folder and double-click "runme.bat". A DOS box will open.

Type:

1

hit Enter.

A Notepad will open with text in it. Copy everything in the notepad. Then type E the hit Enter to exit.

Paste the contents of the notepad here for me.

Edited by bananafanafo, 07 July 2005 - 03:12 AM.

  • 0

#33
Mike S.

Mike S.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Here you go. I'll be back around 9. THanks.


Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Explorer
ntdll.dll 7c900000 720896 C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT Layer DLL
kernel32.dll 7c800000 999424 C:\WINDOWS\system32\kernel32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Procedure Call Runtime
GDI32.dll 77f10000 286720 C:\WINDOWS\system32\GDI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDI Client DLL
USER32.dll 77d40000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519) Windows XP USER API Client DLL
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.2668 (xpsp_sp2_gdr.050430-1553) Shell Light-weight Utility Library
SHELL32.dll 7c9c0000 8470528 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) Windows Shell Common Dll
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2595 (xpsp_sp2_gdr.041130-1729) Microsoft OLE for Windows
OLEAUT32.dll 77120000 573440 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.2180
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.2668 (xpsp_sp2_gdr.050430-1553) Shell Browser UI Library
SHDOCVW.dll 77760000 1490944 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.2668 (xpsp_sp2_gdr.050430-1553) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust UI Provider
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Win32 API DLL
WININET.dll 771b0000 679936 C:\WINDOWS\system32\WININET.dll 6.00.2900.2668 (xpsp_sp2_gdr.050430-1553) Internet Extensions for Win32
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
comctl32.dll 773d0000 1056768 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 6.0 (xpsp_sp2_rtm.040803-2158) User Experience Controls Library
comctl32.dll 5d090000 618496 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp_sp2_rtm.040803-2158) Common Controls Library
OLEACC.DLL 74c80000 180224 C:\WINDOWS\system32\OLEACC.DLL 4.2.5406.0 (xpclient.010817-1148) Active Accessibility Core Component
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft ® C++ Runtime Library
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
DNSAPI.dll 76f20000 159744 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) DNS Client API DLL
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.258
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Security Support Provider Interface
xpsp2res.dll 20000000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
urlmon.dll 77260000 647168 C:\WINDOWS\system32\urlmon.dll 6.00.2900.2668 (xpsp_sp2_gdr.050430-1553) OLE32 Extensions for Win32
wsock32.dll 71ad0000 36864 C:\WINDOWS\system32\wsock32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 32-Bit DLL
browselc.dll e20000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Browser UI Library
actxprxy.dll 71d40000 114688 C:\WINDOWS\System32\actxprxy.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ActiveX Interface Marshaling Library
NavShExt.dll 10000000 114688 C:\Program Files\Norton AntiVirus\NavShExt.dll 9.05.15 Norton AntiVirusNAVShellExt Module
ccTrust.dll f10000 106496 C:\WINDOWS\system32\ccTrust.dll 1.01.08 Common Client ccTrust
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Offline Network Agent
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows DirectUser Engine
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shell extensions for sharing
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Volume Tracking
shdoclc.dll 1570000 557056 C:\WINDOWS\system32\shdoclc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Doc Object and Control Library
RASAPI32.DLL 76ee0000 245760 C:\WINDOWS\system32\RASAPI32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\system32\rasman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Windows™ Telephony API Client DLL
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Routing Utilities
msv1_0.dll 77c70000 143360 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Authentication Package v1.0
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) IP Helper API
sensapi.dll 722b0000 20480 C:\WINDOWS\system32\sensapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SENS Connectivity API DLL
shellhook.dll 1190000 53248 C:\Program Files\ewido\security suite\shellhook.dll
MSVCR71.dll 7c340000 352256 C:\WINDOWS\system32\MSVCR71.dll 7.10.3052.4 Microsoft® C Runtime Library
mswsock.dll 71a50000 258048 C:\WINDOWS\System32\mswsock.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Windows Sockets 2.0 Service Provider
rasadhlp.dll 76fc0000 24576 C:\WINDOWS\system32\rasadhlp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access AutoDial Helper
hnetcfg.dll 662b0000 360448 C:\WINDOWS\system32\hnetcfg.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Home Networking Configuration Manager
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Sockets Helper DLL
msi.dll 745e0000 2908160 C:\WINDOWS\system32\msi.dll 3.1.4000.2435 Windows Installer
SXS.DLL 75e90000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Fusion 2.5
winrnr.dll 76fb0000 32768 C:\WINDOWS\System32\winrnr.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) LDAP RnR Provider DLL
zipfldr.dll 73380000 356352 C:\WINDOWS\System32\zipfldr.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Compressed (zipped) Folders
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDIEXT Client DLL
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Multi Language Support DLL
wuapi.dll 506a0000 471040 C:\WINDOWS\system32\wuapi.dll 5.8.0.2469 built by: lab01_n(wmbla) Windows Update Client API
sfc_os.dll 76c60000 172032 C:\WINDOWS\system32\sfc_os.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows File Protection
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
MSISIP.DLL 60980000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4000.1823 MSI Signature SIP Provider
wshext.dll 74ea0000 65536 C:\WINDOWS\System32\wshext.dll 5.6.0.8820 Microsoft ® Shell Extension for Windows Script Host
MFC42.DLL 73dd0000 1040384 C:\WINDOWS\system32\MFC42.DLL 6.02.4131.0 MFCDLL Shared Library - Retail Version
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Common Dialogs DLL
  • 0

#34
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Open Task Manager, click on New Task, then click Browse. Browse to:

C:\Windows\System32

Inside the system32 folder look to see if this file exists:

whhbth.dll

Let me know whether or not it's there.

Then, please so this:

Open the pv folder and double-click "runme.bat". A DOS box will open.

Type:

5

hit Enter.

A Notepad will open with text in it. Copy everything in the notepad. Then type E the hit Enter to exit.

Paste the contents of the notepad here for me.
  • 0

#35
Mike S.

Mike S.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Banana -- The file you asked about is definately NOT there. Now is that good or bad?

Here is the log you asked for.....Thanks again. Please help me! :tazz:




Module information for 'winlogon.exe'
MODULE BASE SIZE PATH
winlogon.exe 1000000 524288 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Logon Application
ntdll.dll 7c900000 720896 C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT Layer DLL
kernel32.dll 7c800000 999424 C:\WINDOWS\system32\kernel32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Procedure Call Runtime
AUTHZ.dll 776c0000 69632 C:\WINDOWS\system32\AUTHZ.dll 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519) Authorization Framework
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
USER32.dll 77d40000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519) Windows XP USER API Client DLL
GDI32.dll 77f10000 286720 C:\WINDOWS\system32\GDI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDI Client DLL
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs
NDdeApi.dll 75940000 32768 C:\WINDOWS\system32\NDdeApi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Network DDE Share Management APIs
PROFMAP.dll 75930000 40960 C:\WINDOWS\system32\PROFMAP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Win32 API DLL
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
PSAPI.DLL 76bf0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Process Status Helper
REGAPI.dll 76bc0000 61440 C:\WINDOWS\system32\REGAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Registry Configuration APIs
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Security Support Provider Interface
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
MSGINA.dll 75970000 1011712 C:\WINDOWS\system32\MSGINA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Logon GINA DLL
SHELL32.dll 7c9c0000 8470528 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.2668 (xpsp_sp2_gdr.050430-1553) Shell Light-weight Utility Library
COMCTL32.dll 5d090000 618496 C:\WINDOWS\system32\COMCTL32.dll 5.82 (xpsp_sp2_rtm.040803-2158) Common Controls Library
ODBC32.dll 74320000 249856 C:\WINDOWS\system32\ODBC32.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Driver Manager
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Common Dialogs DLL
comctl32.dll 773d0000 1056768 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 6.0 (xpsp_sp2_rtm.040803-2158) User Experience Controls Library
odbcint.dll 20000000 94208 C:\WINDOWS\system32\odbcint.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Resources
SHSVCS.dll 776e0000 143360 C:\WINDOWS\system32\SHSVCS.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Shell Services Dll
sfc.dll 76bb0000 20480 C:\WINDOWS\system32\sfc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows File Protection
sfc_os.dll 76c60000 172032 C:\WINDOWS\system32\sfc_os.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows File Protection
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2595 (xpsp_sp2_gdr.041130-1729) Microsoft OLE for Windows
Apphelp.dll 77b40000 139264 C:\WINDOWS\system32\Apphelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
sxs.dll 75e90000 720896 C:\WINDOWS\system32\sxs.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Fusion 2.5
WINSCARD.DLL 723d0000 114688 C:\WINDOWS\system32\WINSCARD.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Smart Card API
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Terminal Server SDK APIs
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
uxtheme.dll 5ad70000 229376 C:\WINDOWS\system32\uxtheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
cscdll.dll 76600000 118784 C:\WINDOWS\system32\cscdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Offline Network Agent
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
WlNotify.dll 75950000 106496 C:\WINDOWS\system32\WlNotify.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Common DLL to receive Winlogon notifications
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Spooler Driver
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Multiple Provider Router DLL
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
msv1_0.dll 77c70000 143360 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Authentication Package v1.0
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) IP Helper API
mwconf.dll 12a0000 438272 C:\WINDOWS\system32\mwconf.dll
WININET.dll 771b0000 679936 C:\WINDOWS\system32\WININET.dll 6.00.2900.2668 (xpsp_sp2_gdr.050430-1553) Internet Extensions for Win32
OLEAUT32.dll 77120000 573440 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.2180
oledlg.dll 74d30000 131072 C:\WINDOWS\system32\oledlg.dll 1.0 (XPClient.010817-1148) Microsoft Windows™ OLE 2.0 User Interface Support
urlmon.dll 77260000 647168 C:\WINDOWS\system32\urlmon.dll 6.00.2900.2668 (xpsp_sp2_gdr.050430-1553) OLE32 Extensions for Win32
cscui.dll 77a20000 344064 C:\WINDOWS\system32\cscui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Client Side Caching UI
MPRAPI.dll 76d40000 98304 C:\WINDOWS\system32\MPRAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT MP Router Administration DLL
ACTIVEDS.dll 77cc0000 204800 C:\WINDOWS\system32\ACTIVEDS.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ADs Router Layer DLL
adsldpc.dll 76e10000 151552 C:\WINDOWS\system32\adsldpc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ADs LDAP Provider C DLL
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Routing Utilities
RASAPI32.DLL 76ee0000 245760 C:\WINDOWS\system32\RASAPI32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\system32\rasman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Windows™ Telephony API Client DLL
mswsock.dll 71a50000 258048 C:\WINDOWS\system32\mswsock.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Windows Sockets 2.0 Service Provider
hnetcfg.dll 662b0000 360448 C:\WINDOWS\system32\hnetcfg.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Home Networking Configuration Manager
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Sockets Helper DLL
DNSAPI.dll 76f20000 159744 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) DNS Client API DLL
winrnr.dll 76fb0000 32768 C:\WINDOWS\System32\winrnr.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) LDAP RnR Provider DLL
rasadhlp.dll 76fc0000 24576 C:\WINDOWS\system32\rasadhlp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access AutoDial Helper
xpsp2res.dll 1870000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT MARTA provider
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft MIDI Mapper
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.258
Cabinet.dll 75150000 81920 C:\WINDOWS\system32\Cabinet.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Cabinet File API
  • 0

#36
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
It seems your computer is trying to load a file that isn't there. I don't know that this will help anything, but let's try it anyway. :tazz:

Please download this file (it's a zero byte file with the same name - it's not malicious, I promise!): [attachment=2121:attachment]

Unzip it to your desktop, then go into the folder and right-click whhbth.dll and choose copy. Go into C:\windows\system32 folder and paste. Then right-click on the file and under the general tab it might say the file is being blocked to protect your computer - if it does click "unblock".

Reboot your computer.
  • 0

#37
Mike S.

Mike S.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Tried all that. No worky!

Same problem - no desktop or startup icons.
  • 0

#38
Mike S.

Mike S.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hey fo -

Got the Startup thing resolved. I ran spyware doctor on it and rebooted and the desktop and start menu was back.

Go figure.

What's next? :tazz:
  • 0

#39
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Is there anyway to retrieve the log from when you ran Spyware Doctor?? I would really like to know what caused this - apparently there was some file present that Spyware Doctor deleted.

Will you post a new HiJackThis log for me :tazz:
  • 0

#40
Mike S.

Mike S.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Stand By --looking for log. HJT on the way as well. I thought you might ask so I think I told it to make a log. Give me 5 minutes.
  • 0

Advertisements


#41
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ok, thanks! That would be great! :tazz:
  • 0

#42
Mike S.

Mike S.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Looking for SWD log. Here is HJT!!

Logfile of HijackThis v1.99.1
Scan saved at 4:00:28 PM, on 7/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Cas\Client\casclient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahooligans.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O5 "LPT1:" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Backgammon - http://download.game...nts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.game...ts/y/cct0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.game...ts/y/sdt1_x.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\mwconf.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0

#43
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I appreciate it :tazz:

I will take a look at your log and be back as soon as possible ;)
  • 0

#44
Mike S.

Mike S.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
:tazz:

Spyware Doctor Activity Report
Generated on 7/10/2005 2:00:42 PM Spyware Doctor Homepage PC Tools Homepage Technical Support


Scans (basic information only):

Scan Results:
scan start: 7/10/2005 2:01:15 PM
scan stop: 7/10/2005 2:06:59 PM
scanned items: 54918
found items: 292
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Disk Scanner



Infection Name Location Risk
Transponder.Bolger multiple High
Trojan.Drsnsrch multiple High
BrAid.Rundll16 HKCU\Software\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB Medium
BrAid.Rundll16 HKCU\Software\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB## Medium
BrAid.Rundll16 HKCU\Software\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB##upt Medium
BrAid.Rundll16 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##A70F6A1D-0195-42a2-934C-D8AC0F7C08EB Medium
BrAid.Stlb2 HKLM\Software\Microsoft\Windows\CurrentVersion\Run##{12EE7A5E-0674-42f9-A76B-000000004D00} Medium
Common Components for BrowserAid HKCR\_ATL_GENERATED.SearchToolbarBHO.1 Medium
Common Components for BrowserAid HKCR\_ATL_GENERATED.SearchToolbarBHO.1## Medium
Common Components for BrowserAid HKCR\_ATL_GENERATED.SearchToolbarBHO.1\CLSID Medium
Common Components for BrowserAid HKCR\_ATL_GENERATED.SearchToolbarBHO.1\CLSID## Medium
Common Components for BrowserAid HKCR\_ATL_GENERATED.SearchToolbarName.1 Medium
Common Components for BrowserAid HKCR\_ATL_GENERATED.SearchToolbarName.1## Medium
Common Components for BrowserAid HKCR\_ATL_GENERATED.SearchToolbarName.1\CLSID Medium
Common Components for BrowserAid HKCR\_ATL_GENERATED.SearchToolbarName.1\CLSID## Medium
Common Components for Transponders HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 High
Common Components for Transponders HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1## High
Common Components for Transponders HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1##UninstallString High
Common Components for Transponders HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1##DisplayName High
Common Components for Transponders HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1##URLInfoAbout High
Common Components for Transponders HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1##Publisher High
Common Components for Transponders HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1##HelpLink High
Common Components for Transponders HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1##Contact High
Common Components for WindUpdates HKCR\AppID\{735C5A0C-F79F-47A1-8CA1-2A2E482662A8} Medium
Common Components for WindUpdates HKCR\AppID\{735C5A0C-F79F-47A1-8CA1-2A2E482662A8}## Medium
Common Components for WindUpdates HKCR\AppID\LoaderX.EXE Medium
Common Components for WindUpdates HKCR\AppID\LoaderX.EXE## Medium
Common Components for WindUpdates HKCR\AppID\LoaderX.EXE##AppID Medium
Common Components for WindUpdates HKCR\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9} Medium
Common Components for WindUpdates HKCR\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}## Medium
Common Components for WindUpdates HKCR\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\ProxyStubClsid Medium
Common Components for WindUpdates HKCR\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\ProxyStubClsid## Medium
Common Components for WindUpdates HKCR\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\ProxyStubClsid32 Medium
Common Components for WindUpdates HKCR\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\ProxyStubClsid32## Medium
Common Components for WindUpdates HKCR\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\TypeLib Medium
Common Components for WindUpdates HKCR\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\TypeLib## Medium
Common Components for WindUpdates HKCR\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\TypeLib##Version Medium
Common Components for WindUpdates HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7} Medium
Common Components for WindUpdates HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}## Medium
Common Components for WindUpdates HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0 Medium
Common Components for WindUpdates HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0## Medium
Common Components for WindUpdates HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\0 Medium
Common Components for WindUpdates HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\0## Medium
Common Components for WindUpdates HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\0\win32 Medium
Common Components for WindUpdates HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\0\win32## Medium
Common Components for WindUpdates HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\FLAGS Medium
Common Components for WindUpdates HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\FLAGS## Medium
Common Components for WindUpdates HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\HELPDIR Medium
Common Components for WindUpdates HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\HELPDIR## Medium
IEPlugin HKCR\IMIToolbar.BottomFrame.1 Medium
IEPlugin HKCR\IMIToolbar.BottomFrame.1## Medium
IEPlugin HKCR\IMIToolbar.BottomFrame.1\CLSID Medium
IEPlugin HKCR\IMIToolbar.BottomFrame.1\CLSID## Medium
IEPlugin HKCR\IMIToolbar.LeftFrame.1 Medium
IEPlugin HKCR\IMIToolbar.LeftFrame.1## Medium
IEPlugin HKCR\IMIToolbar.LeftFrame.1\CLSID Medium
IEPlugin HKCR\IMIToolbar.LeftFrame.1\CLSID## Medium
IEPlugin HKCR\IMIToolbar.PopupBrowser.1 Medium
IEPlugin HKCR\IMIToolbar.PopupBrowser.1## Medium
IEPlugin HKCR\IMIToolbar.PopupBrowser.1\CLSID Medium
IEPlugin HKCR\IMIToolbar.PopupBrowser.1\CLSID## Medium
IEPlugin HKCR\IMIToolbar.PopupWindow.1 Medium
IEPlugin HKCR\IMIToolbar.PopupWindow.1## Medium
IEPlugin HKCR\IMIToolbar.PopupWindow.1\CLSID Medium
IEPlugin HKCR\IMIToolbar.PopupWindow.1\CLSID## Medium
IEPlugin HKCR\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7} Medium
IEPlugin HKCR\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}## Medium
IEPlugin HKCR\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}\ProxyStubClsid Medium
IEPlugin HKCR\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}\ProxyStubClsid## Medium
IEPlugin HKCR\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}\ProxyStubClsid32 Medium
IEPlugin HKCR\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}\ProxyStubClsid32## Medium
IEPlugin HKCR\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}\TypeLib Medium
IEPlugin HKCR\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}\TypeLib## Medium
IEPlugin HKCR\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}\TypeLib##Version Medium
IEPlugin HKCR\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64} Medium
IEPlugin HKCR\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}## Medium
IEPlugin HKCR\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}\ProxyStubClsid Medium
IEPlugin HKCR\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}\ProxyStubClsid## Medium
IEPlugin HKCR\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}\ProxyStubClsid32 Medium
IEPlugin HKCR\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}\ProxyStubClsid32## Medium
IEPlugin HKCR\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}\TypeLib Medium
IEPlugin HKCR\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}\TypeLib## Medium
IEPlugin HKCR\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}\TypeLib##Version Medium
IEPlugin HKCR\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0} Medium
IEPlugin HKCR\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}## Medium
IEPlugin HKCR\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}\ProxyStubClsid Medium
IEPlugin HKCR\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}\ProxyStubClsid## Medium
IEPlugin HKCR\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}\ProxyStubClsid32 Medium
IEPlugin HKCR\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}\ProxyStubClsid32## Medium
IEPlugin HKCR\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}\TypeLib Medium
IEPlugin HKCR\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}\TypeLib## Medium
IEPlugin HKCR\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}\TypeLib##Version Medium
IEPlugin HKCR\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649} Medium
IEPlugin HKCR\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}## Medium
IEPlugin HKCR\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}\ProxyStubClsid Medium
IEPlugin HKCR\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}\ProxyStubClsid## Medium
IEPlugin HKCR\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}\ProxyStubClsid32 Medium
IEPlugin HKCR\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}\ProxyStubClsid32## Medium
IEPlugin HKCR\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}\TypeLib Medium
IEPlugin HKCR\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}\TypeLib## Medium
IEPlugin HKCR\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}\TypeLib##Version Medium
IEPlugin HKCR\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52} Medium
IEPlugin HKCR\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}## Medium
IEPlugin HKCR\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}\ProxyStubClsid Medium
IEPlugin HKCR\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}\ProxyStubClsid## Medium
IEPlugin HKCR\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}\ProxyStubClsid32 Medium
IEPlugin HKCR\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}\ProxyStubClsid32## Medium
IEPlugin HKCR\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}\TypeLib Medium
IEPlugin HKCR\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}\TypeLib## Medium
IEPlugin HKCR\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}\TypeLib##Version Medium
IEPlugin HKCR\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582} Medium
IEPlugin HKCR\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}## Medium
IEPlugin HKCR\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\ProxyStubClsid Medium
IEPlugin HKCR\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\ProxyStubClsid## Medium
IEPlugin HKCR\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\ProxyStubClsid32 Medium
IEPlugin HKCR\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\ProxyStubClsid32## Medium
IEPlugin HKCR\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\TypeLib Medium
IEPlugin HKCR\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\TypeLib## Medium
IEPlugin HKCR\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\TypeLib##Version Medium
IEPlugin HKCR\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9} Medium
IEPlugin HKCR\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}## Medium
IEPlugin HKCR\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0 Medium
IEPlugin HKCR\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0## Medium
IEPlugin HKCR\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\0 Medium
IEPlugin HKCR\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\0## Medium
IEPlugin HKCR\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\0\win32 Medium
IEPlugin HKCR\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\0\win32## Medium
IEPlugin HKCR\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\FLAGS Medium
IEPlugin HKCR\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\FLAGS## Medium
IEPlugin HKCR\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\HELPDIR Medium
IEPlugin HKCR\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\HELPDIR## Medium
IEPlugin HKCR\Wbho.Band.1 Medium
IEPlugin HKCR\Wbho.Band.1## Medium
IEPlugin HKCR\Wbho.Band.1\CLSID Medium
IEPlugin HKCR\Wbho.Band.1\CLSID## Medium
IEPlugin HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run##Win Server Updt Medium
Media Access HKLM\SOFTWARE\Media Access Medium
Media Access HKLM\SOFTWARE\Media Access## Medium
Media Access HKLM\SOFTWARE\Media Access##param Medium
Media Access HKLM\SOFTWARE\Media Access##track Medium
Media Access HKLM\SOFTWARE\Media Access##LastUpdate Medium
Media Access HKLM\SOFTWARE\Media Access##reqcount Medium
Media Access HKLM\SOFTWARE\Media Access##DownloadPath Medium
Media Access HKLM\SOFTWARE\Media Access##Language Medium
Media Access HKLM\SOFTWARE\Media Access##SoftwareTable Medium
Media Access HKLM\SOFTWARE\Media Access##Request Medium
Media Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Access Medium
Media Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Access## Medium
Media Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Access##UninstallString Medium
Media Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Access##DisplayName Medium
Transponder.Bolger HKCU\Software\aurora High
Transponder.Bolger HKCU\Software\aurora## High
Transponder.Bolger HKCU\Software\aurora##AUI3d5OfSDist High
Transponder.Bolger HKCU\Software\aurora##AUI3d5OfSInst High
Transponder.Bolger HKCU\Software\aurora##AUC3n5trMsgSDisp High
Transponder.Bolger HKCU\Software\aurora##AUs3t5icky1S High
Transponder.Bolger HKCU\Software\aurora##AUs3t5icky2S High
Transponder.Bolger HKCU\Software\aurora##AUs3t5icky3S High
Transponder.Bolger HKCU\Software\aurora##AUs3t5icky4S High
Transponder.Bolger HKCU\Software\aurora##AUC1o3d5eOfSFinalAd High
Transponder.Bolger HKCU\Software\aurora##AUT3i5m7eOfSFinalAd High
Transponder.Bolger HKCU\Software\aurora##AUD3s5tSSEnd High
Transponder.Bolger HKCU\Software\aurora##AU3N5a7tionSCode High
Transponder.Bolger HKCU\Software\aurora##AUP3D5om High
Transponder.Bolger HKCU\Software\aurora##AUT3h5rshSCheckSIn High
Transponder.Bolger HKCU\Software\aurora##AUT3h5rshSMots High
Transponder.Bolger HKCU\Software\aurora##AUM3o5deSSync High
Transponder.Bolger HKCU\Software\aurora##AUI3n5ProgSCab High
Transponder.Bolger HKCU\Software\aurora##AUI3n5ProgSEx High
Transponder.Bolger HKCU\Software\aurora##AUI3n5ProgSLstest High
Transponder.Bolger HKCU\Software\aurora##AUB3D5om High
Transponder.Bolger HKCU\Software\aurora##AUE3v5nt High
Transponder.Bolger HKCU\Software\aurora##AUT3h5rshSBath High
Transponder.Bolger HKCU\Software\aurora##AUT3h5rshSysSInf High
Transponder.Bolger HKCU\Software\aurora##AUL3n5Title High
Transponder.Bolger HKCU\Software\aurora##AUC3u5rrentSMode High
Transponder.Bolger HKCU\Software\aurora##AUC3n5tFyl High
Transponder.Bolger HKCU\Software\aurora##AUI3g5noreS High
Transponder.Bolger HKCU\Software\aurora##AUL3a5stSSChckin High
Transponder.Bolger HKCU\Software\aurora##AUS3t5atusOfSInst High
Transponder.Bolger HKLM\SYSTEM\CurrentControlSet\Services\SvcProc High
Transponder.Bolger HKLM\SYSTEM\CurrentControlSet\Services\SvcProc## High
Transponder.Bolger HKLM\SYSTEM\CurrentControlSet\Services\SvcProc##Type High
Transponder.Bolger HKLM\SYSTEM\CurrentControlSet\Services\SvcProc##Start High
Transponder.Bolger HKLM\SYSTEM\CurrentControlSet\Services\SvcProc##ErrorControl High
Transponder.Bolger HKLM\SYSTEM\CurrentControlSet\Services\SvcProc##ImagePath High
Transponder.Bolger HKLM\SYSTEM\CurrentControlSet\Services\SvcProc##DisplayName High
Transponder.Bolger HKLM\SYSTEM\CurrentControlSet\Services\SvcProc##ObjectName High
Transponder.Bolger HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Security High
Transponder.Bolger HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Security## High
Transponder.Bolger HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Security##Security High
Transponder.Bolger HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Enum High
Transponder.Bolger HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Enum## High
Transponder.Bolger HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Enum##0 High
Transponder.Bolger HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Enum##Count High
Transponder.Bolger HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Enum##NextInstance High
Known Bad Sites HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\Main | Search Page High
Known Bad Sites HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\Main | Search Bar High
Known Bad Sites HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\Main | Search Page High
Known Bad Sites HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\Main | Search Bar High
Known Bad Sites HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\Search | CustomizeSearch High
Known Bad Sites HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\Search | SearchAssistant High
Trojan.Drsnsrch HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\Main | Search Page High
Trojan.Drsnsrch HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\Main | Search Bar High
Trojan.Drsnsrch HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\Main | Search Page High
Trojan.Drsnsrch HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\Main | Search Bar High
Trojan.Drsnsrch HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\Search | CustomizeSearch High
Trojan.Drsnsrch HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\Search | SearchAssistant High
BrAid.Stlb2 HKLM\Software\Microsoft\Internet Explorer\Toolbar##{12EE7A5E-0674-42F9-A76B-000000004D00} Medium
Common Components for WindUpdates HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C} Medium
Common Components for WindUpdates HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\Implemented Categories Medium
Common Components for WindUpdates HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Medium
Common Components for WindUpdates HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Medium
Common Components for WindUpdates HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\LocalServer32 Medium
Common Components for WindUpdates HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\ProgID Medium
Common Components for WindUpdates HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\Programmable Medium
Common Components for WindUpdates HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\TypeLib Medium
Common Components for WindUpdates HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\VersionIndependentProgID Medium
Common Components for WindUpdates HKLM\Software\Classes\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C} Medium
Common Components for WindUpdates HKLM\Software\Classes\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\Implemented Categories Medium
Common Components for WindUpdates HKLM\Software\Classes\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Medium
Common Components for WindUpdates HKLM\Software\Classes\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Medium
Common Components for WindUpdates HKLM\Software\Classes\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\LocalServer32 Medium
Common Components for WindUpdates HKLM\Software\Classes\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\ProgID Medium
Common Components for WindUpdates HKLM\Software\Classes\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\Programmable Medium
Common Components for WindUpdates HKLM\Software\Classes\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\TypeLib Medium
Common Components for WindUpdates HKLM\Software\Classes\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\VersionIndependentProgID Medium
IEPlugin HKCR\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A} Medium
IEPlugin HKCR\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\InprocServer32 Medium
IEPlugin HKCR\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\ProgID Medium
IEPlugin HKCR\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\Programmable Medium
IEPlugin HKCR\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\TypeLib Medium
IEPlugin HKCR\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\VersionIndependentProgID Medium
IEPlugin HKLM\Software\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A} Medium
IEPlugin HKLM\Software\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\InprocServer32 Medium
IEPlugin HKLM\Software\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\ProgID Medium
IEPlugin HKLM\Software\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\Programmable Medium
IEPlugin HKLM\Software\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\TypeLib Medium
IEPlugin HKLM\Software\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\VersionIndependentProgID Medium
IEPlugin HKCR\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7} Medium
IEPlugin HKCR\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\InprocServer32 Medium
IEPlugin HKCR\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\ProgID Medium
IEPlugin HKCR\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\Programmable Medium
IEPlugin HKCR\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\TypeLib Medium
IEPlugin HKCR\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\VersionIndependentProgID Medium
IEPlugin HKLM\Software\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7} Medium
IEPlugin HKLM\Software\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\InprocServer32 Medium
IEPlugin HKLM\Software\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\ProgID Medium
IEPlugin HKLM\Software\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\Programmable Medium
IEPlugin HKLM\Software\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\TypeLib Medium
IEPlugin HKLM\Software\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\VersionIndependentProgID Medium
IEPlugin HKCR\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C} Medium
IEPlugin HKCR\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\Implemented Categories Medium
IEPlugin HKCR\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\Implemented Categories\{00021493-0000-0000-C000-000000000046} Medium
IEPlugin HKCR\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\InprocServer32 Medium
IEPlugin HKCR\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\ProgID Medium
IEPlugin HKCR\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\Programmable Medium
IEPlugin HKCR\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\TypeLib Medium
IEPlugin HKCR\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\VersionIndependentProgID Medium
IEPlugin HKLM\Software\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C} Medium
IEPlugin HKLM\Software\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\Implemented Categories Medium
IEPlugin HKLM\Software\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\Implemented Categories\{00021493-0000-0000-C000-000000000046} Medium
IEPlugin HKLM\Software\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\InprocServer32 Medium
IEPlugin HKLM\Software\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\ProgID Medium
IEPlugin HKLM\Software\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\Programmable Medium
IEPlugin HKLM\Software\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\TypeLib Medium
IEPlugin HKLM\Software\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\VersionIndependentProgID Medium
IEPlugin HKCR\CLSID\{F3155057-4C2C-4078-8576-50486693FD49} Medium
IEPlugin HKCR\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\Implemented Categories Medium
IEPlugin HKCR\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\Implemented Categories\{00021494-0000-0000-C000-000000000046} Medium
IEPlugin HKCR\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\InprocServer32 Medium
IEPlugin HKCR\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\ProgID Medium
IEPlugin HKCR\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\Programmable Medium
IEPlugin HKCR\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\TypeLib Medium
IEPlugin HKCR\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\VersionIndependentProgID Medium
IEPlugin HKLM\Software\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49} Medium
IEPlugin HKLM\Software\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\Implemented Categories Medium
IEPlugin HKLM\Software\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\Implemented Categories\{00021494-0000-0000-C000-000000000046} Medium
IEPlugin HKLM\Software\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\InprocServer32 Medium
IEPlugin HKLM\Software\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\ProgID Medium
IEPlugin HKLM\Software\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\Programmable Medium
IEPlugin HKLM\Software\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\TypeLib Medium
IEPlugin HKLM\Software\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\VersionIndependentProgID Medium
Trojan.Drsnsrch HKLM\Software\Microsoft\Internet Explorer\Toolbar##{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} High
Media Access C:\Program Files\Media Access Medium
Media Access C:\Program Files\Media Access\Info.txt Medium
Media Access C:\Program Files\Media Access\MediaAccC.dll Medium
Media Access C:\Program Files\Media Access\MediaAccess.exe Medium
Media Access C:\Program Files\Media Access\MediaAccK.exe Medium
WebSearch Toolbar C:\Program Files\Toolbar Elevated
Common Components for Transponders C:\WINDOWS\abiuninst.htm High
BrAid.Stlb2 C:\WINDOWS\system32\stlb2.xml Medium


Other Sections:








Copyright ? 2003-2005. Distributed by PC Tools. Legal Notice



sigs



Click to go back
  • 0

#45
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Make sure you are disconnected from the Internet and that all programs and windows are closed. Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"

O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll


Close HiJackThis.

Delete the following folder:
C:\Program Files\Cas

(You may have to open Task Manager and end the following process before you can delete the folder: casclient.exe) Let me know if you have any problems deleting the folder.

Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP