Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Java Encrypted trojans I can not rid myself of [CLOSED]


  • This topic is locked This topic is locked

#16
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Log into the profile where the wallpaper is the issue.

Copy the part in bold below into notepad and save it as background.reg
Save as type:All files (The first line in the file should be REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=-
"NoAddingComponents"=-
"NoComponents"=-
"NoDeletingComponents"=-
"NoEditingComponents"=-
"NoCloseDragDropBands"=-
"NoMovingBands"=-
"NoHTMLWallPaper"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-
"NoActiveDesktop"=-
"NoSaveSettings"=-
"ClassicShell"=-
"NoThemesTab"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-

Doubleclick the file and confirm you want to merge it with the registry.

Reboot the PC and check the wallpaper now.

Post a fresh HJT scan in the profile where the browser goes to the websites and post it beack here.
  • 0

Advertisements


#17
filmguy40886

filmguy40886

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi TampaBelle,

Wallpaper works now, thank you so much.

Here is the new HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:29:57 PM, on 8/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\lexpps.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\Bradford Clark\Desktop\Protection Tools\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Corel Network monitor worker - {F9C4B6EF-316F-4359-A4B5-EA84E49F8DCF} - C:\WINDOWS\SYSTEM32\iegfxfrw.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {F9C4B6EF-316F-4359-A4B5-EA84E49F8DCF} - C:\WINDOWS\SYSTEM32\iegfxfrw.dll
O9 - Extra button: Corel Network monitor worker - {F9C4B6EF-316F-4359-A4B5-EA84E49F8DCF} - C:\WINDOWS\SYSTEM32\iegfxfrw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {F9C4B6EF-316F-4359-A4B5-EA84E49F8DCF} - C:\WINDOWS\SYSTEM32\iegfxfrw.dll (HKCU)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120488453437
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Question though, is Viewpoint bad? When I downloaded it I did it for school. I attend an online college and they use it for video lectures and demonstrations. If I run into a problem without it can I redownload and install it?
  • 0

#18
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
First answer to your concern -

ViewPoint is not a bad program. Only it sometimes installs itself without the consent of the user. It can be kept on your PC. No issues. In case you want, you can reinstall it.


The fix for the pop-ups -

For the fix, please use the login profile where you are having the problems.



Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run CleanUp!Reboot your computer into normal windows.

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.
  • 0

#19
filmguy40886

filmguy40886

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Followed fix instructions here are logs requested. Also I am adding a CleanUp! log this log reflects the activity that the computer has been involved in by itself, I highlighted the cookies that reflect the activity, these show up everytime I run CleanUp! Including right after running CleanUp! and rebooting the system.

Bit Defender Scan: (also this link file:///C:/Documents%20and%20Settings/Bradford%20Clark/Desktop/Protection%20Tools/ScanLogs/BitDefenderScan0809.html for a detailed report)

BitDefender Online Scanner - Real Time Virus Report


Generated at: Tue, Aug 09, 2005 - 10:33:15


Scan Info

Scanned Files


163848

Infected Files


1


Virus Detected

Adware.Wheaterbug.A

1


This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.


HiJack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:42:42 AM, on 8/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\Bradford Clark\Desktop\Protection Tools\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Corel Network monitor worker - {F9C4B6EF-316F-4359-A4B5-EA84E49F8DCF} - C:\WINDOWS\SYSTEM32\iegfxfrw.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {F9C4B6EF-316F-4359-A4B5-EA84E49F8DCF} - C:\WINDOWS\SYSTEM32\iegfxfrw.dll
O9 - Extra button: Corel Network monitor worker - {F9C4B6EF-316F-4359-A4B5-EA84E49F8DCF} - C:\WINDOWS\SYSTEM32\iegfxfrw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {F9C4B6EF-316F-4359-A4B5-EA84E49F8DCF} - C:\WINDOWS\SYSTEM32\iegfxfrw.dll (HKCU)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120488453437
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

And finally the CleanUp! scan results:

CleanUp! started on 08/09/05 09:37:32.
C:\Documents and Settings\Bradford Clark\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Bradford Clark\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Bradford Clark\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Bradford Clark\Local Settings\History\History.IE5\MSHist012005080820050809\index.dat - deleted
C:\Documents and Settings\Bradford Clark\Local Settings\History\History.IE5\MSHist012005080820050809\ - deleted
C:\Documents and Settings\Bradford Clark\Local Settings\History\History.IE5\MSHist012005080920050810\index.dat - deleted
C:\Documents and Settings\Bradford Clark\Local Settings\History\History.IE5\MSHist012005080920050810\ - deleted
C:\Documents and Settings\Bradford Clark\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
'Typed URLs' (Internet Explorer) - removed from the registry.
Visited: Bradford Clark@res://C:\Documents%20and%20Settings\Bradford%20Clark\Desktop\Protection%20Tools\CWShredder.exe/104 - deleted
C:\Documents and Settings\Bradford Clark\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Bradford Clark\Cookies\bradford clark@google[1].txt - deleted
C:\Documents and Settings\Bradford Clark\Cookies\bradford [email protected][1].txt - deleted
C:\Documents and Settings\Bradford Clark\Cookies\bradford clark@yahoo[2].txt - deleted
C:\Documents and Settings\Bradford Clark\Cookies\bradford [email protected][1].txt - deleted
C:\Documents and Settings\Bradford Clark\Cookies\bradford clark@easytds[1].txt - deleted
C:\Documents and Settings\Bradford Clark\Cookies\bradford clark@nicegirlspics[1].txt - deleted
C:\Documents and Settings\Bradford Clark\Cookies\bradford clark@pornbridge[1].txt - deleted
C:\Documents and Settings\Bradford Clark\Cookies\bradford [email protected][1].txt - deleted
C:\Documents and Settings\Bradford Clark\Cookies\bradford [email protected][1].txt - deleted
C:\Documents and Settings\Bradford Clark\Cookies\bradford [email protected][2].txt - deleted
C:\Documents and Settings\Bradford Clark\Cookies\bradford [email protected][1].txt - deleted
C:\Documents and Settings\Bradford Clark\Cookies\bradford [email protected][2].txt - deleted
C:\Documents and Settings\Bradford Clark\Cookies\bradford clark@ideal-teens[2].txt - deleted
C:\Documents and Settings\Bradford Clark\Cookies\bradford [email protected][1].txt - deleted
C:\Documents and Settings\Bradford Clark\Cookies\bradford clark@incestart[2].txt - deleted
C:\Documents and Settings\Bradford Clark\Cookies\bradford [email protected][2].txt - deleted
C:\Documents and Settings\Bradford Clark\Cookies\bradford [email protected][2].txt - deleted
C:\Documents and Settings\Bradford Clark\Cookies\bradford [email protected][1].txt - deleted
C:\Documents and Settings\Bradford Clark\Cookies\bradford [email protected][1].txt - deleted
C:\Documents and Settings\Bradford Clark\Cookies\bradford [email protected][1].txt - deleted
Cookie:bradford [email protected]/ - deleted
Cookie:bradford [email protected]/ - deleted
Cookie:bradford [email protected]/ - deleted
Cookie:bradford [email protected]/ - deleted
Cookie:bradford [email protected]/ - deleted
Cookie:bradford [email protected]/ - deleted
Cookie:bradford [email protected]/ - deleted
Cookie:bradford [email protected]/ - deleted
Cookie:bradford [email protected]/ - deleted
Cookie:bradford [email protected]/ - deleted
Cookie:bradford [email protected]/ - deleted
Cookie:bradford [email protected]/ - deleted
Cookie:bradford [email protected]/ - deleted
Cookie:bradford [email protected]/ - deleted
Cookie:bradford [email protected]/ - deleted
Cookie:bradford [email protected]/ - deleted
Cookie:bradford [email protected]/ - deleted
Cookie:bradford [email protected]/ - deleted
Cookie:bradford [email protected]/ - deleted
Cookie:bradford [email protected]/ - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\_CACHE_MAP_ - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\_CACHE_001_ - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\_CACHE_002_ - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\_CACHE_003_ - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\EB8CA9AFd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\120C617Cd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\D2244CE0d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\E8B39691d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\4B4EFB29d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\B88F2F8Ad01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\782F3B19d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\6910579Ad01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\A3115450d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\D11B638Fd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\D05F24E6d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\235A2C3Cd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\75BDBE0Dd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\A90BB010d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\47E75805d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\FF036426d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\3D0DF3B7d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\9F31294Ed01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\A3D98C27d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\0A60F96Fd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\F31CFD1Ad01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\1EEC37F8d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\B3EB552Ed01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\DE69BEA3d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\A0F1F85Ad01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\522FFBFFd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\06BFCFE8d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\4DB3E5BFd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\373AD853d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\2DBA5E57d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\EA747BD9d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\11A7476Ed01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\4441CE0Ad01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\E2B5E338d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\948DEF24d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\4D7A738Ed01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\8DA73D6Ed01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\EB4B4EF8d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\3AA8E037d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\D8FEC003d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\3F6C50B6d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\BBE5BD2Dd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\A4FFF9C8d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\948CB326d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\BA4AFEA8d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\61FA723Fd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\948DFE34d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\68A4F4DAd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\AD33727Dd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\1E7B64E4d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\A3E5BD20d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\DBE5BD1Fd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\0E7B67C2d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\9633F614d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\A730C4D0d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\E069C401d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\2F50F718d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\55B46E5Bd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\654C0FF5d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\3F31C9CDd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\30369F5Dd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\429FA472d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\F255E18Bd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\146298F8d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\146198F8d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\146098F8d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\F255E38Bd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\14679AF8d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\14669AF8d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\BA34BBBCd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\1D9B3AEFd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\429FA451d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\429FA455d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\1466BFF8d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\1465BFF8d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\1464BFF8d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\1463BFF8d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\3AED0C79d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\429FA454d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\F255C78Bd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\1461BEF8d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\1462BEF8d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\075BAEE4d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\146DBEF8d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\3AED0C7Ad01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\429FA44Ad01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\F255D98Bd01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\1466A0F8d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\1465A0F8d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\1464A0F8d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\5717F7B9d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\C8189AC0d01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\Cache\6D3A519Ad01 - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\history.dat - deleted
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\cookies.txt.old - deleted
C:\Documents and Settings\Bradford Clark\Recent\hijackthis0808.lnk - deleted
C:\Documents and Settings\Bradford Clark\Recent\Protection Tools.lnk - deleted
C:\DOCUME~1\BRADFO~1\LOCALS~1\Temp\djch.dat - deleted
C:\DOCUME~1\BRADFO~1\LOCALS~1\Temp\java_install_reg.log - deleted
C:\DOCUME~1\BRADFO~1\LOCALS~1\Temp\plugtmp\ - deleted
C:\Documents and Settings\Bradford Clark\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Bradford Clark\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Bradford Clark\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Bradford Clark\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Bradford Clark\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk - deleted
C:\Documents and Settings\Bradford Clark\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Bradford Clark\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Bradford Clark\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Bradford Clark\Application Data\Mozilla\Firefox\Profiles\rr7uxiaw.default\bookmarks.bak - deleted
'Run MRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.0 recovered 7.2 MB of disk space from 148 files.
CleanUp! finished on 08/09/05 09:37:54.

The red highlights are the sites that load themselves. The blue highlited lines in the middle I went to, that is the website for my online courses. I know that the CleanUp! log is a large mess of a log but I thought it might help a little.

Thank You for your continuous help!
  • 0

#20
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Bradford,


The Bitdefender scan doesnt list the file which is infected. Darn !!!!


Run Hijack This and click on scan. The following items need to be fixed -

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.
  • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!
  • Download Track qoo
    • Save it somewhere you will remember like the Desktop
Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post!
Reboot back to Normal Mode!

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!
  • 0

#21
filmguy40886

filmguy40886

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi,

Sorry for the delay had to run out of town unexpectedly.

Everything seems to be okay now, it's been almost a week since I had any unexpected browsing done by the Internet Explorer. Here are the last scans you requested:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
C:\Program Files\ewido\security suite\context.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499}
C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {7ab770c7-0e23-4d7a-8aa2-19bfad479829}
C:\WINDOWS\SYSTEM32\SHELL32.DLL

Subkey --- {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
C:\WINDOWS\SYSTEM32\DOCPROP2.DLL

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

desktop.ini
==============================
C:\Documents and Settings\Bradford Clark\Start Menu\Programs\Startup

desktop.ini
desktop.ini
==============================
C:\WINDOWS\SYSTEM32 cpl files


QuickTime.cpl Apple Computer, Inc.
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
access.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.

And:..

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 8/7/2005 12:20:44 PM 5636 C:\q154998.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 7/6/2005 2:00:58 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 7/6/2005 2:00:58 PM 1044560 C:\WINDOWS\vsapi32.dll
UPX! 7/6/2005 2:00:58 PM 170053 C:\WINDOWS\tsc.exe
UPX! 1/3/2005 3:56:40 PM 133799936 C:\WINDOWS\VMMHIBER.W9X
FSG! 1/3/2005 3:56:40 PM 133799936 C:\WINDOWS\VMMHIBER.W9X
PEC2 1/3/2005 3:56:40 PM 133799936 C:\WINDOWS\VMMHIBER.W9X
aspack 1/3/2005 3:56:40 PM 133799936 C:\WINDOWS\VMMHIBER.W9X
PECompact2 7/27/2005 2:36:26 PM 15465411 C:\WINDOWS\lpt$vpn.749
qoologic 7/27/2005 2:36:26 PM 15465411 C:\WINDOWS\lpt$vpn.749
SAHAgent 7/27/2005 2:36:26 PM 15465411 C:\WINDOWS\lpt$vpn.749
SAHAgent 6/11/2005 1:47:32 AM 8831 C:\WINDOWS\WININIT.LOG
PECompact2 7/27/2005 2:36:26 PM 15465411 C:\WINDOWS\VPTNFILE.749
qoologic 7/27/2005 2:36:26 PM 15465411 C:\WINDOWS\VPTNFILE.749
SAHAgent 7/27/2005 2:36:26 PM 15465411 C:\WINDOWS\VPTNFILE.749
aspack 6/16/2005 2:28:14 AM 194560 C:\WINDOWS\Batman Begins.scr
UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll

Checking %System% folder...
PEC2 8/4/2004 12:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
aspack 8/4/2004 12:00:00 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 12:00:00 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/4/2004 12:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
aspack 10/15/2003 12:43:08 PM 2855228 C:\WINDOWS\SYSTEM32\FinalFantasyXI.scr
aspack 8/9/2005 2:10:06 PM 197120 C:\WINDOWS\SYSTEM32\RAIN_1280.scr
PTech 8/3/2005 10:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
S 8/13/2005 7:53:20 AM 2048 C:\WINDOWS\bootstat.dat
H 8/9/2005 1:11:40 PM 749 C:\WINDOWS\WindowsShell.Manifest
H 6/14/2005 12:50:38 PM 0 C:\WINDOWS\INF\oem0.inf
H 7/4/2005 10:48:58 AM 0 C:\WINDOWS\INF\oem3.inf
H 8/9/2005 1:11:40 PM 749 C:\WINDOWS\SYSTEM32\cdplayer.exe.manifest
H 8/9/2005 1:11:50 PM 488 C:\WINDOWS\SYSTEM32\WindowsLogon.manifest
H 8/9/2005 1:11:40 PM 749 C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
H 8/9/2005 1:11:40 PM 749 C:\WINDOWS\SYSTEM32\nwc.cpl.manifest
H 8/9/2005 1:11:40 PM 749 C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
H 8/9/2005 1:11:40 PM 749 C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
H 8/9/2005 1:11:50 PM 488 C:\WINDOWS\SYSTEM32\logonui.exe.manifest
H 8/13/2005 7:52:30 AM 761856 C:\WINDOWS\SYSTEM32\config\system.LOG
H 8/13/2005 7:52:30 AM 49152 C:\WINDOWS\SYSTEM32\config\software.LOG
H 8/13/2005 7:52:30 AM 8192 C:\WINDOWS\SYSTEM32\config\default.LOG
H 8/9/2005 1:01:52 PM 1024 C:\WINDOWS\SYSTEM32\config\userdiff.LOG
H 8/9/2005 1:00:14 PM 1024 C:\WINDOWS\SYSTEM32\config\TempKey.LOG
H 8/13/2005 7:53:36 AM 1024 C:\WINDOWS\SYSTEM32\config\SAM.LOG
H 8/13/2005 7:53:20 AM 16384 C:\WINDOWS\SYSTEM32\config\SECURITY.LOG
H 8/9/2005 1:00:18 PM 0 C:\WINDOWS\SYSTEM32\config\system.tmp.LOG
H 8/9/2005 1:01:52 PM 0 C:\WINDOWS\SYSTEM32\config\software.tmp.LOG
H 8/9/2005 1:01:52 PM 0 C:\WINDOWS\SYSTEM32\config\default.tmp.LOG
H 8/9/2005 1:14:04 PM 1024 C:\WINDOWS\SYSTEM32\config\userdifr.LOG
SH 8/9/2005 1:23:00 PM 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
SH 8/9/2005 1:23:00 PM 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CH278LEJ\desktop.ini
SH 8/9/2005 1:23:00 PM 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4N0HBYZJ\desktop.ini
SH 8/9/2005 1:23:00 PM 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\P57AH24K\desktop.ini
SH 8/9/2005 1:23:00 PM 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\P5PAP0CK\desktop.ini
SH 7/31/2005 5:03:08 PM 2496 C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt
S 8/9/2005 5:52:24 PM 144 C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
S 8/9/2005 5:52:24 PM 558 C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
SH 8/12/2005 9:57:24 PM 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\68d72f9e-3546-4d81-8a19-f70a3b9a6b88
SH 8/12/2005 9:57:24 PM 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\Preferred
H 7/19/2005 12:26:50 AM 436 C:\WINDOWS\SYSTEM32\service\dll1.txt
H 7/18/2005 2:04:16 PM 0 C:\WINDOWS\SYSTEM32\service\dll2.txt
H 7/18/2005 2:17:20 PM 934 C:\WINDOWS\SYSTEM32\service\dll3.txt
SH 8/9/2005 1:12:58 PM 67 C:\WINDOWS\FONTS\desktop.ini
SH 8/9/2005 1:12:24 PM 727 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_6.cab
SH 8/9/2005 1:12:24 PM 19854 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_7.cab
SH 8/9/2005 1:12:24 PM 244933 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_8.cab
H 8/13/2005 7:52:14 AM 6 C:\WINDOWS\TASKS\SA.DAT
H 8/9/2005 1:11:50 PM 65 C:\WINDOWS\Offline Web Pages\desktop.ini
H 8/9/2005 1:11:50 PM 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
SH 8/11/2005 9:53:36 AM 16384 C:\WINDOWS\DRM\drmv2.sst
SH 7/31/2005 11:25:42 PM 131 C:\WINDOWS\All Users\Documents\desktop.ini
SH 7/10/2005 10:06:50 PM 2792 C:\WINDOWS\All Users\Documents\My Music\Journey\Unknown Album (3 29 2005 1 34 29 AM)\AlbumArtSmall.jpg
SH 7/10/2005 10:06:50 PM 2792 C:\WINDOWS\All Users\Documents\My Music\Journey\Unknown Album (3 29 2005 1 34 29 AM)\AlbumArt_{22CCD8D5-06CF-49FE-BC7C-0C701F5B94AD}_Small.jpg
SH 7/10/2005 10:07:00 PM 11874 C:\WINDOWS\All Users\Documents\My Music\Journey\Unknown Album (3 29 2005 1 34 29 AM)\Folder.jpg
SH 7/10/2005 10:07:00 PM 11874 C:\WINDOWS\All Users\Documents\My Music\Journey\Unknown Album (3 29 2005 1 34 29 AM)\AlbumArt_{22CCD8D5-06CF-49FE-BC7C-0C701F5B94AD}_Large.jpg
SH 7/10/2005 10:07:16 PM 281 C:\WINDOWS\All Users\Documents\My Music\Journey\Unknown Album (3 29 2005 1 34 29 AM)\desktop.ini
SH 7/10/2005 10:07:02 PM 1899 C:\WINDOWS\All Users\Documents\My Music\Eagles\Unknown Album (3 29 2005 1 39 49 AM)\AlbumArtSmall.jpg
SH 7/10/2005 10:07:02 PM 1899 C:\WINDOWS\All Users\Documents\My Music\Eagles\Unknown Album (3 29 2005 1 39 49 AM)\AlbumArt_{4FC091AC-1815-4DE7-BB0D-9BFFD48D4C3E}_Small.jpg
SH 7/10/2005 10:07:22 PM 6304 C:\WINDOWS\All Users\Documents\My Music\Eagles\Unknown Album (3 29 2005 1 39 49 AM)\Folder.jpg
SH 7/10/2005 10:07:22 PM 6304 C:\WINDOWS\All Users\Documents\My Music\Eagles\Unknown Album (3 29 2005 1 39 49 AM)\AlbumArt_{4FC091AC-1815-4DE7-BB0D-9BFFD48D4C3E}_Large.jpg
SH 7/10/2005 10:07:30 PM 315 C:\WINDOWS\All Users\Documents\My Music\Eagles\Unknown Album (3 29 2005 1 39 49 AM)\desktop.ini
SH 7/10/2005 10:07:18 PM 2152 C:\WINDOWS\All Users\Documents\My Music\Lynyrd Skynyrd\Unknown Album (3 29 2005 1 51 22 AM)\AlbumArtSmall.jpg
SH 7/10/2005 10:07:18 PM 2152 C:\WINDOWS\All Users\Documents\My Music\Lynyrd Skynyrd\Unknown Album (3 29 2005 1 51 22 AM)\AlbumArt_{37F9291D-1605-4B2C-9A5C-EDDEEEB75B3B}_Small.jpg
SH 7/10/2005 10:07:26 PM 8595 C:\WINDOWS\All Users\Documents\My Music\Lynyrd Skynyrd\Unknown Album (3 29 2005 1 51 22 AM)\Folder.jpg
SH 7/10/2005 10:07:26 PM 8595 C:\WINDOWS\All Users\Documents\My Music\Lynyrd Skynyrd\Unknown Album (3 29 2005 1 51 22 AM)\AlbumArt_{37F9291D-1605-4B2C-9A5C-EDDEEEB75B3B}_Large.jpg
SH 7/10/2005 10:07:32 PM 320 C:\WINDOWS\All Users\Documents\My Music\Lynyrd Skynyrd\Unknown Album (3 29 2005 1 51 22 AM)\desktop.ini
SH 7/10/2005 10:07:28 PM 2233 C:\WINDOWS\All Users\Documents\My Music\Unknown Artist\Unknown Album (4 8 2005 1 00 46 AM)\AlbumArtSmall.jpg
SH 7/10/2005 10:07:28 PM 2233 C:\WINDOWS\All Users\Documents\My Music\Unknown Artist\Unknown Album (4 8 2005 1 00 46 AM)\AlbumArt_{D649A96F-3DB8-4AED-A3A8-891B80EF2E8D}_Small.jpg
SH 7/10/2005 10:07:36 PM 10120 C:\WINDOWS\All Users\Documents\My Music\Unknown Artist\Unknown Album (4 8 2005 1 00 46 AM)\Folder.jpg
SH 7/10/2005 10:07:36 PM 10120 C:\WINDOWS\All Users\Documents\My Music\Unknown Artist\Unknown Album (4 8 2005 1 00 46 AM)\AlbumArt_{D649A96F-3DB8-4AED-A3A8-891B80EF2E8D}_Large.jpg
SH 7/10/2005 10:07:40 PM 294 C:\WINDOWS\All Users\Documents\My Music\Unknown Artist\Unknown Album (4 8 2005 1 00 46 AM)\desktop.ini
SH 7/10/2005 10:07:36 PM 6257 C:\WINDOWS\All Users\Documents\My Music\Eminem\The Eminem Show\AlbumArtSmall.jpg
SH 7/10/2005 10:07:36 PM 6257 C:\WINDOWS\All Users\Documents\My Music\Eminem\The Eminem Show\AlbumArt_{E3F3931E-989D-4CBB-BA8B-2CE57489CF3B}_Small.jpg
SH 7/10/2005 10:07:40 PM 19460 C:\WINDOWS\All Users\Documents\My Music\Eminem\The Eminem Show\Folder.jpg
SH 7/10/2005 10:07:40 PM 19460 C:\WINDOWS\All Users\Documents\My Music\Eminem\The Eminem Show\AlbumArt_{E3F3931E-989D-4CBB-BA8B-2CE57489CF3B}_Large.jpg
SH 7/10/2005 10:07:44 PM 257 C:\WINDOWS\All Users\Documents\My Music\Eminem\The Eminem Show\desktop.ini
SH 7/10/2005 10:07:44 PM 2414 C:\WINDOWS\All Users\Documents\My Music\Kenny Loggins\Top Gun\AlbumArtSmall.jpg
SH 7/10/2005 10:07:44 PM 2414 C:\WINDOWS\All Users\Documents\My Music\Kenny Loggins\Top Gun\AlbumArt_{FB6EBF4A-4016-4B9E-B561-AD2FC6FFFAA7}_Small.jpg
SH 7/10/2005 10:07:46 PM 10082 C:\WINDOWS\All Users\Documents\My Music\Kenny Loggins\Top Gun\Folder.jpg
SH 7/10/2005 10:07:46 PM 10082 C:\WINDOWS\All Users\Documents\My Music\Kenny Loggins\Top Gun\AlbumArt_{FB6EBF4A-4016-4B9E-B561-AD2FC6FFFAA7}_Large.jpg
SH 7/10/2005 10:07:48 PM 249 C:\WINDOWS\All Users\Documents\My Music\Kenny Loggins\Top Gun\desktop.ini
SH 7/10/2005 10:07:44 PM 2414 C:\WINDOWS\All Users\Documents\My Music\Berlin\Top Gun\AlbumArtSmall.jpg
SH 7/10/2005 10:07:44 PM 2414 C:\WINDOWS\All Users\Documents\My Music\Berlin\Top Gun\AlbumArt_{FB6EBF4A-4016-4B9E-B561-AD2FC6FFFAA7}_Small.jpg
SH 7/10/2005 10:07:46 PM 10082 C:\WINDOWS\All Users\Documents\My Music\Berlin\Top Gun\Folder.jpg
SH 7/10/2005 10:07:46 PM 10082 C:\WINDOWS\All Users\Documents\My Music\Berlin\Top Gun\AlbumArt_{FB6EBF4A-4016-4B9E-B561-AD2FC6FFFAA7}_Large.jpg
SH 7/10/2005 10:07:48 PM 249 C:\WINDOWS\All Users\Documents\My Music\Berlin\Top Gun\desktop.ini
H 8/9/2005 1:11:50 PM 65 C:\WINDOWS\occache\desktop.ini
H 8/9/2005 2:09:54 PM 0 C:\WINDOWS\LastGood\INF\oem4.inf
H 8/9/2005 2:09:54 PM 0 C:\WINDOWS\LastGood\INF\oem4.PNF
H 8/9/2005 1:13:58 PM 970752 C:\WINDOWS\repair\ntuser.dat

Checking for CPL files...
Apple Computer, Inc. 1/6/2004 4:02:36 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 162304 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Sun Microsystems, Inc. 3/4/2005 3:36:44 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 162304 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Microsoft Corporation 8/4/2004 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/9/2005 10:19:46 PM 8 C:\Documents and Settings\All Users\Application Data\DirectCDUserName.txt

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
8/8/2005 12:39:40 PM 153 C:\Documents and Settings\Bradford Clark\Application Data\AlbumCoverFinder Prefs.txt

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
YPC 3.0.3 = Yahoo! Parental Controls
MaxiFilesTB =
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{FEF10FA2-355E-4e06-9381-9B24D7F7CC88} = %SystemRoot%\system32\SHELL32.dll
{53C74826-AB99-4d33-ACA4-3117F51D3788} = %SystemRoot%\system32\SHELL32.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7ab770c7-0e23-4d7a-8aa2-19bfad479829}
= C:\WINDOWS\SYSTEM32\SHELL32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINDOWS\SYSTEM32\DOCPROP2.DLL

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\SYSTEM32\SHDOCVW.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2499216C-4BA5-11D5-BD9C-000103C116D5}
ButtonText = Yahoo! Login :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F9C4B6EF-316F-4359-A4B5-EA84E49F8DCF}
ButtonText = Corel Network monitor worker :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL
{08BEC6AA-49FC-4379-3587-4B21E286C19E} = :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EB740041-E2A0-4346-A4DF-F2AFF42AB23D} = : hbrpct.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WinPatrol C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
AIM C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HideSharePwds 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0
DisableCAD 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp
NoRealMode 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoComponents 0
NoAddingComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoHTMLWallPaper 0
NoChangingWallPaper 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

CDRAutoRun
NoBandCustomize 0
NoActiveDesktop 0
NoSaveSettings 0
ClassicShell 0
NoThemesTab 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0
DisableTaskMgr 0
NoColorChoice 0
NoSizeChoice 0
NoDispScrSavPage 0
NoDispCPL 0
NoVisualStyleChoice 0
NoDispSettingsPage 0
NoDispBackgroundPage 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System = csarq.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/13/2005 8:26:28 AM
  • 0

#22
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Filmguy,

No problem with the delay.


The log does not give any information of the infection.


Run Hijack This and click on scan. The following items need to be fixed -

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.


Reboot the PC.

Please visit Panda and do an online scan. Save the scan report.

Run Hijack This and post a fresh HJT log along with Panda scan report.
  • 0

#23
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP